Privacy Policy

1. Introduction and Data Controller

BrightForgeStudio Pty Ltd ("BrightForgeStudio", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes the types of information we collect from visitors to our website at brightforgestudio.cyou and from individuals who enquire about or engage our gardening and landscaping services. It also explains how we process, store, and safeguard that information.

BrightForgeStudio Pty Ltd is the data controller responsible for your personal data. Our registered office is located at 125 York Street, Sydney, NSW 2000, Australia. We are registered under Australian Business Number (ABN) 48 159 327 614.

We process personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable to individuals located in the European Economic Area (EEA) or the United Kingdom (UK), the General Data Protection Regulation (GDPR) and the UK GDPR. We also comply with the Privacy Amendment (Notifiable Data Breaches) Act 2017.

By accessing our website or providing your personal information to us through any channel, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our website or submit personal information to us.

2. What Data We Collect

We collect different categories of personal information depending on how you interact with us. Below is a comprehensive list of the types of data we may collect:

2.1 Information You Provide Directly

• Full name (first name and surname) as entered on our consultation request form, contact form, or provided during phone or email conversations.
• Email address for correspondence regarding quotes, project updates, scheduling, and service-related communications.
• Phone number (mobile or landline) so our team can contact you to arrange consultations or discuss project details.
• Postcode to determine your location relative to our service areas and to provide accurate quotes.
• Property address when you book an on-site consultation or engage our services for a specific project.
• Project descriptions and preferences that you share via our contact form message field, email correspondence, or during phone conversations.
• Payment information such as credit card or bank transfer details if you purchase a consultation or service (processed by our payment provider, not stored on our servers).

2.2 Information Collected Automatically

• IP address collected through server logs and analytics tools when you visit our website.
• Browser type and version (e.g., Chrome 120, Safari 17) to help us optimise website compatibility.
• Device information including operating system, screen resolution, and device type (desktop, tablet, mobile).
• Usage data such as pages visited, time spent on each page, referring website, click patterns, and navigation paths through our site.
• Cookie identifiers and similar tracking technologies as described in section 10 of this policy.
• Approximate geographic location derived from your IP address (city/region level, not precise coordinates).

2.3 Information from Third Parties

In some cases, we may receive information about you from third-party sources such as business directories, referral partners, or review platforms where you have publicly reviewed our services. We only use such information where we have a legitimate interest and where the original source collected the data lawfully.

3. How We Collect Your Data

We collect personal information through several methods:

• Website forms: When you complete our consultation request form on the Contact page or any other form on our website, the information you enter is transmitted securely to our systems.
• Email correspondence: When you send us an email at [email protected], we collect the content of the email, your email address, and any attachments you include.
• Phone calls: When you call our office at +61 2 8023 4156, we may record notes about the conversation content, your name, contact details, and project requirements. We do not record phone calls without explicit consent.
• On-site consultations: During property visits, our team may take photographs of your outdoor space (with your permission) and record project-specific notes that may include your address and property details.
• Cookies and analytics: We use Google Analytics to collect anonymised website usage data. Google Analytics uses cookies placed on your browser to track interactions with our website. We may also use the Meta (Facebook) Pixel for measuring the effectiveness of advertising campaigns. Both tools collect data as described in section 10.
• Server logs: Our web hosting provider automatically records server access logs that include your IP address, browser information, timestamps of requests, and URLs accessed.

4. Legal Basis for Processing

Under Australian privacy law and, where applicable, GDPR Article 6, we rely on the following legal bases to process your personal information:

• Consent (GDPR Article 6(1)(a)): Where you have given clear, affirmative consent for us to process your personal data for specific purposes, such as subscribing to communications or accepting non-essential cookies. You may withdraw consent at any time by contacting us at [email protected].
• Contract performance (GDPR Article 6(1)(b)): Processing necessary to fulfil a contract with you or to take pre-contractual steps at your request. This includes processing your consultation request, preparing quotes, scheduling site visits, and delivering the landscaping services you have engaged us for.
• Legitimate interest (GDPR Article 6(1)(f)): Processing necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes website analytics to improve user experience, fraud prevention, internal record keeping, and direct marketing to existing clients about services similar to those previously purchased.
• Legal obligation (GDPR Article 6(1)(c)): Processing necessary to comply with Australian tax laws, business record-keeping requirements, or other legal obligations applicable to our business.

Under the Australian Privacy Principles, we collect personal information only when it is reasonably necessary for our business functions and activities, and we do so by lawful and fair means.

5. How We Use Your Data

We use the personal information we collect for the following specific purposes:

• Service delivery: To process consultation requests, schedule on-site visits, prepare landscape design proposals, provide project quotes, execute gardening and landscaping work, and manage ongoing maintenance arrangements.
• Communication: To respond to your enquiries, send project updates, confirm appointment times, share design drafts, and provide after-care instructions following project completion.
• Booking and scheduling: To coordinate our team's availability with your preferred consultation and project dates, and to send appointment reminders.
• Marketing (with consent): To send you seasonal gardening tips, service promotions, or company news, but only where you have provided explicit opt-in consent. Every marketing communication includes a clear unsubscribe option.
• Website improvement: To analyse aggregated usage patterns through Google Analytics, identify popular content, detect technical issues, and improve the overall browsing experience on our website.
• Advertising measurement: To evaluate the performance of paid advertising campaigns on platforms such as Google Ads and Meta (Facebook/Instagram) by tracking conversions from ad clicks to consultation bookings.
• Legal and financial compliance: To maintain accurate business records, process invoices and payments, comply with Australian tax obligations, and respond to lawful requests from regulatory authorities.
• Protecting our rights: To detect and prevent fraud, enforce our Terms of Service, and protect the security of our website and systems.

