Vitabeauty

Privacy Policy

How Vitabeauty handles your personal information

Last updated:

1. Introduction and Data Controller

This Privacy Policy describes how Vitabeauty ("we", "us", or "our") collects, uses, stores, and protects personal data when you visit our website at vitabeauty.world or interact with our services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), the Australian Privacy Act 1988, and other applicable international data protection laws.

The data controller responsible for your personal information is Vitabeauty, located at Queen St, Melbourne VIC 3000, Australia. You may contact us regarding privacy matters at touch@vitabeauty.world or by phone at +61 3 9320 5822.

By using our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our website and services.

2. Personal Data We Collect

We collect personal data in several ways depending on how you interact with our website and services. The categories of data we may collect include:

  • Identity and contact data: name, email address, and any other information you voluntarily provide through our contact form or correspondence.
  • Technical data: IP address, browser type and version, operating system, device identifiers, time zone settings, and browsing behaviour on our website.
  • Usage data: pages visited, time spent on pages, navigation paths, referral sources, and interaction with site features such as cookie preferences.
  • Communication data: content of messages you send us, records of correspondence, and enquiry details related to our planning guidance and educational services.
  • Transaction data: if you purchase educational products or consulting services, we may collect billing information, payment confirmation details, and purchase history. Payment processing is handled by third-party providers and we do not store full payment card numbers.

We do not intentionally collect sensitive personal data such as health information, racial or ethnic origin, political opinions, or religious beliefs. Our services relate to general day planning education and do not require such information.

Under the GDPR, we process personal data only when we have a valid legal basis. The bases we rely upon include:

  • Consent: when you submit our contact form, accept cookies, or subscribe to communications, you provide explicit consent for the specified processing activities.
  • Contractual necessity: when processing is required to fulfil a service you have requested, such as responding to an enquiry or delivering an educational product you purchased.
  • Legitimate interests: for website analytics, security monitoring, and service improvement, provided these interests do not override your fundamental rights and freedoms.
  • Legal obligation: when we must retain or disclose data to comply with applicable laws, regulations, or court orders.

You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

4. Purposes of Data Usage

We use your personal data for the following specific purposes:

  • To respond to enquiries submitted through our contact form or email.
  • To provide consulting guidance and deliver educational products you have requested.
  • To manage cookie preferences and honour your choices regarding analytics and marketing cookies.
  • To analyse website traffic and user behaviour in aggregate form to improve content and usability.
  • To maintain security of our website, detect fraud, and prevent unauthorised access.
  • To comply with legal and regulatory requirements in Australia and other jurisdictions where our visitors reside.
  • To send administrative communications related to services you have purchased, such as order confirmations or policy updates.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data Retention Period

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Our standard retention periods are:

  • Contact form submissions: retained for up to 24 months after the last correspondence, then securely deleted or anonymised.
  • Customer and transaction records: retained for up to 7 years to comply with Australian tax and accounting requirements.
  • Cookie consent records: retained for up to 12 months from the date of consent or last update.
  • Website analytics data: retained in aggregated form for up to 26 months, after which it is deleted or anonymised.
  • Server logs and security records: retained for up to 90 days unless required for an ongoing investigation.

When retention periods expire, we securely delete or anonymise personal data so it can no longer be associated with you.

6. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share data with trusted service providers who assist us in operating our website and delivering services, including:

  • Web hosting providers who store our website and associated data on secure servers.
  • Email service providers used to send and receive correspondence.
  • Analytics providers who process anonymised or pseudonymised usage data when you consent to analytics cookies.
  • Payment processors who handle transactions for educational products and consulting services.

All third-party processors are bound by data processing agreements that require them to protect your data and process it only according to our instructions. Where data is transferred outside the European Economic Area or Australia, we ensure appropriate safeguards such as Standard Contractual Clauses are in place.

7. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers.
  • Access controls limiting personal data access to authorised personnel who require it for their duties.
  • Regular review of security practices and infrastructure configurations.
  • Secure storage of data on servers with physical and logical access protections.
  • Procedures for identifying and responding to potential data breaches within required notification timeframes.

While we take reasonable steps to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but commit to notifying affected individuals and relevant authorities of breaches where required by law.

8. Your Rights Under GDPR and Australian Law

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your data where there is no compelling reason for continued processing.
  • Right to restrict processing: request limitation of processing in certain circumstances.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: withdraw consent at any time where processing is consent-based.
  • Right to lodge a complaint: file a complaint with the Office of the Australian Information Commissioner (OAIC) or your local supervisory authority.

To exercise any of these rights, contact us at touch@vitabeauty.world. We will respond within 30 days unless an extension is permitted by law. We may request verification of your identity before processing requests.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies as described in our Cookie Policy. You can manage cookie preferences through our cookie consent banner or browser settings. Essential cookies necessary for site functionality cannot be disabled through our banner but may be blocked via browser settings, which may affect site performance.

10. Children's Privacy

Our website and services are intended for adults, particularly freelancers and creative professionals. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Material changes will be communicated through a notice on our website. Continued use of our website after changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related questions, data subject requests, or concerns about how we handle your personal information, please contact:

Vitabeauty
Queen St, Melbourne VIC 3000, Australia
Email: touch@vitabeauty.world
Phone: +61 3 9320 5822