Overview
This privacy policy explains how Vitali Amare collects, processes, and protects your personal data when you interact with our website at vitaliamare.com. We are committed to respecting your privacy and complying with the General Data Protection Regulation (GDPR).
This policy applies to all visitors and users of our website, including those who submit enquiries via the contact form and those who purchase digital products through our shop. Please read it carefully. If you have any questions, contact us at engage@vitaliamare.com.
Who We Are
Data Controller: Vitali Amare
- Location: Barcelona, Spain
- Email: engage@vitaliamare.com
- Website: vitaliamare.com
We are responsible for any personal data we collect from you and how it is used. We act as a data controller under GDPR Article 4(7).
What Data We Collect
We collect personal data only when you choose to share it with us. We collect data through three routes: our advisory enquiry form, our digital product shop, and our newsletter subscription.
Newsletter Subscription
If you subscribe to The Decision Brief, we collect your email address. This is the only data collected at the point of subscription. Your email is transmitted to beehiiv, our newsletter platform, and used solely to deliver the newsletter and manage your subscription. You can unsubscribe at any time via the link in any issue. The legal basis for this processing is your explicit consent (Article 6(1)(a) GDPR).
Advisory Enquiry Form
Our contact process is a multi-step qualification form followed by a brief submission. The data collected includes:
- Full Name — to identify and address you
- Organisation — to understand your context and industry
- Role/Title — to assess fit for our advisory services
- Email Address — to respond to your enquiry
- Qualification responses — multiple-choice answers about your role, decision type, organisation size, commitment scale, timeline, decision authority, risk concern, and consequence type. These are collected to assess advisory fit before you submit your brief.
- Message/Description — a free-text description of the decision or investment you wish to validate
Digital Product Purchases
Our decision tools (Go/No-Go Decision Engine™, AI Investment Reality Check™, Market Entry Reality Brief™, and bundles) are sold through our shop. Purchases are processed by Stripe, which acts as payment processor for all transactions. When you purchase a product, Stripe collects your name, email address, billing address, and payment information directly. Please refer to Stripe's privacy policy for full details of how they handle your transaction data. We receive from Stripe only the data necessary to fulfil your order and provide post-purchase support (typically your name and email address).
Technical data: We do not collect IP addresses or set tracking cookies. We use a cookie consent banner — your preference (accept or decline) is stored in your browser's local storage only. If you accept, Plausible Analytics loads to measure aggregate site usage. If you decline, no analytics tools load at all. Bunny Fonts (GDPR-compliant typography CDN) loads on all visits and is described in the Cookies & Tracking section below.
Why We Collect Your Data
We process your personal data for two distinct purposes, each with its own legal basis.
Advisory Enquiries
We process your enquiry data to respond to your request and assess whether our advisory services are a fit for your needs. The applicable legal bases are:
- Article 6(1)(b) GDPR: Processing is necessary to take steps at your request prior to entering a contract — you contact us to explore a potential advisory engagement.
- Article 6(1)(f) GDPR: Processing is necessary for our legitimate interests — evaluating business enquiries, responding to requests, and assessing fit for our services.
Digital Product Purchases
We process your order data to deliver your purchased product and provide post-purchase support. The applicable legal basis is:
- Article 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which you are party — the purchase of a digital product.
We do not use your data for marketing, sale of data, or any purpose beyond the specific purpose for which it was collected.
How Long We Keep Your Data
We retain your data only for as long as necessary:
- Enquiry data (no engagement): We retain contact form data for 2 years from your last contact. This allows us to follow up or refer you to relevant contacts if circumstances change.
- Engagement data (if advisory begins): If you engage us as your advisor, we retain your data for the duration of the engagement plus 5 years. This ensures we can fulfil our obligations, handle disputes, and comply with tax and legal requirements.
- Purchase data: Order data (name, email, purchased product) is retained for 5 years from the date of purchase, in accordance with Spanish and EU tax record-keeping requirements (Royal Decree 1619/2012). Transaction records held by Stripe are subject to their own retention policy.
- Legal holds: If we are required to do so by law, we may retain your data beyond these periods.
After the retention period expires, we securely delete or anonymise your data.
Who We Share Your Data With
We do not sell, share, or disclose your personal data to third parties for marketing, advertising, or any commercial purpose.
However, we work with the following third parties who process data on our behalf or as independent controllers:
- Make.com: Our advisory enquiry form submits data to Make.com via a webhook hosted on Make's EU1 infrastructure, located within the European Union. Make.com receives your name, email, organisation, role, qualification responses, and message in order to route your submission to us for review. Make.com acts as a data processor on our behalf. Data processed via our EU1 webhook is hosted and processed within the EU. Their privacy policy is available at make.com/en/privacy-notice.
- Stripe: Digital product purchases are processed by Stripe, which acts as payment processor and an independent data controller for transaction data. They collect and process payment, billing, and order information in accordance with their own privacy policy at stripe.com/privacy.
