Shadow Treasures

GDPR Compliance Statement

Last updated: May 20, 2026

Our Commitment to Data Protection

Shadow Treasures is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Australian privacy laws. While we are based in Australia, we recognize the importance of GDPR compliance for any European Union residents who may interact with our services.

Legal Basis for Processing

We process personal data only when we have a legal basis to do so, including:

  • Consent: You have given clear consent for us to process your personal data for specific purposes.
  • Contract: Processing is necessary to fulfill a contract with you (e.g., enrollment in cooking programs).
  • Legal Obligation: Processing is necessary to comply with legal requirements.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.

Your Rights Under GDPR

If you are an EU resident, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate or incomplete data.
  • Right to Erasure: You can request that we delete your personal data under certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we use your data.
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
  • Right to Lodge a Complaint: You can file a complaint with a supervisory authority if you believe your rights have been violated.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Program enrollment records: 7 years for financial and legal compliance
  • Marketing communications: Until you unsubscribe or withdraw consent
  • Website analytics data: Up to 26 months
  • Customer support inquiries: 3 years

International Data Transfers

As an Australian-based organization, your personal data is primarily stored and processed in Australia. If we transfer data to countries outside the EU or Australia, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Service providers certified under recognized privacy frameworks

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication requirements
  • Employee training on data protection practices
  • Incident response and breach notification procedures

Data Protection Officer

For questions about data protection or to exercise your GDPR rights, please contact our data protection team:

Email: [email protected]
Address: Shadow Treasures, 127 Brunswick Street, Fitzroy, Victoria 3065, Australia

Exercising Your Rights

To exercise any of your GDPR rights, please submit a request to [email protected]. We will respond to your request within one month, or inform you if we need additional time (up to two additional months for complex requests).

We may need to verify your identity before processing your request to ensure the security of your personal data.

Updates to This Statement

We may update this GDPR Compliance Statement periodically to reflect changes in our practices or legal requirements. Material changes will be communicated through our website or directly to affected individuals.