Privacy Policy
Document version: 2.0 · Effective date: 20 March 2026 · Last reviewed: 20 March 2026
Data controller / organisation: Musclezoivibrant (also referred to as “we”, “us”, “our”) operating the Vitaessor product information and sales-enquiry channel · Registered address: 3/33 Maddox St, Alexandria NSW 2015, Australia · Website: musclezoivibrant.world · Privacy enquiries: managers@musclezoivibrant.world · Telephone: +61 2 9550 1555 (standard business hours, Australian Eastern time)
1. Purpose and binding effect
This Privacy Policy explains how we collect, hold, use, disclose, and otherwise process personal information and personal data (used interchangeably below where context allows) in connection with your use of our website, forms, email, telephone, and related fulfilment activities for the Vitaessor range. It is intended to satisfy transparency obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and—where you are in the European Economic Area, the United Kingdom, or Switzerland—to assist compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and applicable national implementations. It also provides practical information for visitors from other jurisdictions who may have analogous expectations of fairness and notice.
By submitting personal information through our channels, or by continuing to use the site after we post updates, you acknowledge that you have read this Policy. Where the law requires explicit consent (for example certain marketing or non-essential cookies in the EU/UK), we will obtain it separately through our cookie tool or subscription forms and you may withdraw it without affecting the lawfulness of earlier processing.
2. Definitions used in this Policy
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not (APP 6). Personal data under GDPR means any information relating to an identified or identifiable natural person. Processing means any operation on data (collection, storage, alteration, disclosure, erasure, etc.). Special-category data under GDPR (and analogous sensitive information concepts) includes data revealing health, biometric data for identification, and related categories; we do not seek such data through this website. Pseudonymisation means replacing identifiers with tokens where feasible. Controller determines the purposes and means of processing; processor processes data on documented instructions.
3. Scope of processing
This Policy applies to processing connected with: browsing musclezoivibrant.world; submitting order or contact forms; corresponding by email or telephone; receiving shipments or documentation; paying through third-party payment gateways we enable; participating in satisfaction or quality surveys we may issue; and security monitoring of our infrastructure. It does not apply to employment applications unless we publish a separate notice. It does not govern third-party sites linked from our pages; their policies control when you leave our domain.
4. Identity of the controller and representatives
The organisation responsible for personal data in connection with this site is Musclezoivibrant at the Australian address stated above. Where EU/UK law requires a representative, we will publish updated contact details on this page if we appoint one. For GDPR questions from the EEA, you may contact us at the email above; we respond in English and will identify any supervisory authority liaison where relevant.
5. What categories of data we collect
5.1 Identity and contact data
Name, email address, telephone number if you choose to provide it, delivery or billing address when you supply it for an order, and similar identifiers needed to respond to you or ship goods.
5.2 Transactional and commercial data
Product selections, enquiry text, reference or order numbers we generate, quotation amounts in Australian dollars, method of payment category (not full card numbers, which our payment partners handle), dispatch notes, and returns correspondence.
5.3 Technical and usage data
Internet protocol (IP) address; approximate location derived at country or region level; browser type and version; device type; operating system; referring URL; pages viewed; timestamps; and diagnostic identifiers for security. Where analytics cookies are activated only after consent, additional event data may be collected per our Cookie Policy.
5.4 Communications content
The body of emails, form messages, and notes we type when you contact us by phone (summaries or verbatim where recorded with your knowledge where required).
5.5 Compliance and preference records
Cookie consent logs (version, categories accepted, timestamp stored locally and/or server-side where implemented), marketing opt-in or opt-out flags, and evidence of agreement to terms where we are required to retain it.
5.6 Data we ask you not to provide
Please do not send government identifier numbers, full payment card data by email, passwords to unrelated services, detailed medical records, or special-category data unless we explicitly request it under a separate secure channel. If we receive such data inadvertently, we will delete or restrict it subject to legal retention duties.
6. Sources of personal information
We obtain data directly from you when you fill in forms, email us, call us, or transact with us. We may receive technical data automatically when your browser loads our site. We may receive confirmation of delivery or payment outcome from logistics or payment partners acting as independent controllers or processors. We do not buy marketing lists that profile individuals without consent where that is unlawful.
7. Purposes and legal bases for processing
We process personal information only for lawful purposes that are reasonably necessary for our business functions or as required by law. The table below summarises typical purposes and GDPR-style legal bases; Australian law does not require identical wording but the underlying fairness is aligned.
- Responding to enquiries and performing pre-contract steps: to read your message, confirm product availability, and propose terms (GDPR Article 6(1)(b); APP 3 reasonableness).
- Executing contracts: to process accepted orders, arrange delivery, and manage payments through partners (Article 6(1)(b); APP 6).
- Legal and regulatory compliance: tax, company, consumer, product-safety, or court obligations (Article 6(1)(c); APP 3).
- Legitimate interests: fraud prevention, network security, abuse detection, improving site stability, internal reporting in aggregate form, and defending legal claims, balanced against your rights (Article 6(1)(f); APP 6).
- Consent: non-essential cookies, certain marketing communications, or other activities we expressly flag as consent-based (Article 6(1)(a); APP 6). You may withdraw consent at any time.
8. Australian Privacy Principles in detail
APP 1 – Open and transparent management of personal information
We maintain this Policy, describe the kinds of information we hold, and describe how to contact us. Internal records map processing activities to purposes.
APP 3 – Collection of solicited personal information
We collect personal information only where reasonably necessary for our functions, by fair and lawful means.
APP 5 – Notification of collection
At or before collection via the web channel, we direct you to this Policy or provide a concise notice where space is limited.
