S-Link 360
Try free
Legal

GDPR Compliance

Last updated: February 2026

1. Our Commitment to GDPR

S-Link 360 is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). While we are an Australian company primarily serving Australian organizations under the Australian Privacy Principles, we recognize and support GDPR requirements for any EU/EEA data subjects whose information may be processed through our platform.

2. Data Controller vs Data Processor

Understanding roles under GDPR:

  • Data Controller: Your organization is the data controller for participant and employee data entered into S-Link 360
  • Data Processor: S-Link 360 acts as a data processor, processing data on your behalf according to your instructions
  • We provide Data Processing Agreements (DPAs) for organizations requiring them

3. Lawful Basis for Processing

We process personal data based on:

  • Contractual necessity: To provide the services you have subscribed to
  • Legal obligation: To comply with applicable laws and regulations
  • Legitimate interests: To improve our services and prevent fraud
  • Consent: Where required, such as for marketing communications

4. Your GDPR Rights

Under GDPR, data subjects have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to restriction: Request limited processing of your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: Not be subject to solely automated decisions

5. Data Security Measures

We implement robust security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security audits and penetration testing
  • Access controls and multi-factor authentication
  • Employee security training and confidentiality agreements
  • Incident response procedures

6. International Data Transfers

S-Link 360 stores all customer data in Australian data centers. For any data transfers outside of Australia or the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected data controllers without undue delay. Data controllers are responsible for notifying affected individuals as required.

8. Sub-processors

We use carefully selected sub-processors to help deliver our services. A list of our sub-processors is available upon request. We ensure all sub-processors meet our data protection standards and are bound by appropriate contractual obligations.

9. Data Protection Officer

For GDPR-related inquiries or to exercise your rights, please contact our Data Protection team:

Email: dpo@slink360.com
Address: Level 10, 123 Collins Street, Melbourne VIC 3000, Australia

10. Supervisory Authority

If you are located in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can address your concerns directly.