top of page

Privacy Policy

1. Introduction
This Privacy Policy explains how Tzveta Iordanova (“we”, “us”, “our”) collects, uses, stores, shares, and protects personal data when you visit or interact with www.tzvetaiordanova.com (the “Website”), including when you book a free introduction call, contact us, access blog content, or purchase or subscribe to paid materials and services (where available).
We are committed to privacy, responsible use of information, and safeguarding personal data of visitors, prospective clients, and clients.
Website platform processing (Wix). The Website is hosted and operated using Wix.com (“Wix”). In practice, many categories of personal data are collected and processed automatically through Wix’s platform features (for example, site hosting, security, performance, forms, member areas, checkout, and analytics). We access and use personal data only to the extent necessary to operate the Website, respond to requests, provide services or content (where enabled), comply with legal obligations, and protect the Website.
Controller. For the purposes of EU/UK data protection law (including GDPR/UK GDPR), the “data controller” is:
Tzveta Iordanova
Email: info@tzvetaiordanova.com
This Privacy Policy should be read together with any other notices we may provide at the point of collection (for example, on forms or booking pages) so you understand how and why we use your data.
Accuracy of your data. Please ensure the information you provide is accurate and notify us if it changes.
Children. We do not knowingly collect personal data from children under 13. Where GDPR applies and a higher minimum age is required in your country for consent, we do not knowingly collect data from children under that age.
Global applicability. This Privacy Policy applies to individuals located anywhere in the world. Where local data protection or privacy laws apply in addition to or instead of GDPR or UK GDPR, we will comply with those laws to the extent they apply to our activities. In the event of a conflict between this Privacy Policy and mandatory local law, the mandatory local law will prevail.


2. Third-party links and embedded content
The Website may include links to third-party websites, plug-ins, tools, or embedded content (for example, video platforms or social media). Clicking those links or interacting with embedded content may allow third parties to collect data about you. We do not control third-party websites and are not responsible for their privacy practices. Please review their policies when you leave our Website.


3. The data we collect about you
“Personal data” means any information that identifies you directly or indirectly. It does not include truly anonymous data.
Important note on collection via Wix. Depending on which Wix features are enabled (e.g., contact forms, booking, member login, checkout, subscriptions, analytics), personal data may be collected and processed by Wix and related service providers. Some technical and usage data may be processed automatically at the platform level and may not always be visible to us in raw form, although Wix may provide dashboards, logs, or reports.
We may collect and process the following categories:
A) Identity Data
• Name and professional identifiers you provide (e.g., role/title), and any information you include in messages.
B) Contact Data
• Email address, phone number, and other contact details you choose to provide.
C) Consultation / Inquiry Data
• Information you provide when you request a call, submit a form, or communicate with us (e.g., project context, goals, constraints, timelines).
• Please do not submit sensitive personal data (e.g., health data, biometric data, political opinions) unless we explicitly request it and provide an appropriate legal basis and safeguards.
• If you voluntarily submit sensitive personal data without being asked, we may delete it and may not be able to respond effectively.
D) Technical Data
• IP address, browser type/version, device type, operating system, time zone and approximate location, and other technical identifiers.
E) Usage Data
• Information about how you use the Website (pages visited, time spent, clicks, referring pages). If you access subscriber-only or paid materials, this may include access logs for security, fraud prevention, and service improvement.
F) Marketing & Communications Data
• Your preferences for receiving communications and your interactions with any emails we send (if applicable).
G) Account & Subscription Data (if applicable)
• If you create an account, subscribe, or access paid materials, we may collect account identifiers, subscription status, plan details, renewal/cancellation information, and access entitlements.
H) Transaction / Payment Data (if applicable)
• If you purchase paid materials or subscriptions, we may collect transaction details (purchase date, amount, currency, taxes/VAT, invoice details, and payment status).
Payment card details are processed by payment providers (e.g., Wix Payments and/or third-party processors). We do not store full payment card numbers.
Aggregated Data
We may also use aggregated data (e.g., counts of visitors) for analytics and improvement. Aggregated data is not personal data unless combined with identifiable information.
Special categories of personal data
We do not intend to collect “special category” data (e.g., health, genetics, biometrics, religion, political opinions) or criminal records through this Website. If you voluntarily include such data in a message, we will handle it with care and only use it as necessary to respond to you and deliver services, and may delete it where appropriate.


4. How your personal data is collected
We collect personal data via:
Direct interactions
You may provide data when you:
•    Book a free introduction call
•    Submit an inquiry via a form
•    Contact us by email
•    Provide details during pre-engagement conversations or service delivery
•    Submit comments or content if interactive features are enabled
Automated technologies (including Wix platform technologies)
As you browse the Website, Technical and Usage Data may be collected automatically via cookies, logs, and similar technologies used by Wix and, where enabled, integrated services (such as analytics, performance, and security tools).
Third parties
We may receive Technical/Usage Data from analytics or performance providers integrated into the Wix platform or added by us (if used).


