Privacy Policy
1. Introduction
This Privacy Policy explains how CAPAI Team (“we,” “us,” or “our”) collects, uses, and discloses your personal data, and your rights in relation to that data. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and applicable Spanish law. By using our website (www.capai.team) or services, you agree to the terms of this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is CAPAI Team, operated by Maksim Sapukhin, an autónomo (self-employed professional) based in Spain. You can contact the data controller at:
  • Email: maksim_sapukhin@capai.team
  • Address: 41940, Tomares, Navarro Caro 20, Spain
  • If you have any questions about this policy or your personal data, please contact us at the email above. You also have the right to contact the Spanish Data Protection Agency (AEPD) if you have any concerns.
3. Personal Data We Collect
We may collect the following personal data from you:
  • Contact Information: Name, email address, phone number, company/organization name, or other information you provide when you contact us or fill out forms on our site.
  • Communication Content: Any personal data included in messages you send us (for example, details about your project or requests).
  • Website Usage Data: When you visit our site, we may collect information such as your IP address, browser type, and browsing behavior through cookies or similar technologies (see “Cookies” below). This information is typically collected anonymously and aggregated.
  • Billing Information: If you become a client, we may collect information necessary for invoicing and payment (such as your billing name, address, tax identification number, and payment details).
  • We do not intentionally collect any special categories of personal data (sensitive data) about you. Please avoid sharing sensitive information unless necessary for our services, in which case we will handle it with extra care.
4. Purpose and Legal Bases for Processing
We process your personal data only for specific purposes and based on a legal justification under GDPR:
  • Providing Services and Responding to Inquiries: We use your contact information to communicate with you, answer your questions, and discuss our consulting services. Legal basis: Legitimate Interests – it is in both your and our interest to use your information to respond to your inquiries; alternatively, your explicit Consent if you provided your information expecting a reply.
  • Performing a Contract: If you become a client, we process whatever personal data is necessary to deliver our consulting services and fulfill our contract with you (e.g., using your contact and project details to carry out the work). Legal basis: Contractual necessity – processing is needed to perform the agreement between you and us.
  • Communication and Updates: With your permission, we may use your email to send newsletters or updates about our services. Legal basis: Consent – we will only send marketing communications if you have opted-in. You can withdraw consent at any time.
  • Website Improvement and Analytics: We analyze aggregated website usage data (via cookies) to improve our site’s functionality and user experience. Legal basis: Consent – we ask for your consent to use non-essential analytics cookies.
  • Legal and Accounting Obligations: We keep records of transactions (invoices, etc.) for accounting and tax purposes as required by law. Legal basis: Legal Obligation – we must process and retain certain data to comply with Spanish law.
  • We will not use your personal data for any purpose that is incompatible with the purposes described above. If we need to process your data for a new purpose, we will update this policy and, if required, seek your consent.
5. How We Use and Store Your Data
We use your data solely to achieve the purposes outlined. For example, if you send us a message via the contact form, we will use the provided information to respond and not for any unrelated purpose. All personal data is stored securely. Digital data is protected by encryption and access controls, and any physical documents (if applicable) are kept secure. We do not engage in automated decision-making or profiling with your personal data. We do not sell or rent your personal information to third parties.
6. Who We Share Your Data With
We value your privacy. We share personal data with third parties only in limited circumstances:
  • Service Providers: We use trusted third-party service providers to operate our business. For example, our website may be hosted by a hosting company, and our business emails are handled by an email service provider. These providers might incidentally process your data (e.g., your email is stored on their servers). We ensure any such processors are GDPR-compliant and have appropriate data protection agreements in place.
  • Analytics Services: If you consent to analytics cookies, we use [Analytics Provider, e.g., Google Analytics] to collect website usage data. This means [Google] could process some basic data (like IP address and device info) to provide us with anonymized site metrics. [Google] may process data outside the EU, so we rely on standard safeguards (see “International Transfers” below). You can opt-out of analytics at any time by adjusting cookie settings.
  • Professional Advisors: In certain cases, we may share necessary information with our professional advisors (for example, providing an invoice containing your name and address to our accountant). These parties are bound by confidentiality and data protection obligations.
  • Legal Requirements: If we are legally compelled by authorities or courts to disclose data, or need to disclose data to enforce our legal rights, we will do so in compliance with the law.
  • Aside from the above, we do not disclose your personal data to any third parties unless you request it or give us permission. We never sell your data to advertisers or other companies.
7. Cookies and Tracking
Our website uses cookies and similar technologies to ensure proper functionality and to improve your experience. When you first visit our site, you will see a cookie notice requesting your consent for non-essential cookies. We use the following types of cookies:
  • Essential Cookies: These are necessary for the website to function (for example, to load pages or remember your cookie preferences). They are always active and do not require consent.
  • Analytics Cookies: These cookies (from services like Google Analytics) collect aggregate information on how visitors use our site (e.g., which pages are visited, how long is spent on the site). This helps us improve our content and user experience. These cookies will only be set if you expressly Allow them.
  • We do not use advertising or tracking cookies for marketing purposes at this time.
  • Your Choices: You can manage your cookie preferences at any time via our website’s cookie settings [provide link or instructions]. You can also disable or delete cookies using your browser settings; however, this may affect some site functionality. For detailed information, please see our [Cookies Policy] (if you have a separate cookie policy page).
8. Data Retention
We keep personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
  • If you contact us but do not become a client, we will retain your contact information and message for up to [X months, e.g., 12 months] in case we need to refer to it, after which it will be deleted from our active systems.
  • If you become a client, we will retain your data for the duration of our working relationship. After the end of our engagement, we may retain relevant data for [X years] to support our services (in case of follow-up projects) or as required for legal record-keeping. For example, Spanish tax law requires us to keep invoicing records (which may include your name and payment details) for 5 years, so we will retain those records for that period.
  • Analytics data collected via cookies is typically retained [specify duration or say “as per [Google Analytics] standard retention, which is __”]. We configure analytics to anonymize IP addresses and do not store personally identifiable analytics data long-term.
  • When data is no longer needed, we will ensure it is securely deleted or anonymized. For instance, we regularly purge old inquiry emails and securely erase any personal data that is no longer required.
  • Note: We may retain data longer if necessary to establish, exercise, or defend legal claims.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
  • Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we process it.
  • 2
  • Rectification: If any of your information is incorrect or incomplete, you have the right to have it corrected or updated.
  • 2
  • Erasure: You can request that we delete your personal data if it is no longer necessary for the purposes collected, if you withdraw consent, or in other certain circumstances (this is also known as the “right to be forgotten”).
  • 2
  • Restriction: You have the right to ask us to restrict or suspend processing of your data, for example while a dispute about data accuracy or usage is resolved.
  • 2
  • Data Portability: For data you provided to us and which we process by automated means based on consent or contract, you can request to receive it in a structured, commonly used format (e.g., CSV file), or have us transfer it to another data controller where technically feasible.
  • Object:
  • You may object to our processing of your data if you believe it is improper. Specifically, you can object at any time to receiving marketing emails, and we will stop processing your data for marketing purposes In other cases, we will stop processing if we cannot demonstrate a compelling legitimate reason to continue.
  • Withdraw Consent: If we are processing any personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
  • To exercise any of these rights, please contact us at maksim_sapukhin@capai.team. We may need to verify your identity before fulfilling your request. We will respond to your request as soon as possible, and at most within one month, in accordance with GDPR. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive.
If you believe your data protection rights have been violated, you also have the right to lodge a complaint with the relevant supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD), which you can contact via https://www.aepd.es.
10. Data Security
We implement appropriate technical and organizational measures to secure your personal data.

