Privacy Policy
Introduction
Pitchmont OÜ (“we”, “us”, “our”, “Company”, “Pitchmont“) is committed to protecting your privacy. On this page, you can learn what information about you we collect while you interact with Pitchmont and how we process the personal data you provide us with.
This Policy is intended to help you understand:
- why we collect your personal data;
- how we collect, use, and store your personal data;
- which rights relating to your personal data you have;
- how you can exercise the rights relating to your personal data;
- how we use cookies and other tracking technologies;
- how we share and disclose your personal data.
This Privacy Policy (“Policy”) applies between you and Pitchmont. It describes how we handle the data you provide to us through your use of the Pitchmont website pitchmont.com (“Website”) and in the course of providing our services, which include designing and redesigning presentations, creating them at your request (including content writing), and providing related design services (“Services”).
Such treatment may include, but is not limited to, the following:
- collection;
- recording;
- organization;
- storage;
- structuring;
- adaptation;
- alteration;
- retrieval;
- consultation;
- use;
- disclosure by transmission;
- dissemination or otherwise making available;
- alignment or combination;
- restriction; and
- erasure or destruction.
This Policy has been established to inform you about our commitment to compliance with the EU GDPR, UK GDPR, and other applicable laws and regulations.
The Company also offers its Services outside the European Union and European Economic Area, including in the United States. Accordingly, it takes into consideration the requirements of U.S. state privacy laws, such as the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), as well as the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Virginia Consumer Data Protection Act (VCDPA), the Texas Data Privacy and Security Act (TDPSA), and other applicable U.S. state privacy laws and regulations. As of the Effective Date, the Company does not meet the applicability thresholds to qualify as a “business” under the CCPA or equivalent roles under other U.S. state privacy laws. Should this change in the future, the Company will take steps to comply with applicable legal obligations and amend this Policy accordingly.
When processing your personal data, Pitchmont acts as a data controller under the GDPR and UK GDPR. In certain cases, we may act as a data processor on behalf of another controller.
You can be a Website Visitor or a Client:
- You are a Website Visitor when you simply browse our Website and provide data via cookies, other tracking technologies, or by contacting us through email or contact forms available on the Website.
- You are a Client when you contact us via email or Website contact forms to request our Services and subsequently provide personal data in connection with the provision of those Services.
Definitions
We use the following definitions in this Policy:
“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).
“UK GDPR” means the UK’s version of the GDPR, retained in domestic law.
“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and how any personal data is processed.
“data processor” means the natural or legal person who processes personal data on behalf of the data controller.
“joint controllers” means two or more controllers jointly determining the purposes and means of processing.
“data subject” is any living individual whose data we collect.
“personal data” means any information relating to you and helping identify you (directly or indirectly), such as your name, last name, email, photo, etc.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Types of personal data we collect
We collect and process information about you in accordance with this Policy. Personal data may be collected when you browse our Website, complete forms available on the Website, or contact us directly via email.
We collect the following types of personal data:
(a) Contact Information. When you submit your data via contact forms available on the Website, write us an email, sign up for the updates, or share your personal information in other ways, we may collect your personal data. This information may include your first name, last name, email, phone number, company name, and any other details you provide to us.
(b) Communication Information. We may collect certain information during our communications with you, such as the content of emails, email interaction data, messages, or possible video conversations. This can include a brief summary of the discussion, key details relevant to our Services, or, with your consent, a recording of the call.
(c) Cookies Information. We may use cookies and other tracking technologies on our Website to function correctly, for analytics, marketing, and for other purposes. To learn more regarding our use of cookies, please read the “Cookies we use” section in our Cookies Policy.
(d) Automatically Collected Information. When you access and utilise the Website, we may automatically collect certain information about you, your activity, and your device. This information may include IP address, OS and its version, geolocation information, browser type and its version, time zone, logs, actions performed on webpages of the Website, and other technical information.
(e) Payment Status Information. Payments on our Website are handled via Stripe (You may read its Privacy Policy here). We do not access or store card details or other sensitive payment data. Instead, we receive limited technical information confirming the transaction (e.g., transaction ID, payment status, payer email, IP address, date/time of transaction), which we use only for service provision, support, and accounting.
We use the personal data we collect and process only for the purposes listed in this Policy. We may share personal data with third parties solely for the purposes listed herein.
|
We DO NOT sell your data. We DO NOT use automated decision-making, including profiling, which produces legal effects concerning a data subject or similarly significantly affects a data subject. We DO NOT intentionally collect and process the personal data of children and any sensitive personal data. Please refrain from sharing your or third-party sensitive personal data. |
Grounds for processing
We collect and process your personal data in accordance with the provisions of the GDPR, UK GDPR, and other applicable laws and regulations.
The GDPR and UK GDPR provide an exclusive list of lawful bases allowing us to process your personal data. During personal data processing, we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it based on your consent. You may withdraw your consent to the processing of your personal data at any time.
Please remember that withdrawing consent does NOT automatically mean that the processing before the withdrawal is unlawful. You may withdraw your consent to the processing of your personal data by emailing us at [insert email] or contacting us in any other way convenient for you.
