GDPR Compliance

Last updated: 1 January 2026

The General Data Protection Regulation (GDPR) is a European Union regulation that provides data protection and privacy rights for individuals within the EU and the European Economic Area (EEA). Although Verve Balance is based in Australia, we are committed to providing GDPR-level protections to all users of our website, regardless of their location.

Our Commitment

We are committed to ensuring that your personal data is:

• Processed lawfully, fairly, and in a transparent manner
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Stored only for as long as necessary
• Processed in a manner that ensures appropriate security

Legal Basis for Processing

We process personal data under the following legal bases:

Consent

When you submit an enquiry through our website, you consent to us processing your personal data to respond to your request. You may withdraw this consent at any time by contacting us.

Legitimate Interests

We may process certain data based on our legitimate business interests, such as improving our website and services, provided these interests do not override your fundamental rights and freedoms.

Legal Obligation

We may process data when required to comply with legal obligations under Australian or international law.

Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of your request, free of charge.

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you without undue delay.

Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not currently use automated decision-making processes.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us using the details below. We will respond to your request within one month. In certain circumstances, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.

We may need to verify your identity before processing your request. If we cannot verify your identity, we may request additional information.

Data Transfers

As an Australian company, any personal data you provide may be transferred to and stored in Australia. Australia is not currently subject to an adequacy decision by the European Commission. However, we implement appropriate safeguards to ensure that your personal data is protected in accordance with GDPR requirements.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specifically:

• Enquiry data: 5 years from the date of submission, unless you request earlier deletion
• Cookie consent records: Until you withdraw consent or clear your browser storage
• Analytics data: Aggregated and anonymised within 26 months

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit using TLS/SSL
• Regular security assessments
• Access controls limiting who can access personal data
• Staff training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, providing information about the nature of the breach and the measures taken or proposed to address it.

Complaints

If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority. For EU residents, this would be the data protection authority in your country of residence. You may also contact the Office of the Australian Information Commissioner (OAIC) if you wish to make a complaint about our data handling practices.

Contact Our Data Protection Contact

For any questions or concerns regarding our GDPR compliance or to exercise your data protection rights, please contact:

Verve Balance
Data Protection Enquiries
Suite 14, 88 Greenway Crescent
Wollongong NSW 2500
Australia
Email: [email protected]