Book a call

Privacy Policy

Last updated: 20 November 2025

This Privacy Policy explains how Mark Berkovics, trading as “Horizons Edge” / “Horizons Edge AI” (“Horizons Edge”, “we”, “us”, or “our”) collects, uses, shares and protects personal data when you visit our website horizonsedgeai.com (the “Website”) or interact with us in relation to our bespoke AI solutions and automation services (the “Services”).

We are committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Spanish data protection laws.

If you do not agree with this Privacy Policy, please do not use our Website and do not provide us with your personal data.

 
1. Data controller

The data controller responsible for processing your personal data is:

Name: Mark Berkovics (sole proprietor / autónomo)
Trading name: Horizons Edge / Horizons Edge AI
Address: Camí de Vallvidrera al Tibidabo 5, 08017 Barcelona, Spain
Email: [email protected]

We have not appointed a Data Protection Officer (DPO). For all privacy-related questions, please contact us using the details above.

 
2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • Visitors to horizonsedgeai.com

  • Individuals who contact us or book a call with us (for example via Calendly)

  • Representatives and employees of our business clients and prospective clients

This Privacy Policy does not replace or override any Data Processing Agreement (DPA) that we may sign with clients in connection with our bespoke AI and automation Services. In those cases, the DPA and the main service contract will govern how we process personal data on behalf of our clients.

 
3. Types of personal data we collect
3.1 Data you provide directly

We may collect and process the following categories of personal data that you provide to us:

  1. Contact and identification data

    • Name

    • Company name

    • Role / job title

    • Email address

    • Phone number

  2. Communication data

    • Content of messages you send us (e.g. emails, contact inquiries, calendar booking questions)

    • Any additional information you choose to provide when booking a discovery or strategy call (for example, description of your business, challenges, project ideas)

  3. Client and prospect data (B2B context)

    • Professional contact details of you and/or your colleagues

    • Information relating to your company (industry, size, location, services)

    • Any information you voluntarily share with us in order to explore or perform the Services

  4. Data contained in materials you share for evaluation (B2B)

    • In the context of initial discussions or pilot projects, you may provide documents or data samples that could, in some cases, contain personal data relating to your clients, suppliers or employees (for example, sample invoices, forms, communications).

    • As a rule, such processing is covered by or later formalised in a service agreement and Data Processing Agreement (DPA) between us and your organisation. At the website stage, we do not systematically collect such data unless you choose to share it with us.

3.2 Data collected automatically when you visit the Website

When you visit our Website, certain information may be collected automatically:

  • Technical data

    • IP address

    • Browser type and version

    • Device type and operating system

    • Date and time of access

    • Referring URL (the website that referred you to ours)

Currently, we do not use Google Analytics or similar analytics tools. However, basic technical data may be logged by our hosting provider for security and operational purposes.

If we deploy analytics or other tracking technologies in the future, we will update this Privacy Policy and, where required, seek your consent via a cookie banner.

 
4. Sources of personal data

We collect personal data from the following sources:

  • Directly from you (e.g. when you contact us, book a call, send us an email, or otherwise communicate with us)

  • Calendly (or similar scheduling services) when you book a meeting with us

  • Our own communications tools (e.g. email, calendar, note-taking) where we record interactions with you or your organisation

  • Publicly available sources, such as your company website or LinkedIn profile, where relevant in a B2B context

 
5. Purposes and legal bases for processing

We process your personal data only where we have a valid legal basis under the GDPR. The main purposes and corresponding legal bases are:

5.1 Responding to inquiries and providing information

  • Purpose: To respond to your inquiries, requests or questions, including when you contact us by email or book a call.

  • Data: Name, company, role, email, phone, message content, booking details.

  • Legal bases:

    • Article 6(1)(b) GDPR – performance of a contract or steps taken at your request prior to entering into a contract.

    • Article 6(1)(f) GDPR – our legitimate interest in communicating with potential clients and handling business inquiries.

5.2 Providing and improving our Services

  • Purpose: To plan, deliver and improve our bespoke AI and automation Services, including pre-sales discussions, solution design, demonstrations, and ongoing client relationship management.

  • Data: Professional contact data, business information, and any necessary information you share relating to your processes and use cases.

  • Legal bases:

    • Article 6(1)(b) GDPR – performance of a contract or steps prior to entering a contract.

    • Article 6(1)(f) GDPR – legitimate interest in operating and improving our Services and managing client relationships.