5. How we use your personal data
We use personal data to:
•    Respond to inquiries and schedule calls
•    Provide consulting services (strategy, innovation, execution, transformation)
•    Manage client relationships, contracting, invoicing, and administration
•    Provide access to paid materials and subscriptions
•    Process purchases, payments, invoicing, and refunds
•    Provide customer support
•    Maintain security, prevent fraud, and protect the Website
•    Improve the Website and user experience
•    Meet legal, regulatory, accounting, or tax obligations
•    Communicate about updates to this Privacy Policy (if needed)


6. Lawful bases for processing (GDPR/UK GDPR)
Where GDPR/UK GDPR applies, we rely on one or more of the following lawful bases:
•    Contract: processing necessary to take steps at your request prior to entering a contract, or to perform a contract for services.
•    Legitimate interests: to operate, secure, and improve the Website; to respond to business inquiries; to maintain records; and to grow the business—provided these interests do not override your rights.
•    Legal obligation: to comply with legal, tax, or regulatory requirements.
•    Consent: where required (e.g., certain cookies; marketing communications in some jurisdictions).
Marketing. We generally do not rely on consent for routine inquiry responses, but may rely on consent for marketing where required by law. You can opt out of marketing at any time (see Section 10).


7. Purposes, data types, and legal bases (summary table)
Below is a high-level overview (details may vary depending on your interaction):
1.    Respond to inquiries / schedule calls
•    Data: Identity, Contact, Consultation/Inquiry
•    Basis: Contract steps / Legitimate interests
2.    Provide services and manage engagement
•    Data: Identity, Contact, Consultation/Inquiry, Administrative records
•    Basis: Contract / Legitimate interests / Legal obligation
3.    Operate, secure, and maintain the Website
•    Data: Technical, Usage (and limited Identity/Contact if needed for support)
•    Basis: Legitimate interests / Legal obligation
4.    Analytics and Website improvement
•    Data: Technical, Usage, Aggregated data
•    Basis: Legitimate interests (and consent for non-essential cookies where required)
5.    Legal, accounting, tax compliance
•    Data: Identity, Contact, transaction/administrative records (if applicable)
•    Basis: Legal obligation
6.    Communications and updates
•    Data: Identity, Contact, Marketing & Communications
•    Basis: Legitimate interests / Consent (for marketing where required)
7.    Automated decision-making
•    We do not use your personal data for automated decision-making that produces legal or similarly significant effects.


8. Change of purpose
We will use your personal data only for the purposes for which it was collected, unless we reasonably consider we need to use it for another compatible purpose, or we are required/permitted by law. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis where required.


9. Disclosures of your personal data
We may share personal data with:
A) Website hosting and platform provider
Wix.com hosts the Website and provides website infrastructure, forms, account functionality, and related services. Personal data you submit may be processed and stored through Wix services in accordance with their data protection obligations.
B) Service providers (processors)
We may use third-party vendors that support our operations, such as scheduling and booking tools, email service providers, analytics providers, document management systems, invoicing tools, and customer support services. These providers process personal data only on our instructions and solely for the specified purposes.
C) Payment processors
If you purchase paid materials or subscriptions, payments are processed securely by payment providers (such as Wix Payments and/or third-party payment processors). These providers process transaction and payment data in accordance with applicable payment regulations and their own privacy policies. We do not store full payment card details.
D) Professional advisers
We may share personal data with professional advisers such as lawyers, accountants, auditors, or insurers where necessary for legal, financial, compliance, or risk management purposes.
E) Legal and regulatory disclosures
We may disclose personal data where required to comply with applicable laws, regulations, court orders, subpoenas, or other legal processes, or where disclosure is necessary to protect rights, property, safety, or security.
F) Business transfers
If we sell, merge, restructure, or transfer all or part of our business or assets, personal data may be transferred to the relevant third party as part of that transaction, subject to appropriate safeguards and applicable data protection laws.
G) Authorities where legally required
We may disclose personal data to governmental, regulatory, law enforcement, or supervisory authorities where disclosure is required or permitted by law.
We do not sell or share personal data for cross-context behavioral advertising as defined under applicable U.S. state privacy laws.
Where required by law, we enter into data processing agreements with service providers and require them to process personal data only on our documented instructions and to implement appropriate security measures.


10. Marketing preferences
If we send marketing communications, you can opt out at any time by:
•    Clicking “unsubscribe” (where available), or
•    Contacting us at [Your email]
Even if you opt out of marketing, we may still contact you for non-marketing purposes (e.g., replying to your inquiry, providing contracted services, legal notices).


11. International transfers
We and our service providers (including Wix and payment providers) may store or process personal data in countries other than the country where you reside.
Where EU/UK GDPR applies and personal data is transferred outside the EEA/UK, we rely on appropriate safeguards such as:
•    adequacy decisions (where applicable); and/or
•    Standard Contractual Clauses and the UK Addendum, and other lawful transfer mechanisms.
You may contact us at [Your email] to request more information about the safeguards used for relevant transfers.


12. Data security
We use appropriate technical and organizational measures designed to protect personal data from accidental loss, misuse, unauthorized access, alteration, or disclosure. Measures may include access controls, encryption in transit where supported by providers, and limiting access to those who need it.
Breach handling. We rely on appropriate technical and organizational measures, including those provided by our website platform (Wix), to protect personal data. We respond to suspected personal data breaches in accordance with applicable law and platform procedures.


