Our commitment to data protection for European Economic Area clients
While Phantasma Core is based in Australia, we respect and comply with the General Data Protection Regulation (GDPR) for clients and website visitors from the European Economic Area (EEA).
We process personal data under the following lawful bases: consent (for marketing communications and video recordings), contract performance (to deliver purchased services), legitimate interests (to improve our services), and legal obligation (for tax and regulatory compliance).
If you are located in the EEA, you have the right to: access your personal data, rectify inaccurate data, erase your data ('right to be forgotten'), restrict processing, data portability, object to processing, withdraw consent at any time, and lodge a complaint with your local supervisory authority.
Your personal data may be transferred to and processed in Australia. We ensure adequate protection through standard contractual clauses, data processing agreements with service providers, and security measures equivalent to GDPR standards.
For GDPR-related inquiries or to exercise your rights, contact our Data Protection Officer at: [email protected]. We will respond to requests within 30 days as required by GDPR.
We do not use automated decision-making or profiling that produces legal effects or significantly affects you.
In the event of a data breach affecting your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR.