HEIC Ltd
  • Home
  • Cybersecurity, Tech & AI

    • ISO 27001
    • NIS2 Directive
    • DORA Regulation
    • ISO 42001

    Business Operations & Quality

    • ISO 9001
    • ISO 14001
    • ISO 45001
    • ISO 50001
    • ISO 13485
    • ISO 20121
  • Tools
  • About
  • Insights
  • Contact
Talk to an Expert
BG | EN
  • Home
    • ISO 27001
    • NIS2 Directive
    • DORA Regulation
    • ISO 42001
    • ISO 9001
    • ISO 14001
    • ISO 45001
    • ISO 50001
    • ISO 13485
    • ISO 20121
  • Tools
  • About
  • Insights
  • Contact
Talk to an Expert
BG | EN
  1. Home
  2. › Privacy Policy

Privacy Policy

Last updated: 9 July 2026

1. Who we are

HEIC Ltd ("Health Environment InfoSecurity Consulting Ltd"), UIC 131 221 609, registered at 119 Nikola Petkov Blvd., Sofia 1614, Bulgaria, is the data controller for personal data collected through this website (heic.eu).

You can reach us at office@heic.eu or +359 897 870 980. We have not designated a formal Data Protection Officer; office@heic.eu is the contact point for all data protection matters.

2. Our approach in brief

  • We collect personal data only when you actively send it to us — through the contact form or the ISO 27001 Gap Analysis tool.
  • This website sets no tracking or advertising cookies. Our analytics tool is cookieless and does not identify individual visitors, which is why you will not see a cookie consent banner here — none is required.
  • We never sell personal data, and we share it only with the service providers named in this policy.

3. What we collect, and why

Contact and enquiry forms. When you submit our contact form, or one of the "Speak to an Expert" enquiry forms on our homepage and service pages, we collect your name, email address, company, the service you are interested in (where applicable), and your message. We use this information to respond to you and to provide the consultation or information you have requested. Legal basis: Article 6(1)(b) GDPR — taking steps at your request prior to entering into a contract — and, for general enquiries, Article 6(1)(f) GDPR, our legitimate interest in responding to people who contact us.

ISO 27001 Gap Analysis tool. Simply using the tool sends nothing to us. Your assessment answers are stored only in your own browser (see section 4). If you choose to send us your results for an expert review, we collect your name, email address, company, and your assessment results. We use this to prepare and deliver the review you requested. Legal basis: Article 6(1)(b) GDPR.

Direct email. If you email us at office@heic.eu, we process your email address and the contents of your message in order to reply. Legal basis: Article 6(1)(b) or 6(1)(f) GDPR, depending on the nature of your message.

Technical data. Our hosting provider, Cloudflare, processes IP addresses and related technical data in server logs as part of delivering the website and protecting it against attacks and abuse. Legal basis: Article 6(1)(f) GDPR — our legitimate interest in operating a secure, reliable website.

4. Assessment data stays on your device

The Gap Analysis tool saves your in-progress answers in your browser's local storage so you can leave and resume later. This data never leaves your device unless you explicitly submit your results to us. You can erase it at any time by clearing your browser's site data for heic.eu.

5. Cookies and analytics

We use Cloudflare Web Analytics to understand aggregate website traffic — page views, referrers, and similar metrics. It does not use cookies, does not fingerprint devices, and does not track individual visitors across pages or sites.

Because this website sets no cookies requiring consent, we do not display a cookie banner. If this ever changes, we will update this policy and introduce a consent mechanism before any such cookies are set.

6. Who we share data with

We use a small number of service providers (processors) to operate this website:

  • Web3Forms (form delivery). Both our contact form and the Gap Analysis review request are delivered to us via Web3Forms, which forwards each submission to our email. Web3Forms retains submissions in encrypted form for a limited period under its retention policy before automatic deletion, and may pass the submitting IP address and email address to its spam-prevention providers. Web3Forms operates servers in the United States; this transfer outside the EU is limited to the data you submit through the form, is encrypted in transit and at rest, and is subject to Web3Forms' contractual privacy commitments and short automatic deletion cycle.
  • Google Workspace (email). Form submissions and email correspondence arrive in and are stored within our Google Workspace account. Google Ireland Ltd. acts as our provider under its data processing terms.
  • Cloudflare (hosting, CDN, and analytics). The website is served through Cloudflare's global network under its data processing terms.

We may also disclose personal data where required by law, regulation, or a valid legal process.

7. How long we keep your data

Enquiries that do not lead to an engagement are kept for up to 24 months from our last contact with you, after which they are deleted. If your enquiry leads to a business relationship, data connected to that relationship is retained for the duration of the engagement and thereafter as required by Bulgarian accounting and tax law.

8. Your rights

Under the GDPR you have the right to access your personal data, to have it rectified or erased, to restrict or object to its processing, to receive it in a portable format, and to withdraw any consent you have given (without affecting processing that took place before withdrawal).

To exercise any of these rights, email office@heic.eu. We will respond within the timeframes set by the GDPR.

You also have the right to lodge a complaint with the Bulgarian supervisory authority: the Commission for Personal Data Protection (Комисия за защита на личните данни), 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria — www.cpdp.bg.

9. Security

We apply appropriate technical and organisational measures to protect personal data, including encrypted transmission (HTTPS) across the entire website, access controls on our systems, and the use of providers that encrypt data in transit and at rest. No method of transmission or storage is completely secure, but we work to protect your data in line with the standards we advise our own clients to meet.

10. Links to other websites

This website contains links to external sites we do not operate. This policy does not cover those sites, and we encourage you to review the privacy policy of any site you visit.

11. Changes to this policy

We may update this policy from time to time. The current version, with its "last updated" date, will always be published on this page. If we make material changes to how we process personal data, we will make that clear here.

12. Contact

HEIC Ltd, 119 Nikola Petkov Blvd., Sofia 1614, Bulgaria
Email: office@heic.eu · Phone: +359 897 870 980

HEIC Ltd

Trusted consultations on cyber and information security and management systems for organisations in Bulgaria and the EU.

office@heic.eu

Frameworks

  • ISO 27001
  • NIS2 Directive
  • DORA Regulation
  • ISO 42001

Company

  • About
  • Insights
  • Contact

Contact

  • office@heic.eu
  • Sofia, Bulgaria
  • Mon–Fri, 09:00–18:00 EET

© 2026 HEIC Ltd. All rights reserved.  ·  UIC 131 221 609  ·  Sofia, Bulgaria

Privacy Policy