Privacy Policy

Operated by: Utopian Design

Legal form: Eenmanszaak (Sole Proprietorship, Netherlands)

KVK number: 99611333

Email: hi@utopian.pro

Website: utopian.pro

Introduction & Overview

This Privacy Policy explains how Utopian Design ("we", "us", "our") collects, uses, stores, and discloses personal data when you access or interact with https://utopian.pro (the "Website"). We are the Data Controller for personal data collected through the Website. Our registered address is Rennemigstraat 60, 6413BV Heerlen, Netherlands (KVK: 99611333). This Policy is drafted in compliance with:

• EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679)
• Dutch Implementation Act (Uitvoeringswet AVG, UAVG)
• California Consumer Privacy Act 2018, as amended by CPRA (CCPA/CPRA) — where applicable to California residents
• Law of Ukraine "On Personal Data Protection" (01.06.2010) — applicable to our Ukrainian operations team

By submitting personal data through the Website, you confirm that you have read and understood this Policy. You also confirm that you have legal capacity to provide consent under applicable law. We may update this Policy periodically. Changes will be reflected by updating the date above. We encourage you to review this Policy regularly.

Key Definitions

For the purposes of this Privacy Policy (the Policy), the terms listed below shall have the meanings assigned to them: Company - Utopian Design, Eenmanszaak, KVK 99611333, Netherlands. Website - means all content, pages, and resources available at UTOPIAN.PRO , including all associated subpages and materials, through which Services are presented and provided (also referred to as UTOPIAN.PRO). Service / Services - the range of digital design services offered by the Company via the Website, including but not limited to UI/UX design, brand design, website design, and related creative or strategic deliverables. User / You - any individual who accesses or interacts with UTOPIAN.PRO for personal or business-related purposes (also referred to as You or Your). Usage Data - data collected automatically, such as IP addresses, browser type, and pages visited. Content - all information and materials made available by the Company on the Website, including descriptions of Services, offers, text, icons, illustrations, graphics, photographs, logos, and any other visual or informational elements. All Content is the exclusive property of the Company unless expressly stated otherwise.

Intellectual Property Rights - all rights associated with:
1. works, creative outputs, copyrights, copyright registrations, designs, illustrations, marks, logos, images, and other materials used for commercial or personal purposes;
2. any U.S., Ukrainian, or foreign patents, including all reissues, continuations, renewals, extensions, or related applications;
3. moral rights, publicity rights, rights of personality, privacy, likeness, goodwill, trade secrets, and any other intellectual or proprietary rights that exist now or may arise in the future, along with all corresponding registrations or applications across any jurisdiction.

Third Party - any legal entity, public authority, agency, or individual other than the Data Subject, Data Controller, or Data Processor. This term also includes persons authorized to process Personal Data under the direct instruction of the Controller or Processor. Automatically-Collected Information / Usage Data - information gathered automatically through the Website or through integrated third-party services. This typically includes IP addresses, browser data, device identifiers, and interaction logs. Cookies - small text files stored on Your computer or mobile device when You visit the Website, enabling functionality, analytics, and user experience improvements. Data Controller / Owner - the entity that determines the purposes and methods of processing Personal Data. For the purposes of this Policy, the Data Controller is the Company. For this Website: Utopian Design. Contact: hi@utopian.pro . Data Processor - any natural or legal person that processes Personal Data on behalf of the Controller in accordance with this Policy. European Union / EU - references to the European Union include all current EU Member States as well as the European Economic Area (EEA), unless explicitly stated otherwise. Personal Data / Personal Information - any information relating to an identified or identifiable natural person, whether directly or indirectly. Examples include, but are not limited to, name, email address, contact details, login data, and other identifiers. Processing - any operation or set of operations performed on Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction. Cross-Border Data Transfer / CBDT - the transfer of Personal Data from Controllers located within the EU/EEA to recipients located outside the EU/EEA, whether such recipients act as Controllers or Processors. IP Address - a unique numerical label assigned to a device on a network using the Internet Protocol, used to identify and route communications.

