Privacy Policy

Vivian Agency OÜ
Effective date: April 18, 2026, | Last updated: April 18, 2026

1. Who We Are

Vivian Agency OÜ (“Vivian Agency”, “we”, “us”, or “our”) is a marketing and digital agency registered in Estonia. We operate the website vivianagency.com and provide marketing services to business clients. 

As a company established in Estonia and operating within the European Union under Estonian laws, we are subject to the General Data Protection Regulation (GDPR) (EU) 2016/679. 

We act as data controller for personal data collected through our website and in connection with our services.

2. What Personal Data We Collect

2.1 Data that is provided directly

When a (potential) client contacts us, submits an inquiry form, or books a consultation, we may collect the client’s employee or representative (“data subject’s”, or, “you”, “your”) personal data, such as:

  • Full name
  • Business email address
  • Company name and website
  • Phone number (if provided)
  • Any information you include in your message or inquiry

2.2 Data collected through bookings and payments

If you book a call via Calendly or make a payment via Stripe, those platforms collect data on our behalf, including your name, email address, and payment information. We receive a record of confirmed bookings and payment confirmations.

2.3 Data collected automatically

When you visit our website, use our digital tools and communication channels, we and our third-party analytics providers automatically collect certain technical data, including:

  • IP address and approximate location (country/city level)
  • Browser type and version
  • Device type and operating system
  • Pages visited, time on page, and navigation behavior
  • Referral source (how you arrived at our site)

This data is collected via cookies and similar technologies. For a full list of cookies we use, please refer to our Cookie Policy at vivianagency.com/cookie-policy.

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR Article 6:

  • Contractual necessity – to fulfill our agreement with your company as a client, including delivering services, managing billing, and communications related to your company’s account.
  • Legitimate interests – to operate and improve our website, respond to inquiries, prevent fraud, and ensure the security of our systems. We have assessed that these interests are not overridden by your rights and freedoms.
  • Consent – for non-essential cookies and analytics tracking. You may withdraw consent at any time via our cookie consent tool on the website.
  • Legal obligation – where we are required to process data to comply with Estonian or EU law, including tax and accounting obligations.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To respond to inquiries and communicate with your company 
  • To enter, perform and manage the contractual relationships with our clients; 
  • To provide, manage, and improve the marketing services we deliver
  • To process subscription payments and manage billing
  • To schedule and manage client calls and meetings
  • To analyze website performance and visitor behavior
  • To fulfill our legal and accounting obligations under Estonian law
  • To prevent spam, fraud, and misuse of our website

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Who We Share Your Data With

We do not sell your personal data. We may share it with the following categories of third-party service providers who process data on our behalf as data processors:

  • Google Analytics – website analytics and visitor statistics
  • Hotjar – website behavior analytics and heatmaps
  • Stripe – payment processing and subscription management
  • Calendly – meeting scheduling and booking
  • Cloudflare – website security, performance, and DDoS protection
  • YouTube (Google LLC) – embedded video content
  • CleanTalk – anti-spam protection for forms
  • Segment – customer data and analytics platform

All processors are contractually bound to process data only on our instructions and in accordance with GDPR. Where processors are based outside the European Economic Area (EEA), appropriate transfer mechanisms are in place (e.g., Standard Contractual Clauses).

We ensure that necessary steps are taken to ensure that the personal data shared with the third party service providers is limited to what is necessary and that appropriate safeguards are in place. 

We may also disclose data where required by law, court order, or regulatory authority.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Client data – retained for the duration of the contract and for 3 years after the contract ends, in accordance with our legitimate interests and legal obligations.
  • Inquiry and contact data – retained for up to 2 years if no contract was formed, then deleted.
  • Financial and billing records – retained for 7 years as required by Estonian accounting and tax law.
  • Website analytics data – retained in accordance with the retention periods set by each analytics provider (typically 14 months for Google Analytics).

When data is no longer required, it is securely deleted or anonymized.

The personal data may be retained for a longer period where such retention is necessary to comply with legal obligations, including accounting, taxation and regulatory requirements; for establishments, exercise or defense of legal claims; and/or to protect our legitimate interests, including dispute resolution and the enforcement of contractual rights.

7. International Data Transfers

Some of the third-party service providers we use are based in the United States or other countries outside the EEA. In such cases, we ensure appropriate safeguards are in place, such as the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs), or other GDPR-compliant transfer mechanisms.

8. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure (‘right to be forgotten’) – you can request deletion of your data in certain circumstances.
  • Right to restriction of processing – you can ask us to limit how we use your data.
  • Right to data portability – you can request your data in a structured, machine-readable format.
  • Right to object – you can object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at the details below. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These include secure encrypted communications (HTTPS), access controls, and use of reputable third-party processors with their own security programs.

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children’s Privacy

Our website and services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

12. Contact Us

For any questions about this Privacy Policy, or to exercise your data rights, please contact:

Vivian Agency OÜ

Registered in Estonia

Email: enelin@vivianagency.com

Website: vivianagency.com

Join Vivian Monthly

Level up your affiliate and influencer marketing with real strategies, fresh ideas, and proven results from the team driving $12M+ in partner revenue for brands like yours!

No spam. Just smart insights, once a month.