 We use industry-standard security practices to protect data against unauthorized access, alteration, disclosure, or destruction. These measures include:
  • Encryption: Our website is secured via SSL/TLS encryption (HTTPS), which means any data you submit through forms is encrypted in transit. We also encrypt sensitive files and emails where applicable.
  • Access Controls: Personal data is accessible only to the data controller (Maksim Sapukhin) and trusted service providers who need access for the purposes described. All accounts and devices are protected with strong passwords and, where possible, two-factor authentication.
  • Updates and Monitoring: We keep our systems and software up-to-date to address security vulnerabilities. We monitor our website and systems for potential threats and have procedures in place to deal with any suspected data breach promptly.
  • Secure Storage: Data stored electronically is on secure servers. Any paper documents (if generated) are kept in a secure location.
  • While we strive to protect your information, please understand that no method of transmission over the Internet or electronic storage is 100% secure. However, we continuously improve our security to keep your data safe. In the unlikely event of a data breach affecting your personal data, we will notify you and the appropriate authorities as required by law.
11. International Data Transfers
In general, we aim to store and process your personal data within the European Union. However, some of our service providers may be located or may store data in other countries:
  • For example, if we use Google services or Microsoft cloud services, your data might be processed on servers outside the EU (such as in the United States).
  • When we transfer personal data outside the European Economic Area (EEA), we ensure that adequate safeguards are in place as required by GDPR Most commonly, this means:
  • We use providers that participate in an EU-approved data privacy framework or have signed Standard Contractual Clauses (SCCs) with us, which are legal contracts that guarantee your data is protected according to EU standards, even overseas.
  • In some cases, the European Commission may have determined that the destination country’s laws offer sufficient data protection (an “adequacy decision”). If we transfer data to such a country, we rely on that decision.
  • You can contact us if you have questions about the international transfer of your personal data or want to obtain a copy of the relevant safeguards in place.
12. Updates to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

 We will notify you of any significant changes by posting a notice on our website or by contacting you directly (e.g., via email, if appropriate). The “Last Updated” date at the bottom of this policy indicates when the latest changes were made. We encourage you to review this Policy periodically for the latest information on our privacy practices.
If you do not agree with changes to the Privacy Policy, you should stop using our website and services. Where we need your consent for certain processing (for example, for new marketing uses or new types of data collection), we will obtain your consent before proceeding with such changes.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
  • Email: maksim_sapukhin@capai.team
  • Address: 41940, Tomares, Navarro Caro 20, Spain

We will be happy to answer your questions and address any issues you have regarding your privacy.
Last Updated: 01/07/2025