GDPR Compliance

Last updated: May 2026

mythic-iron is committed to protecting the personal data of all individuals, including those in the European Economic Area (EEA). This page outlines our compliance with the General Data Protection Regulation (GDPR) and your rights under this regulation.

Data Controller

mythic-iron acts as the data controller for the personal information we collect. Our contact details are:

mythic-iron
42 Harbour View Drive
Melbourne VIC 3000
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual Necessity: Processing necessary to provide our pet care services to you
• Legitimate Interests: Processing for our business purposes where your rights do not override these interests
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligation: Processing required to comply with applicable laws

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

International Data Transfers

As we are based in Australia, personal data collected from EEA residents may be transferred to and processed in Australia. We ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Pet medical records are retained in accordance with veterinary regulatory requirements.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest where appropriate
• Regular security assessments and updates
• Staff training on data protection
• Access controls and authentication measures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, communicate the breach to affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

Complaints

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.