Data Protection Contact

UTOPIAN.PRO is a digital product design agency with a global team dedicated to creating high-performing design solutions for modern digital products, including SaaS platforms, enterprise tools, and complex management systems. Utopian Design has designated a Data Protection Contact responsible for overseeing compliance with this Policy. For any privacy-related requests, questions, or complaints, please contact:

Address: Rennemigstraat 60, 6413BV Heerlen, Netherlands

Email: hi@utopian.pro

We aim to respond to all privacy-related requests within 30 calendar days. Complex requests may take up to 3 months; we will notify you if this is the case.

User's Privacy Rights

Each individual’s personal and non-proprietary rights in relation to Personal Data are inalienable and protected by applicable law. As a data subject under GDPR and Dutch law, you have the following rights:

Right of Access (Art. 15 GDPR)

Request confirmation of whether we process your Personal Data and obtain a copy, including information on purposes, categories, recipients, and retention periods.

Right to Rectification (Art. 16 GDPR)

Request correction of inaccurate, incomplete, or outdated Personal Data.

Right to Erasure (Art. 17 GDPR)

Request deletion of your Personal Data where it is no longer necessary, where you withdraw consent, or where processing is unlawful. Deletion will be completed within 30 days of a valid request, unless legal retention obligations apply.

Right to Restriction (Art. 18 GDPR)

Request that we restrict processing in certain circumstances, for example while accuracy is being verified.

Right to Data Portability (Art. 20 GDPR)

Receive your Personal Data in a structured, machine-readable format and request transfer to another controller where technically feasible.

Right to Object (Art. 21 GDPR)

Object to processing where we rely on legitimate interests. We will cease processing unless we demonstrate compelling grounds that override your interests.

Right to Withdraw Consent

You may withdraw Your consent to the Processing of Your Personal Data at any time. If You believe that Your right to privacy outweighs Our legitimate interests, You may request termination of Processing. The Company may retain anonymized, non-identifiable records for analytical or security purposes. All Personal Data will be deleted within thirty (30) days of receiving Your request. For such requests, please contact Us at hi@utopian.pro .

Right to Information

You have the right to request a description of all Personal Data the Company holds about You. While We may take up to thirty (30) days to process such requests, We strive to respond as promptly as reasonably possible.

Right to Lodge a Complaint

You may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Address: Postbus 93374, 2509 AJ Den Haag, Netherlands

Phone: +31 (0)88 1805 250

Autoriteit Persoonsgegevens

EU residents may also contact the supervisory authority in their country of residence. To exercise any of these rights, contact hi@utopian.pro . We will never discriminate against you for exercising your rights.

Information We Collect

We collect Personal Data and other information that Users voluntarily provide when interacting with the Website, including through sections such as “Let’s Talk” or “Careers.” This Data is collected directly from You when You complete and submit any of the relevant forms. Personal Data is gathered only with Your explicit consent and solely for purposes described in this Policy. In addition to the information You choose to provide, We also collect certain Usage Data automatically when You browse or interact with the Website. This includes technical and analytical data necessary for Website functionality, security, and performance.

Data You Voluntarily Provide

When You complete a form on UTOPIAN.PRO — such as in the “Let’s Talk” or “Careers” sections — You may be asked to provide certain Personal Data. You may also choose to share Personal Data with Us through social media channels (such as Instagram or Facebook), direct messages, chats, or other communication tools used by UTOPIAN.PRO.

We may collect the following categories of Personal Data:

• Your full name;
• Your email address;
• Your phone number;
• Your company name;
• Links to Your social media accounts;
• A link to Your resume or portfolio, or the files themselves;
• Any information You provide voluntarily within the “Careers” form or other inquiry fields (Careers form);
• Project description and budget range (Let's Talk form).

