Privacy Policy

1. Introduction

VRTX Labs Pty Ltd (ABN to be registered) ("VRTX Labs," "we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you visit our website at vrtxlabs.tech (the "Site") or engage with our artificial intelligence, machine learning, and technology consulting services (the "Services").

This Privacy Policy is intended to comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and where applicable, the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA) for California residents.

By accessing or using our Site or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Site or Services.

2. Information We Collect

We collect information that you provide directly to us, information collected automatically when you use our Site, and information from third-party sources. The types of personal information we collect include:

2.1 Information You Provide Directly

• Contact Information: Name, email address, telephone number, postal address, and company name when you contact us, request a consultation, or subscribe to our communications.
• Account Information: If you create an account or client portal access, we collect username, password (encrypted), and profile preferences.
• Professional Information: Job title, company name, industry sector, and professional background relevant to our consulting engagements.
• Communication Records: Records of correspondence, meeting notes, and project documentation when you engage our Services.
• Payment Information: Billing address and payment method details (processed securely through our third-party payment processors).
• Survey and Feedback Data: Responses to surveys, testimonials, and feedback you choose to provide.

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, browser type and version, and language preferences.
• Usage Data: Pages visited, time spent on pages, click patterns, navigation paths, search queries, and referring/exit pages.
• Network Information: Internet Protocol (IP) address, Internet Service Provider (ISP), approximate geolocation data derived from IP address.
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies as described in Section 8.

2.3 Information from Third Parties

• Business Partners: Information from referral partners, industry contacts, or platforms where you have engaged with our content.
• Public Sources: Publicly available information from professional networking sites (e.g., LinkedIn), company websites, and public registries.
• Analytics Providers: Aggregated and anonymized analytics data from third-party analytics services.

3. Legal Basis for Processing (EEA Residents)

If you are located in the European Economic Area, our legal basis for collecting and using your personal information depends on the specific context:

• Contractual Necessity: Processing necessary for the performance of a contract with you or to take pre-contractual steps at your request.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, marketing (where not overridden by your rights), fraud prevention, and network security.
• Consent: Where you have given explicit consent for a specific purpose, such as receiving marketing communications.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery

• To provide, operate, maintain, and improve our Site and Services
• To process and complete transactions, including invoicing and payment processing
• To deliver consulting services, project deliverables, and technical support
• To manage client relationships and maintain engagement records
• To respond to inquiries, provide customer support, and communicate about your engagements

4.2 Communications

• To send administrative information, including service updates, security alerts, and support messages
• To send marketing communications about our Services, industry insights, and events (where you have opted in or where permitted by law)
• To send newsletters and thought leadership content to subscribers

4.3 Analytics and Improvement

• To analyze usage patterns and trends to improve Site functionality and user experience
• To conduct research and development to enhance our Services
• To monitor and analyze the effectiveness of our marketing activities

4.4 Legal and Security

• To detect, investigate, and prevent fraudulent, harmful, or illegal activities
• To protect the rights, property, and safety of VRTX Labs, our clients, and others
• To comply with legal obligations, court orders, or legal processes
• To enforce our Terms and Conditions and other agreements

5. Disclosure of Your Information

We do not sell your personal information. We may share your personal information in the following circumstances:

5.1 Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf, including:

• Cloud hosting and infrastructure providers (e.g., Vercel, AWS, Google Cloud)
• Payment processors (e.g., Stripe, PayPal)
• Email and communication platforms (e.g., SendGrid, Mailchimp)
• Analytics services (e.g., Google Analytics)
• Customer relationship management systems
• Scheduling and appointment tools (e.g., Calendly)

These service providers are contractually obligated to protect your information and use it only for the purposes for which we disclose it to them.

5.2 Professional Advisors

We may disclose your information to our professional advisors, including lawyers, auditors, accountants, and insurers, where necessary for obtaining professional advice or managing business risks.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.4 Legal Requirements

We may disclose your information where required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a legal request.

5.5 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

6. International Data Transfers

VRTX Labs is based in Australia. Your personal information may be transferred to, stored, and processed in countries other than your country of residence, including Australia and the United States, where our servers, service providers, or business operations are located.

If you are located in the EEA, United Kingdom, or Switzerland, we will ensure that any transfer of your personal information is subject to appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other legally recognized mechanisms.

By using our Site or Services, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period may vary depending on the context and our legal obligations.

In general:

• Client Engagement Records: Retained for 7 years after the conclusion of the engagement, as required for tax and legal purposes.
• Marketing Contact Information: Retained until you unsubscribe or request deletion, whichever occurs first.
• Website Usage Data: Retained in aggregated or anonymized form for analytical purposes.
• Inquiry/Contact Form Submissions: Retained for 2 years unless a business relationship is established.

When personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention policies.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store certain information when you visit our Site. Cookies are small data files placed on your device that allow us to recognize your browser and capture certain information.

8.1 Types of Cookies We Use

• Essential Cookies: Necessary for the Site to function properly. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our Site by collecting and reporting information anonymously.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
• Marketing Cookies: Used to track visitors across websites to display relevant advertisements.

8.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some cookies or to alert you when cookies are being sent. Please note that if you disable or refuse cookies, some parts of our Site may become inaccessible or not function properly.

9. Security of Your Information

We implement appropriate technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Employee training on data protection and security practices
• Secure software development practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Your Rights and Choices

Depending on your location and applicable laws, you may have certain rights regarding your personal information:

10.1 General Rights

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of any inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to certain exceptions.
• Opt-Out of Marketing: Unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us directly.

10.2 Additional Rights for EEA Residents

• Data Portability: Request a copy of your personal information in a structured, commonly used, machine-readable format.
• Restriction of Processing: Request restriction of processing of your personal information under certain circumstances.
• Objection: Object to processing of your personal information based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time where we rely on consent to process your personal information.
• Lodge a Complaint: Lodge a complaint with your local data protection authority.

10.3 Additional Rights for California Residents (CCPA)

• Right to Know: Request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of personal information we have collected from you.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Right to Opt-Out: We do not sell personal information. If this changes, we will provide an opt-out mechanism.

To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within the timeframe required by applicable law.

11. Third-Party Links and Services

Our Site may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites or services before providing any personal information. We are not responsible for the content, privacy policies, or practices of any third-party sites or services.

12. Children's Privacy

Our Site and Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information. If you believe we might have any information from or about a child under 18, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We will post any changes on this page and update the "Last Updated" date at the top of this Privacy Policy.

For material changes, we will provide additional notice, such as adding a statement to our homepage or sending you an email notification (where we have your email address). Your continued use of our Site or Services after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For complaints regarding the handling of your personal information, you may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.