Ailanto Design Limited
GDPR Statement

This Statement is made in conjunction of the GDPR Policy (“Policy”) of Ailanto Design Limited (CRN: 10465690) (“Company”), which can be found here. This Statement supplements, but does not supersede, the Policy and is made in connection with keeping the rights of individuals that the Company engages with (“Data Subjects”) informed in respect of the Company’s use of personal data under the General Data Protection Regulation (“Regulation”). To that extent, the Statement provides additional information in respect of clause 12.1(a)-(J) of the Policy. An explanation of what the Regulation defines “personal data” as can be found in the Policy.
The Company places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.


Adopting the same numbering as the Policy, the Company is pleased to provide the following additional information:

a) The details of the Company’s Data Protection Officer are as follows:
Name: Victoria Thurn-Ludwig
Telephone Number: (+44) 7557 260 866
Email Address:

b) The purpose(s) for which personal data is collected and processed by the Company may change on a case-by-case basis. Notwithstanding, it is anticipated in most instances that the Company will require a Data Subject’s personal data to enable it to process orders for its goods. To that end, the legal bases for the processing of personal data by the Company are likely to be ‘performance of contract’ and/or ‘legitimate interests’. Further information of each of these legal bases can be found here.

c) In the event that the Company does process a Data Subject’s personal data using the bases of ‘legitimate interests’ it will do so only if the Company decides that it shall only process personal data having first considered the Data Subject’s rights, freedoms and interests.

d) In the event that the Company obtains a Data Subject’s personal data from a third party, the Company shall outline the categories of personal data is has processed from the third party. Such examples of personal data may include, but are not limited to, names, addresses, email addresses, bank account details and telephone numbers.

e) & f) The Company may from time to time have the necessity to transfer personal data to a third party or third parties (including to and from the European Economic Area). Should this arise, given that the circumstances are likely to be on a case-by-case basis, the Company shall provide details to the Data Subject of the identity of the third party or third parties without delay.

g) There is no predetermined period governing how long the Company will hold personal data, other than such periods as required by local or national laws or regulations. Notwithstanding, the Company will ensure that it will not retain personal data for any longer than it deems reasonably necessary.

h) Details of the rights of a Data Subject under the Regulation can be found here.

The Regulation provides that a Data Subject has the right to withdraw their consent to the Company’s personal data at any time. To halt the Company processing your personal data please contact the Company’s Data Protection Officer in writing via the email address listed at point a).

If a Data Subject believes they have a complaint against the Company in connection with personal data processed by the Company, the Data Subject can contact the Office of the Australian Information Commissioner. We, the Company, would always urge the complainant to first contact us so that we can seek to resolve a Data Subject’s complaint.