Privacy Policy

1. Who we are

Vitals Cybersecurity is a cybersecurity consulting business based in Adelaide, South Australia, providing services exclusively to Australian healthcare providers.

• Website: https://vitalscyber.com.au
• Email: contact@vitalscyber.com.au
• ABN: 73 695 437 846

2. What personal information we collect

We only collect personal information that is necessary for providing our services or responding to enquiries.

3. How we use your information

We use your personal information to:

• Respond to enquiries and provide the information you've requested
• Provide our cybersecurity consulting services
• Arrange and conduct scheduled calls or meetings
• Send follow-up communications related to your enquiry or engagement
• Improve our services and website (using aggregated, non-identifying information)

We will not use your personal information for direct marketing without your consent, and we do not sell or rent personal information to third parties.

4. Third-party services

We use a small number of third-party services to operate this website and our business. Each is used only for its stated purpose.

5. Cookies

This website does not use tracking cookies, advertising cookies, or analytics cookies. Cloudflare may set a limited number of technical cookies (such as __cf_bm) that are essential for security and service delivery. These cookies do not identify you personally and are not used for advertising or cross-site tracking.

6. Data retention

We retain personal information only for as long as necessary for the purposes described in this policy, or as required by law.

• Contact enquiries that do not proceed to an engagement are retained for up to 12 months, then deleted.
• Information relating to a completed client engagement is retained for 7 years to meet standard business record-keeping obligations, then securely deleted.
• Scheduling records via Cal.com are subject to Cal.com's own retention policies.

7. Disclosure of personal information

We do not disclose personal information to third parties except in the following circumstances:

• To the third-party service providers described in section 4 above, to the extent necessary for those services.
• Where required or authorised by law, including by court order or to comply with regulatory obligations.
• With your consent.

We do not disclose personal information to overseas recipients unless required by law. Our primary service providers (Cloudflare, Microsoft, Cal.com) may process data in data centres outside Australia. Where this occurs, we take reasonable steps to ensure those providers comply with privacy standards consistent with the APPs.

8. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Measures include encrypted communications (TLS), access controls limiting who can access personal information, and use of reputable third-party providers with strong security practices.

9. Your rights under the Privacy Act 1988

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

To exercise any of these rights, contact us at contact@vitalscyber.com.au. We will respond within a reasonable time and no later than 30 days.

10. Making a complaint

If you believe we have breached your privacy, please contact us first so we can attempt to resolve the issue. We take all privacy complaints seriously and will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

11. Changes to this policy

We may update this policy from time to time. Changes will be published on this page with an updated "last updated" date. We encourage you to review this policy periodically.

12. Contact us

For any privacy-related enquiries, to access or correct your information, or to make a complaint: