GDPR Rights

Your data protection rights under European law.

Last Updated: 1st January 2025

This page explains your rights under the General Data Protection Regulation (GDPR) if you are located in the European Economic Area (EEA), United Kingdom, or Switzerland. We are committed to protecting your personal data and respecting your privacy rights.

1. Data Controller Information

Data Controller: terrabeacons.com

Registered Address:
61 York Street
Cairns, QLD 4870
Australia

Contact Email: support@terrabeacons.com

General Enquiries: info@terrabeacons.com

Business Contact: contact@terrabeacons.com

2. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

2.1 Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you. This includes:

  • Confirmation that we are processing your personal data
  • Access to your personal data
  • Information about how we use your data
  • Information about who we share your data with
  • How long we keep your data
  • Information about your other rights

We will provide this information free of charge within one month of your request.

2.2 Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate personal data we hold about you. You can also request that we complete any incomplete personal data.

We will respond to your request within one month and notify any third parties with whom we have shared your data.

2.3 Right to Erasure (Article 17)

Also known as the "right to be forgotten", you can request that we delete your personal data when:

  • The data is no longer needed for the purpose it was collected
  • You withdraw your consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Please note that this right is not absolute and may be limited by legal obligations to retain certain data.

2.4 Right to Restriction of Processing (Article 18)

You can request that we restrict the processing of your personal data when:

  • You contest the accuracy of the data (during verification)
  • Processing is unlawful but you prefer restriction to erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification of legitimate grounds)

2.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data to another controller where technically feasible.

This right applies when:

  • Processing is based on your consent or a contract
  • Processing is carried out by automated means

2.6 Right to Object (Article 21)

You have the right to object to processing of your personal data when:

  • Processing is based on legitimate interests
  • Processing is for direct marketing purposes
  • Processing is for scientific, historical research, or statistical purposes

We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

2.7 Right Not to Be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects.

If we use automated decision-making, we will inform you and provide information about the logic involved and the significance of such processing.

2.8 Right to Withdraw Consent (Article 7)

Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Please include in your request:

  • Your full name and email address
  • A description of your request and which right(s) you wish to exercise
  • Any relevant account information
  • Proof of identity (if required for verification)

3.1 Response Time

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of the extension and reasons.

3.2 Verification

To protect your privacy, we may need to verify your identity before processing your request. We may ask for additional information to confirm your identity.

3.3 Free of Charge

We will handle your requests free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

4.1 Consent

We process certain data based on your explicit consent, such as:

  • Marketing communications
  • Optional cookies and analytics
  • Newsletter subscriptions

4.2 Contract Performance

We process data necessary to provide our services, including:

  • Account creation and management
  • Game access and functionality
  • Payment processing
  • Customer support

4.3 Legal Obligation

We process data to comply with legal requirements, such as:

  • Age verification
  • Tax and accounting records
  • Anti-fraud measures
  • Regulatory compliance

4.4 Legitimate Interests

We process data for our legitimate business interests, including:

  • Improving our services
  • Security and fraud prevention
  • Analytics and research
  • Business development

5. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Account Data: Duration of account plus 3 years after closure
  • Transaction Records: 7 years (legal requirement)
  • Marketing Data: Until consent is withdrawn or 2 years of inactivity
  • Usage Logs: 2 years
  • Support Communications: 3 years

After these periods, we will securely delete or anonymise your data unless we are required by law to retain it longer.

6. International Data Transfers

As we are based in Australia, your data may be transferred outside the EEA. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules

You can request a copy of the safeguards we have in place by contacting us.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication procedures
  • Staff training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

8. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

9. Third-Party Data Sharing

We share your data with third parties only when necessary:

9.1 Service Providers

  • Cloud hosting providers
  • Payment processors
  • Analytics services
  • Customer support tools

9.2 Legal Requirements

We may disclose data when required by law or to protect our rights and the rights of others.

9.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.

10. Cookies and Tracking

We use cookies and similar technologies. You can manage your cookie preferences:

10.1 Cookie Categories

  • Essential Cookies: Required for website functionality (cannot be disabled)
  • Performance Cookies: Help us understand website usage
  • Functional Cookies: Remember your preferences
  • Advertising Cookies: Deliver relevant advertisements

10.2 Managing Cookies

You can control cookies through:

  • Our cookie consent banner
  • Your browser settings
  • Third-party opt-out tools

11. Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at support@terrabeacons.com.

12. Automated Decision-Making and Profiling

We may use automated decision-making for:

  • Fraud detection and prevention
  • Personalised game recommendations
  • Account security measures

You have the right to request human intervention, express your point of view, and contest the decision.

13. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority.

13.1 EU Supervisory Authorities

You can contact your local data protection authority in your EU member state. A list of authorities is available at: https://edpb.europa.eu

13.2 UK Information Commissioner's Office

Website: https://ico.org.uk
Phone: 0303 123 1113

13.3 Australian Information Commissioner

Website: https://www.oaic.gov.au
Phone: 1300 363 992

14. Updates to This Policy

We may update this GDPR Rights page from time to time. We will notify you of significant changes by:

  • Posting a notice on our website
  • Sending you an email notification
  • Requesting renewed consent where required

15. Contact Us

For any questions about your GDPR rights or our data practices:

Email: support@terrabeacons.com (24-hour support)
General Enquiries: info@terrabeacons.com
Business Contact: contact@terrabeacons.com

Postal Address:
terrabeacons.com
61 York Street
Cairns, QLD 4870
Australia

16. Additional Resources

For more information about data protection and your rights: