Home Services About Contact

GDPR Compliance Statement

Last Updated: May 22, 2026

Our Commitment to GDPR

sheen-vault is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you provide explicit consent for us to process your data for specific purposes
  • Contract Performance: When processing is necessary to fulfill our service agreement with you
  • Legal Obligation: When we must process data to comply with legal requirements
  • Legitimate Interests: When processing is necessary for our legitimate business interests, balanced against your rights

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data upon request.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data under certain circumstances, such as when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw your consent
  • You object to the processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data under certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject: GDPR Rights Request

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of such extension.

Data Protection Officer

For questions about our data protection practices or to exercise your GDPR rights, you can contact our data protection representative at [email protected].

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Binding corporate rules

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Service booking and delivery records: 7 years
  • Marketing communications preferences: Until you opt out
  • Website analytics data: 26 months
  • Email correspondence: 3 years

Consent Withdrawal

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data infringes GDPR.

Children's Data

We do not knowingly collect or process personal data from individuals under 16 years of age without parental consent, in accordance with GDPR requirements.

Updates to This Statement

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through our website or via email.

Contact Information

For any questions regarding GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Address: 127 Wellness Lane, North Sydney NSW 2060, Australia