GDPR Compliance Statement

Last updated: June 2026

Our commitment to data protection

While amber-fjord operates primarily within Australia, we recognize that some website visitors may be located in the European Economic Area. We are committed to handling personal data in accordance with the principles established by the General Data Protection Regulation (GDPR).

Legal basis for processing

When we process personal data of individuals in the EEA, we rely on the following legal bases:

• Consent: When you provide explicit consent for us to process your personal data for specific purposes
• Legitimate interests: When processing is necessary for our legitimate business interests, such as responding to enquiries and improving our services
• Contractual necessity: When processing is necessary to fulfill contractual obligations
• Legal compliance: When processing is required to comply with legal obligations

Your rights under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

• Right of access: Request confirmation of whether we process your personal data and obtain a copy
• Right to rectification: Request correction of inaccurate or incomplete personal data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restriction: Request limitation of processing in specific situations
• Right to data portability: Receive your personal data in a structured, commonly used format
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent
• Right to lodge a complaint: File a complaint with a supervisory authority

Data transfers

Personal data collected through this website is stored and processed in Australia. If you are located in the EEA, please note that Australia provides adequate data protection as recognized by the European Commission. We implement appropriate safeguards to protect personal data transferred internationally.

Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods depend on the nature of the data and the purpose of processing:

• Enquiry information: Retained for up to 3 years unless you request earlier deletion
• Client data: Retained for the duration of the business relationship plus 7 years for legal compliance
• Marketing communications: Retained until you withdraw consent or opt out

Automated decision-making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

Children's privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

Security measures

We implement technical and organizational security measures appropriate to the risk, including:

• Encryption of data in transit and at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments and updates
• Staff training on data protection principles

Data breach notification

In the event of a data breach likely to result in high risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR.

Contact for GDPR matters

To exercise your rights or for questions about our GDPR compliance:

Email: privacy@amber-fjord.com
Address: Level 14, 383 Kent Street, Sydney NSW 2000, Australia

Supervisory authority

If you are in the EEA and have concerns about our data processing practices, you have the right to lodge a complaint with your local supervisory authority. Contact details for EEA data protection authorities can be found at the European Data Protection Board website.

Updates to this statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. We will notify you of material changes by posting an updated version on this page with a revised date.