The Sibarist
Legal

Privacy policy

We provide you with this Privacy Policy in order to inform you in detail about how we process your personal data and protect your privacy and the information you provide to us.

If, in the future, we introduce changes to this Privacy Policy, we will notify you through this website or by other means, so that you may be aware of the new privacy conditions adopted.

We inform you below, in a question-and-answer format, of the conditions under which our organisation processes your personal data:

Who is the data controller?

  • Identity: THE SIBARIST BRAND, S.L. Tax ID (CIF): B87086393.
  • Postal address: C/ San Lorenzo, 11 (Invernadero), 28004 – Madrid, Spain.
  • Telephone: +34 91 308 40 50.
  • Email: info@thesibarist.com.

For what purposes do we process your personal data?

We process the personal data you provide to us for the following purposes:

A) Initial contact for property information and management

We will process your identification and contact data to manage your request for information and to arrange and coordinate visits to the property of your interest, where applicable. When the initial contact is made through third-party real estate portals, we will obtain your identification and contact data from the request made through said portals, for the purpose indicated.

Additionally, with your explicit consent, we may communicate your identification data (name, surname and ID number) to the property owner and, where applicable, to the collaborating real estate agency, to record your introduction by us, in order to protect the sale or collaboration agreement if the transaction is carried out. The communication of your data to third parties is voluntary.

B) Sale or rental agreements with property owners (sellers)

To manage the intermediation and marketing of the sale or rental of your property, as well as the formalisation of the transaction and the associated administrative and collection management.

C) Purchase offers (buyers)

To manage your offer and the necessary processing with the property owner for its evaluation and for the eventual formalisation of the purchase.

D) Space rental agreements

To manage the contractual relationship arising from the leasing of spaces, as well as the administrative, accounting and collection management.

E) Holiday rentals

  • Property owners: to manage the contractual relationship for the provision of services (coordination of bookings and administrative and collection management arising from the provision of services).
  • Guests: to manage your booking request; to communicate your identification data to the property owner for the formalisation of the holiday rental agreement and to enable the owner to comply with legal obligations regarding traveller registration.

F) Investors

To manage requests for searching real estate investment opportunities.

G) Commercial communications

To send you information about our services and activities, provided we have your express consent to do so. Authorisation is voluntary and your refusal would only result in you not receiving commercial offers about our products or services.

H) Suppliers

The management of relationships with our suppliers, as well as invoicing and payment for services.

I) Curriculum Vitae

If you send us your CV, we will process it to have information about individuals who wish to do internships and/or work with us, in order to carry out the corresponding personnel selection processes.

J) Social media

If you become a friend or follower of ours on social media, we will process your data to keep you informed of our activities and promotions through said channels. Providing data for this purpose is voluntary, although if you do not do so, you will not be able to be our friend or follower on the corresponding social network. The categories of data processed for this purpose are identification data.

How long will we process your data?

We only retain your data for the period of time necessary to fulfil the purpose for which it was collected, comply with the legal obligations imposed on us, and address any liabilities that may arise from the fulfilment of the purpose for which the data was collected.

Data used to manage the initial contact for information requests and the management of property visits will be retained for the duration of said process. If the transaction is discarded, your data will be blocked for a period of one (1) year for the attention of possible liabilities and solely for that purpose, after which it will be securely deleted.

Buyers: if the purchase transaction is formalised, the data will be retained until the complete conclusion of said process. Once concluded, the data will be retained, duly blocked, during the legally established limitation periods for the attention of possible claims. Once the legal periods have elapsed, secure deletion will be carried out. If the transaction is discarded, the data will be blocked for one (1) year for the attention of possible liabilities and, once the period has elapsed, will be securely deleted.

Sellers: the data will be retained throughout the duration of the intermediation/purchase management relationship and, once concluded, will remain blocked until any liabilities arising therefrom have prescribed, solely for the purpose of addressing them. Upon expiry, secure deletion will be carried out.

Landlords: the data will be retained during the term of the service provision agreement and, thereafter, will remain blocked until the arising liabilities have prescribed; once the period has elapsed, secure deletion will be carried out.

Tenants: the data will be deleted when the candidate is discarded or the lease agreement is formalised. Thereafter, it will remain blocked during the legal limitation periods solely for the attention of possible liabilities and, once said periods have elapsed, will be securely destroyed.

Space rentals: the data will be retained during the term of the lease agreement. Upon termination, it will remain blocked during the legal limitation periods and exclusively for the attention of possible liabilities, after which secure destruction will be carried out.

