Privacy & Data Protection Policy

Effective Date: 02.02.2026

At Baseline IT Ltd., we approach data protection with the principle of "Data Minimization." We only collect the information necessary to serve you, and we strictly limit its use to the purpose for which it was provided.

1. Data We Collect

We only collect the following personal data through our inquiry forms: Name — to identify you and personalize our communication. Email Address — to provide a written response to your request. Phone Number — to contact you via telephone if your inquiry requires a verbal discussion or if you have requested a callback.

2. Legal Basis for Processing

We process your data based on the following legal grounds: Performance of a Contract (Pre-contractual Steps) — when you request a quote, an offer, or specific information about our services, we process your data to take the necessary steps to fulfill that request before entering into a formal agreement. Legitimate Interests — it is in our legitimate business interest to respond to customer inquiries and maintain high-quality customer service. We have balanced this against your privacy rights and determined that this processing is expected and non-intrusive.

3. Purpose Limitation

We operate a strict "No-Marketing" rule for inquiry data. Your data is used only to reply to your specific message. We do not add your email to marketing lists or newsletters. We do not use your data for automated profiling or third-party tracking.

4. Data Retention & Deletion

We do not store your data longer than necessary. Inquiry Period: your contact details are kept for the duration of the conversation required to resolve your request. Deletion: once the inquiry is closed and no further business relationship is established, your personal data is deleted or anonymized within 90 days, unless a legal obligation (such as tax or accounting requirements) requires a longer retention period.

5. Data Security

To protect your information, we implement robust technical and organizational measures: Encryption — all data transmitted via our website is encrypted using industry-standard SSL/TLS technology. Access Control — access to your inquiry data is restricted to only those employees necessary to provide the response.

6. Your Rights Under GDPR

Regardless of our legal basis for processing, you retain full rights over your data: Right to Access — you may request a copy of the data we hold about you. Right to Rectification — you may request that we correct any inaccurate information. Right to Erasure ("Right to be Forgotten") — you may request the immediate deletion of your data once your inquiry is handled. Right to Object — you may object to our processing based on "Legitimate Interests."

7. Third-Party Sharing

We do not sell or lease your data. We only share your information with trusted service providers (such as our email host or CRM provider) who are contractually bound to process your data only on our instructions and in full compliance with the GDPR.

8. Contact Information

For any questions regarding your data or to exercise your rights, please contact our Data Privacy Team: Email: office@baselineit.eu. Address: Bulgaria, Sofia, 1303, 98 Pirotska str., office 2.