5.3 Business development and B2B marketing

  • Purpose: To follow up with you about our Services, send you relevant information in a B2B context, and maintain a relationship with you or your organisation.

  • Data: Professional contact details, interaction history.

  • Legal bases:

    • Article 6(1)(f) GDPR – our legitimate interest in promoting our Services to businesses where such communications are permitted under applicable law.

    • Article 6(1)(a) GDPR – your consent, where required (for example, if we later introduce an email newsletter or subscription-based marketing list).

You can opt out of marketing communications at any time by following the instructions in the message or contacting us at [email protected].

5.4 Website security and performance

  • Purpose: To ensure the security, availability and performance of the Website (for example, monitoring for abuse, troubleshooting and preventing malicious activity).

  • Data: Technical data such as IP address, browser type, access times, and similar logs.

  • Legal basis:

    • Article 6(1)(f) GDPR – legitimate interest in maintaining a secure and reliable Website and IT infrastructure.

5.5 Compliance with legal obligations

  • Purpose: To comply with legal obligations, including accounting, tax, and regulatory requirements, and to respond to lawful requests from public authorities.

  • Data: Identification data, transaction and billing information, and records of communications where necessary.

  • Legal basis:

    • Article 6(1)(c) GDPR – compliance with a legal obligation to which we are subject.


5.6 Establishment, exercise or defence of legal claims

  • Purpose: To establish, exercise or defend legal claims in case of disputes.

  • Data: Any relevant information reasonably necessary for this purpose.

  • Legal basis:

    • Article 6(1)(f) GDPR – legitimate interest in defending our rights and interests.

 
6. Cookies and similar technologies

Our Website uses cookies and similar technologies that are necessary for the functioning of the site (for example, security and basic functionality).

We may in the future use additional cookies or similar technologies for analytics, performance, or marketing. When we do so, we will:

  • display a cookie consent banner in accordance with applicable law; and

  • allow you to manage your preferences.

For more detailed information about the cookies we use and how you can control them, please refer to our Cookie Policy (to be provided or updated on the Website). Where there is a conflict between this Privacy Policy and our Cookie Policy regarding cookies, the Cookie Policy will prevail for cookie-related matters.

 
7. How we share personal data

We do not sell your personal data. We may share it with the following categories of recipients, strictly on a need-to-know basis:

  1. Service providers (processors)
    We use trusted third-party service providers to help us operate our business and deliver our Website and Services, including:

    • Web hosting and infrastructure: e.g. Bluehost (and potentially a CDN such as Cloudflare)

    • Website platform: WordPress (and associated plugins such as Elementor)

    • Scheduling tools: e.g. Calendly or similar service

    • Email and productivity tools: Google (Gmail, Google Drive, Google Workspace)

    • Task/project management tools: e.g. Trello (if used)

    • Communication tools: email and video conferencing providers (e.g. Google Meet, Zoom)

    These service providers act as our data processors, process personal data on our instructions, and are bound by contractual obligations to implement appropriate technical and organisational measures.

  2. Professional advisers
    Where necessary, we may share data with professional advisers such as lawyers, accountants or auditors, subject to confidentiality obligations.

  3. Public authorities
    We may disclose personal data where required to do so by law or in response to valid legal requests (e.g. from courts, regulatory authorities or law enforcement).

  4. Business transfers
    In the event of a future business transfer (for example, if Horizons Edge AI is incorporated, merged, or assets are transferred), personal data may be transferred to the relevant successor entity, subject to applicable data protection law.

 
8. International data transfers

We are based in Spain (European Union), but some of our service providers and AI providers are located outside the European Economic Area (EEA), including in the United States and other countries.

This includes, for example, providers such as:

  • OpenAI

  • Google (including Google Cloud)

  • Anthropic

  • Other SaaS tools we may reasonably need for hosting, communications, scheduling, or project management

Where personal data is transferred to a country outside the EEA that does not provide an adequate level of data protection as determined by the European Commission, we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission; and/or

  • Other lawful transfer mechanisms under the GDPR.

You may contact us at [email protected] for more information about the safeguards we use for international transfers.

 
9. Retention periods

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. In general:

  • General inquiries and communications:
    We may keep your emails and contact messages for up to 3 years after the last interaction, to respond to follow-up questions and maintain records of our communications.

  • B2B prospect and client contact data:
    We may keep your professional contact details and interaction history for up to 5 years after our last meaningful contact, to manage our business relationship, unless you object or applicable law requires a longer or shorter period.