13. Data retention
We keep personal data only as long as necessary for the purposes described in this Privacy Policy, including legal, accounting, or reporting requirements.
In determining appropriate retention periods, we consider:
•    the amount, nature, and sensitivity of the personal data;
•    the risk of harm from unauthorized use or disclosure;
•    the purposes for which the data is processed and whether those purposes can be achieved through other means; and
•    applicable legal, regulatory, tax, or contractual requirements (such as statutory limitation periods).
Typical retention periods (examples):
•    General inquiries / consultation requests: up to 24 months after last contact (unless you become a client).
•    Client engagement records (contracts, invoices, key communications): typically 6–7 years to meet accounting and tax requirements (varies by jurisdiction).
•    Purchases and subscription records: typically 6–7 years (or longer where required by tax or accounting law).
•    Account data (if applicable): retained while the account remains active and for a limited period after closure to resolve disputes, enforce agreements, and comply with legal obligations.
•    Analytics and usage data: retained according to provider settings and business needs, often 14–26 months.
We may anonymize personal data so that it can no longer be associated with an individual, in which case it may be retained and used for statistical or research purposes without further notice.


14. Your legal rights
Depending on your location and applicable law, you may have the right to:
•    Access your personal data;
•    Rectify inaccurate or incomplete data;
•    Erase your personal data (“right to be forgotten”);
•    Restrict processing of your personal data;
•    Object to processing based on legitimate interests (and always to direct marketing);
•    Data portability (receive a copy of your personal data in a structured, commonly used, and machine-readable format); and
•    Withdraw consent at any time, where processing is based on consent.
Please note that even after account deletion or subscription cancellation, we may retain certain records (such as invoices and transaction data) where required to comply with legal or regulatory obligations.
No fee usually required
You will generally not have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to act on a request that is clearly unfounded, repetitive, or excessive, as permitted by law.
Identity verification
To protect your privacy and security, we may request information to verify your identity before responding to a rights request.
Response time
We aim to respond to valid requests within one month (or within the timeframe required by applicable law). Where a request is complex or numerous, we may take longer and will inform you accordingly.
Right to complain
If you are located in the EEA or the UK, you have the right to lodge a complaint with your local data protection supervisory authority.
If you are in the UK, this is the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can address concerns promptly.


14A. U.S. State Privacy Disclosures (where applicable)
If you are a resident of certain U.S. states (including California), you may have the right to:
•    request access to personal data we hold about you;
•    request deletion of your personal data (subject to legal exceptions);
•    request correction of inaccurate personal data;
•    opt out of the “sale” or “sharing” of personal data or targeted advertising (as defined by applicable law);
•    opt out of certain profiling in furtherance of decisions that produce legal or similarly significant effects (where applicable); and
•    not receive discriminatory treatment for exercising your privacy rights.
How to exercise your U.S. state privacy rights
You (or your authorized agent, where permitted by law) may submit a request by emailing [Your email] with the subject line “Privacy Request.”
We may need to verify your identity before responding.
If we deny your request, you may appeal the decision by emailing [Your email] with the subject line “Privacy Appeal.”
Do Not Sell / Share
We do not sell personal data and do not share personal data for cross-context behavioral advertising as defined under applicable U.S. state privacy laws.
We do not currently use personal data for targeted advertising as defined by applicable U.S. state privacy laws. If this changes, we will provide a clear opt-out mechanism as required by law.


15. Cookies Policy
We may use Wix-provided cookies and, where enabled, third-party analytics or marketing tools (for example, analytics services). A current list of cookies and technologies used on this Website can be made available upon request at [Your email], and may also be accessible through your cookie banner settings (where supported).
What are cookies?
Cookies are small text files stored on your device. They can be “session” cookies (deleted when you close your browser) or “persistent” cookies (remain for a period).
Types of cookies we may use
1.    Strictly necessary cookies
Required for core functionality, security, fraud prevention, and basic site operations. These typically do not require consent in many jurisdictions.
2.    Performance and analytics cookies
Help us understand site usage and improve performance (e.g., page visits, navigation patterns). These may require consent depending on jurisdiction.
3.    Functional cookies
Remember preferences and improve user experience.
4.    Marketing/advertising cookies (if used)
Used to deliver relevant ads or measure campaign effectiveness. We do not intentionally use these unless implemented by integrated tools; where used, consent may be required.
Managing cookies
Where required by law, non-essential cookies are placed only after you provide consent through the cookie banner. You may update or withdraw your consent at any time via the banner or browser settings.
You can control cookies through:
•    Cookie banner settings (if enabled), and/or
•    Your browser settings (block/delete cookies)
Note: Disabling some cookies may impact site functionality.
If you want more information about cookies used on this Website, contact [Your email].


16. Contact us
For questions, requests, or to exercise your rights, contact:
Tzveta Iordanova
Website: www.tzvetaiordanova.com
Email: info@tzvetaiordanova.com

Effective date / Last updated: 19/01/2026
 

bottom of page