Last Updated: June 4, 2026
While zen-hollow operates primarily within Australia, we recognize and respect the data protection rights of individuals in the European Economic Area. This statement outlines how we comply with the principles of the General Data Protection Regulation (GDPR) when processing personal data of EEA residents.
We process personal data based on one or more of the following legal grounds:
Under GDPR, individuals have the following rights regarding their personal data:
You may request confirmation of what personal data we process about you and obtain a copy of that data in a structured, commonly used format.
You have the right to request correction of inaccurate personal data and to have incomplete data completed.
Under certain circumstances, you may request deletion of your personal data when it is no longer necessary for the purposes collected, when you withdraw consent, or when there is no overriding legitimate ground for processing.
You may request restriction of processing when you contest data accuracy, when processing is unlawful but you prefer restriction over deletion, or when you need the data for legal claims.
You have the right to receive personal data you provided to us in a structured format and to transmit that data to another controller where technically feasible.
You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
You have the right to lodge a complaint with your local supervisory authority if you believe our processing violates GDPR.
We implement appropriate technical and organizational measures to ensure data security, including:
Personal data may be transferred to and processed in Australia. When transferring data from the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or other legally recognized mechanisms.
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Affected individuals will be informed without undue delay when the breach is likely to result in high risk to their rights.
We collect and process only the personal data necessary for the specified purposes. Data collection is limited to what is adequate, relevant, and not excessive in relation to our service provision.
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Standard retention periods are detailed in our Privacy Policy.
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects individuals without human intervention.
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children without parental consent.
To exercise any of your GDPR rights or for questions about our data protection practices, contact us at:
Email: [email protected]
Address: 127 St Georges Terrace, Perth WA 6000, Australia
We will respond to requests within one month, which may be extended by two additional months when necessary, taking into account the complexity and number of requests.
This GDPR Compliance Statement may be updated to reflect changes in our practices or legal requirements. Material changes will be communicated through our website with an updated effective date.