Last Updated: June 25, 2026
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Union and European Economic Area. This page explains how vibrant-cypress complies with GDPR requirements and outlines your rights under this regulation.
Organization: vibrant-cypress
Address: 142 Adelaide Street West, Suite 800, Toronto, ON M5H 3L5, Canada
Contact: info at vibrant-cypress.com
We process your personal data under the following legal bases:
Under GDPR, you have the following rights regarding your personal data:
You can request confirmation of whether we process your personal data and obtain a copy of that data along with information about how it is used.
You can request correction of inaccurate or incomplete personal data we hold about you.
You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when there is no overriding legitimate reason for processing.
You can request that we limit how we use your personal data in certain circumstances, such as while we verify accuracy of the data or assess whether we have legitimate grounds to process it.
You can request to receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.
You can object to processing of your personal data when processing is based on legitimate interests or for direct marketing purposes.
Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.
You have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates GDPR.
To exercise any of your GDPR rights, please contact us at info at vibrant-cypress.com with the subject line "GDPR Request" and specify which right you wish to exercise.
We will respond to your request within one month, though this period may be extended by up to two additional months for complex requests. We will inform you of any such extension within the initial one-month period.
You will not be charged a fee to exercise your rights unless your request is clearly unfounded, repetitive, or excessive.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
When we transfer your personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary depending on:
When personal data is no longer needed, we securely delete or anonymize it.
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you.
We work with third-party service providers who process personal data on our behalf. We ensure these processors:
We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. We encourage you to review this page regularly to stay informed about how we protect your data.
For questions about our GDPR compliance or to exercise your rights, contact us at:
Email: info at vibrant-cypress.com
Subject: GDPR Inquiry
We take your data protection rights seriously and will respond to all legitimate requests promptly.