Privacy Policy

The data controller for personal data processed via this website is ▲ Legal entity name, established at ▲ Registered office address. You can reach us at business@level13.agency.

Data protection enquiries: ▲ DPO / responsible contact email.

This policy covers personal data processed when you (a) visit this website, (b) contact us to request beta access, (c) engage LEVEL13 as a service provider, or (d) receive communications from us. Service delivery to clients is governed by a separate Data Processing Agreement (DPA), available on request.

• Identification and contact data — name, business email, company, role, phone (if you provide it).
• Communication content — the body of messages you send us and our replies.
• Technical data — IP address (truncated where possible), browser type, device type, referrer, pages visited.
• Analytics and signal data — anonymous or pseudonymous events used to measure site performance (see Cookie Policy).

We process personal data only for specified, explicit, and legitimate purposes, each tied to a GDPR Article 6 legal basis:

• Responding to enquiries — Art. 6(1)(b) (pre- contractual measures) or Art. 6(1)(f) (legitimate interest in answering business communication).
• Service delivery to clients — Art. 6(1)(b) (contract performance).
• Website operation and security — Art. 6(1)(f) (legitimate interest in operating a secure, functional site).
• Analytics and signal engineering — Art. 6(1)(a) (consent), recorded via the consent manager described in the Cookie Policy.
• Legal compliance — Art. 6(1)(c).

We share personal data only with processors who provide the technical infrastructure for this site and the LEVEL13 framework, under written data-processing agreements. Current processors include:

• Netlify — site hosting (EU-routed edge where available).
• Google (Tag Manager, GA4, BigQuery, Looker Studio) — tag orchestration, analytics, storage, reporting.
• Stape — server-side tag manager hosting in the EU region.
• Meta (Conversions API) — first-party conversion signals for paid media.
• GetTerms — consent management.
• ▲ Any other client-side or server-side processor in use

Some processors may transfer personal data outside the European Economic Area. For those transfers, we rely on EU Commission Standard Contractual Clauses (SCCs) and supplementary measures, and prefer EU-region hosting wherever a processor offers it.

▲ List the specific third-country transfers and applicable safeguards once the processor footprint is final.

• Enquiry messages: retained for ▲ duration after the conversation closes, then deleted.
• Contractual records: retained for the statutory minimum (typically 6–10 years for tax/accounting).
• Technical and analytics logs: retained for ▲ duration, then deleted or aggregated.
• Consent records: retained for the lifetime of the consent plus the statute of limitations for proof.

You have the right to:

• Access the personal data we hold about you (Art. 15).
• Have inaccurate data corrected (Art. 16).
• Have data erased where applicable (Art. 17).
• Restrict processing in certain cases (Art. 18).
• Receive your data in a portable format (Art. 20).
• Object to processing based on legitimate interest (Art. 21).
• Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, email business@level13.agency.

You have the right to lodge a complaint with a data protection supervisory authority — in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. Our lead supervisory authority is ▲ Lead supervisory authority for the entity.

Detail on the cookies and tracking technologies we use, including categories, purposes, and how to manage them, is in the dedicated Cookie Policy.

We update this policy when our processing changes materially. When we do, we revise the “Last updated” date at the top and, where the change is significant, notify affected users directly where we are able to.