Legal

GDPR Policy

Last updated: 1 January 2026

1. Introduction

This GDPR Policy explains how virtquest.com handles personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). Even though we are based in Australia, we respect and uphold GDPR standards for all users, including those in the European Economic Area (EEA).

2. Data Controller

The data controller responsible for your personal data is:

  • Company: virtquest.com
  • Address: 109 Thistleton Drive, Roseville NSW 2069, Australia
  • Contact Email: support@virtquest.com

For any questions about how we handle your data, you can reach us at the email address above. We provide 24-hour support.

3. What Data We Collect

We collect only the data you provide through our sign-up form:

  • Full Name
  • Email Address
  • Phone Number

We also collect limited technical data through cookies (with your consent). See Section 8 for details.

4. Purpose of Data Processing

We process your personal data for these specific purposes:

  • Sending you early access updates about Toca Boca Hair Salon 4 NETFLIX.
  • Responding to your enquiries or support requests.
  • Improving our website and services.
  • Complying with legal obligations.

5. Legal Basis for Processing

Under Article 6 of the GDPR, we process your data based on:

  • Consent (Article 6(1)(a)): You give explicit consent when you tick the consent checkbox on our sign-up form. You can withdraw this consent at any time.
  • Legitimate Interest (Article 6(1)(f)): We have a legitimate interest in maintaining website security and improving user experience.
  • Legal Obligation (Article 6(1)(c)): We may process data to comply with applicable laws.

6. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

6.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your request.

6.2 Right to Rectification (Article 16)

You have the right to ask us to correct any personal data that is inaccurate or incomplete. We will make corrections promptly upon receiving your request.

6.3 Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request that we delete your personal data. We will comply with this request unless we have a legal obligation to retain the data. Deletion will be completed within 30 days.

6.4 Right to Restriction of Processing (Article 18)

You have the right to ask us to restrict the processing of your personal data in certain situations, such as:

  • When you contest the accuracy of your data.
  • When the processing is unlawful but you prefer restriction over deletion.
  • When we no longer need the data but you need it for legal claims.

6.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON). You can also request that we transfer your data directly to another data controller where technically possible.

6.6 Right to Object (Article 21)

You have the right to object to the processing of your personal data at any time, particularly where we rely on legitimate interest as our legal basis. If you object, we will stop processing your data unless we have compelling legitimate grounds.

6.7 Right Not to be Subject to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

7. How to Exercise Your Rights

To exercise any of the rights listed above, contact us at:

Please include your full name and email address so we can verify your identity. We will respond to your request within 30 days. If we need more time (up to 60 additional days for complex requests), we will let you know.

There is no charge for exercising your rights. If requests are clearly unfounded or excessive, we may charge a reasonable fee or refuse to act.

8. Cookies and Consent

Our website uses cookies. We request your consent before placing any non-essential cookies on your device.

8.1 How to Manage Cookies

When you first visit our website, a cookie consent banner appears. You can:

  • Accept All: Allows all cookies including analytics and marketing.
  • Reject Non-Essential: Only strictly necessary cookies are used.
  • Manage Preferences: Choose which types of cookies to allow.

8.2 How to Withdraw Cookie Consent

You can withdraw your cookie consent at any time by:

  • Clearing your browser cookies and revisiting the site (the consent banner will reappear).
  • Adjusting cookie settings in your browser.
  • Contacting us at support@virtquest.com to request cookie data deletion.

9. Data Retention

We retain your personal data only as long as necessary:

  • Sign-up data: Up to 24 months, or until you request deletion.
  • Cookie data: Based on cookie expiry, typically up to 12 months.
  • Server logs: Up to 6 months.

After the retention period, data is securely deleted or anonymised.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • SSL/TLS encryption (256-bit)
  • Secure server infrastructure
  • Access controls and authentication
  • Regular security assessments

11. International Data Transfers

If your data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours.
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk.

13. Children's Data

Our sign-up forms are not intended for children under 18. We do not knowingly collect personal data from children without parental consent. If you believe a child has submitted data through our forms, please contact us immediately.

14. Third-Party Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: Hosting and technical service providers, bound by data processing agreements.
  • Legal authorities: When required by law.

15. Changes to This Policy

We may update this GDPR Policy from time to time. Changes will be posted on this page with a new "Last updated" date. We encourage you to review this policy regularly.

16. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with:

  • Your local data protection authority (for EU/EEA residents).
  • The Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

We encourage you to contact us first at support@virtquest.com so we can try to resolve your concern.

17. Contact

For any questions about this GDPR Policy or your data rights:

All rights reserved 2026. This website is owned by virtquest.com company.

--- Now the CSS: ```css