Privacy Policy

This Privacy Policy applies to CardiAction, owned by CardiAction Pty Ltd (ABN 41 619 022 141).

We respect your privacy and are committed to complying with Australian privacy laws, the General Data Protection Regulation (GDPR) (where applicable), and other relevant laws.

By using our Website, you acknowledge and agree to the terms outlined in this Privacy Policy.

If you are located in the EU or EEA, we process your personal data based on one of the following legal bases under Article 6 of the GDPR:

• 

  Consent: When you explicitly consent to providing data (e.g., opting in for updates).

• 

  Contractual Necessity: When processing is necessary for providing our services.

• 

  Legitimate Interests: When processing is required for business operations, provided it does not override your rights.

• 

  Legal Obligation: When we must process data for legal compliance.

If you are an EU/EEA user, you have the following rights under GDPR:

• 

  Right to Access – Request a copy of your personal data.

• 

  Contractual Necessity: When processing is necessary for providing our services.

• 

  Right to Rectification – Correct inaccurate or incomplete data.

• 

  Right to Erasure (“Right to Be Forgotten”) – Request deletion of your data.

• 

  Right to Restriction of Processing – Restrict how we process your data.

• 

  Right to Object – Object to processing based on legitimate interests.

• 

  Right to Withdraw Consent – Withdraw consent at any time (without affecting prior processing).

• 

  Right to Lodge a Complaint – File a complaint with a data protection authority in your country

To exercise these rights, please contact email

As CardiAction is based in Australia, your personal data may be stored or processed outside the EU/EEA. If we transfer your data internationally, we implement appropriate safeguards such as:

• 

  Standard Contractual Clauses (SCCs) approved by the European Commission.

• 

  Data processing agreements (DPAs) with third-party service providers.

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by law.

If a data breach occurs that may affect personal data of EU/EEA users, we will notify the relevant Data Protection Authority (DPA) and affected individuals within 72 hours, as required under GDPR.

We use cookies and analytics tools to improve user experience. Under GDPR, users from the EU/EEA must provide explicit consent before cookies are stored on their device. You can manage cookie settings through our settings.

For GDPR-related inquiries or to exercise your data protection rights, please contact:

Data Protection Officer (DPO): Privacy Officer
Email: privacy@cardiaction.com

This Privacy Policy was last updated on Mar 20, 2025.