Article 6.1(f): legitimate interest
We process your personal data to protect our legitimate interests, such as:
preventing fraud,
ensuring the security of our Website, and
providing you with a seamless user experience.
We only collect and use the strictly necessary data to achieve these purposes and do not override your fundamental rights and freedoms.
Article 6.1(b): performance of a contract
When you provide us with personal data in connection with requesting or ordering our Services, this may be regarded as a step towards entering into a contract, or as the performance of a contract between you and Pitchmont. Where the legal basis is not clear, we may request your explicit consent.
Article 6.1(c): legal obligation
We process your personal data to fulfil our legal obligations, such as complying with tax or regulatory requirements. If you request to exercise your rights under the GDPR or UK GDPR, we may ask you for some personal data we already have to identify you and comply with the applicable law.
How we use your data
| Purpose of Processing | Type of Personal Data | Legal Grounds | Third Party Recipients | Source |
|---|---|---|---|---|
| To communicate with you (via Website forms, email messaging, or in other ways) |
(a) Contact Information (b) Communication Information (d) Automatically Collected Information |
Your consent (Article 6(1)(a)) Performance of a contract (Article 6(1)(b)) Our legitimate interest (Article 6(1)(f)) |
Google Workspace, Meta Messenger, Cloudflare, Contractors | Client, Website Visitor |
| Analytics and developing activities (for optimising and enhancing our Website and Services) |
(c) Cookies Information (d) Automatically Collected Information |
Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f)) |
Google Analytics, Microsoft Clarity, Cloudflare, Contractors | Client, Website Visitor |
| Marketing activities, subject to the “Sign up for updates” form |
(a) Contact Information (b) Communication Information |
Your consent (Article 6(1)(a)) | Google Workspace, Meta Messenger, Contractors | Client, Website Visitor |
| Marketing activities via Cookies on the Website | (c) Cookies Information | Your consent (Article 6(1)(a)) | Meta Pixel, Google Ads, Microsoft Clarity | Client, Website Visitor |
| Payment processing (for order placement on the Website, invoicing, and bookkeeping) |
(a) Contact Information (e) Payment Status Information |
Performance of a contract (Article 6(1)(b)) Legal obligation (Article 6(1)(c)) |
Stripe, Cloudflare, Contractors | Client |
| To enable Website functionality, ensure security, and prevent fraud |
(c) Cookies Information (d) Automatically Collected Information |
Our legitimate interest (Article 6(1)(f)) | Google Analytics, Microsoft Clarity, Cloudflare, Contractors | Client, Website Visitor |
| Legal compliance (including cookie consent management) |
(e) Payment Status Information (c) Cookies Information |
Legal obligation (Article 6(1)(c)) | Stripe, Cloudflare, Cloudflare, Contractors | Client, Website Visitor |
Use of cookies and similar technologies
When you visit our Website, we automatically gather certain information through cookies. These cookies, for example, can help us understand your interactions with our Website, enhance your browsing experience, improve our Website and Services, and conduct marketing activities. To learn more about the types of cookies we use and how you can customize your cookie preferences, please review our detailed Cookies Policy.
Data retention
As a data controller, we store and process data for the entire period of our cooperation with you and for 5 years after the completion of that cooperation.
We store Cookies Information for the period specified in our Cookies Policy.
We may not delete or anonymize your data if we are compelled to keep it under the GDPR, UK GDPR, or other applicable laws.
Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by emailing us at [email protected] or contacting us in another convenient way.
Security and integrity of the data
We apply standard organizational and technical measures to safeguard your personal data from unauthorized access, use, or disclosure. These include:
- confidentiality agreements (NDAs) with employees and сontractors;
- restricted access to personal data on a need-to-know basis;
- regular password updates;
- secure data hosting with industry-standard encryption protocols;
- basic physical security measures at our office premises;
- logging users’ actions for fraud prevention;
- regular review of third-party service providers to ensure they meet appropriate security standards.
We periodically review and update our security practices to maintain an adequate level of protection.
Data sharing and disclosure
We may share your personal data with other entities in accordance with the provisions specified hereafter.
Sharing personal data with joint controllers
In some cases, we may act as a joint controller jointly with other joint controllers, for example, while using Meta Pixel. With respect to this case of personal data processing, we are the party to the Facebook Joint Controller Addendum. In such a case, a data subject may exercise their rights under the GDPR or UK GDPR with respect to and against both joint controllers.
Sharing personal data with other controllers
Google LLC and we act as independent controllers of personal data across Google LLC’s digital marketing services, such as Google Ads. You may read Google LLC’s Privacy Policy here.
Sharing data with data processors
There are many features necessary to provide you with our Services that we cannot complete ourselves; thus, we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.
Therefore, we may share and disclose your personal data to other data processors:
- Google Workspace (Google Ireland Limited, Ireland): for communication purposes. You may read its Privacy Policy here.
- Meta Messenger (Meta Platforms Ireland Limited, Ireland): for communication purposes. You may read its Privacy Policy here.
