Legal

Privacy Policy

Last updated: 23 May 2026

1. Who we are

This Privacy Policy explains how Core Ideas Ltd (Кор Айдиас ЕООД), UIC 208799241, a single-member private limited liability company registered in Bulgaria with seat at 3 Asen Raztsvetnikov, 5000 Veliko Tarnovo, Bulgaria (“Core Ideas”, “we”, “our”), processes personal data of visitors to coreideas.ai (the “Website”) and of individuals who contact us.

Core Ideas is the data controller for the processing described in this policy.

For any matters related to your personal data, you can contact us at: privacy@coreideas.ai.

2. What personal data we collect

We collect personal data only when you choose to provide it, and limited technical data necessary to operate the Website.

a) Information you provide by emailing us:

  • name
  • email address
  • organisation (optional)
  • any information you include in the body of your message.

b) Technical information collected automatically:

  • IP address (in shortened or hashed form where feasible)
  • browser type and version
  • operating system
  • date, time, and pages visited
  • referring URL.

c) Cookies and similar technologies: see the Cookie Notice for details.

3. Why we process your personal data and on what legal basis

We process personal data for the following purposes:

a) To respond to your inquiry when you contact us by email. Legal basis: your consent (Art. 6(1)(a) GDPR) and, where applicable, steps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR).

b) To operate, secure, and maintain the Website, including detecting and preventing abuse, fraud, and technical incidents. Legal basis: our legitimate interests in operating a secure online presence (Art. 6(1)(f) GDPR).

c) To comply with legal obligations under Bulgarian and EU law, including accounting, tax, and record-keeping obligations where relevant. Legal basis: legal obligation (Art. 6(1)(c) GDPR).

We do not use your personal data for automated decision-making or profiling.

4. Who has access to your personal data

Access to your personal data inside Core Ideas is limited to staff and contractors who need it to perform the purposes above, under appropriate confidentiality obligations.

We may share personal data with:

  • hosting and infrastructure providers operating the Website;
  • email and communications service providers used to receive and reply to your messages;
  • professional advisers (accountants, lawyers, auditors) where strictly necessary;
  • competent authorities when required by law.

Each external recipient acts either as a separate controller (subject to its own privacy notice) or as our processor under a written agreement that meets Art. 28 GDPR.

We do not sell personal data to third parties and we do not use it for third-party advertising.

5. International transfers

Our infrastructure is operated within the European Economic Area (EEA) where feasible. Where a service provider processes data outside the EEA, we rely on transfer mechanisms recognised under Chapter V GDPR (for example, Standard Contractual Clauses) and apply supplementary measures where required.

6. How long we keep your personal data

We retain personal data only as long as necessary for the purposes for which it was collected, and in any case in line with applicable legal retention obligations.

Indicative retention periods:

  • email correspondence and related submissions: up to 24 months after the last interaction, unless a longer period is required for an ongoing matter or by law;
  • server logs: up to 12 months;
  • records required for accounting and tax purposes: as required by Bulgarian law (typically up to 10 years).

After the applicable retention period, personal data is deleted or irreversibly anonymised.

7. Your rights

Subject to the conditions set out in the GDPR, you have the right to:

  • access your personal data and obtain a copy;
  • request rectification of inaccurate or incomplete data;
  • request erasure of your data (“right to be forgotten”);
  • request restriction of processing;
  • object to processing based on our legitimate interests;
  • data portability, where applicable;
  • withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.

You can exercise these rights by contacting us at privacy@coreideas.ai. We will respond within the timeframes set by the GDPR (in principle, within one month).

You also have the right to lodge a complaint with the Bulgarian supervisory authority:

Commission for Personal Data Protection (Комисия за защита на личните данни)
2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
kzld@cpdp.bg, www.cpdp.bg

or with the supervisory authority of your habitual residence or place of work in the EU/EEA.

8. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include access controls, encryption in transit, and regular review of our processing practices. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

9. Cookies

The Website uses a limited number of cookies and similar technologies. Details are set out in our Cookie Notice.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our processing, in applicable law, or in services we use. The “Last updated” date at the top of this page indicates when the policy was last revised. Material changes will be highlighted on the Website.

11. Contact

For any question, request, or complaint relating to this Privacy Policy or to the processing of your personal data by Core Ideas, please write to:

Core Ideas (Кор Айдиас ЕООД)
3 Asen Raztsvetnikov, 5000 Veliko Tarnovo, Bulgaria
privacy@coreideas.ai