PRIVACY POLICY

How We Collect, Use & Protect Your Personal Data
Effective Date: May 2026

1. Introduction

Morpheus Engineering Solutions ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and Estonian data protection law.

This policy applies to all visitors of morpheus-engineering.com, including clients and contacts located both within and outside the European Union. As an Estonia based operator, we apply GDPR as our baseline standard for all personal data processing, regardless of where you are located.

Morpheus Engineering Solutions is currently operated as a sole operator. All personal data collected through this website is accessed and managed solely by the website operator.

2. Data Controller

Morpheus Engineering Solutions is currently in the process of company registration in Estonia. We are acting as the data controller for personal data collected through this website. Full controller details including registration number will be updated upon completion of registration.

Controller Name
Morpheus Engineering Solutions
Website
morpheus-engineering.com
Country
Estonia, European Union
Contact
Via contact form at morpheus-engineering.com/contact-us
Registration
In progress, to be updated upon completion

3. What Personal Data We Collect

3.1 Contact Form

When you submit an enquiry via our Contact form, we collect the information you provide, which typically includes:

  • Your name
  • Your email address
  • The content of your message

We do not collect any sensitive personal data through the Contact form.

3.2 Website Analytics

We use Google Analytics to collect anonymised data about how visitors use our website. This data does not directly identify you and includes:

  • Pages visited and time spent on each page
  • Approximate geographic location (country/city level only)
  • Browser type and device type
  • Referral source (how you arrived at our site)

4. Legal Basis for Processing

We process personal data on the following legal grounds:

Data Type
Category
Purpose
Duration
Contact Form Data
Legitimate Interest / Contract
To respond to your enquiry and conduct pre contractual communications
Duration of correspondence plus 2 years
Google Analytics
Consent
To understand how our website is used and improve its content
Up to 2 years (see Cookie Policy)
Security Cookies
Legitimate Interest
To protect the website from automated attacks and ensure stability
Up to 30 minutes

5. How We Use Your Data

We use the personal data we collect solely for the following purposes:

  • To respond to enquiries submitted via the Contact form
  • To carry out pre contractual and contractual communications
  • To analyse and improve website performance and user experience
  • To protect the website and its visitors from security threats

We do not use your data for automated decision making or profiling.

6. Data Sharing & Third Parties

We share limited data with the following third party service providers:

Provider
Google LLC
Service
Provides Google Analytics, processes anonymised website usage data. Privacy Policy: policies.google.com/privacy
Provider
Cloudflare Inc.
Service
Provides website security and performance (CDN). Processes request metadata. Privacy Policy: cloudflare.com/privacypolicy
Provider
Webflow Inc.
Service
Provides website hosting and form handling infrastructure. Privacy Policy: webflow.com/legal/privacy

We do not sell, rent, or otherwise share your personal data with any other third parties for marketing or commercial purposes. Data transfers to the US (Google, Cloudflare, Webflow) are covered by Standard Contractual Clauses (SCCs) or equivalent GDPR compliant transfer mechanisms.

7. Data Retention

We retain personal data only for as long as necessary:

Contact form enquiries
Retained for the duration of correspondence and up to 2 years thereafter
Google Analytics data
Retained for up to 26 months (as configured in Google Analytics)
Security/session data
Deleted at end of session or within 30 minutes

8. Your Rights Under GDPR

As a data subject, you have the following rights:

To exercise any of these rights, please contact us via the Contact form on our website. We will respond within 30 days as required by GDPR.

  • Right of Access, request a copy of the data we hold about you
  • Right to Rectification, request correction of inaccurate data
  • Right to Erasure, request deletion of your personal data
  • Right to Restrict Processing, request that we limit how we use your data
  • Right to Data Portability, request your data in a structured, machine readable format
  • Right to Object, object to processing based on legitimate interests
  • Right to Withdraw Consent, withdraw consent for analytics cookies at any time

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee.

9. International Data Transfers & Global Clients

Morpheus Engineering Solutions works with clients both within and outside the European Union. If you are located outside the EU and submit a Contact form enquiry, your personal data will be processed in accordance with this Privacy Policy and GDPR standards, which we apply globally as our baseline.

Data submitted through our website is processed via infrastructure operated by Webflow (US), Google (US), and Cloudflare (US). All such transfers outside the EU are governed by Standard Contractual Clauses (SCCs) or equivalent approved transfer mechanisms as required by GDPR Article 46.

Where you are based in a jurisdiction with its own data protection laws (such as the UK, UAE, or others), please be aware that by submitting data through this website you acknowledge it will be processed in accordance with Estonian law and GDPR.

10. Data Processor Role, Client Engagements

Forward looking notice: Morpheus Engineering Solutions provides technical engineering advisory services. Depending on the nature of future client engagements, it is possible that we may access or process personal data belonging to our clients' employees, systems, or end users as part of delivering those services. In such cases, Morpheus Engineering Solutions would act as a Data Processor under GDPR, and a formal Data Processing Agreement (DPA) would be required with the relevant client prior to commencement of work. This policy will be updated accordingly when such engagements arise.

11. Cookies

Our website uses cookies. For full details of the cookies we use, their purpose, and how to manage your preferences, please see our Cookie Policy.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Our website is hosted on Webflow's secure infrastructure and protected by Cloudflare's security layer. As a sole operator, access to personal data is strictly limited to the website operator only.

13. Children's Privacy

Our website and services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors.

14. Changes to this Policy

We may update this Privacy Policy from time to time, including upon completion of company registration, expansion of the team, or commencement of client data processing engagements. The most current version will always be available on this page with the effective date noted at the top.

NAVIGATION
Home
About
Services
Journal
Contact
FAQ
MORPHEUS.
@2026 all rights reserved.
© MORPHEUS ENGINEERING SOLUTIONS
BACK TO TOP