Privacy Policy

Last updated: 19.08.2025

This Privacy Policy explains how Pavlov Korea Consulting (“PKC,” “we,” “us,” “our”) processes personal data in connection with pavlovkoreaconsulting.com and our consulting services.

1. Controller

Pavlov Korea Consulting (PKC)
Sofia, Bulgaria (EU)
Email: info@thepkc.com

PKC is the data controller for the processing described in this Policy. PKC has not appointed a Data Protection Officer. For all privacy matters, contact info@thepkc.com.

2. Scope

This Policy applies to website visitors, prospective and current clients, vendors, and other business contacts in the EU/EEA, UK, and elsewhere.

3. Categories of Data

  • Identification and Contact Data: name, role, company, email, phone.

  • Business and Engagement Data: project details, booking information, communications, meeting notes.

  • Technical and Usage Data: IP address, device/browser, pages viewed, timestamps, referral URLs, basic diagnostics.

  • Marketing Preferences: newsletter opt-ins/opt-outs, consent records.

  • Financial/Transaction Data: invoices and payment confirmations (processed by third-party providers; PKC does not store full card details).

4. Sources

We collect data directly from you (forms, bookings, email, calls), from your organization, from public sources (company websites, LinkedIn, registries), and from service providers (analytics, booking, payments, hosting).

5. Purposes and Legal Bases (GDPR Art. 6)

  • Responding to inquiries; providing proposals/consultations – Contract / pre-contractual steps (Art. 6(1)(b)).

  • Delivering services; managing engagements – Contract (Art. 6(1)(b)).

  • Business administration, security, fraud prevention, recordkeeping – Legitimate interests (Art. 6(1)(f)).

  • Analytics, performance, site improvement – Legitimate interests (Art. 6(1)(f)) or Consent where required.

  • Marketing communications (e.g., newsletters)Consent (Art. 6(1)(a)); may be withdrawn at any time.

  • Compliance with legal obligations (tax, accounting, sanctions screening) – Legal obligation (Art. 6(1)(c)).

  • Establishment, exercise, or defense of legal claims – Legitimate interests (Art. 6(1)(f)).

Where we rely on legitimate interests, we balance our interests against your rights and freedoms and use minimal, proportionate data.

6. Cookies and Similar Technologies

We use cookies and similar technologies for essential site functions and, where enabled, analytics and performance. Non-essential cookies are used only with consent. Details are provided in the Cookie Policy.
Legal basis: essential cookies – legitimate interests in operating a secure, functional site; analytics/marketing cookies – your consent.

7. Disclosures and Recipients

We disclose data to:

  • Service providers/processors (hosting, booking, payments, email, document management, analytics) under written contracts and instructions.

  • Professional advisers (legal, accounting) under confidentiality.

  • Authorities where required by law or to protect rights.

  • Prospective partners in connection with corporate transactions, subject to safeguards.

We do not sell personal data.

8. International Transfers

Data may be transferred outside the EU/EEA (including to the Republic of Korea, the United States, and other jurisdictions) where our providers or partners operate. We implement appropriate safeguards, such as EU Standard Contractual Clauses and, where necessary, supplementary measures (e.g., encryption, access controls). Copies of relevant safeguards can be requested via info@thepkc.com (subject to redactions).

9. Retention

We keep data only as long as necessary for the purposes above:

  • Inquiries and prospect records: typically up to 24 months after last contact.

  • Engagement files and Deliverables: typically up to 6 years after completion (longer if required by law or for claims).

  • Billing and tax records: as required by law (often up to 10 years).

  • Webserver logs and security records: typically up to 12 months.

  • Consent and suppression records: as long as needed to evidence compliance.

10. Security

We implement appropriate technical and organizational measures to protect data against unauthorized access, loss, alteration, or disclosure, taking into account the nature of processing and risks.

11. Your Rights (EU/EEA/UK)

Subject to conditions and exceptions under applicable law, you may have the right to access, rectify, erase, restrict, object, and data portability, and to withdraw consent where processing is based on consent. To exercise rights, contact info@thepkc.com. We will not discriminate for exercising a right.

12. How to Exercise Your Rights

We respond to rights requests within one month of receipt. Where requests are complex or numerous, we may extend this period by up to two additional months and will notify you of any extension. We may request limited information to verify your identity before acting on a request.

13. Automated Decisions and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

14. Children

Our website and services are for business use and are not directed to children under 18. We do not knowingly process children’s data.

15. Third-Party Links

Our website may contain links to third-party sites or services. We are not responsible for their privacy practices. Review the privacy notices of any third-party service you use.

16. Supervisory Authorities

You have the right to lodge a complaint with your local supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP). If you are in the UK, you may contact the Information Commissioner’s Office (ICO).

17. Changes

We may update this Policy. The “Last updated” date reflects the most recent version. Continued use of the website or services signifies acknowledgment of changes.

18. Contact

Questions or requests: info@thepkc.com.