Holiday rentals (guests): the data will be deleted once the holiday rental has been formalised, remaining blocked thereafter during the legal limitation periods solely for the purpose of addressing liabilities; once said periods have elapsed, secure destruction will be carried out.

Investors: the data will be retained throughout the duration of the investment opportunity search relationship and, once concluded, will remain blocked until any liabilities arising therefrom have prescribed, solely for the purpose of addressing them. Upon expiry, secure deletion will be carried out.

Data for the management of the relationship with suppliers and the invoicing and collection of services will be retained for this purpose throughout the duration of the contract. Once said relationship has ended, where applicable, the data may be retained for the period required by applicable legislation and until any liabilities arising from the contract have prescribed.

Data for sending commercial communications about our products or services will be retained indefinitely, until you express your wish to have them deleted or your desire to stop receiving such communications.

Data that you provide to us or that we obtain for participation in a specific open personnel selection process will be retained until said process concludes and cancelled thereafter, unless the candidate is selected, in which case it will be incorporated into their employee file. If unselected candidates wish us to retain their CVs for future selection processes, they must expressly request so by email. In this case, as well as when you spontaneously provide us with your CV simply for us to consider it in future selection processes, the data will be retained for a maximum of one year from the last update. You must keep the personal data you provide to us up to date, particularly data relating to training and professional experience.

On occasion, during selection processes, job portals may be used to search for candidates who match the professional profiles that are of interest to us, subject to the Privacy Policies of said platforms. The categories of personal data processed in these cases are: identification data, personal characteristics data, employment details data, academic and professional data, and any other information that the candidate has published on the job portal or included in their CV.

Data provided through social media will be retained as long as you remain a friend or follower of ours on the corresponding platform.

What is the legal basis for processing your data?

The processing of personal data to manage your information requests and the organisation of visits is based on the application of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR).

The processing of personal data to communicate your identification data (name, surname and ID number) to the property owner and/or the collaborating agency for the purpose of accrediting the intermediation is based on the consent of the data subject (Art. 6.1.a GDPR).

Buyers: the processing of personal data to manage your purchase offer and contractual documentation is based on the application of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR).

Sellers: the processing of personal data for the intermediation and formalisation of the transaction is based on the existence of a contractual relationship (Art. 6.1.b GDPR).

Landlords: the processing for said purposes is based on the existence of a contractual relationship (Art. 6.1.b GDPR).

Tenants: the processing of personal data is based on the application of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR).

Space rentals: the processing is based on the existence of a contractual relationship (Art. 6.1.b GDPR).

Holiday rentals (guests): the processing of personal data is based on the application of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR).

Investors: the processing is based on the existence of a contractual relationship (Art. 6.1.b GDPR).

Suppliers: the processing is based on the existence of a contractual relationship (Art. 6.1.b GDPR).

The processing of personal data for sending commercial communications is based on the consent of the data subject (Art. 6.1.a GDPR).

The legal basis for the processing of CVs that you submit to us or that we obtain from job platforms for a specific open personnel selection process is the existence of a pre-contractual relationship. Additionally, further data may be collected during interviews or selection processes, the processing of which has the same legal basis.

The legal basis for the processing of data contained in your CV, when you have asked us to retain it after a selection process or when you have sent it to us spontaneously, is your consent, which may be withdrawn at any time. However, data processing carried out prior to withdrawal shall not lose its lawfulness as a result of the consent being withdrawn.

Data provided through social media will be processed on the legal basis of your consent, which may be withdrawn at any time, although this will not affect the lawfulness of processing carried out prior to withdrawal.

In processing based on consent, consent may be withdrawn at any time. However, withdrawal shall not affect the lawfulness of processing carried out prior to withdrawal.

The categories of data processed are those requested in each case in the form or contract through which you provide us with your data.

To which recipients will your data be disclosed?

At THE SIBARIST BRAND, S.L., we are committed to protecting your privacy. Therefore, we will only disclose your personal data to third parties when strictly necessary to fulfil the purposes for which it was collected, for the provision of a service, or when we are legally obliged to do so.

Below, we detail the cases in which your data may be disclosed to other entities:

  1. The competent Public Authorities, including judges and courts, in the cases provided for by law and for the purposes defined therein.
  2. Financial institutions through which collection and payment management is arranged.
  3. Property owners for the formalisation of the corresponding contracts.
  4. Notaries involved in the purchase for the execution of the public deed.

Although it does not constitute a data transfer, third-party companies acting as our service providers may access your information to carry out the service. These processors access your data following our instructions and may not use it for any different purpose, maintaining the strictest confidentiality and based on a contract in which they undertake to comply with the requirements of current data protection regulations.

Are international data transfers carried out?

