Information on this site is advertising in nature.

GDPR Compliance

Last Updated: June 2026

Our Commitment to Data Protection

crag-bear is committed to protecting the personal data of all individuals, including those located in the European Economic Area (EEA). This page outlines how we comply with the General Data Protection Regulation (GDPR) and your rights under this regulation.

Data Controller

crag-bear acts as the data controller for personal information collected through this website. We are responsible for deciding how personal data is collected, used, and stored.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes
  • Contract: Where processing is necessary for the performance of a contract or to take steps before entering a contract
  • Legal Obligation: Where processing is necessary to comply with legal requirements
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights

Your GDPR Rights

Under the GDPR, you have the following rights:

  • Right to Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure: You can request deletion of your personal data in certain circumstances
  • Right to Restriction: You can request that we limit how we use your data
  • Right to Data Portability: You can request your data in a machine-readable format
  • Right to Object: You can object to certain types of processing, including direct marketing
  • Rights Related to Automated Decision-Making: You have rights concerning decisions made solely by automated means

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, this period may be extended by two further months, and we will inform you accordingly.

Data Transfers

If we transfer personal data outside the EEA, we ensure appropriate safeguards are in place to protect your data, such as standard contractual clauses approved by the European Commission or transfers to countries with adequate data protection laws.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods vary depending on the type of data and the purposes for which it is used. When data is no longer required, it is securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures are regularly reviewed and updated as necessary.

Cookies and Tracking

Our website uses cookies and similar technologies. For detailed information about the cookies we use and how to manage them, please refer to our Cookies Policy.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For individuals in Australia, this would be the Office of the Australian Information Commissioner (OAIC). For individuals in the EEA, you may contact your local data protection authority.

Contact Information

For questions about GDPR compliance or to exercise your rights, please contact us at:

Email: [email protected]
Address: Level 12, 45 Clarence Street, Sydney NSW 2000, Australia