Privacy Policy

Introduction

27kay OÜ (“27kay”) is committed to protecting the privacy of its users. This Privacy Policy outlines the types of information we collect, how we use it, who we share it with, and the steps we take to protect it.

Information We Collect

We collect the following categories of personal data from users:

• Contact details such as name, email address, phone number
• Payment and billing information, such as billing name, billing address
• Technical information such as visitor location, browser type, operating system
• Usage data such as pages visited, links clicked, files downloaded
• Communications with our representatives, such as meeting notes, chat logs

We do not collect any special categories of sensitive personal data.

The legal bases for collecting this data are:

• Consent for marketing communications
• Contract fulfilment for order processing
• Legitimate interests in analytics and improvements

We collect personal data directly from users during newsletter signup, account registration, order placement, scheduling meetings, communication with our representatives, and using our website.

Usage of Data

We use the data collected for the following purposes:

• Delivering services and products ordered by users
• Sending marketing communications and newsletters with consent
• Understanding usage of our website for improvements
• Providing support through our help desk and customer service channels
• Processing payments and billing

We retain personal data as long as required to fulfil the above purposes, typically for a period of 5 years after the end of the user relationship. 

Data may be retained for a more extended period only if required by law.

Data Sharing

We share user data with the following service providers to process it on our behalf:

• Lemon Squeezy – Digital product hosting and payment processing (Data Processing Agreement)
• Gumroad – Digital product hosting and payment processing (Privacy Policy)
• Beehiiv – Newsletter provider (Privacy Policy)
• Formspark – Contact Form provider (Privacy Policy)
• Cal.com – Meeting Scheduler (Privacy Policy)
• Google Workspace – Email and documents (Data Processing Agreement)
• Atlassian – Project management (Data Processing Agreement)

We do not sell or share data with any other third parties unless required by law.

User Rights

Under the GDPR, users have the following rights concerning personal data:

• Right of access – Users can request details of their personal data and copies of the same
• Right to rectification – Users can update their personal data if inaccurate or incomplete
• Right to erasure – Users can request deletion of their personal data
• Right to restrict processing – Users can request suppression of processing in specific circumstances
• Right to data portability – Users can get their data provided to them in a portable format
• Right to object – Users can object to processing based on legitimate interests

Users can exercise these rights by contacting our Data Protection Officer at [email protected]. We will respond within 30 days.

Security

We implement appropriate technical and organisational measures to protect user data:

• Encryption of data in transit and at rest
• Restricted staff access to databases with personal information
• Staff training on data protection and information security
• Regular security audits and vulnerability testing

Data Protection Officer

Our Data Protection Officer can be reached at [email protected]. Please get in touch with the DPO with any questions or concerns about this privacy policy or data protection practices.

Changes to this Policy

We may modify this privacy policy occasionally and will notify users by email in case of significant changes. The latest version will always be posted on this page.

Contact Us

If you have any questions about this privacy policy or the use of your personal data, please email us at [email protected] or contact the Estonian Data Protection Inspectorate.