This company contracts its virtual infrastructure under a cloud computing model through Google, which means that international data transfers to the USA are carried out. This international data transfer is carried out under the adequacy decision of the European Commission for entities certified under the EU-U.S. Data Privacy Framework, to which Google is adhered.

Furthermore, the provider of our management system, for the correct provision of services, subcontracts providers that may be located outside the European Economic Area (EEA), which means that international transfers of personal data are carried out.

These transfers are legitimised through the following mechanisms:

  • European Commission Adequacy Decisions: When the destination country has been declared as a country with a level of data protection equivalent to that of the European Union. This is the case, for example, of transfers to entities in the United States that are certified under the EU-U.S. Data Privacy Framework (DPF).
  • Standard Contractual Clauses (SCCs): In the event that a provider is not located in a country with an adequacy decision or is not adhered to the Data Privacy Framework (in the case of the USA), the transfers are legitimised through the execution of Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses impose contractual obligations on the entity receiving the data outside the EEA to protect it with a level of security and guarantees equivalent to that required within the European Union.

If you wish to obtain more information about the specific guarantees applied to each transfer, you may request it through our contact address: info@thesibarist.com.

What are your rights when you provide us with your data?

Any person has the right to obtain confirmation as to whether or not we are processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Under the conditions provided for in the General Data Protection Regulation, data subjects may request the limitation of the processing of their data or its portability, in which case we will only retain it for the exercise or defence of claims.

In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. If you have given consent for a specific purpose, you have the right to withdraw it at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal. In such cases, we will cease to process the data or, where applicable, will cease to do so for that specific purpose, unless there are compelling legitimate grounds or for the exercise or defence of possible claims.

Furthermore, data protection regulations allow you to object to being subject to decisions based solely on automated processing of your data, where applicable.

The aforementioned rights are characterised by the following:

  • Their exercise is free of charge, unless the requests are manifestly unfounded or excessive (e.g., repetitive in nature), in which case a fee proportional to the administrative costs incurred may be charged or action may be refused.
  • You may exercise your rights directly or through your legal or voluntary representative.
  • Your request must be responded to within one month, although, taking into account the complexity and number of requests, the period may be extended by a further two months.
  • We are obliged to inform you of the means to exercise these rights, which must be accessible, and we may not deny you the exercise of a right solely because you opt for another means. If the request is submitted electronically, the information will be provided by electronic means where possible, unless you request otherwise.
  • If, for any reason, your request is not acted upon, we will inform you, no later than one month, of the reasons and of the possibility of filing a complaint with a Supervisory Authority.

In order to facilitate the exercise of the aforementioned rights, we provide below links to the request form for each of them:

All of the above rights may be exercised through the contact details of the organisation listed at the beginning of this clause.

In the event of any violation of your rights, especially when you have not obtained satisfaction in their exercise, you may file a complaint with the Spanish Data Protection Agency (AEPD) or another competent supervisory authority. You may also obtain more information about your rights by contacting said bodies.

How do we protect your personal data?

We are firmly committed to protecting the personal data we process. We use physical, organisational and technological measures, controls and procedures that are reasonably reliable and effective, aimed at preserving the integrity and security of your data and guaranteeing your privacy.

Furthermore, all personnel with access to personal data have been trained and are aware of their obligations in relation to the processing of your personal data.

In the contracts we enter into with our suppliers, we include clauses requiring them to maintain the duty of secrecy with respect to personal data to which they have had access by virtue of the assignment carried out, as well as to implement the necessary technical and organisational security measures to guarantee the permanent confidentiality, integrity, availability and resilience of personal data processing systems and services.

All of these security measures are reviewed periodically to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed and no security system is impenetrable. Therefore, in the event that any information under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Supervisory Authority and, where applicable, those users who may have been affected so that they can take appropriate measures.

What is your responsibility as the data subject?

By providing us with your personal data, the person doing so guarantees that they are over 14 years of age and that the data provided is true, accurate, complete and up to date.

To this end, the data subject is liable for the truthfulness of the data and must keep it duly updated so that it reflects their actual situation, being responsible for any false or inaccurate data provided, as well as for any direct or indirect damages that may arise.

If you provide third-party data, you assume responsibility for informing them in advance of everything provided for in Article 14 of the General Data Protection Regulation under the conditions established in said provision.

The Sibarist
Powered by  GDPR Cookie Compliance
Resumen de privacidad

This website uses first-party and third-party cookies for analytics and advertising purposes. The legal basis is user consent, except for technical cookies, which are essential for browsing this website.

You can find more information in our Privacy Policy and our Cookies Policy.