GDPR Information

Last updated: 14 August 2025

1. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

2. Legal Basis for Processing

We process your personal data based on:

  • Your consent for marketing communications
  • Legitimate interests for service provision and improvement
  • Contractual necessity for account management

3. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

4. International Transfers

If we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place to protect your information.

5. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at support@treasurequestau.com with your request.

6. Data Protection Officer

For data protection inquiries, you can contact our Data Protection Officer at dpo@treasurequestau.com

7. Controller Details

Controller: Treasure Quest. Contact: support@treasurequestau.com. Registered in Australia. For EU matters, you may contact our DPO.

8. Purposes and Legal Bases

  • Service provision and security — Legitimate interests.
  • Account management — Contract performance.
  • Analytics and improvement — Legitimate interests.
  • Marketing communications — Consent.
  • Compliance with law — Legal obligation.

9. Recipients and Processors

We may share data with infrastructure, analytics, and support vendors acting as processors under DPAs. We require appropriate technical and organisational measures.

10. Retention

We retain personal data only as long as necessary for the purposes described above or as required by law. Retention periods vary by category (e.g., account data kept while account is active, and for a limited period thereafter).

11. International Transfers

When transferring personal data outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and additional measures where necessary.

12. Automated Decision-Making

We do not engage in automated decision-making producing legal or similarly significant effects without appropriate safeguards.