Introduction
27kay OÜ (“27kay”) is committed to protecting the privacy of its users. This Privacy Policy outlines the types of information we collect, how we use it, who we share it with, and the steps we take to protect it.
Information We Collect
We collect the following categories of personal data from users:
- Contact details such as name, email address, phone number
- Payment and billing information, such as billing name, billing address
- Technical information such as visitor location, browser type, operating system
- Usage data such as pages visited, links clicked, files downloaded
- Communications with our representatives, such as meeting notes, chat logs
We do not collect any special categories of sensitive personal data.
The legal bases for collecting this data are:
- Consent for marketing communications
- Contract fulfilment for order processing
- Legitimate interests in analytics and improvements
We collect personal data directly from users during newsletter signup, account registration, order placement, scheduling meetings, communication with our representatives, and using our website.
Usage of Data
We use the data collected for the following purposes:
- Delivering services and products ordered by users
- Sending marketing communications and newsletters with consent
- Understanding usage of our website for improvements
- Providing support through our help desk and customer service channels
- Processing payments and billing
We retain personal data as long as required to fulfil the above purposes, typically for a period of 5 years after the end of the user relationship.
Data may be retained for a more extended period only if required by law.
Data Sharing
We share user data with the following service providers to process it on our behalf:
- Lemon Squeezy – Digital product hosting and payment processing (Data Processing Agreement)
- Gumroad – Digital product hosting and payment processing (Privacy Policy)
- Beehiiv – Newsletter provider (Privacy Policy)
- Formspark – Contact Form provider (Privacy Policy)
- Cal.com – Meeting Scheduler (Privacy Policy)
- Google Workspace – Email and documents (Data Processing Agreement)
- Atlassian – Project management (Data Processing Agreement)
We do not sell or share data with any other third parties unless required by law.
User Rights
Under the GDPR, users have the following rights concerning personal data:
- Right of access – Users can request details of their personal data and copies of the same
- Right to rectification – Users can update their personal data if inaccurate or incomplete
- Right to erasure – Users can request deletion of their personal data
- Right to restrict processing – Users can request suppression of processing in specific circumstances
- Right to data portability – Users can get their data provided to them in a portable format
- Right to object – Users can object to processing based on legitimate interests
Users can exercise these rights by contacting our Data Protection Officer at [email protected]. We will respond within 30 days.
Security
We implement appropriate technical and organisational measures to protect user data:
- Encryption of data in transit and at rest
- Restricted staff access to databases with personal information
- Staff training on data protection and information security
- Regular security audits and vulnerability testing
Data Protection Officer
Our Data Protection Officer can be reached at [email protected]. Please get in touch with the DPO with any questions or concerns about this privacy policy or data protection practices.
Changes to this Policy
We may modify this privacy policy occasionally and will notify users by email in case of significant changes. The latest version will always be posted on this page.
Contact Us
If you have any questions about this privacy policy or the use of your personal data, please email us at [email protected] or contact the Estonian Data Protection Inspectorate.