Privacy Policy
Effective from: 01.01.2025
1. Introduction
Expert Level (“the Company”, “we”, “us”) is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection legislation.
This policy applies to all personal data processed through our website and in the course of providing our IT services.
2. Data We Collect
2.1 Data you provide directly
When you submit an enquiry or contact us via our website forms, we collect:
- Full name
- Email address
- Phone number (optional)
- Message content
- Service of interest (if selected)
2.2 Automatically collected data
When you visit our website, we automatically collect technical information including:
- IP address (anonymised prior to storage)
- Browser type and version
- Operating system
- Referring URL
- Pages visited and time spent
- Date and time of access
2.3 Cookie data
We use cookies and similar tracking technologies. See Section 8 for full details.
3. Legal Basis for Processing
We process personal data only where we have a lawful basis under GDPR Article 6:
| Processing activity | Legal basis |
|---|---|
| Responding to enquiry form submissions | Consent (Art. 6(1)(a)) |
| Delivering contracted services | Contractual necessity (Art. 6(1)(b)) |
| Website analytics and security monitoring | Legitimate interests (Art. 6(1)(f)) |
| Cookie-based tracking (non-essential) | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
We use collected data for the following purposes:
- Enquiry handling — to respond to questions and requests submitted via our contact forms
- Service delivery — to fulfil and manage contracted IT projects and services
- Client communications — to send project updates, invoices, and service-related notifications
- Website improvement — to analyse traffic, identify issues, and improve user experience
- Security — to detect, prevent, and investigate technical issues and unauthorised access
- Legal compliance — to meet our obligations under applicable laws
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
5. Data Retention
We retain personal data only as long as necessary for the purposes stated in this policy:
| Data type | Retention period |
|---|---|
| Enquiry form submissions | 24 months from last contact |
| Client project records | 5 years (legal and accounting requirements) |
| Website analytics data | 26 months, then automatically deleted |
| Cookie consent records | 12 months |
After the applicable retention period, data is securely deleted or anonymised.
6. Third-Party Service Providers
To operate our website and deliver services, we work with the following categories of third-party processors:
- Website analytics (e.g. Google Analytics) — used to understand traffic patterns and user behaviour in anonymised, aggregated form
- Advertising platforms (e.g. Google Ads) — used to measure campaign performance; conversion data is processed under agreed data processing terms
- Email and hosting infrastructure — used to serve the website and process form submissions securely
All third-party providers are engaged under data processing agreements with appropriate technical and organisational safeguards.
7. International Data Transfers
Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions recognising equivalent data protection standards
8. Cookies
Cookies are small text files placed on your device by our website. We use the following categories:
Essential cookies — required for the website to function correctly. These cannot be disabled.
- Session management
- Cookie consent preference storage
Analytics cookies — help us understand how visitors use our site. Set only with your consent.
- Google Analytics (_ga, _gid, _gat) — expire after 2 years, 24 hours, and 1 minute respectively
Marketing cookies — used to measure advertising effectiveness. Set only with your consent.
- Google Ads conversion tracking
You can manage or withdraw cookie consent at any time via the cookie banner on our website, or by adjusting your browser settings. Disabling non-essential cookies will not affect core website functionality.
9. Your Rights Under GDPR
As a data subject, you have the following rights regarding your personal data:
- Right to access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data (“right to be forgotten”)
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — withdraw consent at any time; this does not affect the lawfulness of prior processing
To exercise any of these rights, please contact us through the contact form on our website. We will respond within 30 calendar days.
You also have the right to lodge a complaint with a data protection supervisory authority. In Latvia: the Data State Inspectorate (Datu valsts inspekcija). In the United Kingdom: the Information Commissioner’s Office (ICO).
10. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), access controls, and regular security reviews.
However, no method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
11. Children’s Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has submitted personal data, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The effective date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.