Connect Capitals

PRIVACY POLICY

Connect Capitals

Last Updated: May 23, 2026

Effective Date: May 23, 2026

1. INTRODUCTION

Welcome to Connect Capitals ("we," "our," or "us"). We are Europe's Fastest Verified Growing Business Brokerage firm Educational Center and AI Automation Agency, fully dedicated to the valuation, preparation, presentation, and brokerage of digital business assets—including e-commerce stores, SaaS products, digital media properties, mobile applications, and other online enterprises.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://connectcapitals.com (the "Site"), use our services, or participate in our Educational Center programs.

Please read this Privacy Policy carefully. By accessing our Site or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.

1.1 Data Controller

For purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the data controller responsible for your personal data is:

Connect Capitals
Website: https://connectcapitals.com
Email: [privacy@connectcapitals.com]
Response Time: Under 24 hours

1.2 Scope

This Privacy Policy applies to:

  • All visitors to our Site
  • Buyers and sellers of online businesses
  • Students and participants in our Educational Center
  • Users of our free resources, tools, and calculators
  • Attendees of our webinars and events
  • Participants in our Certified Program
  • Users of our AI-powered tools

2. INFORMATION WE COLLECT

2.1 Personal Data You Provide Directly

We collect the following categories of personal data that you voluntarily provide:

CategorySpecific Data PointsPurpose
Identity DataFirst name, last name, date of birth, nationality, government-issued IDAccount creation, verification, certification
Contact DataEmail address, phone number, billing address, shipping addressCommunication, service delivery, invoicing
Professional DataBusiness experience, professional background, industry expertise, company informationMatching buyers/sellers, certification, mentorship
Financial DataPayment card information, bank account details, investment capacity, financial qualificationsPayment processing, buyer qualification, escrow services
Account DataUsername, password, security questions, authentication tokensAccount security, access control
Communication DataEmails, chat messages, webinar Q&A, form submissions, support ticketsCustomer service, service delivery
Business DataBusiness financial statements, revenue metrics, KPIs, operational data, legal documents, due diligence packagesBusiness valuation, preparation, brokerage, listing

2.2 Information Collected Automatically

When you visit our Site, we automatically collect:

CategoryData PointsLegal Basis
Technical DataIP address, browser type, operating system, device information, unique device identifiersLegitimate interest (security, analytics)
Usage DataPages visited, time spent, click patterns, navigation paths, download history, course progressLegitimate interest (improvement, personalization)
Cookies & TrackingCookie IDs, pixel tags, web beacons, local storage, session dataConsent (marketing cookies), Legitimate interest (essential cookies)
Location DataGeneral geographic location (country, city) based on IP addressConsent (personalization), Legitimate interest (analytics)

2.2.1 Categories of Online Businesses We Handle

We process business data for the following categories

  • Business financial statements and revenue data
  • Profit and loss statements
  • Balance sheets and tax records
  • Customer and supplier lists
  • Operational metrics and KPIs
  • Legal contracts and intellectual property documentation
  • Valuation data and market multiples

3. HOW WE USE YOUR INFORMATION

3.1 Primary Business Purposes

We use your personal data for the following purposes:

PurposeData UsedLegal Basis (GDPR)
Professional ValuationBusiness financials, revenue metrics, growth data, contact informationPerformance of contract (Art. 6(1)(b))
Preparation & PresentationFinancial documents, KPIs, business operations data, legal documentsPerformance of contract (Art. 6(1)(b))
Brokerage & ClosingBuyer/seller identities, financial qualifications, negotiation records, contracts, escrow detailsPerformance of contract (Art. 6(1)(b)), Legal obligation (Art. 6(1)(c))
Educational Center & CoursesRegistration data, course progress, payment information, attendance, certificationPerformance of contract (Art. 6(1)(b))
Free Resources DownloadsEmail address, download history, user preferencesConsent (Art. 6(1)(a))
Webinars & EventsRegistration data, attendance records, Q&A interactions, payment dataPerformance of contract (Art. 6(1)(b)), Consent (Art. 6(1)(a))
Certified ProgramFull identity verification, professional background, payment data, mentorship recordsPerformance of contract (Art. 6(1)(b))
AI-Powered ToolsUsage data, account data, business dataConsent (Art. 6(1)(a)), Legitimate interest (Art. 6(1)(f))
Expert AdvisoryCommunication records, professional background, business dataPerformance of contract (Art. 6(1)(b))

