Privacy Policy
Last updated: June 2026
1. Overview
This privacy policy explains how I process personal data when you visit this website, request a resource, send an inquiry, book a call, or otherwise contact me about AI engineering and consulting services. I only process personal data for the purposes described below and I do not sell personal data.
2. Data Controller
Daniel Panea
AI Engineering & Consulting
Avenida Angel Guimera 13
38003 Santa Cruz de Tenerife
Canary Islands, Spain
NIF: show NIF
Email: show email
No data protection officer has been appointed because the current processing activities do not require one.
3. Data Processed on This Website
3.1 Website access and hosting logs
When you access the website, hosting and network providers may process technical data such as IP address, requested URL, referrer, browser and device information, date and time, and security events. This is necessary to deliver the website, keep it secure, diagnose errors, and prevent abuse.
3.2 Contact, scorecard, slides, and newsletter forms
If you submit a form, I process the information you provide. Depending on the form, this may include name, email address, company, preferred language, project stage, workflow description, data category description, message text, requested resource, newsletter choice, and technical anti-spam fields. Forms are submitted to Kit, which I use to receive inquiries, deliver resources, and manage email subscriptions where you request them.
3.3 Email links and direct contact
If you contact me by email, I process your email address, message content, and related communication metadata to respond to you and manage the business relationship.
3.4 Scheduling
Booking links lead to Calendly. If you book a call, Calendly processes the information required to schedule the appointment, such as name, email address, selected time, timezone, answers you provide, and meeting metadata.
3.5 Local storage, cookies, and analytics
This website does not use advertising cookies. It may store a manually selected language preference in localStorage. If you use the analytics opt-out parameter, that preference is also stored in localStorage. Cloudflare Web Analytics may be used for aggregate, cookie-free traffic measurement. The analytics setup is for website measurement, not individual visitor profiling.
3.6 External media and links
Some pages link to external websites such as LinkedIn, Calendly, demo sites, or downloadable resources. The keynote video is loaded from YouTube only when you choose to play it. External providers process data under their own privacy notices once you use their services.
4. Purposes and Legal Bases
- Website delivery, security, and troubleshooting: legitimate interests in operating a secure and reliable website (Art. 6(1)(f) GDPR).
- Language preference and analytics opt-out: consent or your explicit preference expressed through the website controls (Art. 6(1)(a) GDPR).
- Aggregate website analytics: legitimate interests in understanding whether the website works and which pages are useful (Art. 6(1)(f) GDPR).
- Responding to inquiries and preparing services: pre-contractual measures or contract performance (Art. 6(1)(b) GDPR) and legitimate interests in business communication (Art. 6(1)(f) GDPR).
- Delivering requested resources and optional email notes: consent (Art. 6(1)(a) GDPR) and, where applicable, performance of the requested service (Art. 6(1)(b) GDPR).
- Accounting, tax, and legal compliance: legal obligations (Art. 6(1)(c) GDPR).
- Establishing, exercising, or defending legal claims: legitimate interests (Art. 6(1)(f) GDPR).
5. Recipients and Service Providers
Personal data may be processed by service providers that support the website and communication workflow, including GitHub Pages for hosting, Cloudflare for analytics and network services, Kit for forms and email delivery, Calendly for scheduling, and Google/YouTube when you play embedded video. I also process email communications through my normal email provider.
Some providers may process data outside the European Economic Area, especially in the United States. Where required, transfers are based on appropriate safeguards such as EU Standard Contractual Clauses, adequacy decisions, or equivalent transfer mechanisms offered by the provider.
6. Retention
I keep personal data only as long as needed for the relevant purpose. Website logs are retained by the relevant providers according to their operational and security settings. Form submissions and business inquiries are normally retained for up to three years after the last contact unless a longer period is needed for a client relationship, legal claim, or statutory obligation. Accounting and tax records are retained for the legally required period. Email subscriptions remain active until you unsubscribe or withdraw consent.
7. Your Rights
Under the GDPR, you may have the following rights, subject to the legal requirements for each right:
- Access to your personal data
- Rectification of inaccurate or incomplete data
- Erasure of data
- Restriction of processing
- Data portability
- Objection to processing based on legitimate interests
- Withdrawal of consent at any time, without affecting processing before withdrawal
To exercise these rights, contact me through the protected email link on this page. You also have the right to lodge a complaint with a data protection authority. In Spain, the competent authority is the Agencia Espanola de Proteccion de Datos (AEPD): https://www.aepd.es/.
8. Required or Optional Data
Providing data through forms is voluntary. If you do not provide required form fields, I may not be able to send the requested resource, respond to your inquiry, or schedule a call. If you subscribe to email notes or request a resource, you can unsubscribe or withdraw consent at any time using the email unsubscribe mechanism or by contacting me.
9. Automated Decision-Making
I do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
10. Data Security
I implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes using HTTPS encryption for all data transmission.
11. Changes to This Policy
I may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.