Privacy Policy

Effective Date: January 3, 2026

A. Introduction

NCPMEDIA OÜ ("Company", "we", "us", or "our") respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal data in connection with our website, communications, business operations, and services where we act as a data controller.

This Privacy Policy does not generally apply to personal data contained in leads, contacts, submissions, or other customer data processed by us on behalf of our customers through our platform. In relation to such data, we generally act as a data processor or service provider on behalf of our customers, who act as the data controllers.

By using our website or services, contacting us, submitting information to us, or otherwise interacting with us, you acknowledge the practices described in this Privacy Policy.

B. Who We Are

NCPMEDIA OÜ
Sepapaja tn 6, 15551 Tallinn, Estonia
Registration number: 16738667
VAT number: EE102617540

You may contact us:

  • by post at the address above
  • through the contact form on our website
  • by telephone using the contact number published on our website
  • by email using the email address published on our website
  • for privacy-related matters at: privacy@ncp-media.com

C. Scope of This Privacy Policy

This Privacy Policy applies to personal data we process as controller in relation to:

  • visitors to our website
  • individuals who contact us
  • prospective customers requesting information, demos, or proposals
  • customers and business contacts
  • billing and administrative contacts
  • support communications
  • newsletter or marketing recipients
  • users interacting with our website through cookies and similar technologies, where applicable

This Privacy Policy does not generally govern customer leads or other customer data uploaded to or processed through our platform on behalf of our customers.

D. Collection of Personal Information

We may collect, store, and use the following categories of personal data:

1. Information you provide directly

  • your name
  • company name
  • email address
  • telephone number
  • job title
  • billing details
  • account registration details
  • support requests
  • communications you send to us
  • information you submit through forms, demo requests, subscription forms, or service inquiries

2. Information collected automatically

When you visit or use our website, we may automatically collect:

  • IP address
  • browser type and version
  • device information
  • operating system
  • referral source
  • pages viewed
  • date and time of access
  • visit duration
  • navigation path
  • usage logs
  • cookie identifiers and similar technical data

3. Information from third parties

We may receive personal data from:

  • payment providers
  • analytics providers
  • advertising or social media platforms
  • business partners
  • communication tools
  • publicly available sources
  • CRM or support tools used in the course of our business

Before you disclose any third-party personal data to us, you must ensure that you are authorized to do so and that such disclosure is lawful.

E. How We Use Personal Information

We may use personal data for the following purposes:

  • managing and operating our website and business
  • providing our services
  • administering accounts and subscriptions
  • responding to inquiries, requests, complaints, or support issues
  • sending service-related communications
  • sending proposals, invoices, reminders, and administrative notices
  • processing payments and maintaining billing records
  • improving website performance, usability, and service quality
  • protecting the security, integrity, and availability of our website and services
  • preventing fraud, abuse, unauthorized access, and unlawful activity
  • sending newsletters or marketing communications, where permitted by law
  • maintaining legal, accounting, tax, and regulatory records
  • enforcing our contractual rights and terms

We may also use aggregated or de-identified data for analytics, service improvement, security, troubleshooting, and internal reporting, provided that such data does not identify any individual.

F. Legal Bases for Processing

Where the GDPR applies, we process personal data on one or more of the following legal bases:

  • performance of a contract or taking steps prior to entering into a contract
  • compliance with a legal obligation
  • our legitimate interests, including operating, securing, improving, and promoting our business and services, except where overridden by your rights and freedoms
  • your consent, where required by law, including for certain cookies or marketing communications

G. Customer Data Processed on Behalf of Customers

Our customers may use our platform to store, manage, organize, view, and process leads, contacts, submissions, and related information, including data collected through third-party platforms such as Meta.

In relation to such customer data, we generally act as a data processor on behalf of our customers and process such data only in accordance with:

  • the customer's documented instructions
  • our contractual obligations
  • applicable law
  • any applicable Data Processing Agreement

If you are an individual whose data has been submitted to our platform by one of our customers and you wish to exercise your rights regarding that data, you should contact the relevant customer directly as the data controller.

H. Sharing of Personal Information

We may share personal data with:

  • our employees, officers, contractors, and authorized personnel on a need-to-know basis
  • hosting, infrastructure, and cloud service providers
  • payment processors
  • analytics, security, monitoring, and communication providers
  • legal, accounting, tax, and professional advisers
  • insurers, auditors, and consultants
  • subcontractors and service providers acting on our instructions
  • competent courts, regulators, supervisory authorities, law enforcement, or public authorities where required by law
  • a purchaser, investor, successor, or group entity in connection with a merger, acquisition, financing, restructuring, or sale of assets

We do not sell your personal data. We do not share customer lead data for our own independent marketing purposes.

I. International Data Transfers

Personal data may be stored, processed, or accessed in countries outside the European Economic Area ("EEA"), the United Kingdom, or other jurisdictions requiring transfer safeguards.

Where personal data is transferred outside such jurisdictions, we will ensure that the transfer is subject to an appropriate lawful transfer mechanism under applicable data protection law, including:

  • an adequacy decision
  • standard contractual clauses
  • or another legally recognized safeguard, as applicable

Where required, we will implement supplementary measures appropriate to the nature of the transfer.