- beehiiv: Our newsletter, The Decision Brief, is managed through beehiiv. If you subscribe, your email address is transmitted to and stored by beehiiv, which acts as a data processor on our behalf. beehiiv uses your email address solely to deliver the newsletter and manage your subscription preferences, including unsubscribes. Their privacy policy is available at beehiiv.com/privacy.
- Email service providers: To deliver our response to you, we use email infrastructure that may involve third-party email hosting. Your email address and message content are transmitted only to facilitate our reply.
- Legal requirements: If required by Spanish or EU law, court order, or regulatory authority (e.g., AEPD), we may disclose your data.
- No data sales: We never sell your personal data.
- No automated sharing: We do not share your data with automated systems, marketing platforms, or data brokers.
Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right to Access (Article 15): You can request a copy of the personal data we hold about you.
- Right to Rectification (Article 16): You can request correction of inaccurate or incomplete data.
- Right to Erasure (Article 17): You can request deletion of your data, subject to legal retention requirements.
- Right to Restrict Processing (Article 18): You can request that we limit how we use your data while we verify or assess your request.
- Right to Data Portability (Article 20): You can request your data in a portable, machine-readable format.
- Right to Object (Article 21): You can object to certain types of processing, including processing based on legitimate interests.
- Right to Lodge a Complaint (Article 77): You can file a complaint with your local data protection authority.
How to Exercise Your Rights
To exercise any of the rights above, please contact us in writing:
Email: engage@vitaliamare.com
Include: Your name, the specific right you wish to exercise (e.g., "access request"), and any relevant details about your enquiry.
Timeframe: We will respond to your request within 30 days of receipt. If your request is complex, we may extend this by up to 60 days and will inform you accordingly.
You will not be charged for exercising your rights, except in cases of manifestly unfounded or excessive requests, in which case we may charge a reasonable fee.
Data Protection Authority
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the data protection authority in Spain:
- Authority: Agencia Española de Protección de Datos (AEPD)
- Website: www.aepd.es
- Complaint form: Available on the AEPD website
You have the right to lodge a complaint at any time. You do not need to contact us first, though we encourage you to do so so we can address your concerns directly.
Cookies & Tracking
Cookie consent. When you visit the site for the first time, a consent banner appears. Your choice — Accept or Decline — is stored in your browser's local storage under the key va_cookie_consent. This is not a cookie; it is a small text entry in your own browser that never leaves your device. No analytics or advertising tools load until you actively accept.
Google Tag Manager (GTM). If you accept, we load Google Tag Manager (container ID: GTM-KJN567VX). GTM is a tag management system that controls which analytics tools run on the site. It does not itself collect personal data, but it loads the tools described below. GTM only loads after you have given consent — it is never present on a declined or first visit.
Plausible Analytics. GTM loads Plausible Analytics to measure aggregate site usage — page views, referral sources, and approximate geographic region (country level only). Plausible is privacy-first: it sets no cookies, collects no personal data, does not track you across sessions or other sites, and stores only anonymous aggregate statistics. You can review Plausible's data policy at plausible.io/privacy.
Bunny Fonts. Our website uses Bunny Fonts for typography. Font files are loaded from Bunny's CDN (fonts.bunny.net) on all page visits regardless of consent status, as this is a functional necessity for the site to display correctly. Bunny Fonts is GDPR-compliant and does not collect personal data or set cookies. Their privacy policy is available at bunny.net/privacy.
Advertising tags. No advertising pixels (LinkedIn, Meta, X, or otherwise) are currently active on this site. Should we activate any in the future, this policy will be updated and they will remain consent-gated via GTM.
Third-party links. Our website may link to external sites (e.g., LinkedIn). We are not responsible for the privacy practices of external sites. Please review their privacy policies before submitting any information.
Data Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or misuse. However, no method of transmission over the internet or electronic storage is entirely secure. While we strive to protect your data, we cannot guarantee absolute security.
If we discover a data breach that affects your information, we will notify you and relevant authorities as required by GDPR Article 33.
No Automated Decision-Making
We do not use automated decision-making (including profiling) to make decisions about you. Any decisions regarding advisory engagement are made by humans and are based on direct communication with you.
International Data Transfers
Most of your data is processed within the EU/EEA. The position for each processor is as follows:
- Make.com (contact form): Your enquiry data is processed via Make's EU1 infrastructure, hosted within the European Union. No transfer outside the EU/EEA occurs for this processing.
- Stripe (payments): Stripe is a US-headquartered company that also operates EU-based infrastructure. Where personal data is transferred to the United States, such transfers are governed by Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c). See Stripe's Data Processing Agreement for details.
- beehiiv (newsletter): beehiiv is a US-based company. Your email address is transferred to and processed in the United States. Such transfers are governed by Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c). See beehiiv's privacy policy for details of their transfer mechanisms.
We do not transfer your personal data to any other third country. Should additional international processors be engaged in future, this policy will be updated prior to any such transfer taking place.
Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by updating the date below and, where appropriate, by direct notice.
Last updated: May 2026
Contact Us
If you have any questions about this privacy policy, our data practices, or if you wish to exercise your rights, please contact us:
Vitali Amare
Barcelona, Spain
Email: engage@vitaliamare.com