Introduction
4steps2win OÜ (referred to as "we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, and interact with our business.
Company Details:
4steps2win OÜ
Register number: 17364344
VAT number: [VAT number pending]
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551
Registered in: Estonia
Email: support@4steps2win.com
Please read this Privacy Policy carefully. By accessing and using this website, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.
1. What Personal Data We Collect
We collect personal data in the following ways:
Contact Forms
When you submit a contact form on our website, we collect:
- Full name
- Email address
- Phone number
- Company name
- Message or inquiry content
- Any other information you voluntarily provide
Booking Calendar
When you book a consultation or meeting through our booking system, we collect:
- Full name
- Email address
- Phone number
- Preferred meeting date and time
- Meeting topic or description
- Any special requests or notes
Newsletter Subscription
When you subscribe to our newsletter, we collect:
- Email address
- First name (optional)
- Company name (optional)
- Subscription date and consent status
Website Usage Data
We automatically collect information about how you interact with our website:
- Internet Protocol (IP) address
- Browser type and version
- Operating system
- Pages visited and time spent on each page
- Referrer information (how you arrived at our site)
- Links clicked
- Search terms entered
- Device type and screen resolution
- Approximate location (country/region level)
This data is collected through Google Analytics 4 (GA4) and other website monitoring tools.
Cookies and Tracking Technologies
We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience and collect usage data. For detailed information about cookies, please see our Cookie Policy.
2. How We Use Your Data
We use the personal data we collect for the following purposes:
- Respond to Inquiries: To respond to your contact form submissions, answer questions, and provide information about our services
- Schedule Consultations: To manage booking requests, send confirmation emails, calendar invitations, and meeting reminders
- Newsletter Communications: To send you marketing communications, industry insights, and updates (only with your consent)
- Provide Services: To deliver and fulfill the consulting, training, or AI agent services you've requested
- Website Analytics: To understand how visitors use our website, identify trends, and improve user experience
- Service Improvement: To analyze usage patterns and optimize our website, services, and content
- Business Operations: To manage customer relationships, process payments, and handle administrative matters
- Comply with Legal Obligations: To comply with applicable laws, regulations, and legitimate legal requests
- Fraud Prevention: To detect, prevent, and address fraud, abuse, and security incidents
- Marketing and Outreach: To contact you about relevant services, special offers, and updates (only with consent)
3. Lawful Basis for Processing (GDPR)
Under the EU General Data Protection Regulation (GDPR), we only process personal data where we have a lawful basis. Our lawful bases include:
- Consent: We process your data for newsletter subscriptions and cookie-based tracking with your explicit consent, which you can withdraw at any time
- Contract Performance: We process data necessary to fulfill services you've requested, such as responding to inquiries and scheduling consultations
- Legitimate Interests: We process website analytics and usage data to improve our services, understand customer behavior, and optimize user experience (balanced against your privacy rights)
- Legal Obligation: We process financial and tax records as required by Estonian law and regulations
- Vital Interests: We may process data where necessary to protect health, safety, or life-threatening situations
4. Who We Share Your Data With
We do not sell, trade, or rent your personal information. However, we share data with the following third parties to operate our business:
Funnelbase / GoHighLevel
We use Funnelbase (powered by GoHighLevel) to manage contact forms, booking calendars, and customer relationship management. Your contact information and meeting preferences are stored and processed on GoHighLevel's servers. GoHighLevel is a US-based company subject to US data protection laws.
Purpose: Form submission handling, appointment scheduling, and CRM management
Data transferred: Name, email, phone, company, message content, meeting preferences
Privacy: GoHighLevel Privacy Policy
Google Analytics
We use Google Analytics 4 to collect and analyze website usage data. Google may use this data to improve their services and services offered by other companies. You can opt out of Google Analytics tracking.
Purpose: Website analytics and user behavior tracking
Data transferred: IP address, browsing behavior, device information, location data
Privacy: Google Privacy Policy
Service Providers and Partners
We may engage other service providers to support our business operations (hosting providers, email services, payment processors, etc.). These providers are contractually obligated to process data only as instructed and to maintain the confidentiality of your information.
Legal Requirements
We may disclose your information if required by law (court orders, government requests, law enforcement) or to protect our legal rights and the safety of others.
5. International Data Transfers
Your personal data may be transferred to, stored in, and processed in countries outside of the European Union (including the United States) where our service providers are located. These countries may not have the same data protection laws as the EU.
