Privacy Policy

Complete information about the processing of your personal data, compliant with GDPR and Spanish LOPDGDD.

Last updated: 21 May 2026.

This privacy policy governs the processing of personal data collected by Capital Talent Invest through the website capitaltalentinvest.es, in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and the safeguarding of digital rights (LOPDGDD).

1. Data controller

  • Trading name: Capital Talent Invest
  • Registered address: Valladolid, Castile and León, Spain
  • Email: info@capitaltalentinvest.es
  • Data Protection Officer: not required under the GDPR for our activity, which does not involve large-scale processing of special categories of data.

2. Purposes of processing

The personal data collected are processed exclusively for the following purposes:

  1. To manage your free technical assessment request: contacting you, assessing the eligibility of your dwelling for the CAE programme, scheduling the technical visit, carrying out the works and issuing the corresponding certificate.
  2. Administrative processing of the CAE programme: validating the operation with the obligated energy company and issuing the official certificates.
  3. Sending commercial communications (separate consent): informing you by email or SMS about the CAE programme, new services or specific promotions. This purpose requires your explicit and separate opt-in, independent from the main consent.
  4. Recruitment processes: evaluating unsolicited applications or those received in response to offers published in the Jobs section.
  5. Compliance with legal obligations: tax, accounting, contractual and, where applicable, judicial.

3. Legal basis for processing

  • Consent of the data subject (art. 6.1.a GDPR): for the submission of the request and for commercial communications (separate opt-in).
  • Performance of a contract or pre-contractual measures (art. 6.1.b GDPR): for carrying out the technical assessment and the subsequent execution of the works.
  • Legitimate interest (art. 6.1.f GDPR): for the administrative management of the CAE with the energy company and for fraud prevention.
  • Compliance with legal obligations (art. 6.1.c GDPR): invoicing, accounting records and audits of the CAE programme.

4. Categories of data processed

  • Identification data: first name, surname, postal address, telephone, email.
  • Dwelling-related data: postal code, type of dwelling, year of construction, ownership or tenancy status.
  • Browsing data: IP address, browser type, pages visited (only if you accept analytics cookies).
  • We do not process any special categories of data (health data, ethnic origin, political opinions, etc.).

5. Data retention

Personal data shall be retained for the following periods:

  • Leads without works carried out: 3 years from the last contact, unless erasure is requested.
  • Clients with works completed: 10 years (compliance with tax obligations and the ten-year warranty).
  • Job candidates: 1 year from the last update, unless an express extension is granted.
  • Analytics and marketing cookies: in accordance with the durations set out in the cookie policy.

6. Recipients and data processors

Your data may be communicated to the following recipients and processors, exclusively for the purposes set out above:

  • Obligated energy companies (Iberdrola, Endesa, Naturgy, Repsol, TotalEnergies, etc.): for validation of the CAE operation. The transfer is based on contractual performance and on the regulatory framework of Spanish Royal Decree 36/2023.
  • Subcontracted installers: for the physical execution of the works.
  • Formspree, Inc. (United States): provider of the contact form management service.
  • Google Ireland Ltd. (Ireland / United States): Google Analytics 4 service if analytics cookies are accepted, with anonymised data.
  • Meta Platforms Ireland Ltd. (Ireland / United States): Meta Pixel if marketing cookies are accepted.
  • Public administrations, IDAE and Spanish Tax Authority: where required by applicable legislation.

International transfers

Some of the tools we use (Formspree, Google Analytics, Meta Pixel) may transfer personal data to the United States. Such transfers are carried out under the appropriate safeguards provided for by the GDPR, in particular:

  • Adequacy decision EU-US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795).
  • Standard contractual clauses approved by the European Commission (Decision 2021/914/EU).

7. Your rights

As the data subject, you have the following rights:

  • Access: to know which personal data we process concerning you.
  • Rectification: to have inaccurate or incomplete data corrected.
  • Erasure ("right to be forgotten"): to have your data deleted when no longer necessary.
  • Objection: to object to processing on grounds relating to your particular situation.
  • Restriction of processing: to request temporary restriction in specific cases.
  • Portability: to receive your data in a structured format and transmit them to another controller.
  • Withdrawal of consent: to withdraw consent previously given, without affecting the lawfulness of processing carried out beforehand.
  • Not to be subject to automated decisions: including profiling.

You may exercise your rights by sending a written request:

You must enclose a copy of your identity document or equivalent so that we can verify your identity. We undertake to reply within a maximum period of one month from receipt of the request.

8. Complaint to the AEPD

If you consider that the processing of your data does not comply with the regulations, you have the right to lodge a complaint with the Spanish supervisory authority:

  • Spanish Data Protection Agency (AEPD)
  • Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
  • Website: www.aepd.es

9. Security measures

We apply appropriate technical and organisational measures to ensure the security of your personal data and to prevent their alteration, loss, unauthorised processing or access, in accordance with the state of the art, the nature of the data and the risks to which they are exposed.

10. Modifications

This policy may be amended in order to reflect legislative changes or the evolution of our services. Any modification shall be published on this same page together with the corresponding update date.

Escribirnos por email