PRIVACY POLICY

Last updated: April 2026

This Privacy Policy explains how Daivaya Advisory EOOD ("Daivaya", "we", "us", or "our") collects, uses, stores, and protects personal data when you visit www.daivaya.com (the "Website"), contact us, or otherwise interact with us through the Website.

Please read this Privacy Policy carefully.

1. WHO WE ARE

Daivaya Advisory EOOD is the controller of personal data processed through this Website.

Company details:
Daivaya Advisory EOOD
Registered office: Tsar Simeon 56, 2770 Bansko
UIC / Company Registration Number: 207461913
VAT Number: BG207461913
Email: mail@daivaya.com

2. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to personal data collected through:
(a) your use of the Website;
(b) your contact or enquiry submissions through the Website; and
(c) direct communications initiated through the Website.

This Privacy Policy does not apply to third-party websites, platforms, or services that may be linked from the Website.

3. WHAT PERSONAL DATA WE COLLECT

We may collect the following categories of personal data:

A. Information you provide to us
When you contact us through the Website or by email, we may collect:
- your name
- your email address
- the contents of your message
- any other information you choose to include in your enquiry

B. Technical and usage information
When you visit the Website, we may automatically collect limited technical information, such as:
- IP address
- browser type and version
- device type
- operating system
- referring website
- pages viewed
- date and time of access
- basic usage and diagnostic information

C. Cookies and similar technologies
We may use cookies or similar technologies where necessary for the operation, security, and performance of the Website. Where non-essential cookies are used, they should only be used in accordance with applicable law and, where required, on the basis of your consent.

4. HOW WE COLLECT YOUR DATA

We collect personal data:
(a) directly from you, when you submit an enquiry or contact us;
(b) automatically, through your use of the Website; and
(c) in some cases, from third-party service providers that support the Website, communications, hosting, or security.

5. PURPOSES OF PROCESSING AND LEGAL BASES

We process personal data only where we have a lawful basis to do so under applicable data protection law.

We may process your personal data for the following purposes:

A. To respond to your enquiries and communicate with you
Purpose:
To review and respond to messages, assess whether your request relates to our services, and communicate with you.
Legal basis:
Our legitimate interests in managing business communications and responding to enquiries, and where applicable, taking steps prior to entering into a contract.

B. To operate, maintain, and secure the Website
Purpose:
To ensure the Website functions properly, prevent misuse, maintain security, diagnose technical issues, and improve performance.
Legal basis:
Our legitimate interests in operating a secure and functional website.

C. To comply with legal and regulatory obligations
Purpose:
To meet legal, regulatory, accounting, tax, or compliance requirements.
Legal basis:
Compliance with a legal obligation.

D. To establish, exercise, or defend legal claims
Purpose:
To protect our rights and interests where necessary.
Legal basis:
Our legitimate interests in protecting our business and legal position.

E. To send marketing communications
We will only send you marketing communications where permitted by applicable law. Where consent is required, we will rely on your consent. You may opt out of marketing communications at any time.

6. WHY WE USE LEGITIMATE INTERESTS

Where we rely on legitimate interests, these generally include:
- operating and improving our Website
- responding to enquiries efficiently
- maintaining the security and integrity of our systems
- managing and developing our business relationships
- protecting our legal rights

We do not use your personal data for purposes where your interests or fundamental rights override our legitimate interests.

7. SHARING OF PERSONAL DATA

We do not sell your personal data.

We may share your personal data with trusted third parties only where reasonably necessary, including:
- website hosting providers
- IT and security providers
- email and communications providers
- professional advisers, such as lawyers, accountants, or auditors
- service providers that help us administer or support the Website or our communications
- courts, regulators, public authorities, or law enforcement, where required by law or necessary to protect our rights

All such sharing is limited to what is reasonably necessary for the relevant purpose.

8. INTERNATIONAL TRANSFERS

Some of our service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we will take appropriate steps to ensure that the data is protected in accordance with applicable law. This may include relying on:
- adequacy decisions
- standard contractual clauses
- other lawful transfer mechanisms recognized under applicable data protection law

You may contact us for further information about the safeguards used for relevant transfers.

9. DATA RETENTION

We keep personal data only for as long as necessary for the purposes for which it was collected, including for legal, regulatory, tax, accounting, and dispute-resolution purposes.

In general:
- enquiry data is kept for as long as reasonably necessary to respond to and manage the enquiry and any follow-up relationship
- technical and usage data is retained for a shorter period unless needed for security, troubleshooting, or legal reasons
- data may be retained longer where required by law or where necessary to establish, exercise, or defend legal claims

10. YOUR RIGHTS

Subject to applicable law, you may have the right to:
- request access to your personal data
- request correction of inaccurate or incomplete personal data
- request erasure of your personal data
- request restriction of processing
- object to processing based on legitimate interests
- request data portability, where applicable
- withdraw consent at any time, where processing is based on consent
- lodge a complaint with a competent data protection authority

If you would like to exercise any of these rights, please contact us at mail@daivaya.com.

11. SECURITY

We take appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, misuse, alteration, or disclosure.

However, no method of transmission over the internet or method of electronic storage is completely secure. For that reason, we cannot guarantee absolute security.

12. THIRD-PARTY WEBSITES

The Website may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of those third-party sites. We encourage you to review their privacy policies separately.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time.

Any updates will be posted on this page together with a revised "Last updated" date. The updated version becomes effective when posted, unless otherwise stated.

14. CONTACT

If you have any questions about this Privacy Policy or about how we process personal data, please contact us at:

mail@daivaya.com

Daivaya Advisory EOOD
Tsar Simeon 56

2770 Bankso