GDPR Compliance Statement

Last Updated: May 11, 2026

Introduction

While Timeless Flow is an Australian-based company primarily serving Australian clients, we recognize the importance of the European Union's General Data Protection Regulation (GDPR) and are committed to protecting the personal data of all individuals, including those in the European Economic Area (EEA).

Data Controller

For the purposes of GDPR, Timeless Flow is the data controller responsible for your personal data.

Contact Details:
Timeless Flow
Level 12, 348 Edward Street
Brisbane QLD 4000, Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data in certain circumstances, such as when it's no longer necessary for the purposes it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You can object to our processing of your personal data in certain circumstances, particularly for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within 30 days.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

International Data Transfers

As we are based in Australia, your personal data may be transferred to and processed in Australia. We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

Third-Party Processing

We only work with third-party processors who provide sufficient guarantees to implement appropriate technical and organizational measures to ensure GDPR compliance.

Children's Data

We do not knowingly collect or process personal data from individuals under the age of 16 without parental consent.

Supervisory Authority

If you are located in the EEA and believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.

Updates to This Statement

We may update this GDPR Compliance Statement from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

For any questions or concerns about our GDPR compliance, please contact us:

Email: [email protected]
Address: Level 12, 348 Edward Street, Brisbane QLD 4000, Australia