Privacy Policy
Version 1.0 · In force since 2026-05-23
1. Who is the data controller
Commercial brand: Agentiko
Data controller: Gavrilo Marković Janković, self-employed professional operating under the Agentiko brand (hereinafter "Agentiko" or "we").
Spanish Tax ID (NIF): 49383610B
Registered address: Carrer Can Batista 31, 08739 Subirats (Barcelona), Spain
Privacy contact: [email protected]
We are not required to appoint a Data Protection Officer (DPO). If you have any questions or want to exercise your rights, write directly to the email above.
2. What data we process and on what legal basis
| Processing | Data | Legal basis | Retention |
|---|---|---|---|
| Contact form / information request | Name, email, phone (optional), message | Consent (Art. 6.1.a GDPR) | 24 months from last contact. After that, we anonymise or delete. |
| Free AI diagnostic / quote | Contact data + company information you provide | Pre-contractual measures (Art. 6.1.b GDPR) | Duration of the relationship + 5 years (commercial obligations) |
| Performance of contracted services | Billing data, project contact, operational data shared for the service | Contract performance (Art. 6.1.b GDPR) | Duration of the relationship + 6 years (tax and commercial obligations) |
| Conversational AI agents operated by Agentiko (chats, demos, events) | Name (if you provide it), messages, technical session identifier | Consent + legitimate interest (Art. 6.1.a and 6.1.f) | 6 months after the event or service ends, unless explicit consent is given to retain longer |
| Web analytics (Cloudflare Web Analytics) | Aggregated data without cookies: page views, country, browser. No persistent identifiers. | Legitimate interest (Art. 6.1.f GDPR) | Aggregated indefinitely, without personal data |
| Behavioural analytics (Google Analytics 4 and Microsoft Clarity) | Only with your consent. Cookies (e.g. _ga, _clck) and interactions to understand site usage. IP anonymised in GA4. | Consent (Art. 6.1.a GDPR) | Up to 14 months (GA4); withdrawable via the “Cookies” link in the footer |
| Marketing communications (only if you have subscribed) | Email, name, preferences | Consent (Art. 6.1.a) | Until you withdraw consent |
3. Who we share your data with
To deliver our services we rely on technology providers that act as data processors or sub-processors (Article 28 GDPR). All have signed Data Processing Agreements (DPAs) or publicly accessible terms.
We maintain the full, up-to-date list on a dedicated page, with purpose, geographic location and applicable safeguards for each provider:
→ See list of technology providers
3.1. Important: conversational AI
When you interact with an AI agent operated by Agentiko (for example, at an event or demo), your messages are processed by third-party models (Anthropic, Google) to generate the response. They are not used to train the models — we have specific DPAs with training opt-out. Conversations are stored in our systems for the purposes described in the table in section 2.
4. International transfers
Some data may be processed outside the EEA (mainly in the USA) by the providers listed. All transfers are covered by:
- European Commission Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework when the provider is certified
- Additional technical measures (encryption in transit and at rest)
5. Your rights
You have the right to:
- Access — know what data of yours we process
- Rectification — correct inaccurate data
- Erasure — delete your data ("right to be forgotten")
- Restriction — restrict processing in certain circumstances
- Portability — receive your data in a structured format
- Object — object to processing based on legitimate interest
- Withdraw consent at any time, without retroactive effect
- Not be subject to automated decisions that produce legal or similarly significant effects on you
To exercise any of these rights, send an email to [email protected] stating which right you wish to exercise. We will respond within 30 days.
If you believe the processing has not been carried out correctly, you have the right to lodge a complaint with the Spanish Data Protection Agency: Agencia Española de Protección de Datos (AEPD).
6. Automated decisions and AI agents
The AI agents we operate never make automated decisions with legal or significant effects on people without human supervision. In most cases the agents make recommendations, generate content or assist in conversations — the final decision is always human.
If a specific service involves decisions with significant impact, we will let you know explicitly in advance and you will have the right to request human intervention.
7. Cookies and tracking
This site does not use tracking or advertising cookies. We use Cloudflare Web Analytics, which collects aggregated statistics without cookies or persistent identifiers. We do not profile visitors or resell data to third parties.
8. Security
We apply reasonable technical and organisational measures: HTTPS encryption, multi-factor authentication on critical services, least-privilege access, backups, and AI incident logging. If a security breach with risk to your rights nonetheless occurred, we will notify you within 72 hours and report it to the AEPD where applicable.
9. Retention and deletion
We retain data for the periods indicated in the table in section 2. Once the period ends, we delete or anonymise the data so it can no longer be associated with an identifiable person.
10. Changes to this policy
We may update this policy when our services, providers or legal requirements change. If the change is material, we will notify affected users by email or prominent notice on the website. The date of the latest update always appears in the header.