GDPR Compliance Statement

Last Updated: May 22, 2026

1. Our Commitment to GDPR

Phantasm Burst is committed to compliance with the General Data Protection Regulation (GDPR) for any personal data we process relating to individuals in the European Economic Area (EEA), even though we are based in Australia.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you explicitly agree to our processing of your personal data
• Contract: When processing is necessary to fulfill a contract with you
• Legitimate Interests: When we have a legitimate business interest that doesn't override your rights
• Legal Obligation: When we must process data to comply with legal requirements

3. Your Rights Under GDPR

If you are an EU/EEA resident, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to our processing of your personal data
• Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing

4. Data Protection Officer

For GDPR-related inquiries, please contact our Data Protection Officer:

Email: [email protected]
Postal Address: Data Protection Officer, Phantasm Burst, Level 14, 380 Collins Street, Melbourne VIC 3000, Australia

5. Data Processing Activities

5.1 Categories of Personal Data

We process the following categories of personal data:

• Identity data (name, title)
• Contact data (email address, postal address)
• Professional data (company name, job title)
• Technical data (IP address, browser type, device information)
• Usage data (website interaction, page views)

5.2 Processing Purposes

We process personal data for:

• Providing and managing our services
• Communicating with clients and prospects
• Improving our website and services
• Compliance with legal obligations
• Marketing and business development (with consent)

6. Data Sharing and Transfers

We may share personal data with:

• Service providers who process data on our behalf (under data processing agreements)
• Professional advisors (lawyers, accountants, auditors)
• Regulatory authorities when legally required

When transferring data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Client relationship data: Duration of relationship plus 7 years
• Marketing data: Until consent is withdrawn or data becomes outdated
• Website analytics data: 26 months

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Staff training on data protection
• Incident response procedures

9. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware
• Inform affected individuals without undue delay if the breach poses a high risk
• Document all data breaches and remedial actions taken

10. Cookies and Tracking

We use cookies and similar technologies with your consent. You can manage cookie preferences through our cookie banner or browser settings. For more details, see our Cookie Policy.

11. Marketing Communications

We only send marketing emails with your explicit consent. You can withdraw consent at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at [email protected]

12. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, or inform you if we need additional time (up to three months for complex requests).

We may request proof of identity before processing your request to ensure data security.

13. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority in the EU/EEA.

14. Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website or direct notification.

15. Contact Information

For GDPR-related questions or to exercise your rights:

Data Protection Officer
Phantasm Burst
Level 14, 380 Collins Street
Melbourne VIC 3000, Australia
Email: [email protected]