GDPR Compliance

Last updated: April 11, 2026

Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Union. While Stellar Educator Pty Ltd is based in Australia, we recognize the importance of data privacy and extend GDPR-level protections to all individuals who interact with our services, regardless of location.

This document outlines how we comply with GDPR principles and your rights under this regulation.

Data Controller Information

For the purposes of GDPR, Stellar Educator Pty Ltd acts as the data controller for personal information we collect. Our contact details are:

Stellar Educator Pty Ltd
247 Builder's Avenue
Sydney NSW 2000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data only when we have a valid legal basis. The legal bases we rely on include:

  • Contractual Necessity: Processing is necessary to perform a contract with you or take steps at your request before entering into a contract (such as providing construction services).
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, provided these interests do not override your rights.
  • Legal Obligation: Processing is required to comply with applicable laws and regulations.
  • Consent: You have given explicit consent for specific processing activities, such as receiving marketing communications.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to obtain confirmation about whether we process your personal data and, if so, to access that data along with information about how it is used.

Right to Rectification

You may request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data under certain circumstances, including when the data is no longer necessary for its original purpose or when you withdraw consent.

Right to Restrict Processing

You may request that we limit how we use your data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You may object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects. We do not currently engage in automated decision-making of this nature.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] or use the postal address provided above. We will respond to your request within one month, though this period may be extended by two additional months for complex requests.

We may request additional information to verify your identity before processing certain requests. This is a security measure to ensure personal data is not disclosed to unauthorized parties.

Data Collection and Use

We collect and process personal data for the following purposes:

  • Providing construction and design services
  • Communicating about projects and services
  • Managing client relationships
  • Processing payments and maintaining financial records
  • Improving our services and website functionality
  • Complying with legal and regulatory requirements

For detailed information about the types of data we collect and how we use it, please refer to our Privacy Policy.

Data Sharing and Transfers

We may share personal data with third-party service providers who assist in delivering our services, such as contractors, architects, and payment processors. These parties are contractually obligated to protect your data and use it only for specified purposes.

When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions confirming the recipient country provides adequate protection
  • Other legally recognized transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Specific retention periods vary depending on the type of data and the nature of our relationship with you.

Project-related information is typically retained for seven years following project completion to meet warranty obligations and building regulations. Marketing consent records are retained until you withdraw consent or we determine the data is no longer relevant.

Data Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorized personnel
  • Regular security assessments and updates
  • Employee training on data protection practices
  • Incident response procedures for data breaches

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

If the breach poses a high risk to your rights, we will also notify you directly without undue delay, providing information about the nature of the breach and the measures we are taking to address it.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality and analyze usage. We obtain consent before placing non-essential cookies on your device.

For detailed information about our cookie practices and how to manage your preferences, please refer to our Cookies Policy.

Children's Data

We do not knowingly collect or process personal data from individuals under the age of sixteen without parental consent. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

Updates to This Document

We may update this GDPR compliance statement periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website or direct notification where appropriate.

Supervisory Authority

If you are located in the European Union and believe we have not handled your personal data appropriately, you have the right to lodge a complaint with your local data protection authority. Contact details for EU data protection authorities can be found at https://stellar-educator.com/about-edpb/board/members_en.

Contact Us

If you have questions about our GDPR compliance practices or wish to exercise your rights, please contact our data protection team:

Email: [email protected]
Postal Address: Stellar Educator Pty Ltd, 247 Builder's Avenue, Sydney NSW 2000, Australia