Safeguards for International Transfers
When we transfer personal data internationally, we implement safeguards to protect your information:
- EU-US Data Privacy Framework: For US-based processors like Google and GoHighLevel, we rely on the adequacy decision under the EU-US Data Privacy Framework where applicable
- Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses in agreements with third-party processors to ensure adequate protection
- Data Processing Agreements (DPAs): We maintain Data Processing Agreements with all processors that include GDPR compliance requirements
You can request a copy of our Data Processing Agreements and transfer safeguards by contacting us at support@4steps2win.com.
6. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. The retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact Enquiries | 2 years | Service follow-up and relationship management |
| Booking and Calendar Data | 2 years after last interaction | Meeting records and service delivery |
| Newsletter Subscribers | Until unsubscribe | Active marketing consent |
| Google Analytics Data | 14 months (GA4 default) | Website analytics and usage tracking |
| Financial and Tax Records | As required by Estonian law (typically 7 years) | Legal and tax compliance |
| Cookies and Tracking Data | As per Cookie Policy (typically 1-2 years) | Website functionality and analytics |
| Server Logs | 30-90 days | Security and troubleshooting |
Once the retention period expires, we securely delete or anonymize your personal data. In some cases, we may retain anonymized or aggregated data that cannot identify you.
7. Your Privacy Rights
Under the GDPR and other applicable privacy laws, you have the following rights regarding your personal data:
GDPR Rights (EU Residents)
- Right of Access: You have the right to obtain a copy of your personal data and confirm how we process it
- Right to Rectification: You can request correction of inaccurate or incomplete personal data
- Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data, subject to legal exceptions
- Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances
- Right to Data Portability: You can request to receive your personal data in a structured, machine-readable format and transfer it to another provider
- Right to Object: You can object to processing of your data for marketing, profiling, and other purposes
- Right to Withdraw Consent: You can withdraw consent for data processing at any time (such as newsletter subscriptions or cookies)
- Rights Related to Automated Decision-Making: You have rights regarding decisions made solely by automated means
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: support@4steps2win.com
Mail: Ahtri tn 12, Tallinn, 15551, Estonia
Please include sufficient information to identify you and specify your request clearly. We will respond to your request within 30 days (or as required by law). If your request is complex or numerous, we may extend this period, which we will notify you of.
Right to Lodge a Complaint
If you believe we have violated your privacy rights, you have the right to lodge a complaint with the Estonian Data Protection Authority (Andmekaitse Inspektsioon):
Andmekaitse Inspektsioon
Address: Väike-Ameerika 19, 10001 Tallinn, Estonia
Phone: +372 636 6300
Email: info@aki.ee
Website: www.aki.ee
8. California Resident Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You have the right to request what personal information we collect, use, and share about you
- Right to Delete: You can request deletion of personal information we've collected from you (subject to certain exceptions)
- Right to Correct: You can request correction of inaccurate personal information
- Right to Opt-Out of Sale or Sharing: You can opt out of the sale or sharing of your personal information
- Right to Limit Use: You can limit how we use your personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Important Notice: We do not sell or share your personal information with third parties for their direct marketing purposes. Your data is shared only with service providers (like GoHighLevel and Google) who assist us in operating our business.
To exercise California privacy rights, contact us at support@4steps2win.com.
9. Cookie Policy
We use cookies and similar tracking technologies on our website. For detailed information about the types of cookies we use, why we use them, and how to manage your cookie preferences, please see our full Cookie Policy.
You can control cookie settings through your browser or by interacting with our cookie consent banner. Please note that disabling cookies may affect the functionality of certain website features.
10. Children's Privacy
Our website and services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will immediately delete such information and terminate the child's use of our services.
If you are aware of any personal data we may have collected from a child under 16, please contact us immediately at support@4steps2win.com.
11. Data Security
We implement reasonable technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (HTTPS/SSL)
- Secure storage systems and access controls
- Regular security assessments and monitoring
- Staff training on data protection and privacy
- Incident response procedures
However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for keeping your passwords and account credentials confidential.
12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of external websites. This Privacy Policy applies only to our website. When you click on external links, you leave our site and are subject to the privacy policies of those third parties. We encourage you to review the privacy policies of any external websites before providing personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Privacy Policy on our website and updating the "Last Updated" date. Your continued use of our website following the posting of changes constitutes your acceptance of those changes.
We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information.
14. Contact Us
If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us:
Email: support@4steps2win.com
Mail: 4steps2win OÜ
Ahtri tn 12
Tallinn, Kesklinna linnaosa
Harju maakond, 15551
Estonia
We will respond to your inquiry within 14 business days. If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.