J. Retention of Personal Data

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

  • providing services
  • maintaining business and contractual records
  • responding to inquiries and support requests
  • complying with legal, tax, accounting, and regulatory obligations
  • resolving disputes
  • enforcing agreements
  • protecting our legal rights

Retention periods may vary depending on the type of data and the purpose of processing. Unless a longer retention period is required or justified:

  • inquiry and contact form data may be retained for a reasonable business period
  • billing and transaction records may be retained for the period required by applicable accounting and tax law
  • technical logs may be retained for security, monitoring, and operational purposes for an appropriate limited period
  • customer-account-related personal data may be retained during the subscription term and for a reasonable post-termination period, including backup cycles and legal compliance needs

K. Security of Personal Data

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Such measures may include:

  • password-protected systems
  • access controls
  • authentication measures
  • encryption in transit and, where appropriate, at rest
  • logging and monitoring
  • firewall protection
  • backup procedures
  • role-based permissions
  • internal confidentiality obligations

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your passwords and account credentials confidential.

L. Your Rights

Where applicable under data protection law, you may have the following rights:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restriction of processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making, including profiling, where applicable
  • the right to withdraw consent where processing is based on consent
  • the right to lodge a complaint with a competent supervisory authority

To exercise your rights, please contact us using the contact details in this Privacy Policy. We may request reasonable proof of identity before acting on your request.

M. Marketing Communications

Where permitted by law, we may send you newsletters, updates, promotional messages, or other marketing communications relating to our services. You may opt out of receiving marketing communications at any time by:

  • clicking the unsubscribe link in the message, where available
  • contacting us directly
  • updating your preferences where such functionality is provided

N. Cookies and Similar Technologies

Our website uses cookies and similar technologies, including pixels, tags, scripts, and local storage. Cookies may be:

  • strictly necessary, to operate and secure the website
  • functional, to remember settings and preferences
  • analytics, to understand website usage and performance
  • advertising or marketing, to measure campaigns and deliver relevant advertising

Where required by law, we will request your consent before using non-essential cookies or similar technologies. Strictly necessary cookies may be used without consent where permitted by law.

Cookies Used

The website may use cookies and similar technologies such as:

  • _clck (1 year)
  • _clsk (1 day)
  • _fbp (3 months)
  • _ga_4C2EX4MSC0 (up to 2 years)
  • _ga_7B5E5B43ZH (up to 2 years)
  • _ga (2 years)
  • _gcl_au (up to 3 months)
  • ASPSESSIONID* (session)
  • asw (session)
  • cookie_consent_level (up to 10 years)
  • cookie_consent_user_accepted (up to 10 years)
  • cookie_consent_user_consent_token (up to 10 years)
  • user_cookie_consent (1 month)

We may use services such as: Google Analytics, Google Ads, Microsoft Clarity, Microsoft Advertising, Meta Pixel, and accessibility tools or applets used on the website.

You can manage cookies through your browser settings and, where applicable, through our consent banner or cookie preferences tool. Blocking or deleting some cookies may negatively affect website functionality. For more information, please see our separate Cookie Policy.

O. Third-Party Websites and Services

Our website may contain links to third-party websites, tools, plug-ins, or services. We are not responsible for the privacy, security, or data protection practices of such third parties. We recommend that you review their privacy notices and terms before interacting with them.

P. Use of Artificial Intelligence (AI)

At NCPMEDIA OÜ, we may use Artificial Intelligence ("AI") technologies to support the delivery, efficiency, automation, and improvement of certain business or digital marketing services.

Why We Use AI

We may use AI tools to:

  • assist with content generation
  • support automation and operational efficiency
  • analyze non-sensitive or appropriately prepared data for internal business or service purposes
  • improve workflows, support operations, and productivity

Data Protection Measures for AI Use

Where we use AI-related tools, we aim to apply appropriate safeguards, including:

  • limiting the use of personal or sensitive data where not necessary
  • using anonymized, aggregated, or minimized data where appropriate
  • applying access restrictions and internal controls
  • requiring appropriate vendor protections where external AI tools are used
  • aligning our use of AI with applicable law and internal policies

Human Oversight

AI-assisted outputs may be reviewed, refined, or validated by authorized personnel. AI tools are used subject to internal controls and operational policies.

Limitations

AI-generated content or outputs may contain inaccuracies, omissions, or unintended results. AI functionality is not guaranteed to be error-free, complete, or suitable for every purpose. To the maximum extent permitted by law, we disclaim responsibility for reliance placed solely on AI-generated outputs without appropriate human review.

Nothing in this section authorizes the use of customer lead data for independent profiling, model training, or unrelated business purposes contrary to our contractual and data protection obligations.

Q. Amendments to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, our business practices, or our technologies. If we make material changes, we may provide notice by posting the updated version on our website or by other appropriate means. The revised Privacy Policy becomes effective on the date stated at the top of this page.

R. Contact Us

If you have questions about this Privacy Policy, your personal data, cookies, AI-related processing, or your privacy rights, you may contact us at:

NCPMEDIA OÜ
Sepapaja tn 6, 15551 Tallinn, Estonia
Email: privacy@ncp-media.com