GDPR compliance
We operate with privacy by design and default, respecting EU data subject rights and lawful processing principles.
Controller identity
Darklight Empire, Level 12, 44 Market Street, Sydney NSW 2000, Australia. Contact: [email protected], +61 2 8011 4672.
DPO / Privacy contact
For EU privacy matters, contact our privacy lead at [email protected].
Lawful bases
- Contract: to deliver requested services
- Legitimate interests: secure, efficient operations and communications
- Consent: optional marketing communications
- Legal obligation: compliance with applicable laws
Data subject rights
- Access, rectification, and erasure
- Restriction and objection
- Portability
- Right to lodge a complaint with a supervisory authority
Processing records
We maintain records of processing activities including categories of data, purposes, recipients, and retention.
Security measures
- Role-based access control and MFA
- Encryption in transit and at rest where appropriate
- Secure vendor management and DPAs
- Regular backups and incident drills
Breach notification
We will notify relevant supervisory authorities and affected individuals where legally required, following a documented incident response plan.
Processors
We use vetted processors for hosting, analytics, collaboration, and event platforms under contractual safeguards.
Retention and deletion
Data is retained no longer than necessary. We apply lifecycle policies and honour deletion requests, subject to legal holds.