NextLevelSolutions OÜ ("we", "us", "our") respects your privacy and is committed to protecting your personal data in accordance with the Regulation (EU) 2016/679 ("GDPR"), the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus), and other applicable laws. This statement explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Introduction and Scope

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter "Data") within our online offering and the associated websites, functions, and content (hereinafter collectively "Website").

Special Note on Cold Email Outreach (Direct Marketing):

As part of our business activities, we also send business emails to potential business clients. In this context, we process publicly available business data. You can find more detailed information on this in section "3.2. Data Processing for B2B Direct Marketing (Cold Email Outreach)".

2. Data We Collect on Our Website

2.1. CountUp - Anonymous Website Analytics

We use our in-house tracking service, CountUp (www.countup.io), to collect anonymous usage data for statistical purposes only. Our goal is to understand overall trends in our website traffic—not to track individual visitors. We do not profile individuals, nor do we share any of this data with third parties.

Scope of Data:

CountUp does not store any personally identifiable information. Data collected is strictly anonymous and may include:

• Referring websites

• Top-visited pages

• Visit duration

• Device information (type, operating system, browser)

• Geographical region (country level)

• Other non-identifying technical metrics
  
  

You can find a complete list of all collected data points here: https://countup.io/info/what-we-track

Purpose and Legal Basis:
We process anonymous analytics data based on our legitimate interest (Art. 6 (1) lit. f GDPR) in improving our website performance and user experience.

Transparency and Minimization:

We only collect the data strictly necessary for statistical analysis and optimization. No cookies or similar technologies are used to store personal data in your browser.

Data Retention:

Analytics data is retained only as long as necessary to fulfill the statistical reporting purpose. We regularly purge older data to ensure minimal storage.

2.2. Crisp - Chat Messaging

Our Website uses Crisp, a secure third-party messaging platform, to engage with our visitors. Through Crisp, we may send you information about workshops, events, courses, and services.

For more details, please review the Crisp Privacy Policy: https://crisp.chat/en/privacy/

Purpose and Legal Basis:

The use of Crisp serves the purpose of direct communication and answering inquiries. The processing of your data in this context is based on your consent (Art. 6 (1) lit. a GDPR), which you provide by using the chat, or on the performance of pre-contractual measures or the fulfillment of a contract (Art. 6 (1) lit. b GDPR) if your inquiry relates to a specific service.

2.3. Use of Framer and Cookies

We use Framer—a service provided by Framer B.V. and its affiliates—to embed interactive prototypes, components, and other dynamic content on our website. Framer employs cookies and similar tracking technologies to ensure these features function correctly and to enhance your experience.

What is a cookie?

Cookies are small data files stored on your device when you visit a website or use an online product. They help speed up and simplify interactions between you and the site, remember your preferences, and provide reporting information.

Types of cookies used by Framer:

• Essential cookies: Required for the technical operation of embedded Framer content (e.g., loading prototypes or maintaining login states).

• Performance & Functional cookies: Enhance performance and functionality (e.g., optimizing in-prototype search), but are not strictly necessary for basic use.

• Analytics cookies: Collect anonymized usage data via Framer-Analytics or Google Analytics to help us understand how the Framer-powered parts of our site are used and to improve them.

• Advertising cookies: Enable more relevant advertising by tracking interests, preventing repetitive ads, and ensuring proper ad delivery

Cookie Name Provider Category Purpose Duration cookieconsent_status Framer Essential Records your acceptance of the cookie banner 1 year algoliasearch-client-js Algolia Functional Powers the search feature within embedded prototypes 1 year history Framer Analytics Tracks user interactions within prototypes 1 year session Framer Analytics Manages user session tokens (e.g., for authenticated demos) 6 months _ga, _gid, _gat Google Analytics Analytics Generates statistical data on how the Framer content is used 2 years, 1 day, 1 day respectively YSC, PREF, VISITOR_INFO1_LIVE YouTube Advertising Tracks viewing of embedded YouTube videos 1 day, 1 year, 6 months respectively

How to disable cookies:

You can always change your preferences by clicking on the "Cookies" Link in the footer of each page.

You can adjust your browser settings to block or delete cookies. Note that disabling cookies may limit your ability to use certain Framer-based features.

To opt out of targeted advertising, visit aboutads.info and networkadvertising.org in the U.S., or youronlinechoices.eu in the EU. Mobile opt-out choices are available at networkadvertising.org/mobile-choices.

Policy updates:

We recommend reviewing this section periodically. Your continued use of our site’s Framer-powered features confirms your acceptance of any changes. If you have questions about our use of Framer cookies, please contact us at support@getpragmatic.ai.

Purpose and Legal Basis:

The use of cookies that are strictly necessary for the operation and functionality of our website (Essential Cookies) is based on our legitimate interest (Art. 6 (1) lit. f GDPR) in providing a technically sound and user-friendly service.

The use of performance, functional, analytics, and advertising cookies is based on your consent (Art. 6 (1) lit. a GDPR), which we obtain through our cookie banner. You have the right to withdraw your consent at any time with future effect.

2.4. Apollo.io – Company Website Visitor Identification
We use Apollo.io (ZenLeads Inc., USA) to identify which companies visit our website.

Scope of Data Processing:

• IP address and derived company information

• Browser and device information

• Visited pages and timestamps

• HTTP headers and referrer information
  
  

No Individual Person Identification:
Apollo does not identify individual natural persons, but only companies associated with the IP addresses from which the website is accessed.

Purpose and Legal Basis:
Processing is based on our legitimate interest (Art. 6 (1) lit. f GDPR) in analyzing and optimizing our B2B offering and identifying potential business customers.

