Privacy Policy
This Privacy Policy explains how NATIONAL GUTTER GUARD PTY LTD (ABN 48 691 273 891) and GutterGuardInstaller.com.au (“we”, “us”, “our”) collect, use, disclose and protect personal information under the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). Because some providers process data outside Australia, we include notices for the EU/UK (GDPR) and California (CCPA/CPRA).
Contact: [email protected] • 0490 663 203 • 24 Queen Street, Southport QLD
1. Who we are
We install premium aluminium and steel gutter guard systems across Australia. Primary website: gutterguardinstaller.com.au. Legal entity: NATIONAL GUTTER GUARD PTY LTD (ABN 48 691 273 891). Controller: For website and quoting data, NATIONAL GUTTER GUARD PTY LTD acts as data controller.
2. The information we collect
- Identity & contact: name, company, role, postal and site addresses, email, phone.
- Quotes & service details: quote requests, site notes, measurements, scheduling info, installation details.
- Transaction details: payments and records related to installation services (no ecommerce store).
- Communications: emails, calls (we do not record calls), messages, form submissions, CRM notes.
- Marketing & analytics: cookie IDs, device identifiers, IP, pages viewed, referrers, ads clicked, UTM tags, approximate location, Google/Meta ad interactions.
- Technical: browser, OS, error logs, security logs; Google reCAPTCHA may be used on forms for abuse prevention.
- Images & media: roof/house photos/videos you send; installation photos/videos we capture with consent for QA/marketing.
- Aerial imagery: publicly available or licensed imagery (e.g., Google, Vexcel, Nearmap) for quoting/planning.
- Recruitment (if you apply): CV/resume, references, right-to-work checks.
- B2B partners/installers & licensees (if applicable): trade account details incl. ABN, contacts, banking info for onboarding and compliance.
We collect information directly (forms, phone, email, in-person), automatically (cookies/pixels/analytics), and from third parties (e.g., advertising platforms) where lawful.
3. Why we collect your information (lawful purposes)
- Provide services: prepare quotes, schedule work, process payments (via Stripe or bank transfer), complete installations, support/warranty.
- Operate our business: manage scheduling, communications and records in our CRM (Go High Level).
- Marketing & personalisation: send limited updates, show relevant ads on Google/Meta, measure performance.
- Spam Act & DNCR: marketing only with express consent, opt-out in every message, respect for the Do Not Call Register.
- Improve sites/services: debug, test, analyse usage, enhance UX.
- Security & fraud prevention: verify identity, detect misuse, protect rights/users.
- Legal & compliance: records, disputes, lawful requests; NDB scheme.
GDPR/UK bases: consent, contract performance, legitimate interests, legal obligations. No automated decisions: we do not use automated decision-making with legal or similarly significant effects.
4. Cookies, pixels and analytics
We use essential cookies (function/security), analytics (Google Analytics 4, user/event retention typically 2–14 months per settings), and advertising pixels (Google/Meta; remarketing look-back commonly up to 180 days). You can control cookies via your browser. Where required, we present a consent banner. A “Cookie Settings” link will be available to adjust preferences at any time.
5. Disclosing your information
- Service providers: CRM/marketing (Go High Level), payments (Stripe), email/SMS tools, cloud hosting, analytics/advertising (Google, Meta).
- Professional advisers: accountants, auditors, insurers, lawyers (as needed).
- Government & regulators: where required or authorised by law.
- Business transfers: in connection with a merger, sale or reorganisation.
Payments: we do not store full card details. Card data is processed by Stripe under its security/privacy controls. reCAPTCHA: where used, Google’s policies apply.
Overseas recipients: some recipients may be outside Australia (e.g., US). We take reasonable steps to ensure consistency with the APPs, including reliance on Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable.
6. Data security
We use administrative, technical, and physical safeguards appropriate to the risk (access controls, encryption in transit, secured facilities, staff training, vendor due-diligence). Go High Level indicates platform data is encrypted in transit/at rest and passwords are hashed.
Backups & DR: encrypted backups with restricted access and rolling deletion (typically 30–90 days).
7. Data retention
- Service records: keep at least 7 years (tax/record-keeping).
- CRM (Go High Level): retained while the account remains active; deletion on request (some logs/metadata may be retained for security/compliance).
- Marketing contacts: we do not continue marketing after job completion; remove on completion or request.
- CCTV/call recordings: not used; we do not record calls.
- Analytics/ads: GA4 typically 2–14 months; Meta audiences up to 180 days.
| Category | Purpose | Retention |
|---|---|---|
| Job & tax records | Service delivery & compliance | 7 years |
| CRM contacts (active customers) | Scheduling & support | While active; delete on request |
| Marketing contacts | Offers/updates | Stop after job; remove on request |
| Analytics (GA4) | Performance & security | 2–14 months (per settings) |
| Ad audiences (Meta/Google) | Remarketing | Up to 180 days |
| Recruitment | Hiring & compliance | Up to 12 months or earlier on request |
| Media (with consent) | QA/portfolio | Until consent withdrawn |
| Backups | Continuity & recovery | Rolling 30–90 days |
8. Your choices and rights
- Marketing opt-out: we don’t market after job completion. Opt out anytime (reply STOP to SMS, unsubscribe links, or email us).
- Cookie controls: manage via your browser or the site’s Cookie Settings link (essential cookies may be required).
- Access & correction: request access to/correction of your information.
- Verification & timeline: we verify requests (e.g., match contact/job reference) and aim to respond within 30 days.
EU/UK & California notices: additional rights may apply because some providers process data outside Australia. Contact us to exercise these rights.
9. Children
Our services are not directed to children under 16. We do not knowingly collect personal information from children.
10. Direct marketing and profiling
We may send occasional service updates. We run remarketing on Meta and Google, which may create audience segments using hashed data or cookies, subject to your settings and applicable consent requirements. You can opt out at any time.
11. Notifiable Data Breaches (NDB)
If a data breach is likely to result in serious harm, we will assess and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the NDB scheme.
12. Complaints and contact details
Email: [email protected] • Phone: 0490 663 203 • Address: 24 Queen Street, Southport QLD
If you are not satisfied with our response, contact the OAIC: oaic.gov.au • 1300 363 992 • GPO Box 5218, Sydney NSW 2001.
13. Changes to this Policy
We may update this Policy from time to time. The updated version will be posted on our website with a new “Last updated” date. Material changes will be notified where reasonably practicable.
14. Key definitions
Personal information: information or an opinion about an identified individual, or an individual who is reasonably identifiable. Sensitive information: includes health, biometric or similar data; we do not intentionally collect this, but if you provide it (e.g., accessibility details for a site visit), we will handle it with extra care and only for the purpose provided.
15. Additional regional notices (GDPR/UK & California)
GDPR/UK: legal bases include consent, contract, legitimate interests. You may have rights to access, rectification, erasure, restriction, portability and objection. For international transfers we rely on SCCs or equivalent safeguards.
California (CCPA/CPRA): California residents may have rights to know, delete and opt out of certain sharing/“sale” of personal information. We do not knowingly “sell” personal information as defined under California law.
16. User-generated content consent (photos/videos)
With your explicit consent, we may publish before/after photos or videos you provide or we capture. We remove GPS/EXIF metadata, and on request we can blur house numbers, licence plates and other identifiers. You can withdraw consent at any time by contacting us.
© NATIONAL GUTTER GUARD PTY LTD • Effective date: 31 October 2025
