Privacy Policy | Masterly

1. Introduction

Mstrly Labs OÜ (registry code: 17448851) ("Company," "we," "us," or "our") operates the website themasterly.com (the "Website"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Website.

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and Estonian data protection laws.

By using the Website, you consent to the data practices described in this policy.

‍

2. Data Controller

For the purposes of GDPR and Estonian data protection law, the data controller is:

Mstrly Labs OÜ
Registry Code: 17448851
Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152
Estonia
Email: ops@themasterly.com

‍

3. Information We Collect

3.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

Fill out a contact form or inquiry form
Subscribe to our newsletter or email updates
Request information about our services
Communicate with us via email or other channels

This information may include:

Name
Email address
Company name
Phone number (if provided)
Project details and requirements
Any other information you choose to provide

3.2 Automatically Collected Information

When you visit our Website, we automatically collect certain information about your device and usage, including:

IP address
Browser type and version
Operating system
Referring URLs
Pages viewed and time spent on pages
Device identifiers
Geographic location (country/city level)

This information is collected through:

Google Analytics 4 (GA4)
We use GA4 to understand how visitors interact with our Website. GA4 collects data about your browsing behavior, including pages visited, session duration, and traffic sources. This data is aggregated and anonymized. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Cookies and Similar Technologies
We use cookies and similar tracking technologies to collect and store information. See Section 9 for more details.

‍

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under GDPR:

Consent (Article 6(1)(a)): When you provide explicit consent for newsletter subscriptions, marketing communications, or cookies
Contract (Article 6(1)(b)): When processing is necessary to provide services you've requested or to take pre-contractual steps
Legitimate Interests (Article 6(1)(f)): For website analytics, security, fraud prevention, and business operations, where our interests do not override your rights
Legal Obligation (Article 6(1)(c)): When required by Estonian or EU law

‍

5. How We Use Your Information

We use the information we collect to:

Respond to your inquiries and provide information about our services
Process and manage service engagements
Send you newsletters, marketing communications, and updates (with your consent)
Analyze Website usage and improve our services
Detect, prevent, and address technical issues or security threats
Comply with legal obligations under Estonian and EU law

‍

6. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties.

We may share your information with:

6.1 Service Providers

HubSpot
We use HubSpot (HubSpot, Inc., United States) as our CRM and email marketing platform. When you submit a form or subscribe to our newsletter, your information is stored in HubSpot. Data transfers to the US are safeguarded through HubSpot's Standard Contractual Clauses (SCCs) approved by the European Commission. HubSpot processes this data on our behalf and is contractually obligated to protect your information. HubSpot Privacy Policy

Google Analytics
We use Google Analytics 4 (Google LLC, United States) to analyze website usage. Data is anonymized and aggregated. Google has implemented appropriate safeguards for international data transfers. Google Privacy Policy

6.2 Legal Requirements

We may disclose your information if required to do so by Estonian law, EU law, or in response to valid requests by public authorities (e.g., court orders, law enforcement agencies).

6.3 Business Transfers

If Mstrly Labs OÜ is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

‍

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (HubSpot, Google) operate.

We ensure appropriate safeguards are in place for such transfers, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission (where applicable)
Additional security measures to protect your data

‍

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Contact form inquiries: Retained for up to 2 years or until you request deletion
Newsletter subscribers: Retained until you unsubscribe
Analytics data: Retained according to GA4 default settings (typically 14 months)
Contractual data: Retained for 7 years as required by Estonian accounting law

‍

9. Your Data Protection Rights

Under GDPR and Estonian data protection law, you have the following rights:

9.1 Right to Access (Article 15)

Request a copy of your personal information we hold.

9.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete information.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal information when it is no longer necessary or when you withdraw consent.

9.4 Right to Restrict Processing (Article 18)

Request limitation on how we use your data in certain circumstances.

9.5 Right to Data Portability (Article 20)

Request transfer of your data to another service in a structured, machine-readable format.

9.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent (Article 7(3))

Withdraw consent for marketing communications or cookies at any time.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee or with your local supervisory authority.

9.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at ops@themasterly.com. We will respond to your request within 30 days as required by GDPR.

For requests requiring identity verification, we may ask for additional information to protect your data.

‍

10. Cookies and Tracking Technologies

10.1 What Are Cookies

Cookies are small text files placed on your device to collect standard internet log information and visitor behavior.

10.2 Types of Cookies We Use

Strictly Necessary Cookies
Required for the Website to function properly. These cannot be disabled.

Analytics Cookies (requires consent)
Help us understand how visitors use our Website (Google Analytics). You can accept or reject these cookies through our cookie banner.

10.3 Managing Cookies

You can control cookies through:

Our cookie consent banner (appears on first visit)
Your browser settings (note: disabling cookies may affect Website functionality)
Google Analytics opt-out: Google Analytics Opt-out

Your cookie preferences are stored for 12 months.

‍

11. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

Encryption of data in transit (SSL/TLS)
Access controls and authentication
Regular security assessments
Secure data storage with our service providers

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our Website is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

13. Third-Party Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service providers. We will notify you of any material changes by:

Posting the new policy on this page with an updated "Last Updated" date
Sending an email notification to newsletter subscribers (for significant changes)
Displaying a notice on our Website

We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Mstrly Labs OÜ
Registry Code: 17448851
Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152
Estonia

Email: ops@themasterly.com

Data Protection Officer (if applicable):
For data protection inquiries: ops@themasterly.com

Supervisory Authority:
If you have concerns about how we handle your data, you may contact:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135
Email: info@aki.ee
Website: www.aki.ee

‍