3.2 Secondary Purposes

We also use your data for:

PurposeLegal Basis
Site Security & Fraud PreventionLegitimate interest (Art. 6(1)(f))
Website Improvement & AnalyticsLegitimate interest (Art. 6(1)(f)), Consent (Art. 6(1)(a))
Marketing & Promotional CommunicationsConsent (Art. 6(1)(a))
Customer Support & ServicePerformance of contract (Art. 6(1)(b))
Legal Compliance & Regulatory RequirementsLegal obligation (Art. 6(1)(c))
Business Transfers (M&A)Legitimate interest (Art. 6(1)(f))

4. LEGAL BASIS FOR PROCESSING (GDPR)

Under GDPR Article 6, we process your personal data based on the following legal grounds:

Legal BasisWhen We Use It
Consent (Art. 6(1)(a))Marketing communications, non-essential cookies, optional features, free resource downloads
Performance of Contract (Art. 6(1)(b))Core services (valuation, preparation, brokerage, courses, certified program, advisory)
Legal Obligation (Art. 6(1)(c))Tax reporting, financial regulation compliance, anti-money laundering (AML) checks
Legitimate Interest (Art. 6(1)(f))Site security, fraud prevention, analytics, website improvement, business operations

Your Right to Withdraw Consent: Where we process data based on consent, you may withdraw it at any time by contacting us or using unsubscribe links. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. HOW WE SHARE YOUR INFORMATION

5.1 Categories of Third Parties

We share your personal data with the following categories of recipients:

CategoryExamplesPurposeData Shared
Payment ProcessorsStripe, PayPal, credit card processorsPayment processingPayment card data, billing address
Escrow ServicesAuthorized Banks in EU and other verified escrow providersBusiness transfer securityIdentity data, financial data, contract details
Email Marketing PlatformsMailchimp, SendGrid, ActiveCampaign and othersNewsletter, course updates, marketingEmail address, name, preferences
Analytics ProvidersGoogle Analytics, similar toolsSite usage analysisIP address, usage data, cookies
Webinar PlatformsZoom, Teams, WebinarJam, similar platformsLive webinars and eventsName, email, attendance data, Q&A
Cloud Hosting ServicesAWS, Google Cloud, AzureSite hosting, data storageAll data (encrypted)
CRM SystemsHubSpot, SalesforceCustomer relationship managementContact data, communication history
Document StorageDropbox, Google Drive, secure vaultsDue diligence packages, legal documentsBusiness data, legal documents
Professional AdvisorsLawyers, accountants, business appraisersDue diligence, valuation, legal complianceRelevant business and financial data
Potential Buyers/SellersQualified parties in M&A transactionsBusiness brokerageAnonymized/pseudonymized business data, contact info (with consent)
Certification BodiesIndustry-recognized certifying organizationsCertified Program credentialsIdentity data, professional background, certification data

5.2 Situations Requiring Your Explicit Consent

We will never share your personal data with third parties for their marketing purposes without your explicit, opt-in consent.

5.3 Business Transfers

If Connect Capitals is involved in a merger, acquisition, sale of assets, financing, or acquisition of all or a portion of our business by another company, your information may be transferred as part of that transaction. You will be notified via email and/or a prominent notice on our website of any change in ownership or use of your personal data.

5.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies, law enforcement).

6. INTERNATIONAL DATA TRANSFERS

6.1 Data Transfers Outside the EU/EEA

Your personal data may be transferred to and processed in countries other than your own. These countries may have data protection laws that are different from the laws of your country.

