GDPR Compliance

Our Commitment to GDPR Compliance

sly-benefit is committed to protecting the privacy and security of your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Australian privacy laws.

Data Controller Information

Data Controller: sly-benefit
Address: Level 3, 142 Collins Street, Melbourne VIC 3000, Australia
Email: [email protected]
Data Protection Officer: Available upon request

Your GDPR Rights Explained

Right to Access (Article 15)

You have the right to obtain confirmation as to whether your personal data is being processed and access to that data. You may request:

• A copy of your personal data we hold
• Information about how we process your data
• Details about data retention periods
• Information about data recipients

How to exercise: Email [email protected] with subject line "Data Access Request"

Response time: Within 30 days of receiving your request

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

How to exercise: Contact us with the specific information requiring correction

Response time: Within 30 days, with prompt correction of factual inaccuracies

Right to Erasure / "Right to be Forgotten" (Article 17)

You may request deletion of your personal data when:

• The data is no longer necessary for the purposes collected
• You withdraw consent (where consent was the legal basis)
• You object to processing and no overriding legitimate grounds exist
• The data has been unlawfully processed
• Erasure is required for compliance with legal obligations

Limitations: We may retain data when required by law (e.g., tax records, financial transactions) or for establishing legal claims.

How to exercise: Submit written request to [email protected]

Right to Restriction of Processing (Article 18)

You can request we limit how we use your data when:

• You contest the accuracy of personal data
• Processing is unlawful but you oppose erasure
• We no longer need the data but you require it for legal claims
• You've objected to processing pending verification of legitimate grounds

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Applies to: Data processed based on consent or contract performance, and processed by automated means

Format provided: CSV or JSON format

Right to Object (Article 21)

You may object to processing based on:

• Legitimate interests (we must demonstrate compelling legitimate grounds to continue)
• Direct marketing (we will cease immediately upon request)
• Scientific/historical research or statistical purposes (unless necessary for public interest)

Rights Related to Automated Decision-Making (Article 22)

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects. Should this change, you will be notified and given the right to object.

Legal Bases for Processing

Contract Performance (Article 6(1)(b))

Processing necessary to provide pet care services you've requested:

• Scheduling and service delivery
• Communication about your bookings
• Payment processing
• Service reports and updates

Legal Obligation (Article 6(1)(c))

Processing required to comply with legal requirements:

• Tax and accounting records
• Financial transaction records
• Health and safety documentation

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests:

• Fraud prevention and security
• Service improvement and quality assurance
• Business analytics and operations
• Legal claim establishment and defense

Consent (Article 6(1)(a))

Processing based on your explicit consent:

• Marketing communications
• Photography and video of your pet for promotional purposes
• Optional service enhancements

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Data Protection Measures

Technical Measures

• SSL/TLS encryption for data transmission
• Encrypted database storage
• Regular security audits and penetration testing
• Firewall protection and intrusion detection
• Secure backup systems with encryption

Organizational Measures

• Staff training on data protection requirements
• Access controls based on role necessity
• Confidentiality agreements with employees
• Data protection impact assessments for new processing activities
• Documented data processing procedures
• Regular policy reviews and updates

Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms:

• We will notify the relevant supervisory authority within 72 hours of becoming aware
• We will notify affected individuals without undue delay if the breach poses a high risk
• Notifications will include the nature of the breach, likely consequences, and measures taken

International Data Transfers

Your data is primarily processed within Australia. If we transfer data outside Australia or the European Economic Area, we ensure:

• Adequacy decisions exist for the destination country, or
• Appropriate safeguards are in place (Standard Contractual Clauses, Binding Corporate Rules), or
• Specific derogations apply (explicit consent, contract performance)

Children's Data

We do not knowingly process data of children under 16 without parental consent. Where consent is the legal basis for processing children's data, we verify parental authority.

Data Retention

Retention periods are determined by:

• Legal and regulatory requirements
• Operational necessity
• Legitimate business interests

Specific retention periods are detailed in our Privacy Policy.

Third-Party Processors

We engage third-party processors who are:

• Bound by written data processing agreements
• Required to implement appropriate security measures
• Prohibited from using data for their own purposes
• Obligated to assist with GDPR compliance

How to Exercise Your Rights

Request Submission

Email: [email protected]

Include in your request:

• Your full name and contact information
• Specific right you wish to exercise
• Description of your request
• Proof of identity (for security purposes)

Identity Verification

To protect your data, we may request additional information to verify your identity before processing requests.

Response Timeline

We will respond to requests within 30 days. Complex requests may require an extension of up to 60 additional days, with explanation.

No Fee Policy

Requests are processed free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests, particularly repetitive ones.

Complaints and Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with:

Australian Supervisory Authority:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: [email protected]

EU Supervisory Authorities:
Contact the data protection authority in your EU member state. A list is available at: European Data Protection Board

Updates to GDPR Compliance

This document is reviewed annually and updated as needed to reflect changes in our practices or legal requirements. Last review: May 29, 2026

Contact for GDPR Matters

For GDPR-specific inquiries:
Email: [email protected]
Subject Line: GDPR Inquiry
Response Time: Within 5 business days for initial acknowledgment