Last updated: May 22, 2026
While timid-spiral operates primarily in Australia, we recognize the importance of the General Data Protection Regulation (GDPR) for European Union residents and anyone whose data may be processed under EU law. We are committed to maintaining compliance with GDPR principles.
We process personal data under the following legal bases:
Under GDPR, EU residents have the following rights:
You have the right to request copies of your personal data. We will provide this information in a commonly used electronic format.
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
You have the right to request that we restrict processing of your personal data in certain situations.
You have the right to receive your personal data in a structured, machine-readable format and to transmit that data to another controller.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects.
We process personal data for the following purposes:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Veterinary records are retained in accordance with Australian veterinary practice standards.
As we operate primarily in Australia, most data processing occurs locally. Should we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.
We implement robust technical and organizational measures to protect personal data, including:
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR.
When we engage third-party service providers who process data on our behalf, we ensure they provide sufficient guarantees of GDPR compliance through contractual agreements.
To exercise any of your GDPR rights, please contact us using the details below. We will respond to your request within one month, though this may be extended by two additional months for complex requests.
There is no fee for exercising your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.
You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. In Australia, the relevant authority is the Office of the Australian Information Commissioner (OAIC).
For questions about GDPR compliance or to exercise your rights, contact:
Email: [email protected]
Address: 142 Brunswick Street, Fortitude Valley, QLD 4006, Australia
We may update this GDPR compliance statement periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes through our website or direct communication.