Privacy Policy

Vital Global Communities Pty Ltd (ABN 98 606 631 001) operates the Business Vitality Tracker (BVT) platform. We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

We collect the following categories of information when you use our platform:

• Registration data: Your email address, password (hashed), and account preferences
• Business information: Legal business name, trading name, Australian Business Number (ABN), industry, and location
• Assessment responses: Answers to BVT assessment questions submitted through the platform
• Verification documents: Supporting documentation uploaded as part of your verification application
• Payment information: Billing details processed by our payment provider (Stripe). We do not store card numbers
• Usage data: Log data, IP addresses, browser type, and pages visited

We use your personal information to:

• Provide and administer the BVT certification service
• Verify your business information and process certification applications
• Send transactional emails (payment receipts, verification status updates, certificate notifications)
• Maintain and improve the platform
• Comply with legal and regulatory obligations

We may verify Australian Business Numbers against the Australian Business Register (ABR) operated by the Australian Taxation Office (ATO). This is done to confirm the validity and status of registered businesses on our platform.

Your data is stored on Amazon Web Services (AWS) infrastructure located in the Asia Pacific (Sydney) region. Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.

We send emails via Amazon Simple Email Service (AWS SES). You will receive:

• Account verification emails upon registration
• Password reset emails when requested
• Payment receipts following successful transactions
• Certification status updates
• Certificate expiry reminders (30 days and 7 days before expiry)

These communications are transactional in nature. You cannot opt out of essential service communications while maintaining an active account.

We share your data with the following third parties only where necessary to provide our services:

• Stripe: Payment processing. Stripe processes card payments and is PCI DSS compliant. See Stripe's Privacy Policy.
• Amazon Web Services: Cloud infrastructure and email delivery. AWS is ISO 27001 certified.

We do not sell, rent, or otherwise disclose your personal information to third parties for marketing purposes.

Under the Australian Privacy Act 1988, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correct: Request correction of inaccurate or incomplete information
• Delete: Request deletion of your account and associated data, subject to legal retention obligations
• Complain: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, please contact us at the address below.

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Typically:

• Active account data is retained for the duration of your account
• Financial records are retained for 7 years in accordance with Australian tax law
• Deleted account data is purged within 30 days, except where legally required to retain

For privacy enquiries, access requests, or complaints, please contact our Privacy Officer: