Skip to main content
tsoon
tsoon

Privacy policy

·
Table of Contents

Who runs this site

Tsoon OÜ, registered in the Estonian e-Business Register under code 12858426, Tallinn. I’m Esko Lehtme.

In short

No cookies. The newsletter form collects your email. Booking a call collects what you type into the form. Nothing else.

Tools and processors

Hosting

This site is hosted on Netlify (Netlify, Inc., United States). Netlify processes IP addresses and request metadata in access logs as part of serving pages.

  • Legal basis: legitimate interest (GDPR Art. 6(1)(f)) – necessary to operate the site.
  • Transfer: United States. SCCs. Netlify’s privacy policy.

Analytics

Two cookieless tools load on every page:

  • Umami (Umami Software, Inc., United States) – aggregate page views and referrers. Privacy policy.
  • Ahrefs Web Analytics (Ahrefs Pte. Ltd., Singapore) – aggregate page views and referrers. Privacy policy.

Legal basis: legitimate interest (GDPR Art. 6(1)(f)). Data is anonymised, so no consent or banner is required.

Newsletter

Subscribing sends your email to Buttondown (Buttondown, Inc., United States).

  • Collected: email address.
  • Purpose: newsletter and opted-in course emails.
  • Legal basis: consent (GDPR Art. 6(1)(a)). Withdraw via the one-click unsubscribe link in every email.
  • Retention: until you unsubscribe; then held on Buttondown’s suppression list to prevent re-import.
  • Transfer: United States. SCCs + EU-US Data Privacy Framework. Buttondown’s privacy policy.

Booking

Calls are booked through Cal.com (Cal.com, Inc., United States) or Cal.eu (Cal.com, Inc., EU infrastructure). The same data is collected regardless of which platform handles the booking.

  • Collected: name, email, time zone, meeting time, and anything you type into open-text fields.
  • Purpose: scheduling and running the call.
  • Legal basis: pre-contract steps at your request (GDPR Art. 6(1)(b)).
  • Retention: 1 year after the meeting. The booking also syncs into Daylite (below).
  • Transfer: Cal.com – United States. SCCs + EU-US Data Privacy Framework. Cal.eu – EU infrastructure, no transfer outside the EEA. Cal.com’s privacy policy.

Client management

Bookings sync automatically into Daylite (Marketcircle Inc., Canada). Notes, follow-ups, and related emails are added manually.

  • Collected: name, email, meeting times, and notes I write about the engagement.
  • Purpose: managing client and prospect relationships.
  • Legal basis: legitimate interest (GDPR Art. 6(1)(f)); contract for paid engagements (Art. 6(1)(b)); legal obligation for financial records (Art. 6(1)(c)).
  • Retention:
    • Active clients: while engaged plus 5 years.
    • Other contacts: 2 years from last contact.
    • Financial records: 7 years (Estonian Accounting Act § 12).
    • Earlier deletion on request, except financial records.
  • Transfer: Canada (EU adequacy decision – no SCCs needed). Daylite’s privacy policy.

LinkedIn

This site links to my LinkedIn profile. LinkedIn (LinkedIn Ireland Unlimited Company) processes its own data when you click through; nothing is sent from www.tsoon.com.

Cookies

This site sets none. No tool listed above sets any on www.tsoon.com. No cookie banner is needed.

Security

HTTPS throughout. Data Processing Agreements in place with each processor. Daylite access is limited to me.

Your rights under GDPR

You can:

  • request access to data I hold about you,
  • have it corrected,
  • have it deleted (except financial records subject to the 7-year retention),
  • restrict or object to processing,
  • withdraw newsletter consent at any time.

. You can also complain to the Estonian Data Protection Inspectorate, Andmekaitse Inspektsioon.

Contact