Information on this site is advertising in nature
Privacy Policy Terms of Use Cookie Policy

GDPR Compliance

Your rights under the General Data Protection Regulation

Last updated: January 2026

1. Introduction

orchard-saga is committed to protecting the personal data of all individuals, including those located in the European Economic Area (EEA). This page outlines how we comply with the General Data Protection Regulation (GDPR) and your rights under this regulation.

While our primary operations are based in Australia, we recognise and respect the privacy rights of individuals globally and apply GDPR standards as best practice in our data handling procedures.

2. Data Controller

orchard-saga acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing personal data.

Contact details:

orchard-saga
42 Greenleaf Avenue
Richmond VIC 3121
Australia

Email: [email protected]

3. Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The legal bases we rely on include:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing is necessary to fulfil our contractual obligations to you or to take steps at your request before entering into a contract
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights
  • Legal Obligation: Processing is necessary to comply with applicable laws and regulations

4. Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of receiving your request.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you may request that we delete your personal data when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Right to Restrict Processing

You may request that we limit how we use your data while complaints are being resolved or when you have objected to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in automated decision-making that falls under this category.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with your request. We will respond within one month. If your request is complex or we receive a high volume of requests, we may extend this period by up to two additional months, in which case we will inform you.

We may need to verify your identity before processing your request to ensure the security of your personal data.

6. Data Transfers

As our operations are based in Australia, personal data collected from individuals in the EEA may be transferred to and processed in Australia. Australia has data protection laws that provide safeguards for personal information, and we implement appropriate measures to protect your data during any such transfers.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Retention periods vary depending on the type of data and the purpose of processing. When data is no longer needed, it is securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Secure data storage systems
  • Access controls limiting who can view personal data
  • Staff training on data protection
  • Regular security assessments

9. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

10. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For individuals in the EEA, this would be the data protection authority in your country of residence. For Australian residents, complaints can be made to the Office of the Australian Information Commissioner (OAIC).

11. Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.

12. Contact Us

For any questions regarding our GDPR compliance or to exercise your rights, please contact:

orchard-saga
42 Greenleaf Avenue
Richmond VIC 3121
Australia

Email: [email protected]