Privacy Policy

Effective date: April 3, 2026
Last updated: April 3, 2026

Association Momentum Lab (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data transparently and lawfully.

This Privacy Policy explains what personal data we collect through https://www.momentum-lab.eu, why we collect it, how we use it, how long we keep it, and what rights you have under applicable data protection law, including the General Data Protection Regulation (GDPR).

1. Data Controller

Association Momentum Lab
UIC: 208681129
Registered seat and management address: 3-A Tsar Ferdinand Blvd., 7000 Ruse, Bulgaria
Email: info@momentum-lab.eu
Website: https://www.momentum-lab.eu

2. What Personal Data We Collect

Depending on how you interact with our website, we may collect the following categories of personal data:

a) Information you provide voluntarily

This may include:

  • your name
  • email address
  • phone number, if provided
  • organization name, if provided
  • the content of your message
  • subscription preferences, where applicable

We collect this data when you:

  • contact us through a contact form
  • subscribe to a newsletter or updates
  • send us an email
  • otherwise communicate with us through the website

b) Technical and usage data

When you visit the website, certain information may be collected automatically, such as:

  • IP address
  • browser type and version
  • device type
  • operating system
  • referring website
  • pages visited
  • date and time of visit
  • interaction and navigation data

c) Cookies and similar technologies

We may use cookies and similar technologies to ensure website functionality, improve performance, analyze traffic, and support communication and subscription features.

3. Purposes and Legal Bases for Processing

We process personal data only where we have a valid legal basis to do so.

We may process your data for the following purposes:

To respond to enquiries and communication requests
Legal basis: Article 6(1)(f) GDPR, legitimate interest in responding to messages and maintaining communication, or Article 6(1)(b) GDPR where the request relates to steps prior to entering into a relationship or cooperation.

To manage newsletter subscriptions and send updates
Legal basis: Article 6(1)(a) GDPR, consent.

To administer and protect the website
Legal basis: Article 6(1)(f) GDPR, legitimate interest in ensuring security, preventing abuse, and maintaining the proper functioning of the website.

To analyze website traffic and improve user experience
Legal basis: Article 6(1)(a) GDPR, consent, where analytics cookies or similar technologies require prior consent.

To comply with legal obligations
Legal basis: Article 6(1)(c) GDPR, compliance with applicable legal obligations.

4. Contact Forms and Email Communication

If you contact us through the website or by email, we will process the information you provide in order to respond to your message, handle your request, and maintain related correspondence where necessary.

Please do not send sensitive personal data unless it is strictly necessary and appropriately requested.

5. Newsletter and Brevo

We may use Brevo as a platform for managing newsletter subscriptions, email communications, and related forms.

If you subscribe to our newsletter or submit a form connected to Brevo:

  • the information you provide may be stored and processed through Brevo on our behalf
  • we will use your data only for the purposes for which you gave it
  • where required, subscription will be based on your consent
  • you can unsubscribe at any time by using the unsubscribe link in our emails or by contacting us directly

6. Analytics and Google Analytics 4

We use Google Analytics 4 (GA4) to better understand how visitors use our website and to improve content, structure, and user experience.

GA4 may collect information such as:

  • pages visited
  • time spent on pages
  • approximate geographic data
  • device and browser information
  • interactions with website content

Where required by law, GA4 will only be activated after the user has provided consent through our cookie consent mechanism.

We do not use analytics data to identify individual visitors directly.

7. Cookies

Our website may use the following categories of cookies:

Strictly necessary cookies
These are required for the operation and security of the website.

Analytics cookies
These help us understand website traffic and usage patterns.

Functional cookies
These may remember user preferences and improve usability.

Marketing or communication-related cookies
These may be used in connection with newsletter forms or communication tools, if enabled.

Where legally required, non-essential cookies will only be used after your consent. You can manage your preferences through our cookie banner and through your browser settings.

8. Sources of Personal Data

We collect personal data:

  • directly from you, when you complete a form, subscribe, or contact us
  • automatically through cookies and analytics tools when you use the website
  • from communication platforms used on our behalf, where applicable

9. Recipients and Processors

We may share personal data with trusted service providers acting on our behalf and under appropriate contractual safeguards, including providers of:

  • website hosting and technical support
  • website maintenance
  • analytics services
  • email marketing and communication tools
  • security and anti-spam protection

These recipients process personal data only on our instructions and only to the extent necessary for the services they provide.

10. International Data Transfers

Some of our service providers may process data outside the European Economic Area.

Where this happens, we take appropriate steps to ensure that personal data is protected in accordance with GDPR requirements, including the use of appropriate safeguards such as contractual protections and other lawful transfer mechanisms where applicable.

11. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including for legal, administrative, and security purposes.

Indicative retention periods may include:

  • contact form submissions and correspondence: for as long as necessary to handle the request and for a reasonable follow-up period
  • newsletter subscription data: until you unsubscribe or withdraw your consent
  • technical logs and security-related records: for a limited period necessary for website protection and diagnostics
  • analytics data: according to the retention settings configured in Google Analytics and our internal necessity assessment

Where retention is no longer necessary, data will be deleted or anonymized, unless we are required to keep it by law.

12. Your Rights

Subject to applicable law, you have the right to:

  • be informed about how your personal data is processed
  • request access to your personal data
  • request correction of inaccurate or incomplete data
  • request deletion of your personal data
  • request restriction of processing
  • object to certain processing activities
  • withdraw consent at any time, where processing is based on consent
  • request portability of the data you have provided, where applicable
  • lodge a complaint with a competent supervisory authority

To exercise your rights, please contact us at: info@momentum-lab.eu

13. Complaints to the Supervisory Authority

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority.

For Bulgaria, this is the:

Commission for Personal Data Protection (CPDP)
Website: https://www.cpdp.bg

14. Data Security

We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

These measures may include:

  • secure website configuration
  • restricted administrative access
  • software updates and maintenance
  • security plugins and anti-abuse controls
  • contractual safeguards with processors

However, no method of transmission over the Internet or method of electronic storage is completely secure, and therefore absolute security cannot be guaranteed.

15. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such external websites. We encourage users to review the privacy policies of any third-party websites they visit.

16. Children’s Data

Our website is not intended for the direct collection of personal data from children without appropriate legal basis or authorization. If we become aware that personal data has been collected unlawfully from a child, we will take appropriate steps to delete it.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or organizational changes. The updated version will be published on this page with a revised “Last updated” date.

18. Contact

If you have any questions about this Privacy Policy or about how we process personal data, please contact us at:

Association Momentum Lab
3-A Tsar Ferdinand Blvd., 7000 Ruse, Bulgaria
Email: info@momentum-lab.eu
Website: https://www.momentum-lab.eu