Privacy & Cookie Policy
Version: M3.3 · Last updated: 06/06/2026
Translation of the approved Italian master; recommend a native/legal review before publication.
This policy describes how MAW EOOD processes the personal data of users of the d3-hub.com website (“the Site”), under Regulation (EU) 2016/679 (“GDPR”), the ePrivacy Directive and applicable law.
It applies solely to the d3-hub.com website.
1. Data Controller
MAW EOOD
Evlogi Hristo Georgiev Blvd 77, 1142 Sofia, Bulgaria
EIK: 175097384 — VAT: BG175097384
Legal representative: Сандро Пелегринети
Contacts:
- General email: infoаtd3-hub.com
- Privacy email: privacyаtd3-hub.com
The Controller has not appointed a Data Protection Officer (DPO).
2. Principles and security measures
We process your data in accordance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity and confidentiality (Art. 5 GDPR).
We apply appropriate technical and organisational measures (HTTPS encryption, access restriction, security monitoring, regular updates) to protect the data.
3. Data processed, purposes and legal basis
3.1 Browsing data and system logs
During browsing, technical data is collected automatically, such as IP address, browser and device type, operating system, date and time of the request, pages visited and user-agent.
Purpose: technical operation of the Site, security (prevention of abuse and attacks), diagnostics and performance optimisation.
Legal basis: the Controller’s legitimate interest (Art. 6(1)(f) GDPR).
Retention: the strictly necessary technical period, then deletion or anonymisation.
3.2 Usage statistics – Google Analytics 4
Subject to your express consent, we use Google Analytics 4 to analyse visits to the Site in aggregate form.
The service is configured with Google Consent Mode v2: without consent, no cookies are installed and no tracking takes place. The _ga and _ga_* cookies are activated only after consent.
Legal basis: consent (Art. 6(1)(a) GDPR), freely given and withdrawable at any time.
Retention: user-level data for up to 14 months.
3.3 Contact form
When you complete the form, we process the data you provide (name, email, company, message) together with technical metadata (truncated IP and user-agent, date/time).
Purpose: to handle and respond to your request.
Legal basis: performance of pre-contractual measures and/or legitimate interest (Art. 6(1)(b)/(f) GDPR).
Anti-spam: server-side measures (honeypot, time-check, CSRF token) — no third-party CAPTCHA.
Retention: at most 24 months from the last contact.
(The form will be activated at a later stage.)
4. Cookies and tracking tools
The Site uses only strictly necessary cookies and, subject to consent, analytics cookies.
Technical / strictly necessary cookies (no consent required)
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| Consent cookie | First party | Stores your consent preferences | Up to 6–12 months |
| PHPSESSID / CSRF token | First party | Security and operation of the form | Session |
Analytics cookies (only with consent)
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
_ga, _ga_* | Google Analytics 4 | Aggregate usage statistics | Up to 14 months |
The Site does NOT use profiling, marketing or advertising cookies, social plugins, advertising pixels or other behavioural tracking tools.
Managing consent
On your first visit, a clear banner lets you accept or reject non-necessary cookies. You can change or withdraw your choice at any time via the “Cookie settings” link in the footer.
5. Withdrawing consent
You may withdraw the consent you have given (in particular for Google Analytics) at any time, with the same ease as you gave it, via the cookie settings. Withdrawal does not affect the lawfulness of processing carried out beforehand.
6. Recipients and Processors
Data is processed by the Controller’s authorised personnel and by the following processors (under Art. 28 GDPR agreements):
- Google – Google Analytics 4
- Namecheap – Hosting (servers located in Amsterdam, EU)
We do not sell or share your data with third parties for marketing purposes.
7. Transfers outside the EU/EEA
- Contact data and logs: hosted in the EU (Amsterdam).
- Namecheap (USA): Standard Contractual Clauses + supplementary measures.
- Google Analytics: Google LLC adheres to the EU-U.S. Data Privacy Framework (adequacy decision) and uses Standard Contractual Clauses.
We have assessed the risks and adopted appropriate safeguards.
8. Retention period
Data is kept only for as long as necessary:
- System logs: minimum technical period
- GA4: max 14 months (user-level data)
- Contact form: max 24 months from the last contact
After that period, data is deleted or irreversibly anonymised.
9. Your rights (Arts. 15–22 GDPR)
You have the right to:
- Access, rectification, erasure, restriction, objection
- Data portability
- Withdrawal of consent
- Lodge a complaint with the supervisory authority
To exercise your rights, write to privacyаtd3-hub.com. We will respond within 30 days.
Supervisory authority: Commission for Personal Data Protection (CPDP) – Bulgaria.
In Italy you may also contact the Garante per la protezione dei dati personali (www.gpdp.it).
10. Minors
The Site is intended for a professional audience and does not knowingly collect data from minors under 14 years of age.
11. Automated decision-making
We do not carry out profiling or solely automated decision-making producing legal or similarly significant effects.
12. Changes to this policy
Any changes will be published on this page. We invite you to review it periodically.
13. Contacts
For privacy matters: privacyаtd3-hub.com