Privacy Policy
Your privacy matters to us. Here's how we protect and handle your personal information.
Introduction and Scope
NextStepTechSphere operates from Bulgaria and provides budget automation solutions to individuals and businesses. This privacy policy explains how we collect, use, store, and protect your personal data when you visit our website, use our services, or interact with us.
We follow both European Union General Data Protection Regulation (GDPR) requirements and Bulgarian data protection laws. This policy applies to all users worldwide, though specific rights may vary based on your location.
We are committed to transparency about our data practices. If something isn't clear, please contact us directly.
Information We Collect
We collect different types of information depending on how you interact with our services:
Information You Provide Directly
- Contact details when you reach out (name, email, phone number)
- Account information if you create an account
- Financial data you choose to share for budget automation
- Communications you send us through our website or email
- Feedback and survey responses
Information Collected Automatically
- Website usage data (pages visited, time spent, click patterns)
- Technical information (IP address, browser type, device information)
- Cookies and similar tracking technologies
- Referral sources and search terms
How We Use Your Information
Your information helps us provide and improve our budget automation services. Here's specifically how we use different types of data:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide budget automation services | Account info, financial data | Contract performance |
| Customer support and communication | Contact details, communications | Contract performance |
| Website functionality and security | Technical data, usage patterns | Legitimate interest |
| Service improvements and analytics | Usage data, feedback | Legitimate interest |
| Marketing communications | Contact info, preferences | Consent |
Data Sharing and Third Parties
We don't sell your personal information. We may share data in these specific situations:
- Service Providers: Trusted partners who help us operate our services, like hosting providers and payment processors. They can only use your data for the services they provide to us.
- Legal Requirements: When required by Bulgarian or EU law, court orders, or to protect our rights and safety.
- Business Transfers: If we merge with or are acquired by another company, your data may transfer as part of that transaction.
- With Your Consent: Any other sharing will only happen with your explicit permission.
We use data processing agreements with all third parties to ensure they meet the same privacy standards we maintain.
Your Rights and Choices
Under GDPR and Bulgarian law, you have several rights regarding your personal data:
Access and Portability
You can request a copy of all personal data we hold about you. We'll provide this in a structured, commonly-used format within 30 days.
Correction and Updates
If your information is incorrect or outdated, you can ask us to correct it. For account holders, many details can be updated directly in your account settings.
Deletion and Restriction
You can request deletion of your data when it's no longer necessary for our services, or restrict how we process it in certain circumstances.
Marketing Communications
You can unsubscribe from marketing emails at any time using the link in every email, or by contacting us directly.
To exercise these rights, email us at [email protected]. We'll respond within 30 days and may ask for identification to protect your privacy.
Data Security and Protection
We take data security seriously and use multiple layers of protection:
- Encryption in transit and at rest for sensitive data
- Regular security assessments and updates
- Access controls limiting who can view your information
- Secure hosting infrastructure in EU data centers
- Regular backups with encrypted storage
- Staff training on data protection practices
Despite our best efforts, no system is completely secure. If we discover a breach that affects your data, we'll notify you and relevant authorities as required by law.
Data Retention
We keep your information only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of service + 2 years | Service provision, legal requirements |
| Financial data | 7 years after service ends | Bulgarian accounting laws |
| Website usage data | 2 years | Analytics and improvements |
| Marketing communications | Until you unsubscribe | Ongoing consent |
| Support communications | 3 years | Service quality and records |
When retention periods expire, we securely delete or anonymize your data. Some information may be kept longer if required by Bulgarian or EU law.
Cookies and Tracking
Our website uses cookies to function properly and improve your experience. Here's what we use:
Essential Cookies
These make our website work and can't be disabled. They handle things like security, load balancing, and basic functionality.
Analytics Cookies
Help us understand how people use our website so we can make improvements. These are optional and you can opt out.
Preference Cookies
Remember your choices and settings to personalize your experience on return visits.
You can control cookies through your browser settings, though disabling some may affect website functionality.
International Data Transfers
Your data is primarily stored and processed within the European Union. When we use service providers outside the EU, we ensure adequate protection through:
- EU-approved standard contractual clauses
- Adequacy decisions by the European Commission
- Other approved transfer mechanisms under GDPR
We regularly review these arrangements to ensure your data remains protected regardless of where it's processed.
Children's Privacy
Our services are designed for adults managing personal or business finances. We don't knowingly collect personal information from children under 16 without parental consent.
If we discover we've collected information from a child without proper consent, we'll delete it promptly. Parents can contact us to review, delete, or stop further collection of their child's information.
Changes to This Policy
We update this privacy policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll:
- Update the "Last Modified" date at the top
- Email registered users about important changes
- Post notices on our website for major updates
- Give you time to review changes before they take effect
We encourage you to review this policy periodically. Your continued use of our services after changes means you accept the updated policy.
Legal Compliance
NextStepTechSphere operates under Bulgarian law and complies with:
- EU General Data Protection Regulation (GDPR)
- Bulgarian Personal Data Protection Act
- Electronic Communications Act (Bulgaria)
- Relevant EU directives on privacy and electronic communications
If you're not satisfied with how we handle your privacy concerns, you can file a complaint with the Bulgarian Commission for Personal Data Protection or your local data protection authority.
Contact Us About Privacy
Questions about this privacy policy or your personal data? We're here to help.
Email: [email protected]
Address: ul. "Dunav" 22Ж, 9300 g.k. Yugoiztok, Dobrich, Bulgaria
Phone: +359878273413
We typically respond to privacy inquiries within 48 hours and fulfill data requests within 30 days as required by law.