GDPR commitment

We design our platform and services to align with the GDPR and protect individual rights while enabling legitimate public interest and operational needs.

Roles and responsibilities

Depending on the use case, we act as a processor (for customer-controlled data) or controller (for Sparse Flash business contacts). We maintain records of processing, DPIA guidance, and training.

Processing activities

• Service delivery and support
• Security monitoring and incident response
• Product improvement with aggregated metrics

Data Processing Agreement

Our DPA includes purpose limitation, confidentiality, subprocessor obligations, security standards, and deletion/return of data at contract end.

Subprocessors

We maintain a list of subprocessors and notify customers prior to changes with an opportunity to object on reasonable grounds.

Standard Contractual Clauses (SCCs)

For international transfers, we use SCCs and apply transfer impact assessments and additional safeguards as appropriate.

Security measures

• Encryption in transit and at rest
• Access control with least privilege
• Vulnerability management and patching
• Business continuity and disaster recovery

Breach notification

We will notify customers without undue delay after becoming aware of a personal data breach and provide relevant information as it becomes available.

Data subject rights

We support access, rectification, erasure, restriction, objection, and portability requests. Where we are a processor, we assist the controller in fulfilling requests.

DPIA overview

We provide information on our processing operations, risks, and mitigations to support your DPIAs.

Data location

Hosting regions and data residency can be configured to meet contractual requirements where available.

Data protection contact

DPO Contact: Privacy Office, Sparse Flash Urban Intelligence

Email: [email protected]

Address: Level 14, 201 Kent Street, Sydney NSW 2000, Australia

Read Privacy Policy