1. Who We Are
This website (haide.digital) is operated by "Beyond Marketing" Ltd (referred to as "Haide Digital," "we," "us," or "our"), a company registered in Bulgaria.
Legal entity: "Beyond Marketing" Ltd
VAT number: BG208507915
Registered office: 10A Marin Todorov Street, Entrance B, Floor 4, Apartment 38, 1700 Sofia, Bulgaria
Contact email: hello@haide.digital
We act as the data controller for personal data collected through this website.
2. What Data We Collect
2.1 Data you provide directly
When you use our contact form, book a discovery call, or email us, we collect:
- Name
- Email address
- Company name (if provided)
- Website URL (if provided)
- Phone number (if provided)
- Message content
- Any other information you choose to include
2.2 Data collected automatically
When you give consent through our cookie banner, we collect certain data automatically through cookies and similar technologies:
- Analytics data (Google Analytics 4): Pages visited, session duration, referring source, approximate geographic location (city-level), device type, browser type, and screen resolution. GA4 uses your IP address to derive geographic location; for visitors in the EU/EEA, IP addresses are not stored after the location is derived, per Google's documented EU data handling.
- Behavioral analytics and session replay (Microsoft Clarity): Mouse movements, clicks, scroll depth, page navigation, and aggregated heatmaps. Clarity records anonymized session replays to help us understand how the site is used. Form input fields containing personal data (name, email, phone, message) are masked at the source — Clarity records that a field was filled in, not its contents. Clarity does not collect data that could be used to identify you personally.
- Technical log data: Your IP address, browser type, operating system, and request timestamps may be recorded in server logs for security and performance monitoring. These logs are retained for a maximum of 30 days.
- Performance metrics (Vercel Speed Insights): Aggregated Core Web Vitals (LCP, CLS, INP, FCP, TTFB), the URL of the page being measured, country-level location derived from IP, connection type, and an anonymous in-memory session identifier that is cleared on page reload. Speed Insights does not set cookies, does not use persistent identifiers, and does not track you across sessions. It is processed under our legitimate interest in maintaining a performant website (Art. 6(1)(f) GDPR).
2.3 Data we do not collect
We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, biometric data). We do not knowingly collect data from individuals under 16 years of age.
3. Why We Process Your Data (Legal Basis)
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Responding to your inquiry | Name, email, message content | Art. 6(1)(b) — necessary to take steps at your request prior to entering a contract |
| Sending a proposal or growth plan | Name, email, company | Art. 6(1)(b) — pre-contractual measures |
| Website analytics and session replay | Anonymized usage data via GA4 and Microsoft Clarity | Art. 6(1)(a) — your consent (via cookie banner) |
| Website security and performance | Server logs, IP addresses, anonymized Core Web Vitals (Vercel Speed Insights) | Art. 6(1)(f) — legitimate interest in maintaining a secure, functional website |
| Fulfilling a service contract | Name, email, company, project data | Art. 6(1)(b) — necessary for contract performance |
We do not use your data for automated decision-making or profiling.
4. Cookies
We use cookies on this website. For a detailed breakdown of each cookie, its purpose, and its retention period, see our Cookie Policy.
In summary:
- Strictly necessary cookies: Required for the website to function. No consent needed.
- Analytics cookies (Google Analytics 4 and Microsoft Clarity): Placed only after you give consent through our cookie banner. You can withdraw consent at any time by clicking the cookie settings link in the footer or clearing your browser cookies.
We do not use advertising or tracking cookies.
A "Marketing" category appears in our consent banner as a reserved placeholder. No marketing cookies are active today. If we ever introduce them, this policy will be updated and consent will be re-requested before any such cookie is placed.
5. Who We Share Data With
We share personal data only with the following categories of processors, and only to the extent necessary:
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Google LLC (Google Analytics 4) | Website analytics | USA | EU-US Data Privacy Framework (DPF) |
| Microsoft Corporation (Microsoft Clarity) | Behavioral analytics and session replay | USA | EU-US Data Privacy Framework (DPF); Microsoft Online Services data protection terms |
| Notion Labs, Inc. | Storing contact form submissions in our CRM | USA | EU-US Data Privacy Framework (DPF); data processing addendum |
| Vercel Inc. | Website hosting, server logs, and performance analytics (Speed Insights) | USA/EU | EU-US DPF; data processing agreement |
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
6. International Data Transfers
Most of our processors (Google, Microsoft, Notion, Vercel) process data in the United States. These transfers are protected by:
- The EU-US Data Privacy Framework adequacy decision (adopted July 10, 2023), under which Google LLC, Microsoft Corporation, Notion Labs, Inc., and Vercel Inc. are certified participants.
- Standard Contractual Clauses (SCCs) as a supplementary safeguard where applicable.
We do not transfer personal data to countries outside the EU/EEA without appropriate safeguards in place.
7. How Long We Keep Data
| Data type | Retention period |
|---|---|
| Contact form submissions | 24 months from last interaction, then deleted |
| Email correspondence | Duration of business relationship + 12 months |
| Contract and project data | Duration of contract + 5 years (Bulgarian commercial law) |
| Google Analytics data | 14 months (GA4 default retention setting) |
| Microsoft Clarity session data | 13 months (Microsoft Clarity default retention) |
| Server logs | 30 days |
| Vercel Speed Insights metrics | 24 hours raw, then aggregated (Vercel default) |
| Cookie consent records | 6 months (then re-prompted) |
After the retention period expires, data is permanently deleted or anonymized.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of the data we hold about you
- Right to rectification (Art. 16) — request correction of inaccurate data
- Right to erasure (Art. 17) — request deletion of your data
- Right to restrict processing (Art. 18) — request that we limit how we use your data
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, email us at hello@haide.digital. We will respond within 30 days. If the request is complex, we may extend this by an additional 60 days with notice.
9. Right to Lodge a Complaint
If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:
Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
Website: cpdp.bg
Email: kzld@cpdp.bg
You may also lodge a complaint with the supervisory authority in your country of residence.
10. Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include:
- HTTPS encryption across the entire website
- Access controls limiting who can view personal data
- Regular review of data processing practices
No method of transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.
11. Children
This website is not directed at individuals under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. If changes are material, we will notify users through a prominent notice on the website.
13. Contact
For any questions about this Privacy Policy or your personal data, contact us at:
"Beyond Marketing" Ltd (trading as Haide Digital)
Email: hello@haide.digital
Address: 10A Marin Todorov Street, Entrance B, Floor 4, Apartment 38, 1700 Sofia, Bulgaria