GDPR Compliance
Effective Date: May 17, 2026
Sparkling Motor is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and the Australian Privacy Principles (APPs). This page outlines how we comply with GDPR requirements.
Legal Basis for Processing
We process personal data only when we have a lawful basis to do so. Our legal bases include:
- Consent: You have given clear consent for us to process your personal data for specific purposes
- Contract: Processing is necessary to fulfil our contractual obligations to you
- Legal Obligation: Processing is required to comply with Australian or international law
- Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights
Your GDPR Rights
Under GDPR, you have the following rights:
Right to Access
You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a commonly used electronic format within 30 days of your request.
Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it.
Right to Erasure (Right to be Forgotten)
You may request that we delete your personal data in certain circumstances, such as when:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Please note that we may be required to retain certain information for legal or regulatory compliance.
Right to Restriction of Processing
You can request that we restrict the processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object
You may object to the processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with:
- The Australian Information Commissioner (for Australian residents)
- The supervisory authority in your EU member state (for EU residents)
Data Protection Officer
For questions regarding GDPR compliance or to exercise your rights, you may contact our data protection team at:
Email: [email protected]
Subject Line: GDPR Inquiry
Data Processing Activities
We maintain records of our data processing activities, including:
- Purposes of processing
- Categories of data subjects and personal data
- Categories of recipients of personal data
- International data transfers and safeguards
- Retention periods
- Security measures
International Data Transfers
When we transfer personal data outside the European Economic Area (EEA) or Australia, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions recognising that a country provides adequate data protection
- Binding Corporate Rules
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.
Privacy by Design and Default
We implement privacy by design and default principles in our operations, ensuring that:
- Data protection is considered at every stage of processing
- Only necessary personal data is collected and processed
- Personal data is processed only for specified purposes
- Access to personal data is restricted to authorised personnel
- Security measures are regularly reviewed and updated
Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.
Third-Party Processors
When we engage third-party processors to handle personal data on our behalf, we ensure they:
- Provide sufficient guarantees of GDPR compliance
- Process data only on our documented instructions
- Maintain appropriate security measures
- Assist us in fulfilling our GDPR obligations
Updates to This Policy
We may update this GDPR Compliance page to reflect changes in our practices or legal requirements. The effective date at the top of this page indicates when it was last updated.
Contact Us
To exercise your GDPR rights or for any questions about our data protection practices:
Sparkling Motor
Level 7, 582 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]