Legal

Privacy Policy

A plain-English read of what we do with your data, why, and how to reach us if you want it changed or deleted. We've tried to keep the legalese to the minimum the law actually requires.

Last updated: 6 May 2026

1. Who we are

We're AYM International Consultants, S.L., which you'll see written as AYMTEC in most places. We're a small Spanish consulting firm based in Valencia, and we're the "data controller" for everything described below. That's just the legal way of saying we're responsible for how your information is handled.

Company name
AYM International Consultants, S.L. (AYMTEC)
Tax ID (NIF)
B06931356
EUID
ES46030.000848880
Registered office
Calle Garrigues 8, 46001 Valencia, Spain
Commercial registry
Registro Mercantil de Valencia, Hoja V-199243
Privacy contact
privacy@aymtec.com
General contact
inquiry@aymtec.com

2. What we collect, and why

We only collect what we genuinely need to do our job. Here's the breakdown by what kind of relationship you have with us.

If you visit the website

  • Browser/device data, IP address (anonymised), pages viewed, referrer (via Google Analytics 4 and Google Tag Manager).
  • Purpose: measure traffic and improve the site.
  • Legal basis: your consent (Art. 6(1)(a) GDPR), collected via the cookie banner. No analytics cookies are set before consent.

If you write to us

  • Name, email, organisation, phone (if provided), message content.
  • Purpose: respond to your request.
  • Legal basis: taking pre-contractual steps at your request (Art. 6(1)(b)) and our legitimate interest in handling business enquiries (Art. 6(1)(f)).

If you subscribe to The Africa Brief

  • Email, name (optional), engagement data (opens, clicks).
  • For paid tiers: billing name, address, payment method (held by Stripe; we never see card numbers).
  • Purpose: deliver the newsletter, manage your subscription, comply with billing law.
  • Legal basis: performance of a contract (Art. 6(1)(b)) for paid; consent (Art. 6(1)(a)) for free signups.

If you're a client or active prospect

  • Identification and contact details of you and your representatives.
  • Commercial-relationship data (proposals, SoWs, invoices, payments).
  • Project work product and deliverables.
  • Purpose: scope, deliver, invoice, and support our services.
  • Legal basis: performance of a contract (Art. 6(1)(b)) and legal obligation for tax and accounting records (Art. 6(1)(c)).

If we reach out to you cold

  • Publicly available business contact data (name, role, company, work email, LinkedIn).
  • Purpose: finding people who might genuinely benefit from what we do. We try not to waste anyone's time, including ours.
  • Legal basis: legitimate interest (Art. 6(1)(f)), balanced against your right to object. One word from you and we stop. See the contact below.

3. How long we keep it

We don't keep things "just in case." Each kind of data has a clear shelf life.

Data Retention
Website analytics14 months (GA4 default)
Contact-form enquiries24 months from last contact, then deleted
Newsletter subscriptionsUntil you unsubscribe + 30 days for audit logs
Client contracts, invoices, project records6 years from end of relationship (Art. 30 Spanish Commercial Code)
Tax records6 years (Art. 66 Ley General Tributaria)
Sales prospect notes (no contract formed)18 months from last contact, then deleted

4. Who else touches your data

We don't run our own data centres or AI models. We rely on the tools below to do the heavy lifting, and each of them has signed a Data Processing Agreement (DPA) with us, meaning they only handle your data the way we tell them to.

Processor Role Data location
Netlify, Inc.Website hostingGlobal CDN (US-headquartered)
DigitalOcean, LLCDNS resolutionGlobal anycast
Google WorkspaceBusiness email, document storage, calendarEU (with US sub-processors)
Google Analytics 4Website analytics with IP anonymisationEU/US
Stripe Payments Europe Ltd.Payment processing, subscription billing, customer portalIreland (EU)
Beehiiv, Inc.Newsletter platform (The Africa Brief)United States
Odoo S.A.CRM and accounting (light mirror of Stripe records)Belgium (EU)
Google (Gemini API)AI processing of work productEU/US
OpenAI Ireland Ltd.AI processing of work productIreland (EU)
Anthropic Ireland Ltd.AI processing of work productIreland (EU)

One thing worth mentioning: we also run Ollama, an open-source AI runtime, on our own laptops. Nothing leaves the machine when we use it, so we haven't listed it as a third-party processor, because it isn't one.

We don't sell your data. We don't let anyone use it to train AI models. Full stop.

5. When data leaves the EU

A few of the tools above are based outside the European Economic Area, mostly in the United States. When that happens, the data is protected by:

  • the EU–US Data Privacy Framework (Stripe, Google, OpenAI, Anthropic, Beehiiv, Netlify) where the recipient is certified, and/or
  • Standard Contractual Clauses (SCCs) approved by the European Commission, with supplementary measures where required.

If you'd like to see the specific safeguards in place, just email privacy@aymtec.com and we'll send them over.

6. What you can ask us to do

Under the GDPR and Spanish LOPDGDD, you've got real rights here. We won't make you fight for them. Just send a message:

  • Access the personal data we hold about you.
  • Rectify data that is inaccurate or incomplete.
  • Erase your data ("right to be forgotten") in defined circumstances.
  • Restrict or object to processing based on our legitimate interests.
  • Portability: receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent (without affecting the lawfulness of prior processing).
  • Not be subject to automated decisions that produce legal or similarly significant effects (we do not use such decision-making).
  • Digital will: under Spanish law (Art. 96 LOPDGDD), instruct what should happen to your data after death.

To exercise any of these, email privacy@aymtec.com with something that proves you are who you say you are. We'll get back to you within a month, usually much faster.

If we drop the ball, you can also raise a complaint with the Spanish Data Protection Authority directly:

Agencia Española de Protección de Datos (AEPD)

C/ Jorge Juan, 6, 28001 Madrid

www.aepd.es

7. Cookies

We keep this simple. Two categories on aymtec.com:

  • The ones we need: to make the site work at all. Can't turn these off.
  • Analytics: Google Analytics 4, so we can see which pages people actually read. Only loads if you accept.

No advertising cookies. No cross-site trackers. You can change your mind anytime through the cookie banner.

8. Security

We take this seriously, but we're not going to pretend we're invincible. Nobody is. Practically: HTTPS everywhere, MFA on every admin account, strict access controls, and we only work with vendors who can show their security homework. If something does go wrong and it affects you, we'll tell you, and we'll tell the AEPD. That's what GDPR Articles 33–34 require, and we agree with the spirit of them.

9. When this changes

Our services evolve, and so does the law, so this page will too. If we change anything that actually matters to you, we'll email subscribers and clients first. The "Last updated" date at the top will always tell you when the most recent revision landed.

10. Get in touch

A real person reads every email. Not a ticketing system, not a chatbot. Usually Badou, or whoever's covering the inbox that day.

Privacy questions
privacy@aymtec.com
General enquiries
inquiry@aymtec.com
Postal
Calle Garrigues 8, 46001 Valencia, Spain