1. Introduction
This Privacy Policy describes our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You, including under the General Data Protection Regulation (GDPR) (EU) 2016/679.
We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
2. Interpretation and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
- Account means a unique account created for You to access our Service or parts of our Service.
- Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Company (referred to as “the Company”, “We”, “Us” or “Our”) refers to Mission Driven Marketing OÜ, Sepapaja tn 6, 15551 Tallinn, Estonia.
- Cookies are small files placed on Your computer, mobile device or any other device by a website.
- Country refers to: Republic Of Estonia.
- Data Controller means Mission Driven Marketing OÜ, which determines the purposes and means of processing Personal Data.
- Data Processor means any third party that processes Personal Data on behalf of the Data Controller.
- Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
- EEA means the European Economic Area.
- Personal Data is any information that relates to an identified or identifiable individual.
- Service refers to the Website.
- Service Provider means any natural or legal person who processes the data on behalf of the Company.
- Usage Data refers to data collected automatically, either generated by use of the Service or from the Service infrastructure itself.
- Website refers to Mission Driven Marketing, accessible from https://www.missiondrivenmarketing.co
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service.
3. Data Controller
The Data Controller responsible for Your Personal Data under the GDPR is:
Mission Driven Marketing OÜ
Sepapaja tn 6, 15551 Tallinn, Estonia
Email: privacy@missiondrivenmarketing.co
Website: https://www.missiondrivenmarketing.co
4. Collecting and Using Your Personal Data
Types of Data Collected
Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information, including but not limited to:
- Email address
- Address, State, Province, ZIP/Postal code, City
- Usage Data
Usage Data
Usage Data is collected automatically when using the Service and may include Your Device’s IP address, browser type, browser version, the pages of our Service You visit, the time and date of Your visit, time spent on pages, unique device identifiers and other diagnostic data.
Information from Third-Party Social Media Services
The Company allows You to create an account and log in through the following Third-Party Social Media Services: Google, Facebook, Instagram, Twitter (X), and LinkedIn.
If You decide to register through or otherwise grant us access to a Third-Party Social Media Service, We may collect Personal Data already associated with Your account, such as Your name, email address, activities or contact list.
5. Legal Basis for Processing
We will only process Your Personal Data where we have a valid legal basis to do so under Article 6 GDPR:
- Consent: Where You have given us clear consent to process Your Personal Data for a specific purpose, such as subscribing to marketing communications or accepting non-essential cookies.
- Performance of a Contract: Where processing is necessary to perform a contract with You, or to take steps at Your request before entering into a contract.
- Legal Obligation: Where processing is necessary to comply with a legal obligation to which We are subject.
- Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided Your interests and fundamental rights do not override those interests. Our legitimate interests include improving our Service, preventing fraud, ensuring network security, and direct marketing to existing customers.
Where We rely on consent as the legal basis, You have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
6. Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track activity on Our Service and store certain information. Tracking technologies used include beacons, tags, and scripts.
In accordance with the GDPR and the ePrivacy Directive, We obtain Your explicit consent before placing any non-essential cookies on Your device. You may withdraw this consent at any time via our Cookie Preference Centre.
Types of Cookies We Use
Necessary / Essential Cookies (Session Cookies)
These Cookies are essential to provide You with services available through the Website.
Legal basis: Legitimate interests / necessary for service delivery. No consent required.
Cookie Policy / Notice Acceptance Cookies (Persistent Cookies)
These identify if users have accepted the use of cookies.
Legal basis: Legal obligation.
Functionality Cookies (Persistent Cookies)
These allow Us to remember choices You make when using the Website, such as login details or language preference.
Legal basis: Consent.
Analytics and Marketing Cookies (if used) require separate explicit consent under the ePrivacy Directive and GDPR. Please see our Cookie Policy for full details.
7. Use of Your Personal Data
The Company may use Personal Data for the following purposes:
- To provide and maintain our Service, including to monitor usage.
- To manage Your Account and registration as a user.
- For the performance of a contract.
- To contact You regarding updates, security, and informative communications.
- To provide You with news, special offers and general information about similar goods and services — only where You have opted in or where We have a legitimate interest.
- To manage Your requests.
- For business transfers (mergers, acquisitions, etc.).
- For data analysis, identifying usage trends, and improving our Service.
We will not use Your Personal Data for purposes incompatible with those listed above. If We intend to process Your data for a new purpose, We will provide You with a new privacy notice and, where required, seek Your consent.
8. Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to comply with legal obligations, resolve disputes, and enforce our legal agreements.
Usage Data is generally retained for a shorter period unless used to improve Service security or functionality, or We are legally obligated to retain it longer.
