Last Updated: June 16, 2026
vibrant-kestrel.com is committed to protecting your personal data and respecting your privacy rights in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
For the purposes of the GDPR, the data controller is:
vibrant-kestrel.com
127 Collins Street
Melbourne VIC 3000
Australia
Email: [email protected]
We process your personal data under the following legal bases:
Under the GDPR, you have the following rights regarding your personal data:
You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
You have the right to request correction of any information you believe is inaccurate or incomplete.
You have the right to request deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected.
You have the right to request restriction of processing of your personal data under certain conditions.
You have the right to object to our processing of your personal data under certain conditions, particularly for processing based on legitimate interests or for direct marketing purposes.
You have the right to request transfer of your personal data to another organization or directly to you under certain conditions.
Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.
To exercise any of your rights under the GDPR, please contact us at [email protected]. We will respond to your request within one month, though this period may be extended by two additional months if your request is complex or we receive multiple requests.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
When personal data is no longer required, we securely delete or anonymize it.
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
If you believe we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with your local supervisory authority.
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.
We may update this GDPR compliance statement from time to time. We will notify you of any material changes by posting the updated statement on our website.
For questions about our GDPR compliance or to exercise your rights, please contact us at:
Email: [email protected]
Address: 127 Collins Street, Melbourne VIC 3000, Australia