GDPR Compliance

Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union (EU) and the European Economic Area (EEA). While GodsBookQuest.com is based in Australia, we are committed to upholding the highest standards of data protection and respect the rights of all our users, including those in the EU/EEA.

This GDPR Compliance page outlines how we handle your personal data in accordance with GDPR principles, your rights as a data subject, and the measures we take to ensure your data is processed lawfully, fairly, and transparently.

Legal Basis for Data Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: When you explicitly agree to the processing of your personal data for specific purposes
• Contract Performance: To fulfill our obligations under our Terms of Use and provide our services
• Legitimate Interest: To improve our services, ensure security, and prevent fraud
• Legal Obligation: To comply with applicable laws and regulations

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request confirmation of whether we process your personal data and, where we do, access to the personal data and information about the processing, including:

• The purposes of the processing
• The categories of personal data concerned
• The recipients or categories of recipients
• The envisaged period for which the personal data will be stored
• The existence of automated decision-making and profiling

Right to Rectification

You have the right to request the correction of inaccurate personal data and to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Erasure (Right to be Forgotten)

You have the right to request the erasure of your personal data in certain circumstances, such as when:

• The personal data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal ground for processing
• You object to the processing and there are no overriding legitimate grounds
• The personal data has been unlawfully processed
• The personal data must be erased to comply with a legal obligation

Right to Restrict Processing

You have the right to request the restriction of processing of your personal data in certain circumstances, such as when:

• You contest the accuracy of the personal data
• The processing is unlawful and you oppose erasure
• We no longer need the personal data but you require it for legal claims
• You have objected to processing pending verification of legitimate grounds

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.

Right to Object

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Data Processing Activities

We process personal data for the following purposes and periods:

• Website Analytics: 26 months (Google Analytics retention period)
• Contact Form Submissions: 24 months (customer service purposes)
• Game Interaction Data: 12 months (performance optimization)
• Security Logs: 6 months (fraud prevention and security)

Data Transfers and Safeguards

Your personal data may be transferred to and processed in countries outside the EU/EEA, including Australia. We ensure that such transfers comply with GDPR requirements through:

• Adequacy decisions by the European Commission
• Standard contractual clauses approved by the European Commission
• Binding corporate rules for intra-group transfers
• Other appropriate safeguards as required by GDPR

Data Protection Officer

While not legally required for our operations, we have designated a Data Protection Officer (DPO) to oversee our data protection practices and ensure GDPR compliance. You can contact our DPO at:

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month of receipt, though this period may be extended by two months for complex requests.

When making a request, please provide:

• Your full name and contact information
• The specific right you wish to exercise
• Details of the personal data concerned
• Any additional information that may help us process your request

Complaints and Supervisory Authorities

If you believe that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority in the EU/EEA member state where you habitually reside, work, or where the alleged infringement occurred.

We encourage you to contact us first to resolve any concerns, but you have the right to contact supervisory authorities directly.

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Updates to This GDPR Statement

We may update this GDPR Compliance statement from time to time to reflect changes in our data processing practices or applicable laws. We will notify you of any material changes by posting the updated statement on our Website.

Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact us:

We are committed to protecting your data protection rights and will respond to all inquiries within the timeframes specified by GDPR.