All Personal Data requested by UTOPIAN.PRO is necessary to ensure effective communication and to evaluate inquiries, project requests, or career applications. Failure to provide the required information may limit or prevent Our ability to respond or deliver certain Services.

Information Collected Automatically (Usage Data)

In addition to the Personal Data You voluntarily provide, We automatically collect certain information when You browse or interact with the Website. Some of this information may qualify as Personal Data depending on the jurisdiction and the specific type of Data collected. This Usage Data helps Us maintain Website functionality, ensure security, and enhance the performance and quality of Our Services.

When You access or use the Website, We may collect Usage Data such as:

• Browser type;
• Browser version;
• Type of device You use;
• Pages of the Website You visit;
• Date and time of Your visit;
• Referring URL;
• Time spent on specific pages;
• Unique device identifiers;
• IP address (may constitute Personal Data);
• Geolocation data (may constitute Personal Data);
• Other relevant technical or diagnostic information.

This information is collected automatically through standard technologies such as server logs, cookies, and similar tools used to optimize the Website’s performance and ensure smooth operation.

Use of Cookies and Similar Technologies

The Website uses cookies and similar technologies. We use a cookie consent banner through which you can manage your preferences by category. We currently use two categories of cookies: Session Cookies — essential for the Website to function correctly. These do not require your consent. Session Cookies store information You enter and track Your navigation across the Website. Data generated through Session Cookies may be retained for up to one (1) calendar year unless otherwise required by law or unless You delete them manually.

Cookies and similar tracking technologies used on this Website serve the following purposes:

• Collecting standard web analytics data;
• Gathering information through HTML Cookies, Flash Cookies, web beacons, pixel tags, and comparable technologies;
• Obtaining demographic insights and preferences to help Us tailor Website content and improve User experience;
• Sharing certain anonymized or aggregated information with trusted third-party partners who assist Us in operating, maintaining, or improving the Website.

You may delete existing Cookies by clearing Your browser’s history. You can also configure Your browser settings to block Cookies; however, doing so may require You to manually reset preferences and may limit certain Website functionalities. If You reside in the European Union or are an EU citizen, Cookie usage that relies on consent follows Article 6(1)(a) of the General Data Protection Regulation (GDPR). Consent is obtained through the Cookie notice displayed on Our Website. Additionally, when You visit or log in to the Website, Cookies and similar technologies may be used by Our online data partners or vendors to link Website activity with other personal information they hold, including email or postal addresses. This may allow Us (or service providers acting on Our behalf) to deliver communications or marketing to those addresses. You may opt out of this type of advertising at: https://app.retention.com/optout

Legal Grounds & Purposes for Processing

Legal Basis for Handling Personal Data

We process Your Personal Data in accordance with the legal bases permitted under applicable data protection laws, including the GDPR, CCPA/CPRA, and other relevant regulations. The Processing of Your Personal Data may occur on the following grounds:

• Consent (Art. 6(1)(a)) — analytics cookies and any processing you have specifically agreed to.
• Pre-contractual measures (Art. 6(1)(b)) — processing data submitted via "Let's Talk" to prepare a service proposal at your request.
• Legitimate interests (Art. 6(1)(f)) — responding to inquiries, maintaining Website security, and preventing fraud. We have assessed that these interests do not override your fundamental rights.
• Legal obligation (Art. 6(1)(c)) — where processing is required by Dutch, EU, or applicable Ukrainian law.

If You have provided explicit consent for the Processing of Your Personal Data for a particular purpose, You retain the right to withdraw this consent at any time. To exercise this right or for any related inquiries, please contact Us at hi@utopian.pro .

Purpose of Data Processing

We collect and use Your Personal Data to provide and improve Our Services, respond to Your inquiries, communicate effectively, and operate in accordance with applicable laws. All Personal Data is stored securely in compliance with the Law of Ukraine “On Personal Data Protection” (01.06.2010), the EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR), and the California Consumer Privacy Act 2018 (CCPA).

