GDPR Compliance

Last updated: April 11, 2026

Introduction

While Dazzle Study is based in Australia, we recognize the importance of protecting the data rights of all individuals, including those in the European Economic Area. This page outlines how we comply with the General Data Protection Regulation (GDPR) principles when processing personal data of EU residents.

Data Controller

For the purposes of GDPR, the data controller is:

Dazzle Study Pty Ltd
Level 3, 247 George Street
Sydney NSW 2000
Australia
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. Our lawful bases include:

Consent

When you have given clear, affirmative consent for us to process your personal data for specific purposes, such as receiving marketing communications.

Contract Performance

When processing is necessary to fulfill a contract we have with you, such as providing purchased products or services.

Legal Obligation

When we must process your data to comply with legal requirements, such as tax reporting or responding to lawful requests from authorities.

Legitimate Interests

When processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. This includes improving our services, preventing fraud, and maintaining security.

Your GDPR Rights

If you are located in the European Economic Area, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.

Right to Rectification

You have the right to request that we correct information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we delete your personal data under certain conditions, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly regarding processing based on legitimate interests or for direct marketing purposes.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.

Right to Withdraw Consent

Where we rely on consent as the lawful basis for processing, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement of GDPR occurred.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, though this period may be extended by two additional months in complex cases.

We may need to verify your identity before processing your request to ensure we are disclosing information to the correct person.

Data We Collect

We collect and process the following categories of personal data:

  • Identity information: name, username
  • Contact information: email address, postal address
  • Transaction information: purchase history, payment details
  • Technical information: IP address, browser type, device information
  • Usage information: how you interact with our website and services
  • Communication information: your correspondence with us

How We Use Your Data

We use personal data for the following purposes:

  • Providing and maintaining our services
  • Processing transactions
  • Communicating with you about your account or transactions
  • Providing customer support
  • Sending marketing communications (with your consent)
  • Improving our website and services
  • Ensuring security and preventing fraud
  • Complying with legal obligations

Data Sharing

We do not sell your personal data. We may share your data with:

  • Service providers who assist us in operating our business (under strict confidentiality agreements)
  • Professional advisors such as lawyers and accountants
  • Regulatory authorities and law enforcement when required by law
  • Potential buyers in the event of a business sale or merger

When we share data with service providers, we ensure they provide appropriate safeguards and only process your data according to our instructions.

International Data Transfers

As we are based in Australia, your personal data may be transferred to and processed in Australia. While Australia is not covered by a European Commission adequacy decision, we implement appropriate safeguards to protect your data, including:

  • Compliance with Australian Privacy Principles, which provide protections comparable to GDPR
  • Use of standard contractual clauses approved by the European Commission where applicable
  • Implementation of technical and organizational security measures

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls limiting who can view personal data
  • Staff training on data protection principles
  • Incident response procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Transaction records: retained for accounting and tax purposes as required by law
  • Marketing data: retained until you withdraw consent
  • Customer service records: retained for reasonable periods to maintain service quality
  • Technical logs: typically retained for short periods for security and troubleshooting

When data is no longer needed, we securely delete or anonymize it.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Children's Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

If the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay, providing information about the nature of the breach and recommended protective measures.

Updates to This Policy

We may update this GDPR compliance statement from time to time. Material changes will be communicated through our website or via email to registered users.

Questions and Concerns

If you have questions about our GDPR compliance or wish to exercise your rights, please contact us:

Email: [email protected]

We are committed to working with you to obtain a fair resolution of any concerns about privacy.

Supervisory Authority

If you are located in the EEA and believe we have not addressed your concerns appropriately, you have the right to lodge a complaint with your local data protection supervisory authority.