  • Contract and billing data:
    If you or your organisation become a client, we may retain contracts, invoices, and related business records for up to 6–10 years as required by accounting, tax and commercial laws.

  • Technical logs and security-related data:
    Technical and security-related logs may be kept for a shorter period, typically up to 1 year, unless necessary for investigating security incidents or legal claims.

Where longer retention is required (for example, due to ongoing disputes, investigations or regulatory requirements), we may keep the data for the duration of such matters and any applicable limitation periods.

When personal data is no longer needed, it will be securely deleted, anonymised, or aggregated.

 
10. Security of your personal data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration or destruction. These measures include, where applicable:

  • Use of HTTPS encryption for our Website and for solutions deployed through reputable cloud providers (e.g. Google Cloud Run)

  • Use of strong passwords and, where possible, two-factor authentication (2FA) on key systems and tools

  • Limiting access to personal data to those who need to know for business purposes (currently, this is essentially the owner/operator)

  • Use of reputable cloud and SaaS providers that implement industry-standard security measures

  • Regular software updates and security patches for the Website platform and plugins

However, no method of transmission or storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

 
11. Your rights under GDPR

As an individual in the European Union (or in a jurisdiction with similar rights), you have the following rights with respect to your personal data, subject to certain conditions and exceptions:

  1. Right of access
    You can request confirmation as to whether we process your personal data and receive a copy of such data.

  2. Right to rectification
    You can request that we correct or update inaccurate or incomplete personal data.

  3. Right to erasure (“right to be forgotten”)
    You can request that we delete your personal data where there is no compelling reason for us to continue processing it.

  4. Right to restriction of processing
    You can request that we restrict the processing of your personal data in certain circumstances (for example, while we verify accuracy or handle an objection).

  5. Right to data portability
    Where processing is based on your consent or a contract and carried out by automated means, you may request to receive your personal data in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.

  6. Right to object
    You may object to the processing of your personal data based on our legitimate interests, including B2B direct marketing. In such cases, we will stop processing your data unless we have compelling legitimate grounds or need it for legal claims.

  7. Right to withdraw consent
    Where processing is based on your consent (for example, for an email newsletter, if introduced), you may withdraw your consent at any time. This will not affect the lawfulness of processing before the withdrawal.

  8. Right to lodge a complaint
    You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State where you live, work, or where the alleged infringement took place.
    Our main supervisory authority is:

    Agencia Española de Protección de Datos (AEPD)
    Website: www.aepd.es

To exercise your rights, please contact us at: [email protected].
We may need to verify your identity before responding to your request.

 
12. Processing of personal data on behalf of clients (Data Processing Agreements)

In the context of providing bespoke AI solutions and automation Services, we may process personal data on behalf of our business clients. For example, this may involve:

  • Data about our clients’ own customers, suppliers or employees (such as information included in invoices or internal records)

  • Other datasets our clients provide for the purposes of analysis, automation or integration

In such cases, we typically act as a data processor, and our processing is governed by:

  • A service agreement and

  • A Data Processing Agreement (DPA) concluded with the client, in accordance with Article 28 GDPR.

The DPA specifies, among other things, the subject-matter, duration, nature and purpose of the processing, types of personal data and categories of data subjects, and the obligations and rights of the controller and processor.

This website Privacy Policy is primarily directed at visitors to the Website and our direct contacts, and does not replace or override any DPA or contractual terms agreed with clients.

 
13. Children’s privacy

Our Website and Services are not intended for children under the age of 16, and we do not knowingly collect personal data from individuals under 16.

If you are a parent or guardian and believe that a child under 16 has provided personal data to us, please contact us at [email protected], and we will take appropriate steps to delete the data.

 
14. Third-party websites and services

Our Website may contain links to third-party websites, services, or content that are not operated by us (for example, scheduling pages such as Calendly, or other resources).

If you follow a link to any of these websites or services, please note that they have their own privacy policies and we do not accept any responsibility or liability for those policies or practices. We encourage you to review the privacy policies of each third-party service you use.

 
15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other reasons.

When we make changes, we will:

  • Post the updated Privacy Policy on this page, and

  • Update the “Last updated” date at the top of the Policy.

We encourage you to review this Privacy Policy periodically. Your continued use of the Website after changes are posted will be deemed acceptance of the revised Policy.

 
16. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us at:

Email: [email protected]
Postal address:
Mark Berkovics – Horizons Edge / Horizons Edge AI
Camí de Vallvidrera al Tibidabo 5
08017 Barcelona
Spain