GDPR Compliance

Last updated: June 16, 2026

Overview

While mist-fox.com is based in Australia, we recognize the importance of the General Data Protection Regulation (GDPR) for individuals in the European Economic Area. This page outlines how we comply with GDPR principles and your rights under this regulation.

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities
• Contract performance: When processing is necessary to fulfil our service obligations
• Legitimate interests: When we have legitimate business reasons that do not override your rights
• Legal obligations: When required to comply with applicable laws

Your Rights Under GDPR

If you are located in the EEA, you have the following rights:

• Right of access: Request confirmation of whether we process your data and obtain a copy
• Right to rectification: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data under certain conditions
• Right to restriction: Request limitation of processing in specific circumstances
• Right to data portability: Receive your data in a structured, commonly used format
• Right to object: Object to processing based on legitimate interests or direct marketing
• Right to withdraw consent: Withdraw previously given consent at any time

Data Protection Principles

We adhere to GDPR data protection principles:

• Processing personal data lawfully, fairly, and transparently
• Collecting data only for specified, explicit, and legitimate purposes
• Ensuring data minimization by collecting only what is necessary
• Maintaining accuracy and keeping data up to date
• Retaining data only as long as necessary
• Implementing appropriate security measures

International Data Transfers

As an Australian-based organization, personal data collected from EEA residents may be transferred to and processed in Australia. We ensure that such transfers are protected by appropriate safeguards in accordance with GDPR requirements.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we securely delete or anonymize it.

Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Exercising Your Rights

To exercise any of your GDPR rights or if you have questions about our data processing practices, please contact us at:

[email protected]
Level 12, 485 La Trobe Street
Melbourne VIC 3000, Australia

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority in the EEA.