GDPR Compliance

Our Commitment to GDPR

While Bright Stance is based in Australia, we respect the data protection rights of individuals in the European Union and comply with the General Data Protection Regulation (GDPR) for any EU residents who use our services.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract: To fulfill our contractual obligations when you enroll in our programs
• Legitimate Interest: To improve our services and communicate relevant information
• Legal Obligation: To comply with applicable laws and regulations

Your GDPR Rights

If you are an EU resident, you have the following rights:

Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data under certain circumstances, including when the data is no longer necessary for the purposes collected.

Right to Restriction

You can request that we restrict processing of your personal data in specific situations.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint

You can lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights.

Data Protection Officer

For GDPR-related inquiries, you can contact our data protection representative at:

Email: [email protected]
Subject Line: GDPR Inquiry

Data Transfers

If we transfer your personal data outside the EU, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions for certain countries
• Other legally compliant transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. Retention periods vary depending on:

• The nature of the data
• The purpose of processing
• Legal and regulatory requirements
• Legitimate business needs

Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject: GDPR Rights Request

We will respond to your request within one month, or notify you if we require an extension.

Updates to This Notice

We may update this GDPR compliance notice to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.