GDPR Compliance Statement

Last Updated: May 11, 2026

Overview

Marvel Crest is committed to protecting the personal data of all individuals, including those covered by the European Union's General Data Protection Regulation (GDPR). While we are based in Australia, we recognize the importance of GDPR compliance for any European Economic Area (EEA) residents who may use our services.

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you provide explicit consent for us to process your data for specific purposes
• Contract: When processing is necessary to fulfill our contractual obligations to you
• Legitimate Interests: When we have a legitimate business interest that does not override your rights
• Legal Obligation: When we must process data to comply with legal requirements

Your Rights Under GDPR

If you are a resident of the EEA, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.

Right to Rectification

You have the right to request correction of any information you believe is inaccurate or completion of information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, including processing for direct marketing purposes.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Data We Collect

We collect and process the following categories of personal data:

• Identity data (name)
• Contact data (email address)
• Technical data (IP address, browser type, device information)
• Usage data (how you interact with our website)
• Marketing and communications data (your preferences for receiving communications)

How We Use Your Data

We use your personal data for the following purposes:

• To provide and deliver our educational services
• To manage your enrollment and participation in our programs
• To communicate with you about our services
• To improve our website and services
• To comply with legal and regulatory requirements

Data Sharing

We do not sell your personal data. We may share your data with:

• Service providers who perform services on our behalf (e.g., email service providers, payment processors)
• Professional advisers including lawyers, accountants, and auditors
• Regulators and other authorities when required by law

All third-party service providers are required to maintain appropriate security measures and process personal data only as instructed by us.

International Data Transfers

Your personal data may be transferred to and stored in Australia and other countries outside the EEA. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Other legally approved mechanisms

Data Security

We have implemented appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• As long as you remain an active participant or customer
• As required by applicable laws (e.g., tax, accounting requirements)
• To establish, exercise, or defend legal claims

Cookies and Tracking

We use cookies and similar technologies to enhance your experience. You can control cookies through your browser settings. For detailed information, please see our Cookies Policy.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Withdrawing Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In the EU, this would be your local data protection authority. In Australia, you may contact the Office of the Australian Information Commissioner.

Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact us at:

Data Protection Officer
Marvel Crest
Level 8, 142 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]

Updates to This Statement

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. Please check this page periodically for updates.