1. Who We Are
This website (haide.digital) is operated by "Beyond Marketing" Ltd (referred to as "Haide Digital," "we," "us," or "our"), a company registered in Bulgaria.
Legal entity: "Beyond Marketing" Ltd
VAT number: BG208507915
Registered office: 10A Marin Todorov Street, Entrance B, Floor 4, Apartment 38, 1700 Sofia, Bulgaria
Contact email: hello@haide.digital
We act as the data controller for personal data collected through this website.
2. What Data We Collect
2.1 Data you provide directly
When you use our contact form, book a discovery call, or email us, we collect:
- Name
- Email address
- Company name (if provided)
- Phone number (if provided)
- Message content
- Any other information you choose to include
2.2 Data collected automatically
When you visit our website, we collect certain data automatically through cookies and similar technologies:
- Analytics data (Google Analytics 4): Pages visited, session duration, referring source, approximate geographic location (city-level, based on IP), device type, browser type, screen resolution. IP addresses are anonymized before processing.
- Technical log data: Your IP address, browser type, operating system, and request timestamps may be recorded in server logs for security and performance monitoring. These logs are retained for a maximum of 30 days.
2.3 Data we do not collect
We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, biometric data). We do not knowingly collect data from individuals under 16 years of age.
3. Why We Process Your Data (Legal Basis)
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Responding to your inquiry | Name, email, message content | Art. 6(1)(b) — necessary to take steps at your request prior to entering a contract |
| Sending a proposal or growth plan | Name, email, company | Art. 6(1)(b) — pre-contractual measures |
| Website analytics | Anonymized usage data via GA4 | Art. 6(1)(a) — your consent (via cookie banner) |
| Website security and performance | Server logs, IP addresses | Art. 6(1)(f) — legitimate interest in maintaining a secure, functional website |
| Fulfilling a service contract | Name, email, company, project data | Art. 6(1)(b) — necessary for contract performance |
We do not use your data for automated decision-making or profiling.
4. Cookies
We use cookies on this website. For a detailed breakdown of each cookie, its purpose, and its retention period, see our Cookie Policy.
In summary:
- Strictly necessary cookies: Required for the website to function. No consent needed.
- Analytics cookies (Google Analytics 4): Placed only after you give consent through our cookie banner. You can withdraw consent at any time by clicking the cookie settings link in the footer or clearing your browser cookies.
We do not use advertising or tracking cookies.
5. Who We Share Data With
We share personal data only with the following categories of processors, and only to the extent necessary:
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Google LLC (Google Analytics 4) | Website analytics | USA | EU-US Data Privacy Framework (DPF) |
| Vercel Inc. | Website hosting and server logs | USA/EU | EU-US DPF; data processing agreement |
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
6. International Data Transfers
Some of our processors (Google, Vercel) process data in the United States. These transfers are protected by:
- The EU-US Data Privacy Framework adequacy decision (adopted July 10, 2023), under which both Google LLC and Vercel Inc. are certified participants.
- Standard Contractual Clauses (SCCs) as a supplementary safeguard where applicable.
We do not transfer personal data to countries outside the EU/EEA without appropriate safeguards in place.
7. How Long We Keep Data
| Data type | Retention period |
|---|---|
| Contact form submissions | 24 months from last interaction, then deleted |
| Email correspondence | Duration of business relationship + 12 months |
| Contract and project data | Duration of contract + 5 years (Bulgarian commercial law) |
| Google Analytics data | 14 months (GA4 default retention setting) |
| Server logs | 30 days |
| Cookie consent records | 12 months (then re-prompted) |
After the retention period expires, data is permanently deleted or anonymized.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of the data we hold about you
- Right to rectification (Art. 16) — request correction of inaccurate data
- Right to erasure (Art. 17) — request deletion of your data
- Right to restrict processing (Art. 18) — request that we limit how we use your data
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, email us at hello@haide.digital. We will respond within 30 days. If the request is complex, we may extend this by an additional 60 days with notice.
9. Right to Lodge a Complaint
If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:
Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
Website: cpdp.bg
Email: kzld@cpdp.bg
You may also lodge a complaint with the supervisory authority in your country of residence.
10. Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include:
- HTTPS encryption across the entire website
- Access controls limiting who can view personal data
- Regular review of data processing practices
No method of transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.
11. Children
This website is not directed at individuals under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. If changes are material, we will notify users through a prominent notice on the website.
13. Contact
For any questions about this Privacy Policy or your personal data, contact us at:
"Beyond Marketing" Ltd (trading as Haide Digital)
Email: hello@haide.digital
Address: 10A Marin Todorov Street, Entrance B, Floor 4, Apartment 38, 1700 Sofia, Bulgaria