Countries where data may be transferred:

  • United States (via EU-US Data Privacy Framework certified companies)
  • United Kingdom (adequacy decision)
  • Switzerland (adequacy decision)
  • Other countries with adequacy decisions by the European Commission

6.2 Safeguards for International Transfers

When we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place:

Transfer MechanismApplicable When
EU-US Data Privacy FrameworkTransfers to US companies self-certified under the Framework
Standard Contractual Clauses (SCCs)Transfers to countries without adequacy decision
Binding Corporate Rules (BCRs)Transfers within our corporate group
Adequacy DecisionsTransfers to countries deemed adequate by EU Commission

7. DATA SECURITY

7.1 Security Measures We Implement

We implement appropriate technical and organizational measures to protect your personal data:

CategoryMeasures
Technical Measures
  • SSL/TLS encryption for all data transmission
  • AES-256 encryption for data at rest
  • Firewalls and intrusion detection systems
  • Regular security audits and penetration testing
  • Multi-factor authentication (MFA) for sensitive operations
  • Secure API endpoints with rate limiting
Organizational Measures
  • Employee data protection training
  • Access controls and least privilege principle
  • Confidentiality agreements for all staff
  • Data processing agreements with third parties
  • Incident response plan and breach notification procedures
  • Regular privacy impact assessments (PIAs)
Physical Measures
  • Secure data center facilities
  • Access control to server rooms
  • Backup and disaster recovery systems

7.2 Limitations

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

7.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and in accordance with GDPR Article 33-34 requirements.

8. DATA RETENTION

8.1 Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes set out in this Privacy Policy:

Data CategoryRetention PeriodRationale
Account DataDuration of account + 6 years after closureContract performance, legal obligations (tax, accounting)
Brokerage Transaction Data10 years after transaction completionLegal obligations (contract law, statute of limitations)
Financial/Payment Data6 years after last transactionLegal obligations (tax, accounting, PSD2)
Marketing Contact DataUntil consent is withdrawn + 3 monthsConsent-based marketing
Course/Certification DataLifetime access (Certified Program) or 5 years after course completionContract performance, certification records
Website Analytics Data26 months (Google Analytics default)Legitimate interest (analytics)
Cookie DataAs per cookie shelf life (up to 13 months)Consent-based tracking
Due Diligence Documents7 years after transaction or terminationLegal obligations, liability protection
Webinar Attendance Data3 years after eventLegitimate interest (follow-up, improvement)

8.2 Deletion

When retention periods expire, we will securely delete or anonymize your personal data in accordance with our data destruction policies.

9. YOUR RIGHTS UNDER GDPR

As a data subject in the European Economic Area (EEA), you have the following rights:

9.1 List of Your Rights

RightDescriptionHow to Exercise
Right to Access (Art. 15)Request a copy of your personal data and information about how we process itEmail us at privacy@connectcapitals.com
Right to Rectification (Art. 16)Request correction of inaccurate or incomplete personal dataUpdate in account settings or contact us
Right to Erasure (Art. 17)Request deletion of your personal data ("right to be forgotten")Submit deletion request via email
Right to Restrict Processing (Art. 18)Request limitation of how we use your personal dataContact us with specific restriction request
Right to Data Portability (Art. 20)Receive your data in a structured, machine-readable formatRequest data export via email
Right to Object (Art. 21)Object to processing based on legitimate interest or for direct marketingUse unsubscribe link or contact us
Rights Related to Automated Decision-Making (Art. 22)Right not to be subject to automated decision-making with legal/significant effectsContact us for human review
Right to Withdraw Consent (Art. 7)Withdraw consent at any time where processing is based on consentUnsubscribe or update cookie preferences

9.2 How to Exercise Your Rights

To exercise any of your rights, please:

  • Email us: privacy@connectcapitals.com
  • Include: Your full name, email address associated with your account, and specific request
  • Response Time: We will respond within 30 days (GDPR requirement)
  • Identification: We may request additional information to verify your identity

9.3 No Fee Required

You will not have to pay a fee to access your personal data or exercise any of your rights. However, we may charge a reasonable fee or refuse to act on requests that are clearly unfounded, repetitive, or excessive.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What We Use

We use cookies and similar tracking technologies to collect information about your browsing activities.

