GDPR Information

Information for visitors and customers from the European Economic Area.

Home / GDPR

Last Updated: 1 January 2026

1. Overview

cliff-trek respects the privacy rights of individuals in the European Economic Area (EEA) and is committed to compliance with the General Data Protection Regulation (GDPR). This page provides additional information about how we handle personal data of EEA residents in accordance with GDPR requirements.

2. Data Controller

cliff-trek acts as the data controller for personal information collected through our website and services. Our contact details are:

cliff-trek
45 St Georges Terrace
Perth WA 6000
Australia
Email: [email protected]

3. Legal Basis for Processing

We process personal data of EEA residents under the following legal bases:

  • Contractual Necessity: Processing necessary to perform our rental agreement with you, including reservation management, identity verification, and payment processing.
  • Legal Obligation: Processing required to comply with applicable laws, including financial record-keeping and insurance requirements.
  • Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, service improvement, and security, provided these interests do not override your fundamental rights.
  • Consent: Processing based on your explicit consent, such as marketing communications. You may withdraw consent at any time.

4. Your Rights Under GDPR

As an EEA resident, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes collected.

Right to Restriction

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

5. International Data Transfers

As cliff-trek is based in Australia, personal data collected from EEA residents may be transferred to and processed in Australia. Australia is not currently recognised by the European Commission as providing an adequate level of data protection.

To ensure appropriate safeguards for such transfers, we rely on Standard Contractual Clauses approved by the European Commission. You may request a copy of these clauses by contacting us.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specific retention periods include:

  • Rental records: 7 years (legal and insurance requirements)
  • Marketing preferences: Until consent is withdrawn
  • Website analytics: 26 months

7. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. This period may be extended by two further months where necessary, considering the complexity and number of requests.

We may need to verify your identity before processing your request. There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

8. Complaints

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with a supervisory authority in your country of residence. However, we encourage you to contact us first so we can address your concerns directly.

9. Updates

We may update this GDPR information periodically. We will notify you of material changes by posting the updated information on our website and updating the "Last Updated" date.