This policy explains how Kova Systems ("we", "us", "our") collects, uses, and protects information when you visit kovasystems.com.au or contact us. This policy is written in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth).
1. Who We Are
Kova Systems
ABN: 91 950 795 357
Location: Sydney, NSW, Australia
Email: [email protected]
Phone: 02 5760 7931
We are a web design and development studio serving Australian trades and local service businesses.
2. What We Collect
When you interact with our website, we may collect:
- Contact form submissions — name, email address, phone number (optional), and message content
- Subscription preferences — whether you opted in to receive marketing updates
- Analytics data — page views, device type, referring URL, approximate geographic location, and anonymised interaction events via Google Analytics 4 and Microsoft Clarity
- Session recordings — anonymised mouse movement and click paths via Microsoft Clarity (no keystrokes or form field contents are captured)
- Server logs — IP address, user-agent, and timestamps retained briefly for security and operational purposes
3. How We Collect It
Information is collected directly from you when you submit the contact form, and passively through analytics scripts (Google Analytics 4, Microsoft Clarity) that load when you browse the site.
4. Why We Collect It
- To respond to your enquiry and provide a quote or proposal
- To send you occasional marketing updates, if you expressly opt in
- To understand how visitors use the site so we can improve its design and performance
- To maintain the security and operation of our website
We do not sell your information, and we do not use it for profiling, targeted advertising, or re-identification.
5. Analytics & Tracking
We use the following analytics tools, each of which sets cookies and collects data as described below:
- Google Analytics 4 (property G-PJRZ0QE0H9) — aggregated site usage, traffic sources, device metrics. IP addresses are anonymised before storage. Data is processed by Google LLC in the United States.
- Microsoft Clarity — anonymised heatmaps and session recordings. Sensitive form fields (email, phone, message) are masked by default. Data is processed by Microsoft Corporation in the United States.
You can opt out of analytics tracking by installing the Google Analytics Opt-out Browser Add-on, by using browser-level "Do Not Track" settings, or by using a browser extension that blocks tracking scripts.
6. Email & Marketing
When you submit the contact form:
- Your submission is sent to our inbox via self-hosted useSend backed by Amazon SES
- You receive an automated confirmation reply to the email address you provided
- If you tick the subscribe checkbox, you are opting in under the Spam Act 2003 to receive occasional marketing emails from Kova Systems
Every marketing email we send includes a functional unsubscribe link and our ABN, in accordance with the Spam Act. You can unsubscribe at any time, and we action unsubscribes within 5 business days as required by law.
7. Cross-Border Disclosure
Some of the services we use transmit or process your information outside Australia:
- Coolify / VPS infrastructure — website hosting and application infrastructure
- useSend / Amazon SES — transactional and marketing email delivery
- Google LLC — Google Analytics 4
- Microsoft Corporation — Clarity analytics
Overseas jurisdictions may not have privacy laws substantially similar to Australia's Privacy Act 1988. Under APP 8, Kova Systems remains accountable for these providers' handling of your data as if it occurred in Australia. Each provider maintains its own security and compliance practices.
8. Data Retention
- Contact form submissions — retained in our email inbox for as long as reasonably necessary to respond and maintain a record of business correspondence, typically up to 7 years for tax and record-keeping obligations
- Marketing subscriber list — retained until you unsubscribe or request deletion
- Google Analytics 4 data — retained for 14 months, then automatically deleted
- Microsoft Clarity recordings — retained for up to 13 months
- Server access logs — retained for up to 30 days
9. Security
Under APP 11 we take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification, or disclosure:
- All traffic is encrypted in transit via TLS (HTTPS)
- Contact form submissions are transmitted over authenticated API connections
- Access to our email inbox is protected by multi-factor authentication
- Third-party providers we rely on maintain enterprise-grade security controls
10. Data Breach Notification
In the event of a suspected data breach, we will assess within 30 days whether the breach is likely to result in serious harm to any individual, in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If a breach meets this threshold we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
11. Your Rights
Under the APPs you have the right to:
- Access (APP 12) — request access to any personal information we hold about you
- Correction (APP 13) — request correction of inaccurate, out-of-date, or incomplete information
- Deletion — request deletion of your personal information, subject to our legal record-keeping obligations
- Unsubscribe — opt out of marketing emails at any time via the unsubscribe link
To exercise these rights, email [email protected]. We will respond within 30 days.
12. Third-Party Links
Our site may link to external websites. This policy applies only to Kova Systems; we are not responsible for the privacy practices of third parties and encourage you to review the privacy policy of any site you visit.
13. Children's Privacy
Our services are directed at business owners. We do not knowingly collect personal information from children under 16. If you believe a child has submitted information through our site, contact us and we will delete it.
14. Complaints
If you believe we have breached the APPs or mishandled your personal information, email [email protected]. We will acknowledge within 7 days and aim to resolve within 30 days.
Office of the Australian Information Commissioner (OAIC)
Website: oaic.gov.au
Phone: 1300 363 992
Online form: oaic.gov.au/privacy/privacy-complaints
15. Changes
We may update this policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page.
16. Contact
Kova Systems
ABN: 91 950 795 357
Email: [email protected]
Phone: 02 5760 7931
Location: Sydney, NSW, Australia