GDPR Compliance Statement

Last Updated: May 13, 2026

Our Commitment to Data Protection

Fission Wave is committed to protecting the personal data of individuals in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page outlines how we comply with GDPR requirements.

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: When processing is necessary to fulfill our contractual obligations
• Legitimate Interests: When we have legitimate business interests that do not override your rights
• Legal Obligation: When required by law to process your data

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a structured, commonly used format.

Right to Rectification

You may request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You may request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format and transmit it to another controller.

Right to Object

You may object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Data Protection Officer

For questions regarding data protection or to exercise your rights, contact our Data Protection Officer:

Email: [email protected]
Address: Level 23, 367 Collins Street, Melbourne VIC 3000, Australia

Data Transfers

When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding corporate rules or certification mechanisms

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities without undue delay, within 72 hours of becoming aware of the breach when feasible.

Privacy by Design

We implement technical and organizational measures to ensure data protection principles are integrated into our processing activities, including:

• Data minimization practices
• Pseudonymization and encryption where appropriate
• Regular security assessments and audits
• Staff training on data protection requirements

Third-Party Processors

We ensure that any third-party processors we engage comply with GDPR requirements and have appropriate data processing agreements in place.

Exercising Your Rights

To exercise any of your GDPR rights, please submit a request to [email protected]. We will respond to your request within one month, or inform you if an extension is necessary.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised effective date.