1. Introduction
PrepTech ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect information when you visit preptech.eu, contact us, or use our services.
This policy complies with the EU General Data Protection Regulation (Regulation (EU) 2016/679 — "GDPR") and the Irish Data Protection Act 2018. If you do not agree with any part of this policy, please do not use our website or services.
2. Data Controller
For the purposes of GDPR, the data controller responsible for your personal data is:
Remote-first digital agency, registered in Ireland
Email: stoyan.panayotov@preptech.eu
Phone: +353 87 430 6354
We have not formally appointed a Data Protection Officer (DPO), as we are not required to under Article 37 GDPR. However, all privacy questions and data requests should be directed to the contact above.
3. What Personal Data We Collect
We only collect personal data that is necessary to run our business and provide our services. Specifically:
| Type of data | When collected | Examples |
|---|---|---|
| Contact details | When you submit the contact form or email us | Name, business name, email, phone number |
| Enquiry content | When you tell us what you need | Your message, project requirements |
| Client data | When you become a client | Invoicing details, project documentation, account credentials you share |
| Technical data | Automatically, when you browse the site | IP address (truncated), browser type, device type, pages visited, referring URL |
| Cookie data | Only if you accept analytics cookies | Anonymous usage analytics (see Section 10) |
We do not collect special category data (health, religion, political views, etc.) and we do not buy personal data from third parties.
4. Legal Basis for Processing
Under Article 6 GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:
- Consent (Art. 6(1)(a)): When you submit our contact form or accept analytics cookies. You can withdraw consent at any time.
- Contract (Art. 6(1)(b)): When you become a client, we process your data to deliver the services you've contracted us for and to invoice you.
- Legal obligation (Art. 6(1)(c)): We retain invoicing and tax records for the period required under Irish law (currently 6 years).
- Legitimate interests (Art. 6(1)(f)): To respond to general enquiries, protect our website from abuse, and keep basic (anonymous) records of visitor volume. We've assessed these interests and believe they do not override your rights.
5. How We Use Your Data
We use your personal data only for the following purposes:
- To reply to your enquiry or consultation request.
- To deliver the services you have hired us to provide.
- To send invoices and keep accurate financial records.
- To improve our website (based on anonymised analytics, if you opt in).
- To comply with legal obligations (tax, accounting, lawful requests from authorities).
We do not use your data for automated decision-making or profiling, and we never sell your personal data to anyone.
6. Who We Share Your Data With
We don't share your personal data except with a small number of carefully chosen service providers ("data processors") that help us run our business. Each of these is GDPR-compliant and bound by data processing terms:
| Provider | Purpose | Data shared |
|---|---|---|
| Netlify (website hosting & forms) | Hosts the website and processes contact form submissions | Contact form data, basic technical logs |
| Email provider (stoyan.panayotov@preptech.eu) | Stores and delivers our business email | Email correspondence you send us |
| Accounting software | Invoicing and bookkeeping for clients | Client billing details only (not prospects) |
We may also disclose your data where required by law (e.g. a valid court order, tax authority request, or to protect our legal rights).
7. How Long We Keep Your Data
We only keep personal data for as long as we need it. Specifically:
- Contact form enquiries (not converted to clients): up to 12 months, then deleted.
- Client records: for the duration of the engagement plus 6 years (required by Irish Revenue for tax/accounting records).
- Email correspondence: up to 3 years after last contact, unless tied to an active client relationship.
- Anonymised analytics: up to 26 months (standard industry retention).
- Cookie preferences: stored in your browser for up to 12 months.
At the end of the retention period, we securely delete or anonymise your data.
8. International Data Transfers
Our primary infrastructure (website hosting via Netlify, email provider) may process data outside the European Economic Area (EEA), including in the United States. Where this happens, we rely on one of the following safeguards, as required by Chapter V GDPR:
- The EU–US Data Privacy Framework, where the processor is certified;
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Or an adequacy decision by the European Commission for the country in question.
You can request a copy of the specific safeguard in place for any transfer by emailing us.
9. How We Protect Your Data
We apply reasonable technical and organisational measures to protect your data against unauthorised access, loss, or alteration, including:
- HTTPS encryption across our website;
- Secure, password-protected access to client accounts;
- Two-factor authentication on key systems;
- Limiting who has access to personal data;
- Regular backups and updates.
If a personal data breach ever occurs that is likely to result in a risk to your rights, we will notify the Irish Data Protection Commission within 72 hours and inform you directly where required by Article 34 GDPR.
10. Cookies & Tracking
Our website uses a minimal cookie setup:
- Essential cookies: strictly necessary to make the site work (e.g. remembering your theme preference, storing your cookie consent choice). These do not require consent.
- Analytics cookies: anonymous usage data that helps us understand how visitors use the site. These are only set if you click "Accept" on our cookie banner. We use two analytics tools — Google Analytics 4 (page views and traffic sources) and Microsoft Clarity (session replays and heatmaps) — both configured to anonymise data. You can withdraw consent at any time by clearing your browser cookies.
We do not use advertising cookies, cross-site tracking, social media pixels, or fingerprinting.
11. Your Rights Under GDPR
Under GDPR (Articles 15–22), you have the following rights over your personal data. You can exercise any of them free of charge by emailing stoyan.panayotov@preptech.eu. We will respond within one month.
Right of Access (Art. 15)
Ask for a copy of the personal data we hold about you and how we use it.
Right to Rectification (Art. 16)
Ask us to correct any data that is inaccurate or incomplete.
Right to Erasure (Art. 17)
Ask us to delete your data, where we have no lawful reason to keep it. Also known as the "right to be forgotten."
Right to Restrict Processing (Art. 18)
Ask us to pause processing your data while we resolve a dispute or query.
Right to Data Portability (Art. 20)
Receive the data you provided to us in a structured, machine-readable format, or have it sent to another controller.
Right to Object (Art. 21)
Object to processing based on legitimate interests, including direct marketing (though we don't do direct marketing anyway).
Right to Withdraw Consent (Art. 7)
Withdraw any consent you've given (e.g. for cookies or the contact form) at any time — without it affecting prior lawful processing.
Rights re: Automated Decisions (Art. 22)
Not to be subject to a decision based solely on automated processing. We don't do this — but the right is yours regardless.
To protect your data, we may ask for proof of identity before actioning a request.
12. Children's Privacy
Our services are aimed at businesses and are not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we may have done so, please contact us and we will delete it.
13. Making a Complaint
We always prefer to resolve complaints directly — please contact us first at stoyan.panayotov@preptech.eu and we'll work to put things right.
If you're not satisfied with our response, you have the right to lodge a complaint with the Irish supervisory authority:
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
Phone: +353 (0)761 104 800
Email: info@dataprotection.ie
If you are based in another EU/EEA state, you may also lodge a complaint with your local data protection authority.
14. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. When we make a material change, we'll update the "Last updated" date at the top of the page and — where appropriate — notify you by email or with a notice on the site.
15. Contact Us
If you have any questions about this privacy policy or how we handle your personal data, get in touch:
This privacy policy is written in plain English by design — if anything here isn't clear, please just ask. We'd rather explain it properly than hide behind legal jargon.