Privacy Policy
Last updated: 16 May 2025 — BlackNorton is committed to protecting your personal data and respecting your privacy.
1. Overview & scope
BlackNorton ("we", "us", "our") operates the website blacknorton.ee and provides marketing, branding, and consulting services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, engage our services, or communicate with us. We comply with the EU General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, and other applicable privacy laws.
2. Information we collect
We collect information to provide better services to our clients and website visitors. Categories include:
2.1 Personal data you provide
- Contact & identity details: name, email address, phone number, job title, company name.
- Project & enquiry data: information shared via contact forms, emails, or during consultations regarding marketing strategy, campaigns, or creative briefs.
- Billing information: necessary for invoicing and transaction processing (we use secure third‑party payment processors).
2.2 Automatically collected data
- Usage & analytics: IP address, browser type, device identifiers, referring URLs, pages visited, time spent — collected via cookies and similar technologies.
- Communication data: records of correspondence when you interact with our team via email or chat.
3. How we use your information
We process personal data only where we have a legal basis (GDPR Article 6). Purposes include:
- To respond to inquiries and deliver our marketing & consulting services.
- To manage client relationships, proposals, and project execution.
- To improve and personalise your experience on our website.
- To send service updates, marketing insights, or newsletters (only with explicit consent, which you may withdraw anytime).
- To comply with legal obligations and protect against fraud or security risks.
4. Legal basis for processing (GDPR)
We rely on one or more of the following lawful bases:
- Contractual necessity: To fulfil agreements with clients (e.g., project delivery).
- Legitimate interests: To operate, improve and secure our website and services (e.g., analytics, fraud prevention).
- Consent: For direct marketing, non‑essential cookies, and optional data collection.
- Legal obligation: To comply with Estonian and EU legal requirements (accounting, tax, etc.).
5. Data sharing & third parties
We never sell your personal data. We may share information with trusted categories of recipients:
- Service providers: hosting, analytics (Plausible/Google Analytics anonymised), CRM tools, email delivery platforms — all under strict data processing agreements.
- Professional partners: subcontractors involved in delivering campaigns (only when necessary and under confidentiality obligations).
- Legal authorities: if required by law or to defend legal rights.
All third parties are based in the EEA or provide equivalent GDPR safeguards (Standard Contractual Clauses).
6. International data transfers
Your information is primarily stored within the European Economic Area (EEA). In cases where data is transferred to non‑EEA countries, we implement appropriate safeguards such as EU Standard Contractual Clauses or adequacy decisions to ensure your data remains protected.
7. Data security & retention
We employ industry‑standard security measures (encryption, access controls, firewalls) to protect against unauthorised access. Retention periods are determined by the purpose of processing:
| Data category | Retention period | Reason |
|---|---|---|
| Client & project data | 7 years after last contract | Legal, tax & contractual obligations |
| Newsletter subscribers | Until unsubscribed | Consent management |
| Website analytics (aggregated) | 26 months | Performance improvement |
| Inquiry form data (not converted) | 24 months | Business development |
After retention, data is securely deleted or anonymised.
8. Your rights (GDPR & Estonian law)
You have the following rights regarding your personal data:
- Right to access: obtain confirmation of processing and a copy of your data.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure ('right to be forgotten'): request deletion under certain conditions.
- Right to restrict processing: limit how we use your data.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: for any processing based on consent (e.g., newsletters).
To exercise your rights, please email privacy@blacknorton.ee. We will respond within 30 days. If unsatisfied, you may lodge a complaint with the Estonian Data Protection Inspectorate (AKI) — www.aki.ee.
9. Cookies & tracking technologies
Our website uses essential cookies (functional) and analytical cookies to enhance user experience. You can manage cookie preferences via browser settings. We do not use intrusive advertising cookies without consent.
10. Children's privacy
Our services are directed to businesses and professionals aged 18+. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, please contact us immediately.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified via website notice or email. The "Last updated" date at the top indicates the latest revision. We encourage periodic review.
12. Contact information
For any privacy-related questions, requests, or complaints:
- Email: privacy@blacknorton.ee
- Phone: +372 5563 6471
- Postal address: BlackNorton, Vabaõhumuuseumi tee a-37, 13522 Tallinn, Estonia
- Data Protection contact: Mentona Albirana
We are committed to resolving any concerns transparently and in line with GDPR standards.