Last Updated: January 1, 2026
While rough-horizon is based in Australia, we recognize that some of our website visitors and clients may be located in the European Union. This page outlines our commitment to complying with the General Data Protection Regulation (GDPR) requirements.
We process personal data on the following legal bases:
If you are located in the EU, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you.
You can request that we correct inaccurate or incomplete personal data.
You can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
You can request that we restrict the processing of your personal data in specific situations.
You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.
You can object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
Where processing is based on consent, you have the right to withdraw that consent at any time.
You have the right to lodge a complaint with a supervisory authority in the EU member state of your residence or workplace.
For GDPR-related inquiries, you can contact us at:
Email: [email protected]
Address: 247 Environmental Way, Brisbane, QLD 4000, Australia
When we transfer personal data from the EU to Australia, we ensure appropriate safeguards are in place. Australia has been recognized by the European Commission as providing adequate data protection.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. When data is no longer needed, we securely delete or anonymize it.
We implement technical and organizational measures to ensure a level of security appropriate to the risk, including:
We do not use automated decision-making processes, including profiling, that would have legal or similarly significant effects on individuals.
When we engage third-party service providers who process personal data on our behalf, we ensure they provide sufficient guarantees of GDPR compliance through contractual agreements.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.
We do not knowingly collect or process personal data of children under 16 years of age without parental consent.
We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page indicates when the most recent changes were made.
To exercise any of your GDPR rights, please contact us using the information provided above. We will respond to your request within one month, though this period may be extended by two additional months if your request is complex.
We may need to verify your identity before processing certain requests. This is a security measure to ensure personal data is not disclosed to unauthorized parties.