GDPR Compliance

Last Updated: June 16, 2026

Our Commitment to Data Protection

brilliant-harbor is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws. This page outlines how we comply with GDPR requirements.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: When processing is necessary to fulfill our service agreements with you
• Legitimate Interests: When we have legitimate business reasons that do not override your rights
• Legal Obligation: When we must process data to comply with legal requirements

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format.

Right to Rectification

You may request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent on which processing is based.

Right to Restrict Processing

You may request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You may object to processing of your personal data where we rely on legitimate interests as the legal basis for processing.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significantly affects you. We do not currently employ such automated decision-making.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, or inform you if we need additional time.

When submitting a request, please provide sufficient information to identify yourself and specify which right you wish to exercise.

Data Processing Activities

We process personal data for the following purposes:

• Providing garden care services you request
• Managing service appointments and scheduling
• Communicating about services and responding to inquiries
• Processing payments for services rendered
• Improving our services and website functionality
• Complying with legal and regulatory obligations

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Active client data: retained while you are an active client and for three years after your last service
• Service inquiry data: retained for two years from the date of inquiry
• Financial records: retained for seven years as required by Australian tax law

International Data Transfers

Your personal data is primarily processed and stored within Australia. If we need to transfer data outside of Australia or the European Economic Area, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Data Security Measures

We implement technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls limiting who can view personal data
• Regular security assessments and updates
• Employee training on data protection
• Confidentiality agreements with service providers

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

Third-Party Processors

We work with carefully selected service providers who process personal data on our behalf. These processors are contractually obligated to:

• Process data only according to our instructions
• Implement appropriate security measures
• Maintain confidentiality
• Assist us in meeting GDPR obligations

Children's Data

We do not knowingly collect or process personal data from individuals under 16 years of age without parental consent.

Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe we have not complied with GDPR requirements. In Australia, you may contact the Office of the Australian Information Commissioner (OAIC).

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our data processing activities or legal requirements. Material changes will be communicated through our website.

Contact Information

For questions about our GDPR compliance or to exercise your rights, contact us at:

Email: [email protected]
Address: 127 Garden View Terrace, Melbourne VIC 3000, Australia