GreenKPI Data Privacy Policy

Effective Date July 2024
Review Date 23rd October 2025
1. Purpose

GreenKPI is committed to safeguarding the privacy of its clients, employees, and stakeholders. This policy outlines how GreenKPI collects, uses, stores, and discloses personal information in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the EU General Data Protection Regulation (GDPR) and the United Kingdom GDPR. This policy applies to information collected through GreenKPI’s website, mobile applications, and other platforms, including where services are offered to individuals in the European Union (EU) or European Economic Area (EEA) and in the United Kingdom.

2. Scope

This policy applies to all personal information collected by GreenKPI, including information from clients, users of the GreenKPI platform (web and mobile app), employees, and third parties.

3. Collection of Personal Information
3.1 Types of Information Collected

GreenKPI may collect the following types of personal information:

• Identifying details: name, address, phone number, and email address.

• Business information: company name, role, and business address.

• Usage data: information about how clients use GreenKPI services (including device identifiers, app interactions, and browser activity).

• Payment information: financial data for billing purposes (handled via secure third-party payment processors).

• Sensitive information: GreenKPI does not usually collect sensitive information (such as health, ethnicity, or political views). If sensitive information is reasonably necessary for the functioning of services or activities; GreenKPI will then obtain express consent and handle it in line with APP 3.

3.2 Methods of Collection Personal information is collected through:

• Online forms during account registration or inquiries.

• Use of GreenKPI’s website, webapp, and mobile app.

• Communication via email, phone, or in-person meetings.

• Automated technologies, such as cookies, device identifiers, and analytics tools.

4. Use of Personal Information
4.1 GreenKPI uses personal information for:

• Providing access to and improving GreenKPI’s services.

• Communicating with clients about updates, billing, or support.

• Meeting legal obligations, such as taxation or regulatory compliance.

• Conducting research and analytics to enhance platform performance.

• Benchmarking purposes through extracting de-identified company data.

• Direct marketing: GreenKPI may use contact details to send updates, newsletters, or promotional materials. Recipients may opt out at any time by following the unsubscribe link in communications or contacting GreenKPI directly.

4.2 Legal Basis for Processing (GDPR Article 6)

Where the GDPR applies, GreenKPI processes personal data on the following legal bases:

• Consent (Art. 6(1)(a)) – for activities such as sending newsletters, promotional materials, or enabling non-essential cookies and analytics, where individuals have actively consented.

• Performance of a contract (Art. 6(1)(b)) – to provide access to GreenKPI’s SaaS platform, deliver services, process payments, and respond to service-related inquiries.

• Legal obligation (Art. 6(1)(c)) – to comply with taxation, accounting, employment, and other regulatory requirements.

• Legitimate interests (Art. 6(1)(f)) – for purposes such as improving platform performance, ensuring IT security, and conducting business analytics, provided these interests are not overridden by the rights and freedoms of the individual. Where processing relies on consent, individuals may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Disclosure of Personal Information

GreenKPI does not sell personal information to third parties. Information may be shared with:

• Third-party service providers for hosting, payment processing, analytics, or support.

• Regulatory authorities when required by law.

• Clients or authorized users within an organization for access purposes.

6. Data Storage and Security
6.1 Storage

Location Personal information may be stored and processed on secure servers in Australia, the EU/EEA, and the United Kingdom. Where personal data is transferred from the EU/EEA or the UK to a country without an adequacy decision, GreenKPI ensures that appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and the UK Addendum, in accordance with GDPR and UK GDPR requirements.

6.2 Security Measures

GreenKPI employs industry-standard measures to protect personal information, including:

• Encryption of data in transit and at rest. • Multi-factor authentication and role-based access controls.

• Secure deletion or de-identification of data when no longer needed.

6.3 Breach Notification

In the event of a data breach involving personal information, GreenKPI will comply with all applicable legal obligations, including:

• The Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth), which requires notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals where a breach is likely to result in serious harm.

• The GDPR (Articles 33 and 34), which requires notification to the relevant supervisory authority within 72 hours of becoming aware of a personal data breach, unless the breach is unlikely to result in risk to the rights and freedoms of individuals, and notification to affected individuals where required.

7. Client Rights
7.1 Access and Correction

Clients can request access to their personal information held by GreenKPI. Requests should be made in writing to the CEO (see Section 10). Access will be provided within a reasonable timeframe (generally within 30 days), unless an exception applies under the Privacy Act or GDPR. If information is incorrect, clients can request corrections free of charge.

