Privacy Policy — Hristo Hristov

1. Who we are

This website is operated by Hristo Hristov, a growth consultant based in Cyprus. References to "we", "us", or "our" in this policy refer to Hristo Hristov as the data controller.

Website: hristohristovhristo.com
Contact: hristo@hristohristovhristo.com

2. Data we collect

Contact form

When you submit the enquiry form on this site, we collect the information you provide:

Name and email address
Company name, role, and website
Business type and annual revenue range
Service interest, budget range, and timeline
How you heard about us
A description of your growth challenge

This data is submitted via Formspree and stored securely to allow us to respond to your enquiry. We do not use it for marketing without your explicit consent.

Analytics

We use Google Analytics 4 (GA4) to understand how visitors use this site. GA4 collects anonymised data including pages visited, time on site, device type, and approximate location (country/city level). IP addresses are anonymised and we do not enable advertising features or share data with Google for ad targeting.

Calendar booking

If you book a strategy call via Calendly, Calendly collects your name, email, and scheduling preferences. This is governed by Calendly's own privacy policy.

What we do not collect

We do not collect payment information, special category data, or data from minors. We do not use social media tracking pixels or retargeting cookies.

3. How we use your data

To respond to your enquiry and evaluate whether we can work together
To schedule and manage strategy calls
To understand and improve website performance (analytics only)
To comply with legal obligations where required

We do not use your data for automated decision-making or profiling.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

Legitimate interest — website analytics (anonymised, non-intrusive measurement of site performance)
Contract performance / pre-contractual steps — responding to your enquiry and evaluating a potential engagement
Legal obligation — where we are required to retain or disclose data by law

5. How long we keep your data

Contact form submissions — retained for up to 24 months from the date of submission, or until you request deletion
GA4 analytics data — retained for 14 months (Google Analytics default), then automatically deleted
Calendly booking data — governed by Calendly's own retention policy

6. Third-party processors

We use the following third-party services to operate this website. Each is bound by a data processing agreement and applicable data protection law.

Service Purpose Location

Formspree Receives and stores contact form submissions and forwards them by email United States

Google Analytics 4 Anonymised website analytics — pages, sessions, device type, country United States

Calendly Strategy call scheduling and calendar management United States

Data transfers to the United States are made under Standard Contractual Clauses (SCCs) or equivalent adequacy mechanisms as required by GDPR.

7. Cookies

This site uses a small number of cookies, all placed by Google Analytics 4. These cookies are used solely for anonymised analytics and are not used for advertising or cross-site tracking.

_ga — distinguishes unique users. Expires after 2 years.
_ga_[ID] — maintains session state. Expires after 2 years.

You can opt out of Google Analytics tracking at any time via the Google Analytics Opt-out Browser Add-on, or by adjusting your browser's cookie settings.

8. Your rights under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate or incomplete data
Erasure — request deletion of your data ("right to be forgotten")
Restriction — request that we limit processing of your data
Portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interest
Complaint — lodge a complaint with your national data protection authority

To exercise any of these rights, email hristo@hristohristovhristo.com. We will respond within 30 days.

9. Data security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data in transit is encrypted via HTTPS. Third-party processors are selected for their security and compliance standards.

No transmission over the internet is 100% secure. If you believe your data has been compromised, contact us immediately.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via the website. Continued use of the site after changes constitutes acceptance of the updated policy.

11. Contact

For any questions about this policy or your personal data, contact us at:

Hristo Hristov
hristo@hristohristovhristo.com
Cyprus, European Union