Grauberg Digital OÜ ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your data in accordance with the General Data Protection Regulation (GDPR).

1. Who We Are

We are a design and consulting agency based in Estonia, offering UX audits, product design, and long-term design support to startups and digital companies. We operate strictly as a business-to-business (B2B) service provider.

2. What Personal Data We Collect

We do not collect personal data directly through forms on our website. However, we link to external platforms where data may be submitted.

We may collect the following personal information through tools like Tally and Google Forms:

• Full name

• Company name

• Email address

• Website URL

Other information you choose to provide

In addition, we use Google Analytics to collect anonymized data about how visitors use our website. We do not store or directly collect IP addresses for our own use.

3. How We Collect Your Data

We may collect your data when you:

• Fill out a form linked from our website (e.g. to request a UX audit)

• Schedule a meeting with us

• Contact us via email

• Subscribe to our newsletter (with consent)

• Interact with our website (cookies and analytics)

4. Why We Collect Your Data

We collect and use your personal data for the following purposes:

• To respond to your inquiries or contact requests

• To deliver UX audits or consulting services

• To prepare invoices and meet legal accounting obligations

• To send newsletters or marketing emails (only with your consent)

• To analyze website traffic and improve user experience

5. Legal Bases for Processing

We process your personal data under the following legal bases, as required by Article 6 of the GDPR:

• Consent – for marketing emails and form submissions

• Performance of a contract – when you engage us for services

• Legal obligation – for tax and accounting compliance

• Legitimate interest – to improve our services and grow our business

6. Data Sharing and Third-Party Services

We only share data with trusted service providers that help us run our business. These providers process data on our behalf under strict confidentiality and data protection agreements.

The tools we use include:

• Stripe – for secure payment processing

• Google Analytics – for website traffic analysis

• Datafast - website traffic analytics

• Gmail / GSuite – for email communication

• Kit.com – for email newsletters and campaigns

• Tally / Google Forms – for form-based data collection

We do not sell or rent your data to third parties.

7. How Long We Keep Your Data

We retain your data only as long as necessary:

• Client-related data is retained until the project ends

• Invoices and transaction data are kept for up to 7 years (for legal reasons)

• UX audit submissions may be deleted at your request at any time

8. Your Data Protection Rights

As an individual in the EU, you have the following rights under the GDPR:

• Access – You have the right to request a copy of the personal data we hold about you.

• Rectification – You have the right to request correction of any inaccurate or incomplete data.

• Erasure – You can ask us to delete your data ("right to be forgotten").

• Restriction – You may request restriction of processing in certain circumstances.

• Objection – You can object to processing based on legitimate interest.

• Data portability – You have the right to receive your data in a structured format.

• Withdraw consent – You may withdraw your consent at any time (for example, unsubscribing from emails).

To exercise any of these rights, contact us at hello@grauberg.co.

9. Cookies and Tracking

We use cookies on our website to support basic functionality and collect anonymized analytics through Google Analytics. A cookie consent banner is shown to all users upon first visit, allowing you to accept or reject non-essential cookies.

You can also manage or delete cookies through your browser settings at any time.

10. Data Security

Your personal data is stored securely. Our website is hosted on Webflow, which uses SSL encryption and industry-standard security measures. We limit access to your data to only those who need it for legitimate business purposes.

11. International Transfers

Some of our service providers (such as Google and Stripe) may store data on servers outside the EU. In such cases, we ensure that all transfers are made in accordance with GDPR-approved mechanisms, such as the Standard Contractual Clauses (SCCs).

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a new “effective date” at the top.