This Privacy Policy explains how Digital Tactics Ltd, the legal entity behind the GreenCode project, collects, uses and protects personal data on greencode.ai. It follows the structure of the UK Information Commissioner's Office (ICO) UK-GDPR privacy-notice template.
1. Who we are
The data controller for personal data collected through this site is:
- Digital Tactics Ltd, registered in England and Wales (company number 07666910).
- Registered office: 5 Boundary Road, Hove, East Sussex BN3 4EH, United Kingdom.
- VAT number: GB 118 564 211.
GreenCode is an ITEA-labelled, multi-country research-and-development project led by Digital Tactics Ltd alongside academic and industrial partners across the UK, Germany, Turkiye and beyond. This site (greencode.ai) is operated by Digital Tactics Ltd on behalf of the project.
If you have questions about this notice or about how we handle your data, you can contact us:
- Email: info@greencode.ai
- Phone: (+44) 1273 411 190
- Post: 5 Boundary Road, Hove, East Sussex BN3 4EH, United Kingdom
2. What information we collect about you
This is a static, brochure-style site. We do not run user accounts, comments, logins or a public newsletter backend at this time. Personal data flows are limited to the following:
- Contact form submissions — when you complete the form on /contact, we collect your name, email address, optional subject line, and message text.
- Cloudflare Turnstile token — a transient anti-spam token confirms you are not a bot. The token verifies a single submission and is not retained beyond verification; it does not contain personally identifying information.
- Hosting / access logs — Cloudflare Pages (our hosting provider) logs standard request metadata such as IP address, user-agent, request path and timestamp for security and operational reasons. We do not access these logs for marketing.
- Analytics (only with your consent) — if you accept analytics on the cookie banner, Google Analytics 4 records standard interaction events (page views, scroll depth, outbound link clicks) along with a hashed identifier and approximate location. With consent denied, GA4 collects nothing.
3. Why we collect it and how we use it (lawful basis)
Under UK GDPR we must identify a lawful basis for each kind of processing:
- Contact form submissions — legitimate interest. We use the information you send to respond to your enquiry. Without the data we cannot reply.
- Anti-spam (Turnstile) — legitimate interest. We need to confirm submissions are from genuine humans to keep the form usable.
- Hosting and access logs — legitimate interest. We rely on Cloudflare to keep the site online, defend against attack, and diagnose operational issues.
- Analytics — consent. Analytics activates only when you click Accept on the cookie banner, and you can withdraw consent at any time using the Cookie settings control.
4. Who we share your information with
We work with a small number of carefully selected processors:
- Cloudflare, Inc. — hosting (Cloudflare Pages), edge security, and the Turnstile anti-spam widget on the Contact form.
- Amazon Web Services, Inc. (AWS SES) — the email-sending processor for messages submitted through the Contact form. The form posts to a Cloudflare Pages Function which then calls AWS Simple Email Service to deliver the message to our inbox.
- Google LLC (Google Analytics 4) — analytics processor; activated only with your consent.
We do not sell, rent or trade your personal information. We do not pass it to advertisers, data brokers, or any party not listed above.
5. International transfers
Wherever possible we keep personal data within the EU/UK:
- AWS SES is configured in the
eu-west-1(Ireland) region, so Contact-form messages are processed within the EU. - Cloudflare operates a global edge network. Visitors in the EU/UK are typically served by EU edge nodes, which keeps log data regional in normal operation.
Where data does cross borders — for example to Google in the United States for analytics — the transfer takes place under appropriate safeguards including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.
6. How long we keep your information
- Contact form messages — retained in our email system for 24 months from receipt, after which they are deleted unless we have an ongoing relationship that requires us to keep them.
- Cloudflare access logs — per Cloudflare's own retention policy.
- Google Analytics 4 data — per Google's default GA4 retention (currently configurable up to 14 months for event-level data).
7. Your rights under UK GDPR
UK GDPR gives you a number of rights in respect of personal data we hold about you:
- Right of access — ask for a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure (the "right to be forgotten") — ask us to delete your data, subject to certain exceptions.
- Right to data portability — ask for a copy of your data in a machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to restrict processing — ask us to limit how we use your data while a question is resolved.
- Right to withdraw consent — where processing is based on consent (such as analytics), withdraw it at any time.
To exercise any of these rights, email info@greencode.ai. We will respond within one calendar month.
8. How to contact us, or lodge a complaint
For general privacy questions or to exercise any right above, contact us first:
- Email: info@greencode.ai
- Phone: (+44) 1273 411 190
- Post: 5 Boundary Road, Hove, East Sussex BN3 4EH, United Kingdom
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
- Web: ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113
9. Cookies
For full details of the cookies and similar technologies used on this site — categories, third parties, retention windows and how to manage your preferences — see our Cookie Policy.
10. Changes to this notice
We may update this Privacy Policy from time to time to reflect changes in the way we operate, in the third parties we work with, or in applicable law. The "Last updated" date below will reflect any material changes. Significant changes will also be flagged via the cookie banner so you can review and (where applicable) re-confirm your choices.
11. Last updated
8 May 2026.