Last updated: 1 June 2026
Although vibrant-heath is an Australian company, we are committed to protecting the privacy rights of all individuals, including those in the European Economic Area (EEA) and United Kingdom. This page outlines how we comply with the General Data Protection Regulation (GDPR) for visitors and customers from these regions.
vibrant-heath Pty Ltd acts as the data controller for personal data collected through our website and services. Our contact details are:
vibrant-heath Pty Ltd
Level 4, 127 Creek Street
Brisbane QLD 4000
Australia
Email: [email protected]
We process personal data under the following legal bases:
If you are located in the EEA or UK, you have the following rights regarding your personal data:
You have the right to request copies of your personal data. We may charge a small fee for this service if requests are excessive or unfounded.
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
You have the right to request that we erase your personal data, under certain conditions. This right is not absolute and may be subject to legal retention requirements.
You have the right to request that we restrict the processing of your personal data, under certain conditions.
You have the right to object to our processing of your personal data, under certain conditions, particularly for direct marketing purposes.
You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing based on consent before withdrawal.
As an Australian company, personal data we collect may be stored and processed in Australia. Australia is not considered to have an adequacy decision from the European Commission. When we transfer personal data from the EEA or UK to Australia, we implement appropriate safeguards including:
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including satisfying legal, accounting, or reporting requirements. When determining retention periods, we consider:
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
While not required for our organisation under GDPR, we have appointed a privacy officer who oversees data protection matters. Contact:
Email: [email protected]
If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, this may be extended by two further months, in which case we will inform you.
We may need to verify your identity before processing your request. We will not charge a fee to access your personal data unless your request is clearly unfounded, repetitive, or excessive.
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.