Skip to content
Gülfem Yakub
Legal

Privacy Policy

Last updated: June 9, 2026

This Privacy Policy explains how personal data is collected and used when you visit gulfemyakub.com or get in touch through this website. It is written to comply with the EU General Data Protection Regulation (GDPR) and Bulgarian data protection law. Please read it together with our Cookie Policy.

1. Who is responsible for your data (the controller)

The person responsible for your personal data (the data controller) is Gülfem Yakub, an independent personal trainer and yoga teacher operating as a private individual (физическо лице) in Plovdiv, Bulgaria. She is not a registered company and does not have a company, trade-register, or VAT number.

You can reach the controller about any privacy matter by email at [CONTACT EMAIL — to be confirmed], by phone at [PHONE — optional], or by post at [POSTAL ADDRESS — to be confirmed]. You can also use the contact page on this website, or send a message via the verified Instagram account @gulfemyakub. If you contact us about a privacy request, please make clear that your message concerns your personal data so it can be handled properly.

The website is designed, developed, and maintained by WIARA (WIARA.com). WIARA acts only as a technical service provider for the website and is not the data controller. Any questions about your personal data should be directed to Gülfem Yakub using the details above.

2. What personal data we collect

We try to collect as little personal data as possible. The data we may process falls into the following groups:

  • Contact form data: when you use the contact form, we collect your name, your email address, and the content of the message you choose to write. We also record that you ticked the consent box and the date of your enquiry.
  • Messages you send us directly: if you email us, telephone us, or message us on Instagram, we will hold the information contained in that correspondence.
  • Analytics data: we use privacy-friendly, cookieless analytics (Vercel Analytics) that produce aggregate statistics about how the site is used (for example, which pages are viewed and roughly how many visitors there are). These analytics do not set tracking cookies, do not build a profile of you, and do not follow you across other websites. They load only after you give consent through the cookie banner.
  • Technical server data: like almost all websites, our hosting provider may automatically process limited technical information (such as IP address and browser type) for short periods in order to deliver and secure the site. This is described further in the section on processors below.

3. Please do not send sensitive or health data

The contact form is for general enquiries only. Please do not include special-category data within the meaning of Article 9 GDPR — in particular information about your health, medical conditions, injuries, or similar — in your message. We do not need it to answer an enquiry, and we ask you not to provide it through the website.

If a discussion about your health or fitness becomes relevant once we are working together, we will agree separately and in advance how any such information is handled and protected.

4. Why we use your data and our legal basis

Under the GDPR we must have a lawful basis for processing your personal data. The bases we rely on are:

  • To respond to your enquiry and take steps at your request before any possible agreement — for example answering questions, discussing whether and how we might work together, and arranging an initial consultation. Legal basis: Article 6(1)(b) GDPR (steps taken at your request prior to entering into a contract), and where appropriate your consent under Article 6(1)(a) GDPR (the consent box on the form).
  • To run cookieless analytics so we can understand in aggregate how the website is used and improve it. Legal basis: your consent under Article 6(1)(a) GDPR, given through the cookie banner. You can withdraw this consent at any time.
  • To operate, secure, and maintain the website and to keep basic records of correspondence. Legal basis: our legitimate interests under Article 6(1)(f) GDPR in running a safe and functioning website, balanced against your rights.
  • To meet legal obligations, for example keeping records required by accounting or tax rules if you become a client. Legal basis: Article 6(1)(c) GDPR (compliance with a legal obligation).

5. Who we share your data with (recipients and processors)

We do not sell your personal data and we do not share it for advertising. We do rely on a small number of trusted service providers (processors) who handle data on our behalf and only on our instructions:

  • Vercel Inc. — website hosting and deployment, and the cookieless Vercel Analytics service. Vercel processes the technical data needed to serve the site and the aggregate, non-identifying analytics described above.
  • Email delivery provider (for example Resend) — used to transmit messages submitted through the contact form so that they reach the controller's inbox. This provider processes the name, email address, and message content you submit, solely in order to deliver the email.
  • Email and messaging providers used by the controller to read and reply to your message (for example a standard email provider, or Instagram where you contact us there).

We may also disclose personal data where we are legally required to do so, for example to comply with a court order or a request from a competent authority. Where a processor acts for us, we have or will put in place an agreement requiring it to protect your data and to process it only as instructed, as required by Article 28 GDPR.

6. International transfers

Some of our service providers (for example Vercel, and certain email providers) are based in or process data in the United States. Where personal data is transferred outside the European Economic Area, that transfer is protected by appropriate safeguards recognised under the GDPR — in particular the EU–U.S. Data Privacy Framework where the provider is certified, and/or the European Commission's Standard Contractual Clauses (SCCs), together with additional technical and organisational measures where needed.

You can ask us for more information about these safeguards using the contact details in section 1.

7. How long we keep your data

We keep personal data only for as long as we need it for the purposes set out above:

  • Enquiries that do not lead to us working together: we normally delete contact-form messages and related correspondence within about 6 to 12 months, unless you ask us to delete them sooner.
  • Client records: if you become a client, we keep relevant records for longer, for the period required by Bulgarian accounting and tax rules and by the applicable limitation (statute-of-limitations) periods for any legal claims, after which they are deleted or anonymised.
  • Analytics data: the analytics we use are aggregate and non-identifying, and are not stored against you as an individual.
  • Consent records: where you give or withdraw consent (for example through the cookie banner or the form), we keep a basic record of that choice for as long as needed to demonstrate compliance.

8. Your rights

Under the GDPR you have the following rights in relation to your personal data, which you can exercise free of charge by contacting us using the details in section 1:

  • The right to be informed about how your data is used — which this policy aims to provide.
  • The right of access — to obtain a copy of the personal data we hold about you.
  • The right to rectification — to have inaccurate or incomplete data corrected.
  • The right to erasure — to have your data deleted in certain circumstances (the right to be forgotten).
  • The right to restriction — to limit how we use your data in certain circumstances.
  • The right to data portability — to receive certain data in a structured, commonly used, machine-readable format.
  • The right to object — to object to processing based on our legitimate interests.
  • The right to withdraw consent at any time — where we rely on your consent (for example analytics or the contact form), you can withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal. For analytics, you can withdraw consent using the "Cookie settings" link in the website footer.

We will respond to any request within the time limits set by the GDPR (normally within one month). We may need to verify your identity before acting on a request, so that we do not disclose your data to the wrong person.

9. Your right to complain

If you believe your personal data has been handled unlawfully, we would appreciate the chance to put things right, so please contact us first. You also have the right to lodge a complaint with the Bulgarian supervisory authority:

Commission for Personal Data Protection (Комисия за защита на личните данни / CPDP / КЗЛД), 2 Prof. Tsvetan Lazarov Blvd, Sofia 1592, Bulgaria. Website: cpdp.bg.

10. Children

This website is intended for adults and is not directed at children. Under Bulgarian law, the age at which a child can give valid consent in relation to online services is 14. If you are under 14, please do not submit personal data through this website without the involvement of a parent or guardian. If we learn that we have collected the data of a child under 14 without appropriate consent, we will delete it.

11. Automated decision-making and profiling

We do not use your personal data to make automated decisions that produce legal or similarly significant effects, and we do not carry out profiling of you.

12. Changes to this policy

We may update this Privacy Policy from time to time, for example if our processors or practices change. The date at the top of this page shows when it was last updated. Significant changes will be reflected here, so please check back occasionally.

Back to home