Nectarweb Privacy Policy

1. About Nectarweb

Nectarweb is an Australian-based web hosting reseller and development service operated by a sole trader. We provide hosting, domain management, and associated support services to individuals and businesses, primarily in Australia.

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and where applicable align with international standards such as the GDPR.

2. What Personal Information We Collect

We collect only what’s needed to provide, manage, and support our services, including:

• Full name, email address, phone number
• Billing and payment information (processed via Stripe/PayPal)
• Business identifiers (e.g., ABN)
• DNS and domain registration details
• Support communications and ticket history
• IP addresses and access logs

This data is primarily collected through our WHMCS system during account registration, orders, and support interactions. We do not intentionally collect sensitive data (e.g., health, religion).

3. How We Use Your Information

• Provide and manage services (hosting, domains, development)
• Process payments and invoices
• Respond to support tickets and send service-related notices
• Operate and secure our systems; prevent misuse and fraud
• Comply with legal and tax obligations

We do not sell or rent your data.

4. Controller vs Processor

• You are the Controller for data you store on hosting we provide (e.g., your site’s user data). You decide the purposes.
• We are the Processor for that hosted data and process it under your instructions to provide the service.
• We are the Controller for our own business records (billing, support, account details).

A Data Processing Addendum (DPA) is available on request.

5. Legal Basis for Processing (GDPR)

If you’re in the EEA or another GDPR-recognising jurisdiction, we process your data under one or more lawful bases:

• Consent (where you choose to give it)
• Performance of a contract (to deliver the services you order)
• Legal obligations (e.g., tax or record keeping)
• Legitimate interests (e.g., security, fraud prevention, service improvements)

6. Where Your Data Is Stored

• Customer data: Brisbane, Queensland
• Hosting: Sydney, Australia
• CDN/DNS: Cloudflare may be used for managed clients
• Core systems: WHMCS, cPanel, Stripe, PayPal, Synergy Wholesale, BinaryLane
• Projects & docs: Atlassian Cloud (Jira/Bitbucket) — project/work data only, no client PII
• Monitoring: at monitor.nectarweb.com.au

Some providers (e.g., Stripe, PayPal, Atlassian) may process data outside Australia (US/EU/other). We use reputable vendors with appropriate safeguards.

7. Third Parties We Work With

We only share information with trusted partners essential to delivering services:

• WHMCS (billing and client management)
• Stripe / PayPal (payment processing)
• Synergy Wholesale (hosting and domain/DNS provisioning)
• BinaryLane (infrastructure)
• Cloudflare (CDN/DNS for managed clients)
• Atlassian Cloud (internal project and documentation tools)
• Mailgun (transactional email)
• Professional services (accountants, legal advisers as needed)
• Authorities (if required by law)

8. Data Retention

• Invoices & tax records: 7 years
• Server logs: ~90 days
• Support tickets & emails: ~2 years after closure
• Account data: deleted ~12 months after cancellation (invoices retained 7 years)
• Ad-hoc development backups: typically 30–60 days

9. Security Measures

We follow practices aligned with the ACSC Essential Eight, including TLS encryption in transit, hardened servers (SELinux enforcing, firewalling, SSH key access), multi-factor authentication for admin systems, least-privilege access, and regular patching and updates.

No system is perfectly secure; we work to reduce risk and respond quickly to issues.

10. Notifiable Data Breaches (Australia)

If a breach likely to cause serious harm occurs, we will promptly assess and notify affected clients and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.

11. Your Rights

Depending on your location, you may have rights under the APPs, GDPR, or other laws, including:

• Access to your personal data
• Correction of inaccuracies
• Deletion where lawful
• Data portability
• Objection or restriction of certain processing
• Withdraw consent where processing relies on it

You can access or update much of your information via your WHMCS account. For other requests, email [email protected]. We usually respond within 5 business days.

12. Domain Registration Specifics

• We must collect and share registrant/admin/tech contact details with registries/resellers under ICANN rules.
• WHOIS privacy is offered where available.
• You must keep domain contact details accurate to avoid suspension.

13. Marketing

We do not send newsletters or marketing emails. We only send essential service messages such as invoices, renewals, or outage notices.

14. International Users

Nectarweb is based in Australia. If you access our services from outside Australia, you are responsible for complying with your local laws.

15. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

16. Changes to This Policy

We may update this policy as needed. Updates will be published on our website. Significant changes will be communicated to clients directly.

17. Contact Us

Questions or concerns? Email [email protected].

If you’re not satisfied, you may also contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.