GDPR Rights & Data Protection

Last updated: January 1, 2025

1. Your Data Protection Rights

Under the General Data Protection Regulation (GDPR) and Australian Privacy Act, you have important rights regarding your personal data. Riverstone Budget Solutions is committed to protecting these rights and ensuring full compliance with data protection laws.

Data Controller: Riverstone Budget Solutions
Contact: support@sagastored.com
Address: 106 Riverside Drive, Richmond, VIC 3121, Australia

2. Right to Access Your Data

You have the right to request copies of your personal data that we hold. This includes:

  • Confirmation that we are processing your personal data
  • Access to your personal data
  • Information about how we use your data
  • Information about who we share your data with
  • How long we keep your data
  • Information about your other rights

How to Request Access:

Email us at support@sagastored.com with the subject line "Data Access Request" and include:

  • Your full name and contact details
  • Proof of identity (driver's license or passport)
  • Specific information you want to access (if applicable)

Response Time: We will respond within 30 days of receiving your request.

3. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. This includes:

  • Correcting inaccurate personal information
  • Completing incomplete personal information
  • Updating outdated information
  • Correcting information that could affect service delivery

How to Request Corrections:

Contact us at support@sagastored.com with:

  • Details of the incorrect information
  • The correct information
  • Supporting documentation if necessary

Response Time: Corrections will be made within 30 days where possible.

4. Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required for compliance with legal obligations

Important Limitations:

We may not be able to delete your data if we need it for:

  • Legal compliance (e.g., tax records, financial regulations)
  • Establishing, exercising, or defending legal claims
  • Public interest or scientific research purposes
  • Archiving purposes in the public interest

5. Right to Restrict Processing

You can request that we limit how we use your personal data in the following situations:

  • You contest the accuracy of the data (during verification period)
  • Processing is unlawful but you prefer restriction over deletion
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification of legitimate grounds)

When processing is restricted, we will only:

  • Store your data
  • Process it with your consent
  • Process it for legal claims
  • Process it to protect another person's rights

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. This right applies when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

Available Formats:

We can provide your data in the following formats:

  • CSV (Comma Separated Values)
  • JSON (JavaScript Object Notation)
  • XML (Extensible Markup Language)
  • PDF (for human-readable format)

Request data portability at support@sagastored.com

7. Right to Object

7.1 General Right to Object

You can object to processing of your personal data based on:

  • Legitimate interests
  • Performance of public tasks
  • Exercise of official authority

7.2 Direct Marketing

You have an absolute right to object to direct marketing, including:

  • Marketing emails and newsletters
  • Promotional phone calls
  • Targeted advertising
  • Profiling for marketing purposes

How to Object:

  • Email: support@sagastored.com
  • Unsubscribe links in marketing emails
  • Phone: +61 2 9876 5432
  • Written notice to our office address

8. Rights Related to Automated Decision-Making

You have rights regarding automated decision-making, including profiling that produces legal effects or significantly affects you:

  • Right to human intervention in the decision-making process
  • Right to express your point of view
  • Right to contest the decision
  • Right to obtain an explanation of the decision

Our Practice: We do not use fully automated decision-making systems. All financial advice and recommendations involve human review and consideration.

9. Consent Management

9.1 Withdrawing Consent

Where we rely on your consent to process personal data, you can withdraw consent at any time:

  • Marketing communications consent
  • Cookie consent
  • Data sharing consent
  • Special category data consent

9.2 Cookie Consent Management

Manage your cookie preferences:

9.3 Marketing Preferences

Update your marketing preferences:

  • Email newsletters and updates
  • Service announcements
  • Promotional offers
  • Educational content

Contact support@sagastored.com to update preferences

10. Data Processing Purposes and Legal Basis

Purpose Legal Basis Your Rights
Service delivery Contract performance Access, rectification, portability
Marketing communications Consent Withdraw consent, object
Website analytics Legitimate interest Object, restrict
Legal compliance Legal obligation Access, rectification
Customer support Legitimate interest Access, rectification, object

11. Data Retention Periods

Retention Schedule:

  • Client service records: 7 years after service completion
  • Financial advice records: 7 years (regulatory requirement)
  • Marketing consent: Until withdrawn or 3 years of inactivity
  • Website cookies: 13 months maximum
  • Analytics data: 26 months
  • Email communications: 3 years or until deletion requested
  • Payment records: 7 years (tax compliance)

12. International Data Transfers

When we transfer your data outside Australia or the EU, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules where applicable
  • Certification schemes and codes of conduct

Current International Transfers:

  • Email services: Microsoft 365 (Standard Contractual Clauses)
  • Website hosting: AWS Australia (local hosting)
  • Payment processing: Stripe (Privacy Shield/SCCs)
  • Analytics: Google Analytics (Data Processing Amendment)

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant authorities within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach
  • Explain the likely consequences
  • Describe measures taken to address the breach
  • Provide recommendations for protecting yourself

14. Making a Complaint

14.1 Internal Complaints

If you have concerns about how we handle your personal data:

Contact our Data Protection Officer:

  • Email: support@sagastored.com
  • Phone: +61 2 9876 5432
  • Address: 106 Riverside Drive, Richmond, VIC 3121

We will investigate and respond within 30 days.

14.2 External Complaints

You also have the right to lodge a complaint with supervisory authorities:

Australian Residents:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

EU Residents:

Your Local Data Protection Authority
Find your local authority: EDPB Member List

UK Residents:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

15. Contact Information

Data Controller:

Riverstone Budget Solutions
106 Riverside Drive
Richmond, VIC 3121
Australia

Contact Details:

General Inquiries: info@sagastored.com
Data Protection: support@sagastored.com
Phone: +61 2 9876 5432

Business Hours:

Monday to Friday: 9:00 AM - 6:00 PM AEST
Saturday: 9:00 AM - 1:00 PM AEST
Sunday: Closed

16. Quick Action Center

Common Requests:

Access My Data

Request copies of your personal information

Request Access

Update Information

Correct or update your personal details

Update Data

Delete My Data

Request deletion of your personal information

Delete Data

Opt-Out Marketing

Unsubscribe from marketing communications

Opt-Out

Export My Data

Download your data in portable format

Export Data

File Complaint

Report data protection concerns

File Complaint