Data Transfer to the USA:
Data may be transferred to the United States. Apollo.io is certified under the EU-US Data Privacy Framework and maintains Standard Contractual Clauses (SCCs). More information: https://www.apollo.io/privacy-policy

Right to Object:
You may object to this processing at any time. You can also prevent Apollo from collecting your data by using appropriate browser settings or ad blockers.

3. Data Processing Outside the Website (B2B Direct Marketing)

3.1. Data Collection for B2B Direct Marketing

For our B2B direct marketing, we collect and process contact data of potential business clients. This data is obtained exclusively from publicly accessible sources. The most common methods and sources from which we obtain such information include:

1. Professional social networks: Especially platforms like LinkedIn (including LinkedIn Sales Navigator) and XING, where professionals publicly share their profiles and activities.

2. Company websites and impressum/legal notices: Information found on official company websites, particularly in the impressum/legal notice section or "About Us" pages, where contact details of specific contacts or general company email addresses are published.

3. Public directories and registers: This includes commercial registers, industry directories, or other publicly maintained company databases that contain business contact details.

4. Press releases and specialist articles: Publications in which employees are named in their professional capacity and their contact details or company affiliation are disclosed.

5. Specialized data providers and scraping tools: We also use professional software tools, such as Apollo.io and Vayne, which are specialized in efficiently identifying, collecting, and verifying publicly available information. Such tools enable us to extract relevant data based on your specified criteria (e.g., industries, positions, company sizes) and, if necessary, verify their validity.
   
   

The data collected typically includes:

• Name of the individual

• Professional email address

• Position/title within the company

• Company name and industry

• Publicly available information about professional activity (e.g., from LinkedIn profiles)

3.2. Purpose and Legal Basis for Data Processing in B2B Direct Marketing

The processing of this data serves the purpose of making potential business clients aware of our products and services and initiating a business relationship. This includes sending emails, presenting our offers, and making contact for appointment scheduling.

The legal basis for this data processing is our legitimate interest (Art. 6 (1) lit. f GDPR) in directly approaching business clients in a B2B environment for new customer acquisition and to promote our business.

In weighing these interests, we have considered that:

• This involves publicly available business contact data relevant to the exercise of a professional activity.

• We focus on contacting individuals whose professional profile and company suggest a potential interest in our services.

• We provide you with a simple and clear option to object (unsubscribe) in every email.

• The contact takes place in a professional B2B context and does not disproportionately interfere with your rights and freedoms.

3.3. Data Retention and Disclosure for B2B Direct Marketing
Retention Period for Active B2B Direct Marketing Campaigns:
Contact data is stored for active outreach campaigns for a maximum of 60 days. This period allows for follow-up sequences and accounts for realistic response times in the B2B context. After this period, data is either deleted (in case of opt-out) or transferred to the cooldown pool (in case of no interest shown).

Cooldown Pool (Contact Protection):
Contact data from individuals who have not responded is stored in a cooldown pool for up to 8 months. Purpose: Protection against repeated contact with the same individuals (legitimate interest under Art. 6 (1) lit. f GDPR). After 8 months, automatic deletion occurs or transfer to the Blocked List upon renewed contact.

Blocked List (Opt-out Management):
If a contact objects to further communication, all personal data is deleted immediately. To ensure that such contacts are never approached again, we maintain a suppression list with pseudonymized identifiers (e.g., hashed email addresses). This list no longer contains any personal data and is used solely to prevent duplicate outreach.

Sharing with Service Providers:
Data is generally not shared with third parties unless required for fulfilling the purpose. For sending cold email campaigns and managing our outreach activities, we use specialized external service providers. Where available, we conclude Data Processing Agreements (DPAs) in accordance with Art. 28 GDPR. For providers where such agreements are not available, we implement appropriate technical and organizational measures (TOMs) to ensure an adequate level of data protection.

Examples of tools we use include:

• Apollo.io (lead generation, email verification, and data enrichment)

• Vayne (collection and enrichment of publicly available business data)

• Instantly.ai (managing and sending email sequences)

• Smartlead (managing and sending email sequences)

• Manyreach (email campaign management and automated follow-up sequences)
  
  

Data Transfer to the USA:
Some of the mentioned service providers (e.g., Apollo.io, Instantly.ai, Smartlead, Manyreach) are based in the USA. The transfer of personal data to the USA is carried out on the basis of Standard Contractual Clauses (SCCs) under Art. 46 GDPR or, where available, based on certification under the EU-US Data Privacy Framework (DPF).

These measures ensure that an adequate level of data protection is guaranteed even when processing in the USA. Additionally, we implement technical and organizational safeguards such as data minimization, encryption, and access restrictions.

4. Your Rights

Under the GDPR and Estonian law, you have the following rights regarding your personal data:

• Right of Access (Art. 15 GDPR): You can request a copy of the data we hold about you.

• Right to Rectification (Art. 16 GDPR): You can ask us to correct or update inaccurate information.

• Right to Erasure (Art. 17 GDPR): You can request deletion of your personal data, unless we have a legal obligation to retain it or an overriding legitimate interest.

• Right to Restriction of Processing (Art. 18 GDPR): In certain circumstances, you can ask us to suspend processing.

• Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format (applies only to personal data based on consent or contract).

• Right to Object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data based on legitimate interests (especially direct marketing). This also applies to profiling insofar as it is related to such direct marketing. Following your objection, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
  
  

To exercise any of these rights, please contact us at team@nxt-lvl.io.

5. Contact and Supervisory Authority

If you have questions about this statement or our data practices, you can reach us at:

NextLevelSolutions OÜ

Tornimäe tn 5, 10145

Tallinn, Harju maakond, Estonia

E-mail: team@nxt-lvl.io

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

Pärnu mnt 15, 15176 Tallinn, Estonia

E-mail: info@aki.ee

6. Updates to This Statement

We may update this privacy statement from time to time to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with a revised "Last updated" date.