Privacy Policy

Last updated: 27 April 2026 · Effective: 27 April 2026

This Privacy Policy explains how Punch Club OÜ ("Punch Club", "we", "us") processes personal data collected through the website punchclub00.com ("the Website"), in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and applicable Estonian and Croatian data protection laws.

1. Data Controller

Punch Club OÜ (registry code: registered in Estonia)
Kokasauna Põik 1, 76406 Harju maakond, Estonia
Email: info@punchclub.com
For Croatia-specific questions: hello@punchclub.com

2. What Data We Collect

We collect the following categories of personal data:

• Email address — when you voluntarily subscribe to our newsletter via the form on the Website.
• Technical data — IP address, device type, browser, referring URL, pages viewed, and approximate location, collected automatically through server logs and analytics tools.
• Cookies — see our Cookies Policy for details.

We do not knowingly collect personal data from minors under 16 years of age.

3. Why We Process Your Data (Legal Basis)

• Newsletter: processed on the basis of your consent (Art. 6(1)(a) GDPR), which you may withdraw at any time.
• Website analytics and security: processed on the basis of our legitimate interest in operating, improving, and protecting the Website (Art. 6(1)(f) GDPR).
• Compliance with legal obligations: retention of certain logs as required by applicable law (Art. 6(1)(c) GDPR).

4. How We Use Your Data

We use personal data to:

• Send you newsletters about new flavours, campaigns, and brand news (only if you opted in).
• Understand how visitors use the Website and improve its content and performance.
• Detect and prevent technical issues, fraud, and abuse.
• Comply with applicable laws and respond to lawful requests from authorities.

5. Sharing With Third Parties

We share personal data only with the following categories of recipients, under appropriate data-processing agreements:

• Hosting and infrastructure providers (e.g. Vercel Inc., USA — operating EU edge nodes; data transfers covered by Standard Contractual Clauses).
• Email-delivery services for the newsletter (e.g. Resend, MailerLite, or similar EU/EEA-compliant providers).
• Web analytics providers (e.g. Vercel Analytics, Plausible, or similar privacy-focused tools that do not use cookies for cross-site tracking).
• Authorities where required by law.

We do not sell personal data. We do not share personal data with advertising networks for cross-context behavioural advertising.

6. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions.

7. How Long We Keep Data

• Newsletter email: until you unsubscribe or request deletion.
• Server logs and analytics: typically up to 12 months.
• Other data: only as long as necessary for the purpose for which it was collected, or as required by law.

8. Your Rights Under GDPR

Subject to conditions in the GDPR, you have the right to:

• Access your personal data and obtain a copy.
• Request correction of inaccurate or incomplete data.
• Request erasure ("right to be forgotten").
• Restrict or object to processing.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority (the Estonian Data Protection Inspectorate, or in Croatia: AZOP — Agencija za zaštitu osobnih podataka).

To exercise any of these rights, contact us at info@punchclub.com. We will respond within 30 days.

9. Security

We use technical and organisational measures (encrypted connections, access controls, regular security reviews) to protect personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the internet is 100% secure, however, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. We will notify newsletter subscribers of material changes by email.

11. Contact

For questions about this Privacy Policy or how your data is processed, please contact info@punchclub.com.