Privacy Policy

Effective Date: 9 May 2025

This Privacy Policy governs the manner in which MLR Strategies OÜ (“we”, “our”, or “us”) collects, uses, maintains, and discloses information collected from users (“you” or “your”) of our website located at http://www.mlrstrategies.com (the “Website”). This policy applies to the Website and all services offered through it, including but not limited to executive coaching, team coaching, workshops, retreats, assessments, and other related activities.

We are committed to ensuring that your privacy is protected in accordance with applicable privacy laws, including but not limited to the General Data Protection Regulation (GDPR) (EU Regulation 2016/679), the UK GDPR, and the California Consumer Privacy Act (CCPA) as amended by the CPRA. If you are located outside the EU or California, we still treat your data with a high level of privacy and security.

1. Data Controller

The data controller for the purposes of the GDPR and similar privacy laws is:
Megan Riley, MLR Strategies OÜ
Address: Vana Turg 2, 10140 Tallinn, Estonia
Email: megan@mlrstrategies.com

2. Information We Collect

We collect both personally identifiable information (PII) and non-personally identifiable information (Non-PII)through various interactions you may have with the Website.

2.1. Personally Identifiable Information

We may collect the following PII when you voluntarily submit it through forms or interactions:

  • Full name
  • Email address
  • Optional message content via the “Contact Me” form
  • Consent to receive email communications (e.g., newsletter)
  • Blog comment submissions (name, email, and comment content)

We also collect:

  • Information submitted to third-party assessment partners as part of our coaching services (e.g., name, email)
  • Communication metadata (e.g., timestamps, frequency of contact)

2.2. Automatically Collected Data (Non-PII)

We use Google Analytics to collect certain information automatically, including:

  • IP address (may be anonymized in the EU)
  • Browser type and version
  • Device information and operating system
  • Referring website
  • Pages visited and time spent
  • Clickstream behavior

We do not currently use cookies for advertising, personalization, or third-party marketing. Google Analytics’ default cookies may still be active unless browser-level cookie restrictions are in place.

3. Legal Basis for Processing Personal Data (EU/UK GDPR)

We rely on the following legal bases for processing your personal data:

  • Consent (Article 6(1)(a) GDPR): For marketing communications such as newsletters.
  • Contractual Necessity (Article 6(1)(b)): To respond to inquiries, deliver coaching services, or process assessment data.
  • Legitimate Interests (Article 6(1)(f)): For website functionality, analytics, blog moderation, and service improvement.
  • Legal Obligation (Article 6(1)(c)): To comply with applicable legal or tax obligations.

4. Purpose of Data Collection and Use

We process your data for the following purposes:

  • To respond to inquiries submitted via the contact form
  • To manage your coaching or assessment engagement
  • To perform internal analytics for site optimization
  • To deliver marketing communications (newsletter) only with opt-in consent
  • To moderate and manage user comments on the blog
  • To comply with legal obligations and protect our legal rights

5. Data Sharing and Third Parties

We do not sell, lease, or otherwise disclose your personal data to third parties for commercial purposes.

We share data only with:

  • Mailchimp (for newsletter management)
  • Google Analytics (website analytics)
  • Assessment Partners (e.g., for personality or leadership assessments required during coaching), only with your consent

Each third party is bound by a Data Processing Agreement (DPA) or equivalent contract ensuring GDPR/CCPA compliance, and data is never used by those parties beyond the agreed purpose.

6. Data Transfers Outside the EU

As we operate globally and use service providers (e.g., Mailchimp, Google) that may process data outside the European Economic Area (EEA), your data may be transferred to and maintained on servers located outside your jurisdiction. We ensure that such transfers are carried out using lawful transfer mechanisms such as:

  • The European Commission’s Standard Contractual Clauses (SCCs)
  • Adequacy decisions, where applicable

7. Retention Periods

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected:

  • Contact form inquiries: 12 months from last contact
  • Newsletter subscription data: Until you opt out or unsubscribe
  • Client/assessment data: Up to 7 years for legal record-keeping
  • Blog comments: Indefinitely unless removed upon request

You may request deletion of your data at any time, subject to overriding legal or contractual obligations.

8. Your Rights Under GDPR and CCPA

If you are located in the EU/UK:

You have the following rights under the GDPR:

  • Right to access your data
  • Right to rectify inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority (e.g., in Germany or your home country)

If you are a California resident (CCPA/CPRA):

You have the following rights:

  • Right to know what personal information is collected and how it’s used
  • Right to delete personal information (with some exceptions)
  • Right to opt out of sale/sharing of personal information (we do not sell your data)
  • Right to non-discrimination for exercising these rights

To exercise your rights, contact us at megan@mlrstrategies.com.

9. Blog Comments and Moderation Policy

When you comment on blog posts:

  • Your name and email address are required and stored with your comment
  • We reserve the right to moderate, edit, or delete comments that are offensive, spammy, or inappropriate
  • You may request removal of your comment by contacting us
  • We do not use your comments in marketing without obtaining your prior written consent

10. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information.

11. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Secure SSL encryption for website traffic
  • Secure login and restricted access to personal data
  • Contractual safeguards with third-party processors

Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Changes will be posted on this page with a revised “Effective Date.” We recommend checking this page periodically to stay informed.

13. Contact Information

For any privacy-related inquiries or to exercise your data protection rights, please contact:

Megan Riley, MLR Strategies OÜ
Email: megan@mlrstrategies.com
Mailing Address: Vana Turg 2, 10140 Tallinn, Estonia

Cookie Policy Disclaimer (for a separate Cookie Policy page or as a section in your Privacy Policy)

Cookie Policy

This website uses cookies to enhance your experience, analyze traffic, and support core site functionality. Cookies are small text files stored on your device that help us remember information about your visit.

Types of Cookies We Use

  • Essential Cookies: Required for basic functionality of the site. These cannot be turned off.
  • Analytics Cookies: Used to collect anonymous information about how visitors use the site (via Google Analytics).
    Example data collected:

    • Pages visited
    • Duration of session
    • Browser/device info
    • Referring websites

We do not use cookies for advertising, tracking across websites, or social media profiling.

Your Choices

You can:

  • Accept or reject non-essential cookies via the banner.
  • Adjust cookie settings in your browser at any time.
  • Disable analytics cookies by enabling “Do Not Track” in your browser settings or blocking cookies manually.

Third-Party Services

We use:

  • Google Analytics: Subject to Google’s privacy policy. Data may be processed outside the EU with safeguards (e.g., SCCs).

Retention

Cookies are stored for varying durations (e.g., session-based or up to 2 years). See your browser’s cookie storage to manage them.