GDPR compliance

Your data subject rights

• Access and portability
• Rectification of inaccurate data
• Erasure and restriction where applicable
• Objection to certain processing
• Withdrawal of consent where consent is the lawful basis

To exercise rights, email [email protected]. We may request verification to protect your data.

Lawful bases and governance

• Contract: to deliver advising and application services
• Legitimate interests: service improvement and security balanced with your rights
• Consent: optional communications where required
• Legal obligation: compliance with applicable laws and requests

We assess risk via internal reviews and conduct Data Protection Impact Assessments where processing may pose high risk. Subprocessors are engaged under written agreements with data protection clauses. In the event of a personal data breach, we follow a documented notification process aligned with legal requirements. Cross-border transfers use appropriate safeguards as available under applicable law.

Submit a GDPR request

Email: [email protected]

Postal: Privacy Team, Level 18, 60 Margaret Street, Sydney NSW 2000, Australia

Please describe the right you wish to exercise and include identity confirmation details so we can process your request securely.