We do not use your personal information for automated decision-making or profiling that produces legal effects or significantly affects you.

6. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. The specific retention periods for different types of data are as follows:

Once the retention period expires, your data is securely deleted or anonymised so that it can no longer be linked to you. If you request deletion of your data before the retention period ends, we will comply with your request unless we have a legal obligation to retain the information.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to any third party. We share your data only with the following categories of service providers, and only to the extent necessary for the purposes described in this policy:

• Web hosting provider: Our website is hosted on secure Australian-based servers. The hosting provider processes server logs containing IP addresses and access data as part of normal website operations.
• Analytics providers: Google LLC (Google Analytics) processes anonymised website usage data to help us understand how visitors interact with our site. Google's privacy policy governs its handling of this data.
• Advertising platforms: Meta Platforms, Inc. (Facebook/Instagram Pixel) may receive limited conversion data (such as confirmation that a form was submitted) to measure advertising campaign effectiveness. This data does not include your name, email, or other directly identifying information unless you have separately consented to Meta's data practices.
• Payment processors: If you make a payment for services, your payment information is processed by our third-party payment provider using industry-standard encryption. We do not store credit card numbers on our systems.
• Email service provider: We use a third-party email platform to manage service-related communications. This provider processes your email address and name to deliver messages on our behalf.
• Professional advisors: We may share information with our accountants, lawyers, or insurance providers where necessary for legal, financial, or insurance purposes.
• Law enforcement or regulatory bodies: We may disclose your personal information if required by Australian law, a court order, or a request from a regulatory authority such as the Office of the Australian Information Commissioner (OAIC).

All third-party service providers are contractually required to handle your data securely and only for the purposes specified by us. We conduct regular reviews of our third-party relationships to verify they maintain appropriate data protection standards.

8. International Data Transfers

Your personal data is primarily stored and processed within Australia. However, some of our third-party service providers (such as Google LLC and Meta Platforms, Inc.) are headquartered in the United States, which means your data may be transferred to and processed in countries outside Australia and, where applicable, outside the European Economic Area (EEA).

Where data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA to third countries.
• Adequacy decisions by the European Commission for countries deemed to provide an adequate level of data protection.
• Contractual commitments with service providers to maintain data protection standards equivalent to those required under Australian and European law.
• Compliance with the Australian Privacy Principle 8, which requires us to take reasonable steps to ensure overseas recipients handle personal information consistently with the APPs.

You may contact us at [email protected] to request information about the specific safeguards applied to any international transfer of your data.

9. Your Privacy Rights

Depending on your location and applicable law, you have the following rights regarding your personal data:

9.1 Rights Under Australian Privacy Law

• Access: You have the right to request access to the personal information we hold about you (APP 12).
• Correction: You have the right to request correction of any inaccurate, out-of-date, incomplete, or misleading personal information (APP 13).
• Complaint: You have the right to lodge a complaint with us if you believe we have breached the APPs. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

9.2 Additional Rights Under GDPR (for EEA/UK residents)

If you are located in the European Economic Area or the United Kingdom, you have the following additional rights under GDPR Articles 15 through 22:

• Right of access (Article 15): The right to obtain confirmation of whether we process your data, and to receive a copy of that data.
• Right to rectification (Article 16): The right to have inaccurate personal data corrected without undue delay.
• Right to erasure (Article 17): The right to request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where processing is unlawful.
• Right to restriction of processing (Article 18): The right to request that we restrict the processing of your data in certain circumstances, such as while we verify accuracy or assess an objection.
• Right to data portability (Article 20): The right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to object (Article 21): The right to object to processing based on legitimate interest, including direct marketing. We will stop processing unless we demonstrate compelling legitimate grounds.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EEA member state where you reside or where you believe an infringement has occurred.

9.3 How to Exercise Your Rights

To exercise any of the above rights, please contact us using the details in section 13 below. We will respond to your request within 30 days (or 28 days for GDPR-specific requests). We may ask you to verify your identity before processing your request to protect your data from unauthorised access. There is no fee for exercising your rights, although we may charge a reasonable fee for manifestly unfounded or excessive requests.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse site traffic, and measure the effectiveness of our marketing. A cookie is a small text file placed on your device by your web browser when you visit a website.

10.1 Types of Cookies We Use

10.2 Managing Your Cookie Preferences

When you first visit our website, a cookie consent banner appears at the bottom-right of your screen. You may choose to accept or reject non-essential cookies. Essential cookies cannot be rejected as they are necessary for the website to function properly.

You can also manage cookies through your browser settings. Most browsers allow you to view, delete, and block cookies from specific or all websites. Please note that blocking all cookies may affect the functionality of our website and other sites you visit. Instructions for managing cookies in popular browsers are typically found in the browser's "Help" or "Settings" menu.

If you reject analytics and marketing cookies, we will not place those cookies on your device, and the associated tracking will not occur for your browsing sessions.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that information from our records.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us at [email protected] so we can promptly address the matter.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Post a notice on our website homepage for a reasonable period following the change.
• Where changes are significant and where we have your email address, notify you directly by email at least 14 days before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our website or services after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact our privacy team using the following details: