Privacy Policy

    Last updated: 3 February 2026

    1. Introduction

    This Privacy Policy explains how we process personal data when you use the “WDuo Digital” portfolio website (“Site”), including when you submit inquiries through our contact form.

    Data Controller (Controller): Konstantin Nikolaev Nikolov, Tsar Kaloyan 58, Pazardzhik, Bulgaria.
    Contact: konsnikolov63@gmail.com

    We act as a data controller under the EU General Data Protection Regulation (GDPR).

    This policy applies to the processing activities described below. For information about cookies and consent settings, see our Cookie Policy. Our Terms of Use may further govern your use of the Site.

    2. Data we collect

    2.1 Data you provide via the contact form

    When you submit an inquiry, we may process:

    • Full name
    • Email (required)
    • Company name (optional)
    • Budget range (dropdown)
    • Message content

    How it’s processed: The data is sent to our backend only to deliver your message to us via Resend. We do not provide user accounts or registration, and we currently do not store submitted form data in a separate database (outside email correspondence and technical logs described below).

    2.2 Analytics data (only with consent)

    If you consent to analytics technologies, we use Google Analytics 4 (GA4). GA4 may collect Site usage data (e.g., pages/events), online identifiers, and approximate technical device/browser data. We do not enable analytics without your consent.

    2.3 Technical data and logs

    When you visit the Site, technical logs may automatically process technical data (e.g., IP address, date/time, requested resource, response codes, user-agent) for security, diagnostics, and reliable operation.

    2.4 Cookies and similar technologies (including localStorage)

    We use:

    • Essential cookies (e.g., to remember UI state)
    • Analytics cookies only with consent (GA4)
    • localStorage to store your cookie consent choice (key: wduo_cookie_consent)

    Storing/accessing information on your device (including cookies/localStorage) is managed according to our Cookie Policy.

    3. How we use data (purposes and legal bases)

    3.1 Responding to inquiries and communication

    Purpose: To handle your inquiry and contact you.

    Legal basis: Taking steps at your request prior to entering into a contract (GDPR Art. 6(1)(b)) and/or our legitimate interest in responding to inquiries (GDPR Art. 6(1)(f)).

    3.2 Improving the Site with analytics (GA4) — only with consent

    Purpose: Measuring Site usage and improving the Site.

    Legal basis: Consent (GDPR Art. 6(1)(a)) provided via the cookie banner/settings. You can withdraw your consent at any time via Cookie Settings.

    3.3 Security, abuse prevention, and technical support

    Purpose: Protecting the Site and infrastructure, detecting incidents, and maintaining operation.

    Legal basis: Legitimate interest (GDPR Art. 6(1)(f)).

    3.4 Marketing

    At this time, we do not send marketing emails and we do not use your email for newsletters/promotions without separate explicit consent.

    4. Sharing / recipients

    We share data only as necessary with:

    • Hosting/infrastructure provider: Railway (hosted in an EU region)
    • Email delivery provider: Resend (to receive/send contact form messages)
    • Google (GA4) as an analytics provider (only with analytics consent)

    Where applicable, providers act as processors under our instructions and apply appropriate security measures.

    5. International transfers

    Some providers (e.g., analytics/email services) may process data outside the EEA. Where applicable, appropriate GDPR safeguards (e.g., Standard Contractual Clauses) and additional protective measures may be used depending on the provider and its configuration.

    6. Retention

    We keep data only as long as needed for the purposes above:

    • Inquiries/correspondence: until communication is completed and for a reasonable period afterwards for administration and legal protection (e.g., up to 24 months).
    • Technical logs: for a limited period depending on platform retention and security/diagnostic needs.
    • Analytics (GA4): according to our GA4 settings and your consent; you can withdraw consent at any time.
    • Consent preferences: stored locally in your browser (e.g., wduo_cookie_consent) until you change/delete them.

    7. Security

    We apply reasonable technical and organizational measures (access controls, infrastructure protection, monitoring, etc.). However, no system is completely secure.

    8. Children

    The Site is not directed at children and we do not knowingly collect personal data from individuals under 16.

    9. Your rights

    Depending on applicable law, you may have the right to access, rectify, erase, restrict processing, data portability, object (where processing is based on legitimate interests), and withdraw consent at any time (where processing is based on consent). You also have the right to lodge a complaint with a supervisory authority (in Bulgaria: the Commission for Personal Data Protection).

    10. Contact

    For privacy questions or to exercise your rights: konsnikolov63@gmail.com.