PRIVACY POLICY

1. Introduction
Tactirex Advisory EOOD is committed to protecting the privacy and personal data of our clients, partners, job applicants, and website visitors. This Privacy Policy outlines how we collect, process, store, and protect personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Bulgarian data protection laws.
We believe in full transparency, and we ensure that your data is processed fairly, lawfully, and only for the intended purposes.
2. What Data We Collect
Depending on your relationship with us, we may collect and process the following types of personal data:
Identification data: name, job title, organisation
Contact information: email address, telephone number, business address
Professional data: CVs, employment history, references (if you apply for a position or participate in a leadership development programme)
Interaction data: information submitted through our website contact forms, email correspondence, consultations
Technical data: IP address, browser type, device information (for website analytics)
We do not collect sensitive data (such as health, biometric, religious or political data) unless legally required or explicitly consented.
3. Why We Collect Your Data
We process personal data for the following purposes:
To deliver HR consulting services under contractual obligations
To respond to consultation requests and provide tailored proposals
To maintain professional contact with existing and prospective clients
To assess candidate qualifications for open positions within our advisory firm
To improve website functionality, monitor performance, and enhance user experience
To comply with legal obligations, including anti-fraud and recordkeeping requirements
All processing is based on legitimate interest, consent, contractual necessity, or legal obligation.
4. Data Sharing and Transfers
Your data is handled internally by authorised Tactirex Advisory staff only. We do not sell, rent, or trade personal data to third parties.
We may share data with selected third-party service providers (e.g., cloud hosting, email platforms) who act on our behalf and follow strict confidentiality protocols. Where necessary, we ensure that such processors offer adequate protection and sign data processing agreements.
We do not transfer your data outside the European Economic Area unless legally required and subject to appropriate safeguards (such as Standard Contractual Clauses).
5. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Retention periods depend on the type of relationship (e.g., client, candidate, website visitor):
Client/project data: retained for up to 7 years for legal and accounting purposes
Candidate information: retained for up to 2 years (unless consent is given for longer)
Website analytics data: anonymised and retained for no more than 12 months
You may request deletion of your data at any time, subject to our legal obligations.
6. Your Rights
Under GDPR, you have the right to:
Access your personal data held by us
Request correction of inaccurate data
Request erasure (right to be forgotten)
Restrict or object to processing
Withdraw consent at any time (where applicable)
Data portability (in certain contexts)
To exercise any of these rights, contact us at: [email protected]
7. Data Security
We implement organisational and technical measures to ensure your data remains secure, including:
Role-based access controls
Encryption of communications and stored data
Regular vulnerability monitoring and risk assessments
Staff training in data protection practices
In case of a data breach, we will notify affected individuals and the relevant authorities in accordance with applicable law.
8. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal obligations or our data practices. Any significant changes will be posted on this page and communicated when appropriate.