GDPR Compliance

Last Updated: June 4, 2026

Our Commitment to Data Protection

Although lucid-heath operates primarily in Australia, we recognize the importance of the General Data Protection Regulation (GDPR) for European residents who may access our services or website. We are committed to protecting your personal data in accordance with GDPR principles.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you explicitly agree to provide your information for specific purposes
• Contract Performance: When processing is necessary to fulfill our service obligations to you
• Legitimate Interests: When processing serves our business interests while respecting your rights
• Legal Obligation: When required by Australian or applicable international law

Your GDPR Rights

If you are a European resident, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you, along with information about how we use it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data when it is no longer necessary for the purposes it was collected, or when you withdraw consent.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format, or ask us to transfer it to another organization.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you.

Data Protection Officer

For GDPR-related enquiries, you can contact our data protection representative at:

Email: [email protected]

We will respond to your request within one month of receipt.

International Data Transfers

Your personal data is primarily stored and processed in Australia. If we transfer data outside of the European Economic Area, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods vary based on:

• The nature of the data collected
• The purpose of processing
• Legal and regulatory requirements
• The existence of an ongoing business relationship

Security Measures

We implement technical and organizational measures designed to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection practices

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk to you, we will also notify you directly without undue delay.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with:

• Your local supervisory authority in the European Union
• The Australian Information Commissioner (if you are in Australia)

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.