Specific Retention Periods:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 3 years after closure |
| Marketing preferences | Until consent is withdrawn or objection made |
| Usage / Analytics data | Up to 13 months |
| Transaction data | 7 years |
When Personal Data is no longer required, it will be securely deleted or anonymised.
9. Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in processing are located.
Transfers Outside the EEA: If We transfer Your Personal Data to countries outside the European Economic Area (EEA), We will only do so when:
- The European Commission has decided that country ensures adequate protection; or
- We have put in place appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission; or
- One of the derogations in Article 49 GDPR applies.
You may request a copy of any applicable transfer mechanisms by contacting us at privacy@missiondrivenmarketing.co.
10. Your Rights Under GDPR
If You are located in the EU/EEA, You have the following rights under the GDPR:
| Right | Description |
|---|---|
| Right of Access | Request a copy of the Personal Data We hold about You. |
| Right to Rectification | Request correction of inaccurate or incomplete data. |
| Right to Erasure | Request deletion of Your Personal Data where there is no compelling reason for continued processing. |
| Right to Restriction | Request that We restrict processing of Your data in certain circumstances. |
| Right to Data Portability | Receive Your data in a structured, machine-readable format and transfer it to another controller. |
| Right to Object | Object to processing based on legitimate interests or for direct marketing. |
| Right to Withdraw Consent | Withdraw consent at any time without affecting prior lawful processing. |
| Right re: Automated Decisions | Not to be subject to decisions based solely on automated processing that produce significant effects. |
How to Exercise Your Rights:
Contact us at privacy@missiondrivenmarketing.co. We will respond within one (1) month of receipt, with a possible extension of two further months where necessary. We will not charge a fee unless a request is manifestly unfounded or excessive.
Right to Lodge a Complaint:
If You believe We are processing Your Personal Data unlawfully, You have the right to lodge a complaint with the relevant supervisory authority:
Data Protection Inspectorate (Andmekaitse Inspektsioon)
Website: www.aki.ee
Email: info@aki.ee
Phone: +372 627 4135
11. Disclosure of Your Personal Data
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy. We will ensure that any successor entity provides the same or equivalent level of data protection.
Law Enforcement
Under certain circumstances, We may be required to disclose Your Personal Data if required by law or in response to valid requests by public authorities (e.g. a court or government agency).
Other Legal Requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of the Service or the public
- Protect against legal liability
12. Third-Party Data Processors
We are required under GDPR Art. 28 to disclose our Data Processors — third parties who process Personal Data on our behalf. We enter into Data Processing Agreements (DPAs) with all processors. Our current processors may include:
| Processor Category | Purpose | Location | Safeguard |
|---|---|---|---|
| Analytics providers (e.g. Google Analytics) | Website performance analysis | USA | Standard Contractual Clauses |
| Email marketing platforms | Sending communications | Varies | DPA in place |
| Cloud hosting / infrastructure | Service delivery | Varies | DPA in place |
| Social media platforms | Login and social features | Varies | DPA in place |
For a full and up-to-date list of our Sub-processors, please contact us at privacy@missiondrivenmarketing.co.
13. Security of Your Personal Data
The security of Your Personal Data is important to Us. While We strive to use commercially acceptable means to protect Your Personal Data, no method of transmission over the Internet or electronic storage is 100% secure.
We implement appropriate technical and organisational measures as required by GDPR Art. 32, including:
- Encryption of data in transit (TLS/HTTPS)
- Access controls and least-privilege principles
- Regular security assessments
- Staff data protection training
In the event of a Personal Data breach likely to result in a risk to Your rights and freedoms, We will notify the relevant supervisory authority within 72 hours and, where required, notify You directly without undue delay.
14. Children’s Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and believe Your child has provided Us with Personal Data, please contact Us and We will take steps to remove that information from Our servers.
Under GDPR, the age of digital consent in Estonia is 13 years. Where Our Service is directed to children aged 13–16, We will seek verifiable parental consent as required by applicable national law.
15. Links to Other Websites
Our Service may contain links to other websites not operated by Us. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
16. Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective. Where changes are material or require a new legal basis for processing, We will obtain fresh consent where required by GDPR.
17. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Email: privacy@missiondrivenmarketing.co
Address: Mission Driven Marketing OÜ, Sepapaja tn 6, 15551 Tallinn, Estonia
For GDPR-related requests, please use the subject line “GDPR Request” and We will acknowledge receipt within 72 hours.
You also have the right to lodge a complaint directly with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee if You believe We have not adequately addressed Your concerns.
This Privacy Policy was last reviewed and updated on February 25, 2026.