This Privacy Policy explains how Black Rock Capital collects, uses, and protects personal data when you visit blackrockcapital.bg or engage with BRC's services. BRC is committed to handling personal data responsibly and in compliance with applicable data protection law, including the General Data Protection Regulation (GDPR).
1. Data Controller
Black Rock Capital, operated by Kostantin Stambolov, is the data controller for personal data collected through this Site and in connection with professional engagements.
Contact: office@blackrockcapital.bg
2. What Data We Collect
BRC collects only the minimum data necessary to operate the Site and conduct its business. The categories of data collected are:
| Category | Data collected | Source |
|---|
| Enquiry data | Name, email address, company name, message content | Contact form, email, booking calendar |
| Usage data | Pages visited, time on site, browser type, device type, approximate location (country/city level), referral source | Google Analytics (anonymised) |
| Communication data | Email correspondence and call notes relevant to a prospective or active engagement | Direct communication |
BRC does not collect sensitive personal data, payment card data, or data from minors. BRC does not operate advertising campaigns, retargeting, or any form of behavioural marketing.
3. How We Use Your Data
Personal data is used only for the following purposes:
- Responding to enquiries and assessing fit for an engagement
- Scheduling and conducting introductory and scoping conversations
- Managing the professional relationship during and after an engagement
- Understanding how the Site is used in aggregate, to improve its content and structure
- Complying with legal obligations
BRC does not sell, rent, or share personal data with third parties for commercial purposes. BRC does not use personal data for automated decision-making, profiling, or commercial scoring.
4. Legal Basis for Processing
BRC processes personal data under the following legal bases:
- Legitimate interests – responding to business enquiries, managing client relationships, and understanding Site performance in aggregate
- Contractual necessity – processing data required to fulfil obligations under an engagement agreement
- Consent – where you have expressly agreed to be contacted or to receive specific communications
- Legal obligation – where processing is required by applicable law
5. Google Analytics
This Site uses Google Analytics 4 to collect anonymised usage data. BRC has configured Google Analytics with IP anonymisation enabled. The data collected is aggregated and does not identify individual visitors.
You can opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on or by adjusting your browser's cookie settings.
6. AI Tools and Automated Processing
BRC uses AI-assisted tools to support internal work in connection with engagements:
- Meeting transcription – Calls and meetings may be recorded and transcribed using AI-based transcription services. Recording is disclosed at the start of any call.
- Analysis and drafting – BRC may use AI-assisted tools to summarise notes, structure observations, and draft engagement deliverables. All outputs are reviewed by Kostantin Stambolov before delivery.
BRC does not use AI for automated decision-making about clients, prospects, or visitors. For a current list of AI tools, contact office@blackrockcapital.bg.
7. Cookies
The Site uses a limited number of cookies:
- Analytics cookies – set by Google Analytics to distinguish visitors and track usage patterns. These are non-essential cookies.
- Session cookies – temporary cookies used by the hosting platform that expire when you close your browser.
8. Data Retention
BRC retains personal data only for as long as necessary for the purpose for which it was collected:
- Enquiry and contact data where no engagement follows: deleted or anonymised within 12 months of last contact
- Engagement-related data: retained for the duration of the engagement and for a period of 5 years following its conclusion
- Google Analytics data: retained for 14 months
9. Data Security
BRC takes reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. Communication is conducted via encrypted channels.
10. Your Rights
Under GDPR, you have the following rights in relation to your personal data:
- Access – request a copy of the personal data BRC holds about you
- Rectification – request correction of inaccurate or incomplete data
- Erasure – request deletion of your personal data, subject to legal obligations
- Restriction – request that BRC restricts processing of your data in certain circumstances
- Portability – request that BRC provides your data in a structured, commonly used format
- Objection – object to processing based on legitimate interests
- Withdraw consent – where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact office@blackrockcapital.bg. BRC will respond within 30 days.
11. Third-Party Services
The Site and BRC's engagement work integrate the following third-party services:
- Google Analytics – website analytics
- Google Calendar – appointment scheduling via the booking link on the Site
- LinkedIn – linked profile for professional context
- AI service providers – transcription, summarisation, and drafting tools used in engagement work
12. Changes to This Policy
BRC may update this Privacy Policy from time to time. The effective date at the top of this page indicates when the Policy was last revised.
13. Contact
For any questions regarding this Privacy Policy or the handling of your personal data, contact:
Kostantin Stambolov · Black Rock Capital
office@blackrockcapital.bg