1. Introduction and Data Controller Information

EvolutionaryTechFlow ("we," "our," or "us") operates as a financial education and technology solutions provider based in Bulgaria. This privacy policy explains how we collect, use, process, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and Bulgarian Personal Data Protection Act.

As the data controller, we are responsible for ensuring your personal information is handled securely and transparently. Our registered address is ul. "Nikola Filipov" 2, 4701 Raykovo, Smolyan, Bulgaria. You can reach our data protection team at [email protected] or +359877665635.

2. Information We Collect

Personal Information You Provide

When you interact with our services, we collect information you voluntarily provide through various touchpoints:

• Contact details including full name, email address, phone number, and business address
• Professional information such as job title, company name, industry sector, and business size
• Educational program preferences, learning objectives, and skill assessment responses
• Communication records from consultations, support requests, and program inquiries
• Payment information processed through secure third-party payment processors
• Feedback, testimonials, and program evaluation responses

Automatically Collected Technical Data

Our systems automatically gather certain technical information to improve service delivery:

Data Type	Purpose	Retention Period
IP Address & Location	Security monitoring and content localization	12 months
Browser & Device Information	Technical optimization and compatibility	24 months
Website Usage Analytics	Service improvement and user experience enhancement	36 months

3. How We Use Your Information

We process your personal data based on several legal grounds under GDPR, ensuring each use serves a legitimate purpose related to our educational and financial consultation services.

Educational Service Delivery

Your information enables us to provide personalized learning experiences, customize program content to match your professional goals, and maintain ongoing support throughout your educational journey. We use contact details to schedule consultations, send program updates, and provide technical assistance when needed.

Business Communication and Support

We rely on your information to respond to inquiries, process service requests, and maintain professional relationships with our clients. This includes sending educational resources, industry insights, and program announcements that align with your indicated interests.

4. Information Sharing and Third-Party Relationships

We maintain strict control over your personal information and limit sharing to essential service providers who help us deliver educational programs and maintain our technical infrastructure.

Service Providers and Partners

• Payment processors for secure transaction handling (data limited to billing information)
• Email service providers for program communications and educational content delivery
• Cloud storage providers operating within EU data protection standards
• Analytics services using anonymized data to improve our educational offerings
• Educational technology partners for specialized learning platform features

All third-party relationships include comprehensive data protection agreements ensuring your information receives the same level of protection we provide directly. We conduct regular reviews of partner compliance with privacy requirements.

Legal Requirements and Business Protection

We may disclose personal information when required by Bulgarian or EU law, court orders, or regulatory investigations. Additionally, we reserve the right to share information necessary to protect our legitimate business interests, prevent fraud, or ensure the safety of our educational community.

5. Data Security and Protection Measures

We implement comprehensive security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our approach combines technical safeguards with organizational policies to ensure data remains secure throughout its lifecycle with us.

Technical Security Controls

All data transmission occurs through encrypted channels using industry-standard TLS protocols. Our systems employ multi-factor authentication for administrative access, automated security monitoring, and regular vulnerability assessments. Personal information is stored in secure databases with access limited to authorized personnel who require the information for their specific job functions.

Organizational Safeguards

Our team receives regular training on data protection requirements and privacy best practices. We maintain detailed access logs, conduct periodic security reviews, and have established incident response procedures to address any potential data security issues promptly and effectively.

6. Your Privacy Rights and Control Options

Under GDPR and Bulgarian data protection law, you possess several important rights regarding your personal information. We are committed to facilitating the exercise of these rights through clear procedures and reasonable response times.

Access and Portability Rights

You can request a complete copy of all personal information we hold about you, including details about how we use this data and with whom we share it. We provide this information in a structured, commonly used format that allows you to transfer your data to another service provider if desired.

Correction and Deletion Rights

You may request corrections to any inaccurate personal information or ask us to delete your data entirely. We will process deletion requests promptly, though some information may need to be retained for legal compliance or legitimate business purposes. In such cases, we will explain the specific reasons for retention.

Communication Preferences

You can modify your communication preferences at any time, including opting out of marketing communications while continuing to receive essential service-related messages. We provide simple unsubscribe options in all promotional emails and honor opt-out requests immediately.

7. Data Retention and Deletion Policies

We retain personal information only as long as necessary to fulfill the purposes for which it was collected or as required by applicable legal obligations. Our retention periods balance your privacy interests with our legitimate business needs and regulatory requirements.

Standard Retention Periods

Educational program records are maintained for seven years after program completion to support continuing education requirements and professional development tracking. Marketing communication data is retained for three years from last interaction unless you specifically request earlier deletion.

Financial transaction records are kept for ten years in accordance with Bulgarian accounting and tax regulations. Technical logs and security data are automatically deleted after two years unless required for ongoing security investigations.

Secure Deletion Procedures

When retention periods expire or you request data deletion, we use secure deletion methods that make information unrecoverable. This includes overwriting digital storage media and ensuring complete removal from backup systems within reasonable timeframes.

8. International Data Transfers and Cross-Border Processing

While we primarily process data within the European Union, some essential services may involve limited data transfers to countries outside the EU/EEA region. We ensure all international transfers comply with GDPR requirements through appropriate safeguards.

When transfers occur, we rely on European Commission adequacy decisions or implement Standard Contractual Clauses with additional technical and organizational measures to protect your information. We regularly review the necessity and security of any international data processing arrangements.

Third-Country Processing Safeguards

For services requiring data processing outside the EU, we conduct thorough assessments of data protection laws and practices in destination countries. We implement supplementary measures including enhanced encryption, data minimization, and contractual protections to ensure your information remains secure regardless of processing location.

9. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site usage, and provide personalized content. We categorize cookies based on their purpose and provide you with control over non-essential cookie acceptance.

Cookie Categories and Purposes

Essential cookies enable basic website functionality and security features. These cannot be disabled without affecting site operation. Analytics cookies help us understand how visitors interact with our content, allowing us to improve user experience and educational content delivery.

Marketing cookies track your interests and preferences to provide relevant educational program suggestions and industry insights. You can manage these preferences through our cookie consent tool or your browser settings.

Third-Party Analytics and Marketing Tools

We use industry-standard analytics services to measure website performance and user engagement. These tools collect anonymized data about site usage patterns, popular content, and user journey flows to help us optimize our educational offerings and website functionality.

10. Updates to This Privacy Policy

We review and update this privacy policy regularly to reflect changes in our services, legal requirements, or data processing practices. Material changes will be communicated through email notifications to active clients and prominent website notices for general visitors.

Minor updates for clarity or additional detail may be implemented without specific notification, though we always indicate the last revision date at the top of this policy. We encourage you to review this policy periodically to stay informed about our data protection practices.

Notification of Changes

For significant policy changes that may affect how we use your personal information, we provide at least 30 days advance notice through direct communication. This gives you time to review changes and exercise your rights, including data deletion, if you disagree with new processing activities.