Last Updated: May 11, 2026
Although Luminous Retreat is primarily based in Australia and serves Australian clients, we recognize the importance of the European Union's General Data Protection Regulation (GDPR) and are committed to protecting the personal data of all individuals who interact with our services, regardless of their location.
Under GDPR, we process personal data only when we have a legal basis to do so. We rely on the following legal bases:
If you are an EU/EEA resident, you have the following rights regarding your personal data:
You have the right to request copies of your personal data. We may charge a small fee for this service if your request is clearly unfounded or excessive.
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
You have the right to request that we erase your personal data, under certain conditions.
You have the right to request that we restrict the processing of your personal data, under certain conditions.
You have the right to object to our processing of your personal data, under certain conditions.
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
To exercise any of your GDPR rights, please contact us at:
Email: [email protected]
We will respond to your request within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by two additional months, and we will inform you of any such extension.
While we are not required to appoint a Data Protection Officer under GDPR, we have designated a privacy contact person who oversees our data protection strategy and GDPR compliance. You can contact them at [email protected].
As an Australian-based company, your personal data may be transferred to and processed in Australia. We ensure that any such transfers are conducted in compliance with GDPR requirements, including implementing appropriate safeguards such as:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention period depends on the nature of the data and the purposes for which it is processed.
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where the alleged violation occurred.
We may update this GDPR compliance statement from time to time. We will notify you of any significant changes by posting the new statement on this page and updating the "Last Updated" date.
If you have questions about our GDPR compliance or wish to exercise your rights, please contact us:
Email: [email protected]
Address: Level 12, 247 Collins Street, Melbourne VIC 3000, Australia