7.2 Deletion and Data Export

Clients may request the deletion of their data, subject to legal retention requirements. Upon request, GreenKPI will provide a copy of personal data in a commonly used electronic format, where technically feasible.

7.3 Additional GDPR Rights

• Right to Restrict Processing (Art. 18): Individuals may request restriction of processing in certain circumstances (e.g., where accuracy is contested, or processing is unlawful).

• Right to Object (Art. 21): Individuals may object at any time to processing based on legitimate interests, including the right to object to direct marketing.

• Rights in Relation to Automated Decision-Making (Art. 22): GreenKPI does not carry out automated decision-making or profiling that produces legal or similarly significant effects. If this changes, GreenKPI will update this policy and inform individuals accordingly.

7.4 Complaints

Complaints about privacy concerns can be directed to GreenKPI’s Privacy Officer. GreenKPI will acknowledge complaints within 7 days and aim to resolve them within 30 days.

• Australia: If unresolved, clients may escalate the matter to the Office of the Australian Information Commissioner (OAIC).

• EU/EEA: Individuals may also lodge a complaint with their local supervisory authority under GDPR. A list of EU supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en Individuals in the UK may lodge complaints with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/data-protection-complaints/

8. Cookies, Tracking, and App Data
8.1 Use of Cookies and Tracking Technologies

GreenKPI uses cookies, analytics, and similar technologies to improve user experience, analyse usage, and ensure the proper functioning of our website and mobile app. Some of this information may constitute personal information under the Privacy Act 1988 (Cth) and/or GDPR.

8.2 Categories of Cookies

• Essential cookies (strictly necessary): These are required for the operation of the website and app (e.g., to remember login sessions or security settings). They are always active and do not require consent (ePrivacy Directive).

• Non-essential cookies (analytics, performance, and tracking): These help us understand how users interact with our services and improve performance. These cookies are only activated with your consent (Art. 6(1)GDPR). For UK users, non-essential cookies are activated only with consent, in compliance with the UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

8.3 Consent Management

• Website: Users will see a cookie banner that allows them to accept or reject non-essential cookies. Consent can be withdrawn at any time by updating cookie settings.

• Mobile App: Users may manage analytics and tracking permissions through in-app settings or device-level privacy settings.

8.4 Legal Basis

• For essential cookies: legitimate interests (Art. 6(1)(f) GDPR).

• For non-essential cookies: consent (Art. 6(1)(a) GDPR).

8.5 Your Choices

You can adjust your browser or device settings to refuse cookies or to alert you when cookies are being sent. Refusing cookies may affect some website or app functionality.

9. Data Retention

Personal information is retained only as long as necessary for the purposes for which it was collected or to meet legal obligations. When no longer required, data is securely destroyed or de-identified.

10. Contact Information

For privacy questions, requests, or complaints, please contact: Johanna Kloot, CEO at GreenKPI Pty Ltd, Email: johanna@greenkpi.com Phone: +61418438220

11. Government Identifier

GreenKPI does not use government-related identifiers. Where government identifiers are collected for legal purposes (e.g. taxation), they are only used or disclosed in accordance with APP 9. This explicitly excludes an individual’s name, an individual’s Australian Business Number (ABN), anything else prescribed by the regulations made under the Privacy Act, according to APP 9.

12. Updates to this Policy

GreenKPI may update this policy periodically to reflect changes in laws or operations. Clients will be notified of significant changes through email, website, or in-app notifications. The effective date and last review date will always be shown at the top of this policy.

Approval Authorised Representative: Position: CEO Date: 23rd October 2025
GreenKPI Logo

Enterprise sustainability management platform designed by sustainability practitioners for measurable business results.

Solutions

Sustainability Consultancies

Enterprise

Platform

Request Demo

Company

About GreenKPI

Privacy Policy

Terms of Service

Contact Us

GreenKPI Logo

Enterprise sustainability management platform designed by sustainability practitioners for measurable business results.

Solutions

Sustainability Consultancies

Enterprise

Platform

Request Demo

Company

About GreenKPI

Privacy Policy

Terms of Service

Contact Us

GreenKPI Logo

Enterprise sustainability management platform designed by sustainability practitioners for measurable business results.

Solutions

Sustainability Consultancies

Enterprise

Platform

Request Demo

Company

About GreenKPI

Privacy Policy

Terms of Service

Contact Us

Copyright © 2025 GreenKPI. All Rights Reserved

Copyright © 2025 GreenKPI. All Rights Reserved

Copyright © 2025 GreenKPI. All Rights Reserved

Building sustainable futures through measurable action

Building sustainable futures through measurable action

Building sustainable futures through measurable action