Data protection

GDPR Notice

This notice provides additional information for individuals located in the European Economic Area, the United Kingdom, or other territories where GDPR-style data protection rules may apply.

This GDPR Notice supplements our Privacy Policy. It explains how personal data is processed where Regulation (EU) 2016/679, the UK GDPR, or similar data protection rules apply.

This notice is provided for transparency and does not by itself mean that all processing activities are automatically subject to the GDPR. Applicability depends on the relevant legal tests, including whether goods or services are offered to individuals in the EEA or UK, or whether their behaviour is monitored in those territories.

Controller

Who controls your personal data

Controller: Grigory Mikhailovich Karpovskii, registered as an individual entrepreneur

Registration number: 326774600077881

Tax identification number: 771876786170

Website: https://gkarpovskii.com/

Email: [CONTACT EMAIL]

Postal address: [POSTAL ADDRESS]

EU/UK representative: [EU/UK REPRESENTATIVE DETAILS, IF APPLICABLE]

Purposes and legal bases

Why and on what basis we process data

Responding to enquiries

We process your contact details and message content to respond to your enquiry, discuss your business request, and communicate with you.

Legal basis: consent, pre-contractual steps, and legitimate interests.

Consulting services and contracts

We process business, contact, project-related, and contractual information to prepare, conclude, administer, and perform consulting engagements.

Legal basis: contract performance, pre-contractual steps, legal obligations, and legitimate interests.

Website operation and analytics

We process technical and analytics data to ensure website security, understand website performance, improve content, and enhance user experience.

Legal basis: consent where required, and legitimate interests.

Legal and administrative obligations

We may process data to comply with tax, accounting, legal, regulatory, dispute resolution, or record-keeping requirements.

Legal basis: legal obligations and legitimate interests.

Legitimate interests

Our legitimate interests

Where we rely on legitimate interests, those interests may include:

  • responding to business enquiries and maintaining professional communication;
  • developing and improving consulting services;
  • ensuring website security and proper functioning;
  • preventing misuse, fraud, or unlawful activity;
  • protecting legal rights, business reputation, and commercial interests;
  • maintaining records related to business relationships and professional correspondence.

Your rights

Your GDPR rights

Subject to the conditions, limitations, and exceptions set out in applicable law, you may have the following rights:

  • right of access to your personal data;
  • right to rectification of inaccurate or incomplete personal data;
  • right to erasure, also known as the “right to be forgotten”;
  • right to restriction of processing;
  • right to data portability;
  • right to object to processing based on legitimate interests;
  • right to withdraw consent at any time where processing is based on consent;
  • right not to be subject to certain decisions based solely on automated processing;
  • right to lodge a complaint with a competent supervisory authority.

To exercise your rights, please contact us at: [CONTACT EMAIL].

We may ask you to verify your identity before responding to your request.

Consent and objection

Withdrawal of consent and objection

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Where we rely on legitimate interests, you may object to processing. We will stop processing the relevant personal data unless we demonstrate compelling legitimate grounds for the processing, or unless the processing is needed for the establishment, exercise, or defence of legal claims.

International transfers

Transfers outside the EEA or UK

The Controller may be established outside the European Economic Area and the United Kingdom. Personal data may therefore be processed in countries that may not provide the same level of data protection as your jurisdiction.

Where GDPR, UK GDPR, or similar rules require safeguards for international transfers, we will seek to rely on appropriate legal mechanisms, such as your consent, contractual safeguards, standard contractual clauses where applicable, adequacy decisions where available, or another mechanism recognised by applicable law.

Retention

Retention periods

Personal data is retained only for as long as necessary for the purposes described in this Notice and in the Privacy Policy, unless a longer retention period is required or permitted by law.

Contact and enquiry data may generally be retained for up to 24 months from the last interaction. Contractual, accounting, legal, and business records may be retained for longer where required by applicable law, tax, accounting, regulatory, or limitation-period rules.

Automated decisions

Automated decision-making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

Complaints

Right to lodge a complaint

If GDPR or similar data protection rules apply to you, you may have the right to lodge a complaint with a competent data protection supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

We would appreciate the opportunity to address your concerns first. You can contact us at: [CONTACT EMAIL].