GDPR Compliance Statement

Last Updated: May 22, 2026

1. Our Commitment to GDPR

Although MerquoraTechAI is an Australian company primarily serving Australian clients, we recognize that some of our website visitors and clients may be located in the European Union. We are committed to complying with the General Data Protection Regulation (GDPR) for all EU residents whose data we process.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you explicitly agree to provide information through forms or communications
  • Contractual Necessity: When processing is necessary to fulfill a contract with you
  • Legitimate Interest: For business operations, fraud prevention, and security
  • Legal Obligation: When required by law

3. Your Rights Under GDPR

If you are an EU resident, you have the following rights regarding your personal data:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation on how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Rights Related to Automated Decision-Making: Not to be subject to decisions based solely on automated processing

4. Data Protection Officer

For GDPR-related inquiries, please contact our Data Protection Officer:

Email: [email protected]
Address: Level 17, 135 King Street, Sydney NSW 2000, Australia

5. Data Processing and Storage

We process and store personal data in accordance with GDPR principles:

  • Data is processed lawfully, fairly, and transparently
  • Data is collected for specified, explicit, and legitimate purposes
  • Data collection is limited to what is necessary
  • Data is kept accurate and up to date
  • Data is retained only as long as necessary
  • Data is processed securely with appropriate technical and organizational measures

6. International Data Transfers

As an Australian company, data is primarily stored and processed in Australia. When transfers outside the EU occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Ensuring the receiving country provides adequate data protection
  • Implementing additional security measures where necessary

7. Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all data breaches and our response measures

8. Third-Party Processors

We only work with third-party processors who provide sufficient guarantees of GDPR compliance. All data processing agreements include:

  • Clear instructions on data processing activities
  • Confidentiality obligations
  • Appropriate security measures
  • Sub-processor requirements and controls

9. Cookies and Tracking

We use cookies in compliance with GDPR requirements. You have the right to accept or reject non-essential cookies. For detailed information, see our Cookie Policy.

10. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, or inform you if additional time is required.

11. Right to Lodge a Complaint

If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with your local supervisory authority in the EU, or with the Office of the Australian Information Commissioner.

12. Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. The updated version will be indicated by a revised "Last Updated" date.