Privacy Policy
This policy explains how we process personal data for inquiries, communications and audit services.
- Identification: name, role/title (if provided).
- Contact: email, phone (if provided).
- Organization: company, industry, scope/context of inquiry.
- Communications: messages, attachments, contractual correspondence.
We process personal data for:
- responding to inquiries and preparing offers;
- pre-contract and contract management;
- delivery of audit services;
- project communications and documentation;
- legal claims defense and legal compliance.
Legal bases: contract/pre-contract, legal obligation, and legitimate interests (e.g., service quality, security, and claims defense).
We keep data only as needed: (1) inquiries/offers – typically up to 12 months; (2) contract documentation – for the contract term plus any legal requirements; (3) project correspondence – as needed for traceability and claims defense.
We may use vendors (hosting, email, analytics) acting as processors under contract and our instructions. We do not sell personal data.
- access, rectification, erasure;
- restriction and objection;
- portability (where applicable);
- withdraw consent (if processing is based on consent).
To exercise rights: internalaudit@businesskeyconsult.com.
You may lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP).
We implement organizational and technical safeguards. For audit services, confidentiality and NDA are standard parts of the process.