GDPR Compliance Statement

Last updated: June 3, 2026

Our Commitment to Data Protection

heath-drift is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Australian privacy laws.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific purposes
• Contract: When processing is necessary to fulfill our services to you
• Legitimate interests: When we have a legitimate business need that does not override your rights
• Legal obligation: When required by law

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (right to be forgotten)
• Right to restriction: Request limitation on how we use your data
• Right to data portability: Request transfer of your data in a structured format
• Right to object: Object to processing of your data for specific purposes
• Right to withdraw consent: Withdraw previously given consent at any time

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. When data is no longer needed, we securely delete or anonymize it.

International Data Transfers

Your data is primarily stored and processed in Australia. If we transfer data internationally, we ensure appropriate safeguards are in place to protect your information.

Data Protection Officer

For questions about data protection or to exercise your GDPR rights, please contact us at [email protected].

Right to Lodge a Complaint

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

Data Security Measures

We implement technical and organizational security measures including:

• Encryption of sensitive data
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

Automated Decision Making

We do not use automated decision-making or profiling that would significantly affect you without human involvement.