GDPR Compliance Statement

Last Updated: May 11, 2026

Our Commitment to GDPR

crisp-inspiration is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines how we comply with GDPR requirements and your rights as a data subject.

Data Controller Information

Data Controller: crisp-inspiration
Address: Level 14, 388 George Street, Sydney NSW 2000, Australia
Email: [email protected]

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

1. Right to Access (Article 15)

You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data along with information about how it is being processed.

2. Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data under certain circumstances, including when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

4. Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing of your personal data in certain situations, such as when you contest the accuracy of the data.

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6. Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

8. Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time.

Legal Bases for Processing

We process personal data based on the following legal grounds:

• Consent: You have explicitly consented to the processing
• Contract performance: Processing is necessary to fulfill our contractual obligations to you
• Legal obligation: Processing is required to comply with legal requirements
• Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights

Data We Collect

We collect and process the following categories of personal data:

• Identity data (name, title)
• Contact data (email address, company name)
• Technical data (IP address, browser type, device information)
• Usage data (how you interact with our website)
• Communication data (information you provide in inquiries or correspondence)

How We Use Your Data

We use your personal data for the following purposes:

• Providing and managing our services
• Responding to inquiries and customer support
• Marketing communications (with your consent)
• Website improvement and analytics
• Compliance with legal obligations

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Active customer data: Duration of the business relationship plus 7 years for accounting purposes
• Marketing data: Until you withdraw consent or request deletion
• Website analytics data: 26 months

International Data Transfers

As we are based in Australia, personal data collected from EEA residents may be transferred outside the EEA. We ensure such transfers are protected by appropriate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions
• Binding corporate rules

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject line: GDPR Data Request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred.

For a list of supervisory authorities, visit: https://edpb.europa.eu/about-edpb/board/members_en

Cookies and Tracking

We use cookies and similar technologies. For detailed information, please see our Cookies Policy. You can manage your cookie preferences through our cookie banner or browser settings.

Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. We will post any updates on this page.

Contact Us

If you have any questions about our GDPR compliance or data protection practices, please contact us at [email protected].