Privacy Policy
Last updated: 24 February 2026
GreenHost ("we", "us", "our") operates greenhost.com.au. This Privacy Policy explains what personal information we collect, why we collect it, and your rights in relation to that information.
This policy is designed to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Who We Are (Data Controller)
The data controller responsible for this website is:
GreenHost
Website: greenhost.com.au
Email: contact@greenhost.com.au
For any privacy-related enquiries, data access requests, or complaints, please contact us at contact@greenhost.com.au.
2. What Personal Information We Collect and Why
2.1 Contact Form
When you submit our contact form, we collect:
| Data | Purpose | Legal Basis (GDPR) | APP Reference |
|---|---|---|---|
| Full name | To address you in our reply | Legitimate interest / contract performance | APP 3, APP 5 |
| Email address | To respond to your enquiry | Legitimate interest / contract performance | APP 3, APP 5 |
| Phone number (optional) | To contact you if you prefer a call | Legitimate interest | APP 3, APP 5 |
| Company / project name | To understand the context of your enquiry | Legitimate interest | APP 3, APP 5 |
| Message content | To respond appropriately to your request | Legitimate interest / contract performance | APP 3, APP 5 |
| IP address | Security — bot detection and spam prevention | Legitimate interest | APP 3 |
| Submission timestamp | Security logging | Legitimate interest | APP 3 |
We will only use your contact details to respond to your enquiry and, where you have engaged our services, to perform the agreed work. We will not add you to a mailing list or share your details without your explicit consent.
2.2 Google Analytics (GA4)
With your consent, we use Google Analytics 4 (GA4) to understand how visitors interact with our website. GA4 may collect:
- Pages visited, time spent, and navigation paths
- General geographic location (country/city level)
- Device type, browser, and operating system
- Referring website
Legal basis (GDPR): Consent (you may accept or decline via our cookie banner).
APP: Analytics cookies are only set after you give consent via the banner.
GA4 is operated by Google LLC. Data may be processed on Google's servers worldwide. See Google's Privacy Policy for details.
We use Google Consent Mode v2: if you decline analytics, GA4 still loads but only sends anonymous, cookieless pings (no personal identifiers or tracking cookies are set).
2.3 Cloudflare Turnstile (Security / Bot Protection)
Our contact form uses Cloudflare Turnstile to distinguish human visitors from automated bots. Turnstile may set a short-lived session token to complete its verification. It does not track you across websites or build advertising profiles.
Legal basis (GDPR): Legitimate interest (website security).
APP: Collected for the primary purpose of preventing spam and protecting our systems.
See Cloudflare's Privacy Policy for more information.
2.4 Google Fonts
We load fonts from Google Fonts, which may result in a connection to Google's servers and the logging of your IP address by Google. We use Google Fonts solely for typography purposes.
Legal basis (GDPR): Legitimate interest (delivering website content).
2.5 Server Logs
Our web server automatically records access logs, which may include IP addresses, request timestamps, and browser information. These logs are used for security monitoring and debugging.
- Retention: Server logs are retained for up to 30 days, then deleted.
- Legal basis (GDPR): Legitimate interest (website security and stability).
3. Third-Party Services and Data Sharing
We share data with third parties only as described in this policy. The services we use are:
- Google LLC — Google Analytics (GA4) and Google Fonts. Privacy Policy
- Cloudflare, Inc. — Turnstile bot protection. Privacy Policy
We do not sell, rent, or trade your personal information to any third party.
4. International Data Transfers
When you use our contact form or analytics are collected, your data may be processed on servers located outside Australia and the European Economic Area (EEA). Specifically, Google processes GA4 data on global infrastructure.
Google participates in the EU–US Data Privacy Framework and uses Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers outside the EEA, providing appropriate safeguards for your personal data.
5. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Contact form submissions (email) | Up to 2 years from the date of enquiry, or until the matter is resolved |
| Server access logs | 30 days, then automatically deleted |
| Google Analytics data | Per Google's retention settings (typically 14 months) |
| Cookie consent preference | Stored in your browser's localStorage until you clear it or change preference |
6. Cookies and Similar Technologies
Essential Cookies / Browser Storage
- Theme preference — stored in
localStorage(not a cookie), remembers your dark/light mode choice. No consent required; no personal data transmitted to any server. - Cloudflare Turnstile token — a short-lived session value used only to verify you are human when submitting the contact form. No tracking across sessions.
Analytics Cookies (require consent)
- Google Analytics 4 (
_ga,_ga_*) — used to measure website usage. Only set if you click "Accept Analytics" on our cookie banner.
Managing Your Cookie Preferences
You can change your cookie preference at any time by clicking "Manage Cookies" in the footer of our website. You can also control cookies via your browser settings — see your browser's help pages for instructions. Blocking all cookies may affect the functionality of some websites.
7. Your Rights under the GDPR (EU/UK Visitors)
If you are located in the EU or UK, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate data.
- Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention requirements.
- Right to restriction — request that we limit how we process your data in certain circumstances.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent (e.g. analytics cookies), you may withdraw consent at any time via the cookie banner.
To exercise any of these rights, please email contact@greenhost.com.au. We will respond within 30 days. We may need to verify your identity before processing a request.
You also have the right to lodge a complaint with your local data protection supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).
8. Your Rights under the Australian Privacy Principles (Australian Residents)
Under the Privacy Act 1988 (Cth), you have the right to:
- Access the personal information we hold about you — contact us at contact@greenhost.com.au. We will respond within 30 days.
- Correct inaccurate or outdated personal information we hold about you.
- Complain about a breach of your privacy rights to the Office of the Australian Information Commissioner (OAIC) if you are not satisfied with our response.
Note: The Australian Privacy Act does not currently include a general right to erasure or data portability, unlike the GDPR.
9. How We Protect Your Data
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Our measures include:
- HTTPS encryption for all data transmitted to and from this website.
- HTTP security headers (HSTS, Content-Security-Policy, X-Frame-Options, etc.) to protect against common web vulnerabilities.
- Server-side input validation and sanitisation on all form submissions.
- Cloudflare Turnstile to prevent automated/bot form submissions.
- Regular review of server logs and error monitoring.
No method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
10. Children's Privacy
Our website is not directed at children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page will reflect the most recent revision. We encourage you to review this page periodically.
12. Privacy Contact / Privacy Officer
For any questions about this Privacy Policy, to exercise your privacy rights (access, correction, erasure, data portability), or to make a privacy complaint, contact our Privacy Officer:
Privacy Officer — GreenHost
Email: contact@greenhost.com.au
Subject line: Privacy Request
Website: greenhost.com.au
We will acknowledge your request within 5 business days and respond in full within 30 days.
For complaints that we have not resolved to your satisfaction:
- Australian residents: Office of the Australian Information Commissioner (OAIC)
- EU residents: Your national Data Protection Authority (DPA) — see the list of national data protection authorities.
- UK residents: Information Commissioner's Office (ICO)
Independently certified by PrivacyMate as compliant with the Australian Privacy Principles.
Document version: 1.0 · Effective date: 24 February 2026