10.2 Categories of Cookies

CategoryPurposeEssential?How to Opt-Out
Strictly NecessarySite functionality, security, authenticationYes - cannot be disabledNot applicable (required for site to work)
Performance/AnalyticsUnderstand site usage, improve performanceNoCookie settings or browser blocking
FunctionalRemember preferences, personalize contentNoCookie settings or browser blocking
Targeting/MarketingTrack across sites for advertising, measure ad effectivenessNoCookie settings, opt-out links

10.3 Managing Cookies

  • Cookie Banner: When you first visit our Site, you can Accept All, Decline Non-Essential, or Customize Settings
  • Browser Settings: Most browsers allow you to block or delete cookies (see browser help documentation)
  • Opt-Out Tools:
    • Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
    • Network Advertising Initiative: https://www.networkadvertising.org/opt-out-online/

10.4 Do Not Track

Currently, we do not alter our data collection practices when we receive a "Do Not Track" browser signal.

11. SPECIAL CATEGORIES OF DATA

11.1 Sensitive Personal Data

We do not intentionally collect special categories of personal data under GDPR Article 9, including:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data (except for authentication purposes where necessary)
  • Health data
  • Sexual orientation

11.2 Children's Data

Our services are not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If we learn we have collected such data, we will delete it immediately.

11.3 Business Data Sensitivity

We handle sensitive business information including financial statements, customer lists, and proprietary metrics. This data is protected with enhanced security measures and access controls.

12. THIRD-PARTY LINKS

Our Site may contain links to third-party websites (e.g., payment processors, webinar platforms, external resources). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies before providing any personal data.

13. CHANGES TO THIS PRIVACY POLICY

13.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

13.2 Notification

When we make material changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify you via email (if we have your email) or via a prominent notice on our Site
  • The new policy will be effective immediately upon posting (or as specified)

13.3 Continued Use

Your continued use of our Site or services after changes constitutes acceptance of the updated Privacy Policy.

14. CONTACT INFORMATION

14.1 Contact Details

For questions about this Privacy Policy or our data practices:

Connect Capitals
Data Protection Officer (DPO): [dpo@connectcapitals.com]
General Privacy Inquiries: [privacy@connectcapitals.com]
Website: https://connectcapitals.com
Response Time: Under 24 hours

15. ADDITIONAL INFORMATION FOR SPECIFIC SERVICES

15.1 Educational Center & Courses

Data Collection:

  • Course registration and enrollment data
  • Progress tracking and completion certificates
  • Webinar attendance and interaction data
  • Payment information for paid courses (€299 workshops, certified program)
  • deal flow access, 1-on-1 mentorship, lifetime access to tools

15.2 Brokerage Services

Due Diligence Process:

  • We collect and verify business financials, legal documents, and operational data
  • Data is shared with qualified buyers only after NDA and financial qualification
  • All transactions use escrow services for secure transfer

Buyer Qualification:

  • Financial capacity verification
  • Professional background review
  • Investment experience assessment

15.3 AI-Powered Tools

Data Processing:

  • AI tools analyze business data for faster deal closing
  • Processing is based on your consent or contract performance
  • You can opt-out of AI processing at any time

16. COMPLIANCE CERTIFICATIONS

Connect Capitals is committed to compliance with:

Regulation/StandardStatus
GDPR (EU 2016/679)Compliant
ePrivacy Directive (Cookie Law)Compliant
PSD2 (Payment Services)Compliant (via payment processors)
ISO 27001In progress
SOC 2 Type IIIn progress

APPENDIX A: REVENUE STREAMS & DATA PROCESSING

Revenue StreamPrimary Data UsedLegal Basis
Brokerage Commission (primary)Buyer/seller identities, business financials, contractsContract performance
Professional Valuation FeesBusiness financials, growth metrics, market dataContract performance
Preparation & Presentation FeesKPIs, operational data, legal documentsContract performance
Course & Certification FeesRegistration, progress, payment dataContract performance
Webinar & Event FeesRegistration, attendance, payment dataContract performance + Consent
AI Tools SubscriptionUsage data, business data, account dataConsent + Contract performance
Expert Advisory FeesCommunication records, professional backgroundContract performance
MembershipsAll account and usage dataContract performance

APPENDIX B: DISASTER RECOVERY & BACKUP

  • Backup Frequency: Daily incremental, weekly full backups
  • Retention: 30 days for backups
  • Location: Geographically redundant data centers (EU-based)
  • Encryption: All backups encrypted at rest and in transit

END OF PRIVACY POLICY