GDPR Compliance

Last Updated: May 10, 2026

1. Introduction

While calm-tangent is an Australian-based company, we recognize the importance of the General Data Protection Regulation (GDPR) for any European Union residents who may interact with our services. This page outlines our commitment to GDPR principles and how we handle data for EU residents.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you explicitly agree to provide information through our forms or communications
• Contract Performance: When processing is necessary to fulfill our service obligations
• Legitimate Interests: For business operations, fraud prevention, and service improvement
• Legal Obligation: When required by law to retain or process certain information

3. Your Rights Under GDPR

If you are an EU resident, you have the following rights:

3.1 Right to Access

You have the right to request a copy of the personal data we hold about you.

3.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

3.3 Right to Erasure

You have the right to request deletion of your personal data under certain circumstances.

3.4 Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

3.6 Right to Object

You can object to certain types of processing, including direct marketing.

3.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects.

4. Data We Collect

We collect and process the following categories of personal data:

• Identity data (name, contact details)
• Financial data (when you engage our services)
• Technical data (IP address, browser type, device information)
• Usage data (how you interact with our website)
• Communication data (correspondence with us)

5. How We Use Your Data

We process your personal data for the following purposes:

• Providing retirement planning services
• Responding to inquiries and customer service requests
• Improving our website and services
• Complying with legal obligations
• Protecting our business interests and rights

6. Data Sharing and Transfers

We do not sell your personal data. We may share data with:

• Service providers who assist in our operations (under strict data protection agreements)
• Legal authorities when required by law
• Professional advisors in certain circumstances

If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this document or as required by law. Specific retention periods vary based on:

• The nature of the data
• The purpose of processing
• Legal and regulatory requirements

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection

9. Cookies and Tracking

We use cookies and similar technologies on our website. You can control cookie settings through your browser. For more information, see our Cookies Policy.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

11. Children's Data

We do not knowingly collect or process personal data from individuals under 16 years of age. If we become aware that we have collected such data, we will delete it promptly.

12. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Address: Level 12, 145 Eagle Street, Brisbane QLD 4000, Australia

We will respond to your request within one month, though this may be extended in complex cases.

13. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority in the EU, particularly in the member state where you reside, work, or where the alleged infringement occurred.

14. Contact Our Data Protection Officer

For questions about our GDPR compliance or data protection practices, contact us at [email protected] with "GDPR Inquiry" in the subject line.

15. Updates to This Policy

We may update this GDPR compliance statement from time to time. Changes will be posted on this page with an updated revision date.