GDPR Compliance

Last updated: June 16, 2026

Introduction

While fjord-beam is an Australian-based organization primarily operating under the Australian Privacy Act 1988, we recognize that some of our website visitors and clients may be located in the European Economic Area. This page outlines how we comply with the General Data Protection Regulation (GDPR) for individuals in the EU/EEA.

Data Controller

fjord-beam Environmental Consulting acts as the data controller for personal data collected through our website and services. Our contact details are:

fjord-beam Environmental Consulting
Level 12, 485 La Trobe Street
Melbourne VIC 3000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

Consent: When you provide explicit consent for specific processing activities
Contract performance: When processing is necessary to deliver our consulting services
Legal obligation: When we must process data to comply with legal requirements
Legitimate interests: When processing serves our legitimate business interests and does not override your fundamental rights

Types of Personal Data Collected

We may collect and process the following categories of personal data:

Identity data (name, title)
Contact data (email address, organization)
Technical data (IP address, browser type, device information)
Usage data (website navigation, pages visited)
Project-related data (site locations, environmental concerns, project specifications)

Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You can request that we limit how we use your personal data in specific situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You may object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significant effects. We do not currently engage in automated decision-making.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, though this period may be extended by two additional months for complex requests.

We may request specific information from you to confirm your identity before processing your request.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Duration of our contractual relationship plus seven years for project records
As required by applicable legal, regulatory, tax, accounting, or reporting requirements
As necessary for the establishment, exercise, or defense of legal claims

International Data Transfers

As an Australian-based organization, personal data collected from EU/EEA individuals may be transferred to and stored in Australia. While Australia does not have an adequacy decision from the European Commission, we implement appropriate safeguards including:

Standard contractual clauses approved by the European Commission
Technical and organizational security measures
Compliance with Australian privacy law, which provides protections comparable to GDPR in many respects

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of data in transit and at rest
Regular security assessments
Access controls and authentication measures
Staff training on data protection
Incident response procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

Third-Party Processing

When we engage third-party service providers to process personal data on our behalf, we ensure they:

Provide sufficient guarantees of appropriate technical and organizational measures
Process data only on our documented instructions
Maintain confidentiality
Assist us in meeting our GDPR obligations

Children's Data

We do not knowingly collect or process personal data from children under 16 years of age. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information.

Cookies and Tracking

We use cookies and similar technologies on our website. For EU/EEA visitors, we obtain consent before placing non-essential cookies. For more information, please see our Cookies Policy.

Supervisory Authority

If you are located in the EU/EEA and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection supervisory authority.

Changes to This Policy

We may update this GDPR compliance statement from time to time. Material changes will be communicated through our website or directly to affected individuals where appropriate.

Contact and Data Protection Officer

For questions about our GDPR compliance or to exercise your rights, please contact us at:

Email: [email protected]
Subject line: GDPR Inquiry