Last updated: June 2026
frost-hawk is committed to protecting the privacy and security of your personal data. This page outlines how we comply with the General Data Protection Regulation (GDPR) and the rights available to you as a data subject.
While our primary operations are based in Australia, we extend GDPR-equivalent protections to all users of our website and services, regardless of location.
frost-hawk acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.
Contact details:
frost-hawk
142 Harbour Street
Sydney NSW 2000
Australia
Email: [email protected]
We process your personal data based on the following legal grounds:
As a data subject, you have the following rights:
You have the right to request a copy of the personal data we hold about you and information about how we process it.
You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.
You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another data controller where technically feasible.
You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
To exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month. In certain circumstances, we may extend this period by two months where necessary, in which case we will inform you of the extension and the reasons for it.
We may request specific information from you to help us confirm your identity and ensure your right to access your personal data or exercise any of your other rights.
There is no fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
Your personal data may be transferred to and processed in countries outside your country of residence. When we transfer personal data to other countries, we ensure appropriate safeguards are in place to protect your data.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Australia, you can contact the Office of the Australian Information Commissioner (OAIC).
We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.