GDPR Compliance Statement

Last Updated: May 22, 2026

1. Introduction

While AurenzaTrustPro is an Australian company primarily serving Australian clients, we recognize that some of our clients may be residents of the European Union or have connections to EU jurisdictions. This statement explains our compliance with the General Data Protection Regulation (GDPR) for EU residents.

2. Legal Basis for Processing

We process personal data under the following legal bases:

Contractual Necessity: Processing necessary to fulfill our trust administration and fiduciary services
Legal Obligation: Compliance with Australian and international regulatory requirements
Legitimate Interest: Improving our services and preventing fraud
Consent: Marketing communications and certain optional data processing activities

3. Your GDPR Rights

If you are an EU resident, you have the following rights under GDPR:

3.1 Right to Access

You have the right to obtain confirmation of whether we process your personal data and to access that data.

3.2 Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete data.

3.3 Right to Erasure

You can request deletion of your personal data, subject to legal retention requirements for trust and financial records.

3.4 Right to Restriction of Processing

You can request limitation of how we use your data in certain circumstances.

3.5 Right to Data Portability

You can request a copy of your data in a structured, commonly used, machine-readable format.

3.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

3.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

3.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your EU member state.

4. Data Protection Officer

For GDPR-related inquiries, please contact our Data Protection Officer:

Data Protection Officer
AurenzaTrustPro
Email: [email protected]

5. International Data Transfers

If we transfer your data from the EU to Australia, we ensure appropriate safeguards are in place. Australia is recognized as having adequate data protection standards, and we implement additional contractual protections where necessary.

6. Data Retention Periods

We retain personal data for the following periods:

Active client records: Duration of the client relationship plus seven years
Financial and trust records: Seven years after conclusion of services (or longer if required by law)
Marketing data: Until consent is withdrawn or three years of inactivity
Website analytics: 26 months

7. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

8. Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

Encryption of data in transit (TLS/SSL) and at rest
Regular security audits and vulnerability assessments
Access controls based on the principle of least privilege
Staff training on GDPR and data protection requirements
Incident response procedures for data breaches

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

10. Third-Party Processing

We ensure that all third-party service providers who process personal data on our behalf are GDPR-compliant and bound by appropriate data processing agreements.

11. Exercising Your Rights

To exercise any of your GDPR rights, please submit a request to:

Email: [email protected]
Subject line: "GDPR Rights Request"

We will respond to your request within one month. In complex cases, this period may be extended by two additional months, and we will inform you of any such extension.

12. Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. Significant changes will be communicated to affected individuals.