Data Controller: PPF-Spain.
Data Processor: Basehound Media. Processing data on behalf of the Data Controller.
Contact details: Please use the Contact Us page on our website.
Date operational from: 1st August 2020
Date of next review: 31st July 2022
LAWFUL BASIS FOR COLLECTION OF DATA
The customer subscribes to the PPF-Spain email list to be kept informed of various news items, available properties, information we think may be of interest and current availability of products & services and has given consent for the data to be collected, stored and used.
PPF-Spain takes the security of the data you provide to us extremely seriously and we will always do our utmost to protect this data and maintain your trust in us.
Requirements under GDPR
The Company is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
When you use our websites
We collect information in two ways:
1. From subscribers to our email list.
2. From visitors to our website.
Information collected and used from email list subscribers
We collect the following data from you when you subscribe to our email list via our online subscription form:
Your name, email address and telephone number. These are considered to be Standard Levels of data.
We keep this information for as long as you remain a subscriber and delete it if or when you unsubscribe.
If you choose not to subscribe the information will be deleted when our communications with you are deemed to have ended, after 3 months of no communication or if you exercise your rights under GDPR and ask us to remove your data from all our locations.
Why do we need this information?
We personalise the emails we send to you, displaying your name at the beginning of the email.
These emails are our regular emails in which we inform you of industry news, new information, upcoming properties for sale and other information we think may be of interest.
When you subscribe to our email list you give your initial consent by ticking the acceptance checkbox, thereby giving us your explicit consent to contact you through email.
This allows us to store the aforementioned data, which is necessary for us to be able to provide the email service.
Some of this data (your name and email address) is stored securely by our third-party email service provider.
We also have a back-up stored on a password protected external physical drive which is encrypted and kept locked in a secure location. This back-up contains your name, email address and telephone number.
We will always do our utmost to keep your data safe and compliant with GDPR requirements.
You may unsubscribe from our email list at any time by clicking the ‘unsubscribe’ link at the bottom of each group email we send or by requesting to be unsubscribed by sending an email to us. Your details will be deleted from all points of storage. Please note this information is only stored digitally and no physical paperwork exists which contains this customer data.
We use a third-party provider, MailChimp, to deliver our group emails, which are emails sent to every subscriber on our list. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our group emails. For more information, please see MailChimp’s privacy notice. You can unsubscribe to group mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data controller.
Information we may collect and use from website visitors
Additional information we may collect during normal browsing of the site and held is information about your computer and about your visits to, and use of, the website (including your IP address, approximate geographical location, browser type, referral source, length of visit and number of page views);
This information is required to analyze the performance and popularity of our website and other than the IP address, no other personal information is collected.
Using cookies or other on-device storage
Cookies are information files stored on your computer, tablet or smartphone that help websites remember who you are and information
Tracking how the website is used
As mentioned previously, information is collected about activity on the website by Google Analytics.
This information is used to:
a. analyse statistics;
b. track pages and paths used by visitors to, or users of, the website;
c. target the adverts or offers, such as banners on the website.
d. track the use of our banner adverts.
Who has access to your data?
Basehound Media has access to your name, email address, telephone number and date of birth.
Third party service providers where our newsletter service information is stored and managed have access to your name and email address.
These service providers are Google and Mailchimp. Both have been checked by PPF-Spain and found, to the best of our knowledge, to be GDPR compliant.
Google and Basehound Media also have access to your Google Analytics information about your computer and about your visits to, and use of, the website (including your IP address, approximate geographical location, browser type, referral source, length of visit and number of page views);
Rights of the subscriber under General Data Protection Regulations
1. The right to be informed: Organisations need to tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.
2. The right to access: Individuals can submit subject access requests, which oblige organisations to provide a copy of any personal data concerning the individual. Organisations have one month to produce this information, although there are exceptions for requests that are manifestly unfounded, repetitive or excessive.
3. The right to rectification: If the individual discovers that the information an organisation holds on them is inaccurate or incomplete, they can request that it be updated. As with the right to access, organisations have one month to do this, and the same exceptions apply.
4. The right to erasure (also known as ‘the right to be forgotten’): Individuals can request that organisations erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent.
5. The right to restrict processing: Individuals can request that organisations limit the way an organisation uses personal data. It’s an alternative to requesting the erasure of data, and might be used when the individual contests the accuracy of their personal data or when the individual no longer needs the information but the organisation requires it to establish, exercise or defend a legal claim.
6. The right to data portability: Individuals are permitted to obtain and re-use their personal data for their own purposes across different services. This right only applies to personal data that an individual has provided to data controllers by way of a contract or consent.
7. The right to object: Individuals can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. Organisations must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.
8. Rights related to automated decision making including profiling: The GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about individuals. There are strict rules about this kind of processing, and individuals are permitted to challenge and request a review of the processing if they believe the rules aren’t being followed.
Exercising your rights
If you wish to contact us to exercise any of the above rights, we require a written request by email using the form on our Contact Page. When requesting please include your full name, email address and date of birth. When you inform us we’ll initially send a verification email to make sure it really is you before we act upon your request. Any request will be actioned within 30 days and you will be informed when the action has been completed.
We reserve the right to check your identity before releasing any data under any of the above rights, if deemed necessary.
We will provide the data as requested under any of the above rights free of charge for the first request. Subsequent requests for the same data and under the same legal right may be charged for at a fee of 30€ per duplicate request to cover administrative costs.
Disclosure of your information to Third Parties
Your information will not be passed to any third party other than Google and Mailchimp but may be shared within the Company.
Exceptions to this rule are government and enforcement agencies and the police.
Every now and again, requests are received for information from government departments, the police and other enforcement agencies.
If this happens, and there is a proper legal basis for providing your information, it will be provided to the organisation asking for it.
How your information is kept secure
The security of information is taken very seriously. Technology and security policies are in place to protect the information held.
Digital data is kept in password protected and encrypted folders on an external drive which is kept locked in a secure place.
Basehound Media (our Data Processor) has access to this data.
Cloud based data is stored on encryted servers. Our Data Controller, Google, Mailchimp and Basehound Media have access to this data.
Physical documents are kept locked in a secure place.
Our Data Controller has access to this data.
Next review July 2022 by the Data Controller assisted by the Data Processor.