Harmony Quartz

Retirement clarity for your tomorrow

GDPR Compliance

Effective date: May 10, 2026

Introduction

This page provides information about how Harmony Quartz complies with the General Data Protection Regulation (GDPR) for individuals located in the European Union (EU) and European Economic Area (EEA).

While Harmony Quartz is based in Australia and primarily serves Australian clients, we are committed to protecting the privacy rights of all individuals, including those in the EU and EEA who may interact with our website or services.

Legal Basis for Processing

We process personal data only when we have a legal basis to do so under GDPR Article 6:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests

Your Rights Under GDPR

If you are located in the EU or EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for this service if your request is clearly unfounded, repetitive, or excessive.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions, such as when the data is no longer necessary for the purposes it was collected or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing your data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject line: "GDPR Data Request"

We will respond to your request within one month of receipt. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will inform you of any such extension.

Data Protection Officer

For GDPR-related inquiries, you may contact our designated privacy contact at [email protected].

Data Transfers

Your personal data may be transferred to and processed in Australia. We ensure that any such transfers comply with GDPR requirements through appropriate safeguards, including:

  • Standard contractual clauses approved by the European Commission
  • Ensuring the recipient country provides adequate data protection
  • Obtaining your explicit consent where required

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. When personal data is no longer needed, we securely delete or anonymize it.

Automated Decision-Making

We do not use automated decision-making or profiling in ways that produce legal effects or similarly significantly affect you.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

Cookies and Tracking

We use cookies and similar technologies in accordance with GDPR requirements. For detailed information, please see our Cookies Policy. You can manage your cookie preferences through your browser settings or our cookie consent tool.

Children's Data

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

Complaints

If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

You may also contact us first to resolve your concern: [email protected]

Updates to This Policy

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.

Contact Information

For any questions or concerns about GDPR compliance or our data protection practices, please contact us at:

Harmony Quartz
Email: [email protected]
Address: Level 12, 180 Lonsdale Street, Melbourne VIC 3000, Australia