GDPR Compliance

Last updated: May 11, 2026

1. Introduction

Epic Zenith is committed to protecting the privacy and personal data of all individuals, including visitors from the European Union (EU) and European Economic Area (EEA). This page outlines our compliance with the General Data Protection Regulation (GDPR).

While our primary operations are in Australia and we serve Australian clients, we respect the data protection rights of all website visitors regardless of location.

2. Legal Basis for Processing

We process personal data only when we have a lawful basis to do so. Under GDPR, these bases include:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing is necessary for a contract we have with you
  • Legal Obligation: Processing is necessary to comply with the law
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and rights do not override those interests

3. Your Rights Under GDPR

If you are a resident of the EU or EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

4. Data Collection and Use

We collect and process the following types of personal data:

  • Contact information (name, email address)
  • Technical data (IP address, browser type, device information)
  • Usage data (pages visited, time spent on site)
  • Financial information (only when you engage our services)

We use this data to:

  • Provide and improve our services
  • Communicate with you about our services
  • Comply with legal obligations
  • Protect against fraud and security threats

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Providing services to you
  • Complying with legal, accounting, or reporting requirements
  • Resolving disputes and enforcing agreements

When personal data is no longer required, we will securely delete or anonymize it.

6. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

7. International Data Transfers

As an Australian-based company, personal data collected from EU/EEA visitors may be transferred to and processed in Australia. We ensure that appropriate safeguards are in place for such transfers, including:

  • Use of standard contractual clauses approved by the European Commission
  • Ensuring recipients are certified under an adequacy framework
  • Implementing appropriate technical and organizational measures

8. Cookies and Tracking

We use cookies and similar tracking technologies. You can control your cookie preferences through our cookie banner and your browser settings. For detailed information, see our Cookies Policy.

9. Third-Party Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers who process data on our behalf
  • Professional advisors when necessary
  • Regulatory authorities when required by law

All third parties are required to respect the security of your personal data and treat it in accordance with the law.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

11. Data Protection Officer

For questions regarding our GDPR compliance or to exercise your rights, you may contact our Data Protection Officer:

Email: [email protected]
Postal Address:
Data Protection Officer
Epic Zenith
Level 14, 385 Bourke Street
Melbourne VIC 3000
Australia

12. Supervisory Authority

If you are located in the EU or EEA, you have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with applicable data protection laws.

13. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it.

14. Updates to This Policy

We may update this GDPR Compliance page from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

15. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information provided above. We will respond to your request within one month, though this may be extended by two additional months in complex cases.

We may need to verify your identity before processing your request. We will not charge a fee unless your request is clearly unfounded, repetitive, or excessive.