Privacy Policy

Last updated: 24 June 2026

This Privacy Policy explains how A17 collects, uses, and protects personal data when you visit a17.company or contact us. We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

1. Who we are (Data Controller)

Andrei Bushuev (sole trader / autónomo)
NIF: Z1110287J
Mallorca 236, 08008 Barcelona, Spain
Email: hello@a17.team

We are the controller responsible for your personal data.

2. What data we collect and why

a) When you contact us (form or email)

When you submit a request through the site or email us at hello@a17.team, we collect:

• Your name
• Your email address
• Your company name (if provided)
• Any other information you choose to include in your message or answers to our questions

Purpose: to respond to your enquiry, discuss our services, and follow up with you as a prospective client.

Legal basis: taking steps at your request prior to entering a contract, and our legitimate interest in responding to business enquiries (Art. 6(1)(b) and 6(1)(f) GDPR).

Retention: we keep this data until you ask us to delete it (see Section 6). You may request deletion at any time.

b) When you browse the site (analytics & security)

• Google Analytics 4 — measures how visitors use the site (pages viewed, approximate location, device, referral source) so we can improve it. Runs only if you consent via our cookie banner.
  Legal basis: your consent (Art. 6(1)(a) GDPR). You can withdraw it at any time.
• Cloudflare — protects the site against attacks, bots, and abuse, and helps it load reliably. This is strictly necessary for the site to function securely and runs without consent.
  Legal basis: our legitimate interest in keeping the site secure and available (Art. 6(1)(f) GDPR).

We use this data only to improve and protect our own site. We do not sell it or use it for advertising.

3. Cookies and similar technologies

When you first visit, our banner lets you Accept or Deny. Denying disables Google Analytics; Cloudflare's security functions remain active because they are necessary to operate the site safely. You can change your choice at any time by clearing cookies or using the banner.

4. Who has access to your data (recipients & processors)

We do not transfer your data to third parties for their own purposes. We use the following service providers (processors) solely to operate our business:

• Google Workspace (Gmail) — receiving and replying to your emails.
• Self-hosted CRM — storing and managing prospect contact details. Hosted on our own server at a Hetzner data centre in Finland (EU).
• Cloudflare — site security and delivery.
• Google Analytics — usage measurement (only with your consent).

5. International data transfers

Our CRM and email infrastructure are located within the EU/EEA.

Google Analytics and Cloudflare may process some data on servers outside the EU/EEA, including the United States. Where this happens, transfers are protected by the EU–US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses (SCCs), which provide an adequate level of protection under GDPR.

6. Your rights

Under GDPR you have the right to: access your data, correct it, delete it, restrict or object to processing, request portability, and withdraw consent at any time.

To exercise any of these rights — including deletion of the data you provided — email hello@a17.team. We will respond within one month.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD, www.aepd.es).

7. Data security

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse.

8. Changes to this policy

We may update this policy from time to time. The current version is always available at a17.company/privacy with the revision date shown above.

9. Contact

Questions about this policy or your data: hello@a17.team