WEBSITE PRIVACY POLICY
The Data Controller undertakes to comply with personal data protection regulations and to respect User privacy. The aim is to offer the best service to the User, and for this purpose, it is necessary to process their personal data. The User may only include their own personal data, and under no circumstances the data of another person for whom they do not have express consent, being solely responsible in the event of doing so.
1. Data Controller
Costaluz Estates Ltd
NIF: B16892499
Address: C/ Virgen de la Luz, s/n (corner of c/ Poniente), 11.140. Conil de la Frontera, Cádiz.
Telephone: 956440172
2. Purposes and legal basis
Enquiries handled: Respond to user queries made through the forms or communication tools available on the Website. If using the WhatsApp tool for queries, you explicitly accept that your data will be processed by this application, which may involve the transfer of your data to a country outside the EU. In any event, WhatsApp is included within the EU-U.S. Data Privacy Framework. The legitimate basis for processing is the User's consent, in accordance with Article 6.1(a) of the GDPR.
Offers for rent/sale: To manage property sales and/or rental advertisements for the User interested in this service. The legitimate basis for processing is the performance of a contract to which the User is party, in accordance with Article 6.1(b) of the GDPR.
Data assignment Transfer of User's data, having previously authorised it, to other real estate agencies within the “Gica Group” (Association of Real Estate Agents of the Province of Cádiz, GICA – MSL Cádiz), for the purpose of managing the sale or rental advertisement by all agencies belonging to the group. The legitimate basis for the processing is the User's consent, in accordance with Article 6.1(a) of the GDPR.
Whistleblowing Channel Data collected in the Ethics Channel form, from both the whistleblower and affected third parties, necessary for the management of the entity's internal suggestion or reporting system. Individuals using this channel may choose to identify themselves or remain anonymous, voluntarily. The legitimate basis for processing is the User's consent, in accordance with Article 6.1(a) of the GDPR, in the case of non-anonymous reports. In cases where the implementation of the internal information system is mandatory, the legitimate basis for processing is compliance with a legal obligation, in accordance with Article 6.1(c) of the GDPR, as established in Organic Law 7/2021, of 26 May, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offences and the execution of criminal sanctions, and in Law 2/2023, of 20 February, regulating the protection of individuals who report breaches of law and the fight against corruption. In cases where the implementation of the internal information system is voluntary, the legitimate bases for processing are the performance of a task carried out in the public interest, in accordance with Article 6.1(e) of the GDPR, and the legitimate interest of the entity in preventing breaches and improving internal management, in accordance with Article 6.1(f) of the GDPR and the enabling framework provided for in Article 24 of the LOPDGDD.
Navigation Data: Data collected by first-party or third-party cookies that may be generated by this Website, with the User having been informed and having accepted them. The legitimate basis for processing is the User's consent, in accordance with Article 6.1.a) of the GDPR.
The data processed for this purpose are: collected by the cookies generated on the Website, according to their purposes. For more information, you can consult our Cookie Policy or modify your choice of preferences in our cookie management tool.
The Owner shall not be liable for the processing of information collected by third-party advertising cookies, nor shall it have access to the data collected by them. The Owner informs that these third parties will process the data for their own purposes depending on each type of cookie and may in turn transfer the information to other service providers or process the data in combination with data collected on other websites by them or other publishers to provide the services that each of them is entrusted with.
Commercial communications: For the User who voluntarily accepts this option, promotions, advertising, offers, news, invitations to events, and any type of commercial information from the Holder will be sent to them. The legitimate basis for processing is the User's consent, in accordance with Article 6.1(a) of the GDPR.
Commercial communications with third-party information: For the User who voluntarily accepts this option, promotions, advertising, offers, news, invitations to events, and any type of commercial information from third parties with whom the Data Controller has an agreement will be sent. The Data Controller will always carry out these dispatches, and the User's data will never be transferred to these third parties. The legal basis for processing is the User's consent, in accordance with Article 6.1(a) of the GDPR.
Personalised commercial communications: For the User who voluntarily accepts this option, promotions, advertisements, offers, news, invitations to events, and any type of personalised commercial information that the Owner may determine based on the User's behaviour, preferences, and personal profile will be sent. The legitimate basis for processing is the User's consent, in accordance with Article 6(1)(a) of the GDPR.
In any event, the User may later object at any time to the receipt of commercial communications by sending an email to info@templecambria.com from the same account to which communications are sent.
3. Retention period
The data will be retained for as long as the relationship is maintained and its deletion is not requested, and in any case in compliance with applicable legal prescription periods.
4. Assignments
With the sole exception of the transfer of data to other real estate agencies of the “Grupo Gica” (Association of Real Estate Managers of the Province of Cádiz, GICA – MSL Cádiz), and only in the event that the User expressly consents to it, no other transfers of data collected through this Website are foreseen, unless expressly indicated, where appropriate, in the corresponding information clause.
In relation to the management of services, User data may be processed by companies that provide various services to the Holder, including, but not limited to, shipping, courier, accounting, consultancy, IT maintenance, or any other entity that, by virtue of its status as a Data Processor, requires access to or processing of such data. This processing shall under no circumstances be considered a data transfer.
5. Rights of the data subject
Users may exercise their rights of access, rectification, erasure, objection, restriction of processing, data portability and not to be subject to automated individual decision-making (including profiling), by sending a request with the subject “Data Protection” to the following address: C/ Virgen de la Luz, S/N (Esq. C/ Poniente), 11.140. Conil de la Frontera, Cádiz, or by email to info@templecambria.com, from the same account previously provided, indicating contact details in all cases. If you consider that your rights have been violated, you may submit a complaint to the Spanish Data Protection Agency (www.aepd.es).
6. Free text fields
The free text fields that may be available to the User in the Website's forms are for the sole and exclusive purpose of gathering information to improve the quality of the Services.
The User shall not include, in any areas the Website may offer as «free text fields», any personal data that may be classified as data requiring a special level of protection, such data being understood as, but not limited to, data relating to financial/economic situation, psychological profiles, ideology, religion, beliefs, trade union membership, health, racial origin and/or sexual life.
7. Optional fields
The Data Controller informs the User that the collection of some data is not mandatory, except in fields indicated as such by an (*). However, failure to complete these data may prevent the provision of all Services linked to such data, thereby releasing the Data Controller from any liability for the non-provision or incomplete provision of these Services.
8. Access and rectification of personal data
The User undertakes to provide true information in relation to their personal data, and to always keep the data provided to the Owner updated. The User shall be liable, in any event, for the truthfulness of the data provided, the Owner reserving the right to exclude from the services any User who has provided false data, without prejudice to any other legal actions that may be appropriate. The data provided by the User shall be presumed to be correct, therefore, in the event of erroneous submission of their data by the User, the Owner declines any responsibility in case of incorrect execution or non-execution of the submission, as well as the incorrect completion of the necessary administrative procedures.
9. Confidentiality
In addition, information of any type exchanged between the parties, that which they agree to be of such a nature, or that which simply concerns the content of such information, shall also be considered confidential. The visualisation of data via the Internet shall not imply direct access to it, unless express consent is given by its owner for each occasion.
10. Photographs
In compliance with current Data Protection regulations, please note that photographs featuring individuals are considered personal data. This communication serves to inform you that photographs of individuals, for promotional purposes and with their voluntary consent, may appear on this website. If any individual featured in a photograph wishes for it to be removed, please contact us and we will arrange for its removal as soon as possible. This does not apply to individuals who have provided a professional service.