Privacy Policy

1. Introduction

This Privacy Policy explains how Hexaphase (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit www.hexaphase.com (“Website”). We are committed to safeguarding your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and applicable Bulgarian law.

Hexaphase is the data controller responsible for processing your personal data. If you have any questions, you may contact us using the details at the end of this Policy.

By using our Website, you agree to the terms of this Privacy Policy.

 

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1. Data you provide directly

  • Contact form information: name, email address, and any message you submit.

2.2. Data collected automatically

  • Technical data: IP address, browser type, operating system, device information.
  • Usage data: pages visited, time spent on the Website, navigation paths, referral sources.
  • Cookies and similar technologies: see Section 9.

2.3. Communications

Any information you send to us via email or through the Website.

We do not collect sensitive personal data.

If you provide personal data about another person, you must ensure you have their permission to do so.

 

3. Legal Bases for Processing

We process your personal data only when permitted by GDPR:

  • Consent: when you submit the contact form or accept non‑essential cookies.
  • Legitimate interest: to maintain Website security, analyze Website performance, and improve user experience.
  • Legal obligation: when required to comply with applicable laws.

 

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To operate, maintain, and improve our Website.
  • To respond to inquiries submitted through the contact form.
  • To analyze Website usage and performance.
  • To ensure Website security and prevent misuse.
  • To comply with legal obligations.

We do not use your personal data for direct marketing unless you explicitly request or consent to it.

We do not offer user accounts, internal messaging systems, or user‑generated content features.

 

5. Sharing Your Personal Data

We may share your personal data with:

  • Service providers such as hosting partners and analytics providers (acting as data processors).
  • Professional advisers (legal, accounting, etc.).
  • Authorities when required by law.

We do not sell or rent your personal data.

All third‑party processors are bound by GDPR‑compliant agreements ensuring your data is protected.

 

6. International Data Transfers

Some of our service providers (e.g., Google Analytics) may process data outside the European Union.

When such transfers occur, they are protected by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions (where applicable).
  • The EU‑US Data Privacy Framework (for participating U.S. entities).

We ensure that all international transfers comply with GDPR requirements.

 

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy.

Typical retention periods:

  • Contact form submissions: up to 12 months.
  • Server logs: up to 30 days, unless required for security or legal purposes.
  • Analytics data: according to the retention settings of the analytics provider (e.g., Google Analytics).

We may retain data longer when required by law or necessary to establish, exercise, or defend legal claims.

 

8. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Secure hosting environment
  • Firewalls and access controls
  • Encryption where applicable
  • Regular monitoring for vulnerabilities

However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute protection.

 

9. Cookies

Our Website uses cookies to improve functionality, analyze performance, and enhance user experience.

9.1. Types of cookies we use

  • Essential cookies: required for the Website to function.
  • Analytics cookies: help us understand how visitors use the Website (e.g., Google Analytics).
  • Marketing cookies: used only if you run ads or remarketing (remove if not applicable).

Non‑essential cookies are used only with your consent, which you can manage through our cookie banner.

9.2. Managing cookies

You can manage or delete cookies through your browser settings.
You can also adjust your preferences at any time using our cookie banner.

Blocking certain cookies may affect Website functionality.

 

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access – request a copy of your personal data.
  • Right to rectification – correct inaccurate or incomplete data.
  • Right to erasure – request deletion of your data (“right to be forgotten”).
  • Right to restrict processing – limit how your data is used.
  • Right to object – object to processing based on legitimate interests.
  • Right to data portability – receive your data in a structured, machine‑readable format.
  • Right to withdraw consent – at any time, for processing based on consent.
  • Right to lodge a complaint – with the Bulgarian Commission for Personal Data Protection (CPDP).

We may request proof of identity before fulfilling your request.

 

11. Changes to This Policy

We may update this Privacy Policy from time to time.
The latest version will always be available on this page.

 

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, you may contact us at:

Hexaphase
Website: www.hexaphase.com
Email: office@hexaphase.com

Return to Home