- Microsoft Clarity (Microsoft Ireland Operations Limited, Ireland): for analyzing the behavior of Clients and Website Visitors on the Website to improve user experience. You may read its Privacy Statement here.
- Cloudflare (Cloudflare, Inc., USA): for ensuring Website security and performance optimization. You may read its Privacy Policy here.
- Google Analytics (Google Ireland Limited, Ireland): for analytics purposes. You may read its Privacy Policy here.
- Stripe (Stripe Inc., USA): to process Client payments. You may read its Privacy Policy here.
We also process personal data concerning the creation and submission of orders using our internal order management system, which is operated exclusively by us and in accordance with the provisions of this Privacy Policy.
As part of our business operations, we may engage various specialists who may receive your personal data, including technical, sales, legal, and marketing professionals, to provide you with better client service and ensure the accuracy and transparency of our business. Collectively, these specialists and partner websites are referred to as Contractors.
International data transfers
We may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA) that are not deemed to provide an adequate level of data protection under Article 45 of the GDPR (adequacy decision).
In such cases, we will ensure that appropriate safeguards are implemented in accordance with the GDPR to protect your personal data, particularly the standard contractual clauses adopted by the European Commission. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with these third parties to ensure that your personal data is adequately protected.
Links to third-party websites or services
This Policy applies only to this Website. We strongly recommend you review the privacy documents of any websites you may reach by following the hyperlinks presented on our Website. We have no control over the content and data practices of other websites and are not responsible for their actions.
Data subject age
We do not knowingly collect personal data from persons under 18. By providing us with your personal data, you confirm that you are at least 18 years old and, according to the law of your country, you have all rights to consent to the processing of your personal data.
If you have any reason to believe that a child under 18 has provided their personal data to us, please contact us at [email protected].
Your rights under the GDPR and the UK GDPR
You may exercise the following rights by submitting a data subject request at [email protected]:
- right to be informed means that you have the right to know about the collection and use of your personal data. All information about our collection and use of your personal data is described in this Policy and our Cookies Policy;
- right of access means that you may ask us to send you a copy of your personal data collected, together with information regarding the nature, processing, and disclosure of that personal data;
- right to rectification means that you may ask us to update and correct the false, missing, or incomplete personal data;
- right to erasure (right to be forgotten) means that you may ask us to delete your personal data collected, except insofar as it is prohibited by appropriate laws;
-
right to restriction of processing means that you can limit the way
in which we use your data, where one of the following applies:
- you contest the accuracy of the personal data;
- processing is unlawful, but you oppose erasure;
- we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defence of legal claims;
- you have objected to processing, pending the verification of that objection;
- right to object to the processing means that you have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1) GDPR. Also, you have the right to object to our processing of your personal data for direct marketing purposes;
- right to data portability means that you have the right to receive your personal data in a structured, commonly accepted, and machine-readable format and have the right to request that we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means;
- right to withdraw the consent when your personal data is processed based on your consent;
- right not to be subject to a decision based solely on automated processing, including profiling, restricts the Company from making solely automated decisions, including those based on profiling, which produces legal or other significant effects for data subjects. We DO NOT use automated decision-making and profiling;
- right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data. You may submit the complaint to the supervisory authority of your place of residence within the EU or to the data protection authority stated in this Policy;
- right to lodge a complaint with the Commissioner under Art. 77 of the UK GDPR means you have the right to lodge a complaint with the Information Commissioner’s Office if you believe that the processing of your personal data violates the requirements of the UK GDPR. You can submit the complaint to the Information Commissioner’s Office if you reside in the United Kingdom of Great Britain and Northern Ireland;
- right to compensation means that any person who has suffered material or moral damage as a result of a violation of the GDPR requirements has the right to receive compensation from the controller or processor for the caused damage.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR or UK GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
Data Protection Authority under the GDPR
We encourage you to reach out to us initially with any concerns you may have regarding the processing of your personal data. You may use the following channels to address your inquiries: [email protected].
In some cases, you have the right to lodge a complaint about our use of your personal data with a data protection authority. For more information, please contact your national data protection authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find a full list of EU supervisory authorities through this link.
Data Protection Authority under the UK GDPR
If you are a resident of the United Kingdom of Great Britain and Northern Ireland, you may lodge your complaint with the Information Commissioner’s Office via this link.
Changes to the Privacy Policy
We may periodically update this Policy to reflect new updates, technologies, legal requirements, or other reasons. Any changes will be communicated by posting a revised version of the Policy on our Website. Such changes will be effective immediately upon posting them.
We encourage you to review this Policy periodically. Your continued use of our Website after the revised Policy has become effective constitutes your acceptance of the new terms of the Policy. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change.
How to contact us
If you have a question related to this Policy, our data processing activities, or your data subject rights under the GDPR, UK GDPR, and other applicable data protection laws, you can use the following details to contact us:
Pitchmont OÜ
- Our address: Harju maakond, Tallinn, Kesklinna linnaosa, Kaupmehe tn 7-120, 10114
- Our email: [email protected]