General Data Protection Regulation

The General Data Protection Regulation (GDPR) for the protection of personal data relating to natural persons came into effect in the EU/EEA in May 2018, and this statement sets out our data protection and related policies and practices in connection with the Regulation.

GDPR applies to individuals who are citizens and/or residents of the European Union and/or the European Economic Area. Anyone wishing to assert their rights under the Regulation must reliably demonstrate their data subject status within one of these jurisdictions.

At Sitrus*, we take our customers’ data privacy and security extremely seriously, and strive at all times to comply with relevant regulations and applicable best practices as to the gathering, storing and using of data relating to our customers and other stakeholders.

Due to the nature of our business, we deal predominantly with business-to-business customers, and therefore the majority of the data we hold does not relate to natural persons. We do not hold personal data which could be regarded as sensitive, or data related to minors.

We collect, process and store only data which is reasonably required for the operation of our business, including sales and marketing activities within our current and potential customers.

We do not release customer data to third parties, other than when strictly necessary for the operation of our business or as required by competent authorities. We do not sell or otherwise make available any data to third parties for commercial exploitation.

Our customer data has been collected in the normal course of our business from sources such as sales and marketing records, customer correspondence, and so on. We have not purchased data from external sources; should this change in the future, we undertake to ensure with reasonable endeavours that such data complies with GDPR provisions.

Our marketing communications consist mostly of contents and channels not directed at any specific individuals, and we therefore hold no individually identifiable information about the recipient audience of such communications.

In the event that we send commercial e-mail multi-recipient communications such as newsletters to our customers or other stakeholders, within each such communication there is included an ‘unsubscribe’ feature which allows the recipient to easily opt out of future communications of similar nature.

If anyone has reason to believe that our website policies or practices do not comply with GDPR or other relevant requirements, or that a data breach is about to or has occurred, please contact us in the first instance and without delay so that we may respond to the situation appropriately. Similarly, visitors are invited to contact us with any queries or concerns regarding our policies and practices.

*'Sitrus' refers to Sitrus Transformations Pty Ltd and/or Sitrus Ltd and/or other Sitrus group companies

Nothing in this policy is intended to affect your statutory rights in the jurisdictions in which we operate.

Last reviewed: 7 November 2023

Original: 17 May 2021