Your data protection rights under the General Data Protection Regulation
blossom-manta is committed to ensuring the security and protection of personal information that we process, and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection programme in place which complies with existing law and aligns with the requirements of the General Data Protection Regulation (GDPR).
blossom-manta acts as a Data Controller for the personal data we collect from you. As a Data Controller, we determine the purposes and means of processing personal data. We are responsible for ensuring that your data is processed in accordance with data protection laws.
Data Controller Contact:
blossom-manta
42 Harbour Street
Sydney NSW 2000
Australia
Email: [email protected]
We process personal data on the following lawful bases:
Under the GDPR, you have the following rights regarding your personal data:
You have the right to request copies of your personal data. We may charge a small fee for this service if the request is excessive or unfounded.
You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.
You have the right to request that we erase your personal data, under certain conditions. This right is not absolute and only applies in certain circumstances.
You have the right to request that we restrict the processing of your personal data, under certain conditions.
You have the right to object to our processing of your personal data, under certain conditions, particularly where we are processing data for direct marketing purposes.
You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.
If you wish to exercise any of the rights set out above, please contact us at [email protected]. We will respond to your request within one month. In certain circumstances, we may extend this period by two further months where necessary, taking into account the complexity and number of requests.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We are based in Australia and primarily store and process data within Australia. If we transfer personal data outside Australia, we ensure appropriate safeguards are in place to protect your data in accordance with this policy and applicable data protection laws.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We limit access to your personal data to those employees and third parties who have a business need to know.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected]. You also have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or, if you are in the EU, your local data protection authority.
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.
Last updated: June 2026