GDPR Compliance

Our Commitment to GDPR

Crypt Arcade is committed to complying with the General Data Protection Regulation (GDPR) and respecting the privacy rights of individuals in the European Economic Area (EEA) and beyond.

Data Controller

Crypt Arcade acts as the data controller for personal information collected through our website. We determine the purposes and means of processing your personal data.

Contact Details:
Email: [email protected]
Address: Level 14, 367 Collins Street, Melbourne VIC 3000, Australia

Lawful Basis for Processing

Under GDPR, we process personal data based on the following lawful grounds:

• Consent (Article 6(1)(a)): When you explicitly agree to our processing activities, such as submitting a contact form
• Legitimate Interests (Article 6(1)(f)): For business operations, website analytics, and improving our services
• Legal Obligation (Article 6(1)(c)): When required to comply with legal requirements
• Contract Performance (Article 6(1)(b)): To fulfill contractual obligations with clients

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access (Article 15)

You can request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances.

Right to Restriction of Processing (Article 18)

You can request that we limit the processing of your personal data under specific conditions.

Right to Data Portability (Article 20)

You can request to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal effects.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with the subject line "GDPR Rights Request." We will respond within one month of receiving your request.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Staff training on data protection principles
• Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with Article 34 of GDPR.

International Data Transfers

When transferring personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding corporate rules where applicable

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods:

• Contact form submissions: 3 years
• Email communications: 5 years
• Website analytics data: 26 months
• Contract-related data: 7 years after contract termination

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates when changes were last made.

Contact Us

For any questions about our GDPR compliance or to exercise your rights, contact us:

Email: [email protected]
Subject: GDPR Inquiry
Address: Level 14, 367 Collins Street, Melbourne VIC 3000, Australia