Privacy Policy
Last updated: 15 June 2026
This Privacy Policy explains how K&Zh OÜ (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit
www.kz.design (the “Website”) or use our services. We act as the data controller for this personal data.
1. Who we are
Registration (registry) code: 17092851
Kaupmehe tn 7-120
Kesklinna linnaosa, Tallinn
Harju maakond, 10114, Estonia
Email:
hello@kz.designWebsite:
www.kz.designRepresentative: Mykola Zhurenko, Management Board Member
2. Scope of this policy
This policy applies to personal data we process about visitors to our Website, prospective clients, clients, and other individuals who contact us. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian law.
3. What personal data we collect
3.1 Data you provide to us
- Identity and contact data: first name, last name, company name, email address, phone number.
- Communications: the content of messages, enquiries, briefs, and other information you send us by email, web forms, or messaging tools.
- Booking data: details you provide when scheduling a call or meeting with us.
- Billing and payment data: billing name, address, VAT or company details, and payment confirmation. Card details are processed directly by our payment provider and are not stored by us (see Section 6).
3.2 Data collected automatically
Usage and technical data: IP address, browser type and version, device information, pages viewed, referring pages, and the dates and times of your visits.
Cookies and similar tracking technologies (see Section 5).
4. How we use personal data and legal bases
We process personal data on the following legal bases under Article 6(1) GDPR:
- To respond to your enquiries and communicate with you — based on our legitimate interest (Art. 6(1)(f)) or steps taken at your request prior to entering a contract (Art. 6(1)(b)).
- To provide our services and perform our contract with you — contract performance (Art. 6(1)(b)).
- To process payments and issue invoices — contract performance and our legal obligations (Art. 6(1)(b) and (c)).
- To operate, secure, and improve the Website and understand how it is used — legitimate interest (Art. 6(1)(f)).
- To send service-related or marketing communications where permitted — your consent (Art. 6(1)(a)) or legitimate interest, and you may opt out at any time.
- To comply with accounting, tax, and other legal obligations — legal obligation (Art. 6(1)(c)).
5. Cookies and tracking technologies
The Website uses cookies and similar technologies to function properly, remember your preferences, and measure traffic and performance. Non-essential cookies (such as analytics and advertising cookies) are used only where applicable consent has been given. You can manage or withdraw your cookie preferences at any time through your browser settings or any cookie banner provided on the Website.
6. Third-party services and processors
We use a number of trusted third-party providers that process personal data on our behalf or in connection with our services. These include:
- Google Analytics (Google Ireland Limited) — website analytics and traffic measurement.
- Stripe (Stripe Payments Europe, Ltd.) — payment processing. When you make a payment, your payment data is provided directly to Stripe and processed under Stripe’s own privacy policy.
Each provider processes personal data only as needed to deliver its service and under appropriate data-processing terms. We do not sell your personal data.
7. International data transfers
Some of our providers may process personal data outside the European Economic Area (EEA). Where this happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision to ensure your data remains protected.
8. Data retention
We keep personal data only for as long as necessary for the purposes described in this policy, including to provide our services, maintain business records, and comply with legal, accounting, and tax obligations. When data is no longer needed, we delete or anonymise it.
9. How we store and protect data
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. Personal data is stored on secure systems operated by us or our service providers, and access is limited to those who need it.
10. Sharing of personal data
We may share personal data with the service providers listed in Section 6, and with professional advisers, accountants, or authorities where required by law. We do not sell personal data or share it for unrelated purposes.
11. Your rights under the GDPR
Subject to the conditions in the GDPR, you have the right to:
Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request erasure of your data (“right to be forgotten”).
Restrict or object to processing of your data.
Data portability — receive your data in a structured, machine-readable format.
Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, contact us at
hello@kz.design. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee).
12. Children
Our Website and services are not directed to children under the age of 16, and we do not knowingly collect personal data from them.
13. Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be available on the Website with an updated “Last updated” date.
14. Contact
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
K&Zh OÜ
Registration (registry) code: 17092851
Kaupmehe tn 7-120
Kesklinna linnaosa, Tallinn
Harju maakond, 10114, Estonia
Email:
hello@kz.designWebsite:
www.kz.design