GDPR Compliance

Last updated: June 2026

radiant-ibis is committed to protecting the personal data of individuals in the European Union and European Economic Area in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights as a data subject.

Data Controller

radiant-ibis acts as the data controller for personal information collected through this website and during the provision of our services. Our contact details are:

radiant-ibis
Level 12, Exchange Tower
2 The Esplanade
Perth WA 6000
Australia

Email: [email protected]

Lawful Basis for Processing

We process personal data based on one or more of the following lawful bases:

Consent

Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications or using non-essential cookies.

Contract

Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering a contract, such as when you engage our property advisory services.

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your rights and interests. Our legitimate interests include operating and improving our website and services.

Legal Obligation

Where processing is necessary to comply with legal or regulatory obligations to which we are subject.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of receiving your request, free of charge in most circumstances.

Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you, and to have incomplete data completed.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and may be subject to certain conditions.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances, such as while we verify the accuracy of your data or assess an objection you have raised.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where processing is based on consent or contract and carried out by automated means.

Right to Object

You have the right to object to processing based on legitimate interests, including profiling. You also have an absolute right to object to processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect you.

Exercising Your Rights

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases or where we receive numerous requests, we may extend this period by up to two additional months, and we will inform you of any such extension.

We may request verification of your identity before processing your request to ensure we do not disclose personal data to unauthorised parties.

International Data Transfers

As an Australian-based organisation, data collected from EU/EEA residents may be transferred to and processed in Australia. When such transfers occur, we ensure appropriate safeguards are in place to protect your personal data, which may include:

• Standard contractual clauses approved by the European Commission
• Other legally recognised transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. When data is no longer required, it is securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest where appropriate
• Access controls limiting who can access personal data
• Regular testing and evaluation of security measures
• Procedures for detecting, investigating, and reporting data breaches

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Children's Data

Our services are not directed at individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete such information promptly.

Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For EU/EEA residents, this would be the data protection authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Contact

For any questions about our GDPR compliance or to exercise your data protection rights, please contact:

Data Protection Contact
radiant-ibis
Email: [email protected]