We may collect and process the following categories of personal data.

Data you provide to us: we may collect your name, email address, phone number, and the content of your message (including comments or any information you submit via website forms, email, or other channels).

Data collected automatically when you use our website: we may collect technical and usage data such as your IP address, device and browser information, pages visited, approximate location (city/country), referral source, timestamps, and log data. The exact items depend on our hosting and analytics setup.

Data from other sources: if you contact us via social networks or third-party platforms, we may receive your public profile data and message content according to that platform’s settings and policies.

We process personal data only when we have a lawful basis under the GDPR.

We use your data to respond to enquiries and communicate with you. For this, we process your name, email address, phone number, and message content. The legal basis is taking steps at your request prior to entering into a contract and/or performing a contract (GDPR Art. 6(1)(b)).

If you become a client, we use your data to manage our relationship and deliver services. For this, we process your contact data, project communications, and any files or materials you provide. The legal basis is contract performance (GDPR Art. 6(1)(b)).

Where applicable, we keep business records and comply with legal obligations (for example, accounting and tax). For this, we may process invoice and transaction/contract records. The legal basis is compliance with a legal obligation (GDPR Art. 6(1)(c)).

We use technical data to maintain website security and prevent abuse, including detecting fraud, spam, and unauthorised access attempts. The legal basis is our legitimate interests (GDPR Art. 6(1)(f)) in operating a secure website and protecting our services and users.

If we send marketing communications (such as a newsletter or promotions), we will do so only where required by law and, where applicable, only after you have provided consent. For this, we typically process your email address (and your name if provided). The legal basis is consent (GDPR Art. 6(1)(a)). You can withdraw your consent at any time.

We may use cookies and similar technologies to operate the website and, if enabled, to measure and improve its performance.

Essential cookies are used to make the website function properly and cannot usually be switched off.

Non-essential cookies (such as analytics or marketing cookies) will be used only where required by law and, where applicable, only after you give consent.

You can change your cookie preferences at any time via.

We may share personal data with trusted third-party service providers (“processors”) only as needed for the purposes described in this policy.

These providers may include website hosting and infrastructure providers, email and communication tools, form tools, CRM or project management tools, analytics providers (if enabled), and professional advisers (such as accountants or lawyers) where necessary.

Where required, we use appropriate data processing agreements and require providers to protect personal data and process it only on our instructions.

Because we may use cloud services and work with clients globally, personal data may be processed outside the European Economic Area (EEA).

When we transfer personal data outside the EEA, we use appropriate safeguards, such as transfers to countries covered by an adequacy decision, Standard Contractual Clauses (SCCs), and/or other lawful transfer mechanisms under the GDPR.

You may request more information about the safeguards we use by contacting us using the details in Section "Contact".

We keep personal data only for as long as necessary for the purposes described in this policy.

Enquiries (leads): typically up to [6–24] months after our last contact.

Client and project records: for the duration of the relationship and then [X] years to keep business records and to establish, exercise, or defend legal claims.

Accounting/tax records (if applicable): for the period required by law ([X] years).

Marketing contacts: until you unsubscribe or withdraw consent, or we delete inactive contacts after [X] months/years.

Technical logs: typically [days/months], depending on hosting and security needs.

We may retain data longer if required to comply with law or to handle disputes or claims.

Depending on your location and the circumstances, you may have the right to access your personal data, correct inaccurate or incomplete data, request deletion of your data (in certain cases), restrict processing (in certain cases), object to processing based on legitimate interests, request data portability (when processing is based on consent or contract and carried out by automated means), withdraw consent at any time where we rely on consent, and lodge a complaint with a supervisory authority.

To exercise your rights, contact us. We may ask you to verify your identity before responding.

We use appropriate technical and organisational measures designed to protect personal data, such as access controls, least-privilege practices, and reputable service providers.

No method of transmission or storage is 100% secure, but we take reasonable steps to protect your information.

For privacy questions or requests, contact us at: main@ultrapulsecreative.ee

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date accordingly.