GDPR Compliance

Last updated: May 22, 2026

Introduction

While ToughSpire Systems is based in Australia, we recognize that visitors to our website may be located in the European Union (EU) or European Economic Area (EEA). This page outlines how we comply with the General Data Protection Regulation (GDPR) when processing personal data of EU/EEA residents.

Data Controller

For the purposes of GDPR, the data controller is:

ToughSpire Systems
127 Willoughby Road
Crows Nest NSW 2065
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

  • Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., newsletter subscription, contact forms).
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract (e.g., booking consultations).
  • Legal Obligation: Processing is necessary for us to comply with the law.
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests.

Your Rights Under GDPR

If you are a resident of the EU/EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, including when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, including processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently employ automated decision-making processes.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by two additional months, in which case we will inform you.

We may need to verify your identity before processing your request. This is a security measure to ensure that personal data is not disclosed to unauthorized parties.

Data Protection Officer

Given the scale and nature of our operations, we are not currently required to appoint a Data Protection Officer (DPO). However, all data protection inquiries can be directed to [email protected] and will be handled by our management team.

International Data Transfers

As we are based in Australia, personal data collected from EU/EEA residents is transferred outside the EU/EEA. Australia is not currently recognized by the European Commission as providing adequate data protection. However, we implement appropriate safeguards to protect your data, including:

  • Contractual commitments to data protection standards
  • Technical and organizational security measures
  • Limited data collection and processing

By using our services, you acknowledge and consent to the transfer of your data to Australia.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Service delivery and customer relationship management
  • Legal, accounting, or reporting requirements
  • Resolving disputes and enforcing agreements

When personal data is no longer needed, we will securely delete or anonymize it.

Cookies and Tracking

We use cookies in compliance with GDPR requirements. For detailed information, please see our Cookies Policy. You can manage your cookie preferences through our cookie consent banner or your browser settings.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Third-Party Services

We may use third-party service providers to help us operate our business and website or administer activities on our behalf. These parties are bound by confidentiality obligations and are only permitted to process your data for specified purposes and in accordance with our instructions.

Children's Data

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement.

For EU/EEA residents, you can find your local supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

Changes to This Policy

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

Contact Us

For any questions or concerns about our GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Postal Address: 127 Willoughby Road, Crows Nest NSW 2065, Australia