Typical purposes for Processing Your Personal Data include:

1. Provision of Services To deliver Our Services efficiently, We require certain Personal Data from Users via questionnaires or forms on the Website. This information allows Us to understand Your needs, streamline communication, and prepare tailored offers.
2. Responding to Requests and Inquiries When You contact Us via email or other communication channels, We use Your Personal Data to respond to Your requests. While We aim to reply promptly, responses may take up to thirty (30) days in some cases.
3. Recruitment and Careers Through the “Careers” section, You may submit Personal Data to apply for opportunities with UTOPIAN.PRO. By doing so, You consent to the Processing of this data for recruitment and hiring purposes.
4. Website analytics Understanding user interactions to improve performance (Google Analytics, consent-based).
5. Protection of Legal Rights and Prevention of Abuse We may Process Personal Data to protect the Website, Our business interests, and Third Parties. This includes preventing unauthorized use, illegal activities, fraud, or violations of this Policy that could threaten security or legal rights.
6. Compliance with Legal Obligations Personal Data may be disclosed in response to lawful requests, such as subpoenas, court orders, regulatory inquiries, or requests from law enforcement, including matters related to national security or public safety.
7. Customer Support and Service Updates We use Personal Data to provide support, address technical issues, notify You of changes to Our Services, and ensure optimal performance through error resolution and ongoing maintenance.
8. Portfolio and marketing Showcasing completed work, subject to agreement in the service contract.

Terms of Data Storage

We retain Your Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy. Personal Data is stored and processed solely to the extent required to:

• Comply with applicable legal obligations;
• Resolve disputes and enforce Our agreements;
• Uphold the terms of this Policy and protect Our legitimate interests.

Project inquiries

Data Types: Name, email, company, project description;
Retention Period: 2 years;
Justification: Legitimate interest; pre-contractual measures.

Career applications

Data Types: Name, email, CV, cover letter, portfolio;
Retention Period: 1 year;
Justification: Consent; deleted earlier on request.

Analytics (Usage Data)

Data Types: IP address, pages visited, session data
Retention Period: 26 months;
Justification: Consent (Art. 6(1)(a)); Google Analytics default setting.

Email correspondence

Data Types: Email content and metadata;
Retention Period: 3 years;
Justification: Legitimate interest; legal compliance.

Financial / contract records

Data Types: Invoice data, contract details;
Retention Period: 7 years;
Justification: Dutch tax law (Art. 52 AWR — mandatory 7-year retention).

Legal claims data

Data Types: Any data relevant to a dispute;
Retention Period: Until resolved + 1 year;
Justification: Legal obligation; legitimate interest in defence of claims.

Note on analytics retention: Usage data is retained for a maximum of 26 months, in line with Google Analytics' standard retention settings. This replaces a previously stated 6-year period, which lacked sufficient justification under the GDPR data minimisation principle (Article 5(1)(e)). Personal data will be securely deleted or anonymised once no longer needed. You may request earlier deletion under your right to erasure.

Our Methods of Processing Your Information

Where and How Your Data Is Stored

Personal Data is processed at our registered address in Heerlen, Netherlands, and may also be processed by our team of contractors in Ukraine under appropriate safeguards. We implement technical and organisational security measures commensurate with the risk, including access controls, encrypted communications, and secure storage. No system can be guaranteed completely secure. While we take all reasonable steps to protect your data, submission of Personal Data is at your own risk.

Cross-Border Transfers

In some cases, Data transfer may involve transferring User Data to countries outside of Your jurisdiction. Details regarding the locations where Personal Data may be processed are provided in Section 7.2 – Cross-Border Data Transfers.

