I.- The Personal Data Controller
The data controller processing your personal data is the entity Isla Canela, S.A., S.L., domiciled at Glorieta de Caminos 6 – 7, 4º floor, 28020 Madrid, with CIF: A78079852 (hereinafter, THE COMPANY).
At present we do not have a Data Protection Officer, as THE COMPANY is not required to appoint one. If you need to contact us concerning privacy, please use the following email address: email@example.com
II.- Purpose of the process
In compliance with European Regulation 2016/679, the General Data Protection Regulation, and other applicable regulations, you are notified that THE COMPANY will process information provided by the USER for different purposes, insofar as there is a legal basis for each process:
- Activities promoting the products or services of THE COMPANY, relating to property and construction, and/or holiday greetings and similar messages, via emails, phone calls, SMS, push notifications, post, or any other form of communication.
- Activities promoting the products or services of companies in the group to which THE COMPANY belongs, listed non-exhaustively at the following address www.islacanela.es/gdpr_sociedades_grupo, relating to property and construction, and/or holiday greetings and similar messages, via emails, phone calls, SMS, push notifications, post, or any other form of communication. The above is subject to requesting and being granted the USER’s consent.
- Processing the registration of clients and complying with the obligations of THE COMPANY in the sales process.
- For clients, activities promoting services or products by the banks listed non-exhaustively at the following address www.islacanela.es/gdpr_entidades_finan_grupo. The above is subject to requesting and being granted the USER’s consent.
- Preventing abuse and fraud.
III.- Recipients of the information
The data the USER provides to THE COMPANY will not be communicated to any third party, except with the express consent of the USER, or if:
- The communication of data is authorised by law.
- The processing responds to the free and legitimate acceptance of a legal relationship, whose development, compliance and monitoring must imply the connection of this processing with third-party databases; this would apply to banks issuing invoices for their products or contracted services.
- The data are requested by any Public Administration, the Public Ombudsman, the Public Prosecutor, the law courts or the Court of Audit, in the course of their duties.
- The user has requested information on a property advertised by a company other than THE COMPANY, in which case their data will be communicated to the entity responsible for the property, in order to manage their request for contact and to provide information on similar properties. The entity will be identified in each advertisement where the entities involved belong to the construction and property market sectors.
For compliance with legal obligations concerning tax matters, prevention of money laundering or other taxes, their identification and contact data must also be processed in order to respond to the need to verify identification and activity, prevent money laundering, or comply with obligations to government bodies.
IV.- Compulsory or optional nature of the requested information
Compulsory data will be identified as such in each form. A refusal to provide such information will mean the service requested by the USER may not be provided.
V.- Content and exercise of rights
The USER may exercise their rights of access, rectification, opposition, erasure, portability, and limitation of processing, and reject the automatic processing of the personal data gathered by THE COMPANY.
These rights may be exercised free of charge by the USER and their representatives, where applicable, by a signed written request sent to the following address: Glorieta de Cuatro Caminos 6 – 7, 28020 Madrid, or to the email address firstname.lastname@example.org. This request must contain the reference “Protección de datos” (data protection) in the subject line, and include the following information: full name of the USER, address for notification purposes, photocopy of their National Identity Document or passport, and the specific request. Any representative of the user must provide documentary accreditation.
The USER also has the right to withdraw consent at any time, through the procedure indicated above, but such withdrawal will not affect previous processing.
The USER may also oppose the processing of their data for the purpose of promotional activities.
The USER is reminded that they also have the right to present a complaint to the controlling authority, www.aepd.es.
VI.- Commitments by the USER
The USER guarantees that they are aged 18 or over, and that the information they provide is accurate. The USER undertakes to notify THE COMPANY of any change to the information, by email to email@example.com, identifying themselves as a WEBSITE USER and specifying the information to be changed. The USER undertakes to keep their passwords and identification codes secret, and to notify THE COMPANY as soon as possible if they are lost or stolen, or in the case of an unauthorised login. If this notification is not received, the company declines all liability for any consequences of the misuse by unauthorised third parties of those passwords and identification codes.
VII.- Third-party data provided by the USER
If the USER provides the personal data of third parties for any purpose, they must have previously informed the people in question and have obtained their consent for giving THE COMPANY their information.
The USER guarantees that the people in question are aged 18 or over, and that the information provided is accurate. The company will check for consent by the people in question in a first email with non-commercial content requesting verification of the consent given in their name by the USER. The USER must bear the responsibility for any liability arising from a failure to comply with these conditions.
VIII.- Security measures
The company has adopted the necessary technical and organisational measures to guarantee the security of personal data and to avoid their alteration, loss, or unauthorised processing or access, taking into account the state of technology, the type of stored data, and the risks to which they are exposed, whether due to human actions or to environmental factors. However, the USER should be aware that Internet security measures are not impregnable.
THE COMPANY’s website may include links to other sites and domains which are not operated or controlled by THE COMPANY. We cannot guarantee or accept responsibility for the utility, accuracy, current validity, reliability, or security of such websites, or their privacy policies.
However, if we become aware of a lack of accuracy, current validity, reliability, or security in such websites, we will act as appropriate to remove the link. Similarly, if the user becomes aware of such issues they must report them to THE COMPANY for the same purpose.