Privacy Policy
Last updated: 5 April 2026
1. Introduction
GreyOps Limited (NZBN 9429053142856), operating as GreyOps ("we", "us", "our"), is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you visit our website (greyops.io), engage with our services, or are contacted through our lead generation campaigns.
This policy applies to all individuals whose data we process, including website visitors, clients, prospects, and individuals identified through our lead generation activities.
2. Data Controller
The data controller for the purposes of this policy is:
GreyOps Limited
12 Madden Street, Auckland CBD, Auckland 1010
GridAKL, New Zealand
NZBN: 9429053142856
Email: privacy@greyops.io
3. Information We Collect
3.1 Information You Provide Directly
When you contact us, book a discovery call, sign a service agreement, or communicate with our team, we may collect:
- Full name, job title, and company name
- Email address and phone number
- Business address and billing information
- Content of your communications with us
- Service preferences and requirements
3.2 Information Collected Automatically
When you visit our website, we automatically collect certain technical information:
- IP address and approximate geolocation
- Browser type, version, and operating system
- Referring URL and pages visited
- Time spent on pages and interaction data
- Device type and screen resolution
3.3 Information from Third-Party Sources
In the course of our lead generation business, we collect publicly available professional information from sources including:
- LinkedIn and other professional networks
- Public business directories and company websites
- Business databases and data providers
- Government registries and public records
This data typically includes business names, professional email addresses, job titles, company information, and industry classification. We do not collect sensitive personal data (e.g., health, financial, religious, or political information) as part of our lead generation activities.
3.4 Client-Provided Data
Our clients may provide us with target lists, customer data, or ICP (Ideal Customer Profile) information to guide our lead generation campaigns. We process this data solely on behalf of the client and in accordance with our Service Agreement.
4. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Responding to enquiries and booking consultations | Legitimate interest / Consent |
| Delivering lead generation services to our clients | Contractual necessity |
| Conducting outreach campaigns (email, ads, LinkedIn) | Legitimate interest |
| Sending service-related communications to clients | Contractual necessity |
| Invoicing and payment processing | Contractual necessity |
| Analysing website performance and user experience | Legitimate interest |
| Improving our services and campaign effectiveness | Legitimate interest |
| Compliance with legal obligations | Legal obligation |
| Protecting against fraud and security threats | Legitimate interest |
4.1 Legitimate Interest Assessment
Where we rely on legitimate interest as a legal basis, we have conducted a balancing test to ensure our interests do not override the rights and freedoms of the individual. Our B2B outreach is directed at individuals in their professional capacity, uses business contact information, and includes clear opt-out mechanisms in every communication.
5. Data Sharing & Disclosure
We do not sell your personal information.
We may share your information with:
5.1 Service Providers
We use trusted third-party service providers to deliver our services, including:
- Email sending platforms and deliverability tools
- CRM and lead management systems
- Advertising platforms (Google, Meta, LinkedIn)
- Analytics and tracking tools
- Cloud hosting and data storage providers
- Payment processors
- Calendar and scheduling tools (TidyCal)
These providers process data on our behalf under data processing agreements and are prohibited from using your data for their own purposes.
5.2 Clients
When we generate leads on behalf of our clients, we share qualified lead data (name, email, company, and engagement details) with the relevant client as part of our service delivery. Once shared, the client becomes the data controller for that lead data.
5.3 Legal Requirements
We may disclose information where required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of GreyOps, our clients, or others.
6. International Data Transfers
GreyOps is based in New Zealand and operates globally. Your personal data may be transferred to and processed in countries outside your own, including New Zealand, the United States, and the European Union.
Where we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by the European Commission (for EU data)
- Data processing agreements with all service providers
- New Zealand's adequacy status under the EU GDPR
7. Data Retention
We retain personal data for the following periods:
- Client data: For the duration of the engagement plus 7 years for legal, tax, and accounting purposes
- Lead data: For the duration of the relevant campaign, then deleted or anonymised within 12 months of campaign completion unless the client requests otherwise
- Website analytics: 26 months
- Communication records: 3 years from last communication
- Opt-out/suppression lists: Indefinitely (to ensure we respect your opt-out preference)
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Data Portability: Request your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests, including direct marketing
- Right to Withdraw Consent: Where processing is based on consent, withdraw at any time
To exercise any of these rights, contact us at privacy@greyops.io. We will respond within 30 days of receiving your request. We may ask for verification of your identity before processing your request.
8.1 Opting Out of Outreach
Every outreach email we send includes a clear unsubscribe link. You can also opt out by:
- Clicking the unsubscribe link in any email
- Replying "unsubscribe" or "stop" to any email
- Emailing privacy@greyops.io with your request
Opt-out requests are processed within 48 hours. Your email will be added to our permanent suppression list to ensure you are not contacted again.
9. Cookies & Tracking Technologies
Our website uses cookies and similar technologies to improve your experience and analyse site usage. For full details, see our Cookie Policy.
In summary:
- Essential cookies: Required for the website to function (always active)
- Analytics cookies: Help us understand how visitors use our site
- Marketing cookies: Used to deliver relevant advertising and track campaign effectiveness
You can manage cookie preferences through your browser settings.
10. Data Security
We implement commercially reasonable technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and authentication for all systems
- Regular security reviews and monitoring
- Employee training on data protection
- Secure data storage with reputable cloud providers
No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of your data. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities in accordance with applicable law.
11. Children's Privacy
Our services are directed at businesses and professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly.
12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these sites. We encourage you to review the privacy policies of any third-party site you visit.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. If changes are significant, we will notify active clients by email. Continued use of our website or services after changes constitutes acceptance of the updated policy.
14. Complaints
If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with:
- New Zealand: Office of the Privacy Commissioner -- privacy.org.nz
- European Union: Your local Data Protection Authority
- United Kingdom: Information Commissioner's Office (ICO) -- ico.org.uk
We would appreciate the opportunity to address your concerns before you approach a supervisory authority. Please contact us first at privacy@greyops.io.
15. Contact
For privacy-related enquiries, data requests, or complaints:
GreyOps Limited
12 Madden Street, Auckland CBD, Auckland 1010
GridAKL, New Zealand
NZBN: 9429053142856
Email: privacy@greyops.io
Web: greyops.io