Data Storage

To securely store Personal Data, We typically use HubSpot services , provided by HubSpot, Inc. HubSpot complies with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the California Consumer Privacy Act 2018 (CCPA) . You can review HubSpot’s privacy policy here: HubSpot Privacy Policy . We reserve the right to change or replace our database service provider at any time without prior notice to Users.

Automatically-Collected Information

Third-party servers, including those operated by Google, are used to collect and store automatically-collected information such as Usage Data.

Google Analytics

Google Analytics, provided by Google LLC, tracks and reports Website usage to help Us understand how Users interact with Our Website. The data collected may also be used by Google to personalize ads across its services. You can review Google Privacy Policy . Cookies may be set on Your device by Google Analytics to support this functionality.

Google Ads Remarketing

We use Google Ads (AdWords) remarketing services to deliver targeted advertising. You can manage or opt out of Google Ads personalization and display advertising through the Google Ads settings page .

International Transfers of Information

Cross-border transfer of Personal Data may occur when necessary for the conclusion or performance of a contract between the Company (Controller) and a Third Party, provided that such transfers are in the best interests of the Data Subject.

We ensure such transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission — for transfers to HubSpot and Google in the US.
• Contractual safeguards and access controls — for transfers to our Ukraine-based team members, including data processing agreements.

Personal Data may be transferred to:

• Third countries only if appropriate safeguards are in place to ensure adequate protection of Personal Data;
• Countries whose legal system has been recognized by the European Commission as providing an “adequate level of Personal Data protection.”

While most provisions of this Policy apply to all Users, certain requirements are applicable specifically when Personal Data is processed under higher standards of protection, including GDPR or CCPA.

These broader standards of protection apply when:

• Personal Data is processed within the European Union by the Company;
• The Personal Data of Users located in the EU is processed and the Company exercises control over such Processing.

For Users in the United States , the California Consumer Privacy Act 2018 (CCPA) applies: https://oag.ca.gov/privacy/ccpa . For Users in the European Union , the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) applies: https://eur-lex.europa.eu/eli/reg/2016/679/oj . For all other Users located in countries outside the EU or US, Personal Data is subject to the domestic data protection laws of the respective jurisdiction.

When We Share Your Personal Data

Any Personal Data We collect or that You provide may be processed by authorized entities within the Company. We do not sell or transfer Your Personal Data for commercial purposes.

Personal Data may be shared only in the following limited circumstances:

• Authorised processors — third-party service providers listed in Section 9.2, acting under our instruction.
• Legal obligations — authorities where required by Dutch, EU, or applicable law (e.g. court orders, regulatory requests).
• Protection of rights — to protect the legal rights, property, or safety of the Company, its users, or third parties.
• Business transfers — in the event of a merger, acquisition, or restructuring. The new entity will be bound by this Policy.
• Anonymised data — aggregated data that cannot identify any individual may be used for analytics or research.

Third-Party Websites and External Links

Our Services may include links to websites or services operated by Third Parties, over which the Company has no control. When accessing a Third-Party website, We strongly encourage You to review its privacy policy and terms of service before providing any Personal Data. The Company is not responsible for the content, privacy practices, or actions of any Third-Party websites, and such Third Parties are solely responsible for their own Data handling practices.

Data Processing Agreements for Business Clients

Where Utopian Design processes personal data on behalf of a business client — for example, where a client shares user data as part of a design project — we may act as a Data Processor under GDPR Article 28. In such cases, a Data Processing Agreement (DPA) is legally required. Utopian Design will enter into a DPA with any client who requires one. To request a DPA, contact hi@utopian.pro with the subject line "DPA Request". The DPA will specify the subject matter, duration, nature and purpose of processing, the type of personal data involved, and the obligations and rights of both parties.

Change of the Controller

UTOPIAN.PRO may undergo corporate changes, including mergers, acquisitions, sales, reorganizations, bankruptcy, or other similar transactions. In such cases, Your Personal Data may be among the assets transferred to a new owner or entity. During any such corporate change, UTOPIAN.PRO will take reasonable steps to ensure that Your Personal Data continues to be protected and handled with the same level of security and confidentiality as provided under this Policy.

