Last Updated: 1 June 2026
Our Commitment to GDPR
rain-photon is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). While we are an Australian business, we extend GDPR-compliant practices to all users of our website and services.
Data Controller
rain-photon acts as the data controller for personal information collected through our website and services. Our contact details are:
rain-photon
142 Bourke Street
Melbourne VIC 3000
Australia
Email: [email protected]
Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose
- Contract: Where processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract
- Legal Obligation: Where processing is necessary for compliance with a legal obligation
- Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests
Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights:
Right to Access
You have the right to request copies of your personal data. We may charge a small fee for this service in certain circumstances.
Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure
You have the right to request that we erase your personal data, under certain conditions. This is also known as the "right to be forgotten".
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Object to Processing
You have the right to object to our processing of your personal data, under certain conditions, particularly where we process data based on legitimate interests.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
Exercising Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by a further two months, in which case we will notify you.
International Data Transfers
Your personal data may be transferred to and processed in Australia, where our servers and central database are located. We ensure that appropriate safeguards are in place to protect your data when it is transferred internationally.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period varies depending on the context and our legal obligations.
Data Security
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data where appropriate
- Regular security assessments
- Access controls and authentication measures
- Staff training on data protection
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
Complaints
If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority. For EU residents, this would be the data protection authority in your country of residence.
Contact Us
For any questions regarding this GDPR policy or to exercise your rights, please contact us at:
Email: [email protected]