Privacy Policy

1. Introduction

Welcome to Pontis. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable European Union data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website pontis.company and use our services. Please read this policy carefully to understand our practices regarding your personal data.

2. Data Controller

The data controller responsible for your personal data is:

Pontis Ltd.
Alexander Malinov 31 Blvd.
Sofia 1729, Bulgaria

Email: privacy@pontis.company

3. Information We Collect

Information You Provide Directly

Contact Information: Name, email address, and company name when you submit inquiries through our contact form
Communication Data: Any information you include in messages sent to us

Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

Device Information: Browser type, operating system, device type
Usage Data: Pages visited, time spent on pages, click patterns, scroll depth
Technical Data: IP address (anonymised where possible), referring URLs
Location Data: General geographic location based on IP address (country/region level)

Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and store information. See Section 8 for detailed information about our cookie practices.

4. How We Use Your Information

We process your personal data for the following purposes:

To Respond to Your Inquiries

Processing and responding to contact form submissions
Providing information about our services
Legal Basis: Legitimate interest in responding to inquiries; contract performance where applicable

To Improve Our Website and Services

Analysing website usage patterns and user behaviour
Identifying technical issues and improving functionality
Understanding how visitors interact with our content
Legal Basis: Legitimate interest in improving our services

For Marketing and Communications

Sending relevant updates about our events and services (only with your consent)
Personalising your experience based on your interests
Legal Basis: Consent; legitimate interest for existing business relationships

To Comply with Legal Obligations

Meeting regulatory requirements
Responding to lawful requests from authorities
Legal Basis: Legal obligation; legitimate interest

5. Data Sharing and Third Parties

We share your personal data with the following categories of recipients:

Service Providers

Cloudflare (Form Processing & Hosting)

Purpose: Processing contact form submissions and storing data securely
Data Collected: Name, email, company, message, and form metadata
Privacy Policy: https://www.cloudflare.com/privacypolicy/

Resend (Email Delivery)

Purpose: Delivering contact form notification emails
Data Collected: Name, email, company, message content
Privacy Policy: https://resend.com/legal/privacy-policy

Google Analytics

Purpose: Website analytics and usage tracking
Data Collected: Anonymised usage data, device information
Privacy Policy: https://policies.google.com/privacy

Microsoft Clarity

Purpose: Session recording and heatmaps for UX improvement
Data Collected: Anonymised interaction data
Privacy Policy: https://privacy.microsoft.com/privacystatement

Meta (Facebook) Pixel

Purpose: Marketing analytics and advertising optimisation
Data Collected: Website interactions, conversion tracking
Privacy Policy: https://www.facebook.com/privacy/policy

Cloudflare

Purpose: Website hosting, security, and performance
Data Collected: Technical data for security and delivery
Privacy Policy: https://www.cloudflare.com/privacy/

Legal Disclosures

We may disclose your information where required by law, in response to legal process, or to protect our rights, privacy, safety, or property.

6. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:

European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Certification under approved frameworks

7. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy:

Contact Form Submissions: 3 years from the date of submission, unless an ongoing business relationship exists
Analytics Data (Google Analytics): 26 months
Session Recordings (Microsoft Clarity): 30 days
Marketing Data: Until you withdraw consent or unsubscribe

8. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide you with a better experience and allow certain features to function.

Types of Cookies We Use

Essential Cookies

These cookies are necessary for the website to function and cannot be disabled.

Cookie	Purpose	Duration
Session ID	Maintains your session while browsing	Session
CSRF Token	Security protection	Session

Analytics Cookies

These cookies help us understand how visitors interact with our website.

Cookie	Provider	Purpose	Duration
_ga	Google Analytics	Distinguishes unique users	2 years
_ga_*	Google Analytics	Maintains session state	2 years
_clck	Microsoft Clarity	User identification	1 year
_clsk	Microsoft Clarity	Session tracking	1 day

Marketing Cookies

These cookies are used to track visitors across websites for advertising purposes.

Cookie	Provider	Purpose	Duration
_fbp	Meta (Facebook)	Identifies browsers for advertising	3 months
_fbc	Meta (Facebook)	Stores click identifiers	3 months

Managing Cookies

You can control cookies through your browser settings. Please note that disabling certain cookies may affect website functionality.

Chrome: Settings → Privacy and Security → Cookies
Firefox: Settings → Privacy & Security → Cookies
Safari: Preferences → Privacy → Cookies
Edge: Settings → Privacy, Search, and Services → Cookies

9. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data.

Right to Rectification

You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You have the right to request that we limit the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests, including profiling and direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@pontis.company. We will respond to your request within one month, as required by the GDPR. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (HTTPS/TLS)
Secure data storage with access controls
Regular security assessments
Staff training on data protection

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@pontis.company, and we will take steps to delete such information.

12. Links to Third-Party Websites

Our website may contain links to third-party websites and services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our website after any modifications indicates your acceptance of the updated policy.

14. Supervisory Authority

If you are not satisfied with our response to your privacy concerns or believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority.

For matters related to Pontis, you may contact:

Commission for Personal Data Protection (CPDP)
Bulgaria's Data Protection Authority
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Website: https://www.cpdp.bg/
Email: kzld@cpdp.bg

You may also lodge a complaint with the supervisory authority in your country of residence or place of work within the European Union.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Pontis Ltd.

Email: privacy@pontis.company