Children's Privacy

The Website is not directed at individuals under 16. We do not knowingly collect Personal Data from children under 16. If we discover we have done so inadvertently, we will delete it promptly. If you believe we hold data from a child, please contact hi@utopian.pro .

Applicable Law and Jurisdiction

This Privacy Policy is governed by the laws of the Netherlands and the EU General Data Protection Regulation (GDPR). The Law of Ukraine "On Personal Data Protection" (01.06.2010) applies secondarily to processing activities carried out by our Ukrainian operations team. The competent supervisory authority is:

Address: Postbus 93374, 2509 AJ Den Haag, Netherlands

Phone: +31 (0)88 1805 250

Autoriteit Persoonsgegevens

Disputes relating to this Privacy Policy are subject to the exclusive jurisdiction of the courts of the Netherlands, consistent with our Terms of Use.

Disclaimers and Limitation of Liability

UTOPIAN.PRO takes reasonable and appropriate measures to protect the Personal Data collected through the Website from unauthorized access, disclosure, alteration, or destruction. However, no system of data transmission or storage can be guaranteed to be completely secure. As such, We cannot guarantee the absolute safety of any information You provide, though We make every reasonable effort to protect Your Data. Please note that Personal Data provided to other websites is not collected or processed by UTOPIAN.PRO . Only the information You provide directly to Us on Our Website is collected, processed, and stored. Use of the Website and submission of Personal Data is at Your own risk. UTOPIAN.PRO expressly disclaims all warranties, whether express or implied, regarding security breaches, device damage, loss, unauthorized use, or any system failures that may occur.

Retention After Service Termination

If You have provided consent for the Processing of Your Personal Data, the Company may retain such Data for a longer period until You withdraw Your consent . Additionally, Personal Data may be retained beyond the usual retention period when required to comply with legal obligations, regulatory requirements, or orders issued by competent authorities.

Additional Notice for California Residents (CCPA)

This section applies exclusively to the Processing of Personal Data subject to the California Consumer Privacy Act of 2018 (CCPA) . The CCPA provides California residents with the right to know the categories of Personal Data the Company has collected about them in the preceding 12 months.

Sale of Personal Data

For the purposes of the CCPA, UTOPIAN.PRO does not “sell” Personal Data and has no actual knowledge of any “sale” of Personal Data of minors under 16 years of age.

California residents may exercise the right to opt-out of any potential sale of their Personal Data by contacting Us as outlined in the Contact Us section below.

Additional Rights for California Residents

• Non-Discrimination: California residents have the right not to be discriminated against for exercising their rights under the CCPA.
• Authorized Agent: Only You, or a person legally authorized to act on Your behalf, may submit a verifiable consumer request regarding Your Personal Data. This includes requests on behalf of a minor child. To designate an authorized agent, please contact Us as specified in the Contact Us section and provide a written authorization signed by both You and the agent.
• Exercise of Rights: To exercise any of Your CCPA rights, please contact Us as indicated in Contact Us. All requests will be processed in accordance with applicable laws.
• Accessibility: This Privacy Policy follows industry-standard technologies and adheres to the World Wide Web Consortium’s Web Content Accessibility Guidelines (WCAG) 2.1.
• California “Shine the Light” Law: California residents may request, once per calendar year and free of charge, a list of Third Parties to whom the Company has disclosed their Personal Data for direct marketing purposes, along with the categories of Personal Data disclosed.

Contact Us

If You have any questions, concerns, or requests regarding this Privacy Policy, or if You wish to withdraw Your consent and request that We no longer retain any of Your Personal Data, please contact Us at:

Eenmanszaak: KVK 99611333

Rennemigstraat 60, 6413BV Heerlen, Netherlands

Email: hi@utopian.pro

Website: utopian.pro