APP 6 – Use or disclosure
We use or disclose personal information only for the primary purpose of collection, related secondary purposes you would expect, purposes to which you have consented, or as otherwise permitted by the APPs.
APP 7 – Direct marketing
We will not use sensitive information for direct marketing. For other personal information, we will provide opt-out on each message where the law requires and honour suppressions.
APP 8 – Cross-border disclosure
Before disclosing personal information overseas except where an exception applies, we take reasonable steps to ensure the recipient does not breach the APPs, including through contractual clauses.
APP 9 – Adoption, use or disclosure of government related identifiers
We do not adopt government-related identifiers as our own identifiers.
APP 10 – Quality of personal information
We take reasonable steps to ensure personal information is accurate, up to date, and complete for the purpose of use.
APP 11 – Security of personal information
We protect personal information from misuse, interference, loss, and unauthorised access as described in Section 17.
APP 12 – Access
Subject to exceptions in the Privacy Act, we provide access upon request within a reasonable period.
APP 13 – Correction
We correct inaccurate information where appropriate or annotate dispute notes.
9. GDPR rights for individuals in the EEA, UK, and where applicable Switzerland
If the GDPR (or materially equivalent UK law) applies to you, you may have the right to: access your personal data; rectify inaccurate data; erase data in certain cases; restrict processing; data portability for data you provided where processing is by automated means based on consent or contract; object to processing based on legitimate interests (including profiling) or to direct marketing; withdraw consent at any time; and lodge a complaint with a supervisory authority. Where processing is solely automated and produces legal or similarly significant effects, you may have the right to human intervention; we do not currently deploy such systems for customer decisions.
To exercise rights, email us with sufficient detail to verify identity (we may request a copy of ID with unnecessary fields redacted). We respond within one month of verification, extendable by two further months where complex, and explain any refusal with appeal paths.
10. Australian access, correction, and complaints
You may request access to or correction of personal information we hold by writing to the contact details above. If we refuse access or correction, we will provide reasons as required by the Privacy Act. If you consider we have interfered with your privacy, you may complain to us first. If you are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner (OAIC) using the contact details published at oaic.gov.au.
11. Disclosure of personal information to third parties
We may disclose personal information to: payment service providers (category of card payment only as seen by us); logistics and courier companies for delivery; cloud hosting, email delivery, and security vendors acting as processors under contract; professional advisers (lawyers, auditors) under confidentiality; regulators or law enforcement when required; and acquirers in a merger or asset sale subject to continued protection. We do not sell personal information in the sense of disclosing it to third parties for their independent marketing in exchange for money.
12. International transfers
Although we are established in Australia, our service providers may process data in other countries including the United States, the European Union, and the United Kingdom. Where GDPR applies, we implement appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or other approved mechanisms, supplemented where appropriate by a transfer impact assessment. You may request a redacted summary of safeguards we rely on.
13. Retention periods
Retention depends on the nature of the record: completed tax-relevant transactions, up to seven years from the end of the financial year; active customer correspondence, typically twenty-four months after last meaningful contact unless a dispute continues; security logs on production systems, rolling deletion within ninety days unless preserved for an incident; cookie consent records, aligned with the Cookie Policy; marketing suppression lists, indefinitely until you request removal compatible with our obligations; and litigation holds extend retention until matters conclude.
14. Security measures
We implement administrative, physical, and technical controls proportionate to risk, including role-based access, authentication for administrative interfaces, TLS for data in transit, patching schedules for known vulnerabilities, backups with restricted access, and training for staff with data access. No method of transmission or storage is perfectly secure; if we become aware of a notifiable data breach under Australian law, we will assess and, where required, notify the OAIC and affected individuals. Where other laws impose stricter timelines, we will comply.
15. Automated decision-making and profiling
We do not make decisions producing legal or similarly significant effects solely by automated processing. Generic analytics may aggregate behaviour across many users; where they become individual profiling subject to consent, our cookie tool governs activation.
16. Children
Vitaessor is intended for adults. We do not knowingly collect personal information from anyone under sixteen without parental authorisation. If you believe we have received a minor’s data, contact us for prompt deletion where the law permits.
17. Third-party links and embedded content
Our site may reference external resources. Clicking outbound links subjects you to third-party policies. Embedded videos or maps, if added later, may set third-party cookies; we will disclose and gate them through consent where legally required.
18. Subprocessors and vendor management
We maintain a register of categories of processors (hosting, email, payments, logistics, analytics-when-consented). Contracts include confidentiality, instructions, assistance with data subject rights, deletion or return at end of service, audit cooperation subject to commercial reasonableness, and breach notification. We assess new vendors for security posture and jurisdiction.
19. Research and statistical reuse
We may convert datasets into de-identified or aggregated form for internal reporting. Before publication of statistics derived from transactional data, we apply disclosure-control techniques to reduce re-identification risk.
20. Law enforcement and regulatory requests
We review legal process for validity and narrow scope. Where not prohibited, we notify affected individuals of disclosure requests. We oppose or seek to narrow overbroad requests.
21. Marketing communications
Transactional messages (order acknowledgements, shipping updates, safety notices) are sent as necessary for the relationship. Promotional email, if introduced, will operate on clear opt-in where required, include identification of the sender, and provide a working unsubscribe function.
22. Changes to this Policy
We post revisions on this page with an updated effective date. Material changes affecting rights may require fresh consent where the law mandates. Continued use after reasonable notice may constitute acceptance of non-material updates where permitted.
23. Contact and supervisory authorities
Primary contact: managers@musclezoivibrant.world. EEA residents may also contact their local data protection authority; a list is published by the European Data Protection Board. UK residents may contact the Information Commissioner’s Office (ICO).