Last updated: 22 May 2026
firmalux-build is committed to complying with the General Data Protection Regulation (GDPR) for users located in the European Economic Area (EEA). This page outlines your rights under GDPR and how we process your personal data.
firmalux-build acts as the data controller for personal data collected through our website and services. Our contact details are:
firmalux-build
Level 4, 287 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]
We process your personal data under the following legal bases:
We process data necessary to fulfil our contractual obligations when you book our services, including your name, contact details, and service preferences.
We process data for our legitimate business interests, such as improving our services, preventing fraud, and maintaining security. We always balance these interests against your rights and freedoms.
Where required, we obtain your explicit consent before processing your data, particularly for marketing communications and non-essential cookies. You may withdraw consent at any time.
We process data when necessary to comply with applicable laws, such as tax and accounting requirements.
As a data subject under GDPR, you have the following rights:
You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of receiving your request.
You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected, or you withdraw consent.
You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
You have the right to object to the processing of your personal data for direct marketing purposes or where we process data based on legitimate interests.
You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not currently use automated decision-making in ways that affect your rights.
As an Australian company, your data may be transferred and processed in Australia. We ensure appropriate safeguards are in place when transferring data outside the EEA, including standard contractual clauses approved by the European Commission.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods vary depending on the type of data and legal requirements. When data is no longer needed, we securely delete or anonymise it.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach poses a high risk, we will also notify you directly.
For queries regarding GDPR compliance or to exercise your rights, please contact us at:
Email: [email protected]
Subject line: GDPR Request
If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.