The management board/governing body of REAL INVEST GRAN CANARIA, S.L. (hereinafter referred to as the “data controller”) assumes full responsibility for and provides its full commitment to drafting, implementing and maintaining this Data Protection Policy, ensuring continuous improvement on the part of the data controller with a view to achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016) and with Spanish legislation on the protection of personal data (Spanish Organic Law, specific sector legislation and the implementing regulations).
The REAL INVEST GRAN CANARIA, S.L. Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for ensuring compliance with the regulatory framework and case law that governs the Policy, and is able to prove this before the competent supervisory authorities.
The data controller is governed by the following principles that should serve as a guide and frame of reference for all of its staff, with regard to the protection personal data:
Data Protection by design: when determining the means of processing and during processing itself, the data controller shall apply appropriate technical and organisational measures, such as pseudonymisation, designed to effectively implement the principles of data protection, such as processing the minimum amount of data required and incorporating the necessary guarantees into the processing.
Data protection by default: the data controller shall apply appropriate technical and organisational measures with a view to ensuring that, by default, only personal data necessary for each specific purpose of processing is processed.
Data protection in the data life cycle: measures to ensure that personal data is protected must be applied during the complete life cycle of the data.
Lawfulness, fairness and transparency: the personal data must be processed in a lawful, fair and transparent manner in relation to the data subject.
Purpose limitation: personal data must be collected for specific, explicit and legitimate purposes only, and must not be subsequently processed in any way that is incompatible with those purposes.
Data minimisation: personal data must be adequate, relevant and restricted to what is necessary for the purposes for which it is processed.
Accuracy: personal data must be accurate and updated where necessary; all reasonable steps must be taken to ensure that personal data which is inaccurate with regard to the purposes for which it is processed is rectified or erased without delay.
Limiting the retention period: personal data must not be stored in any way that allows the data subject to be identified for any no longer than is necessary for the purposes of the processing of personal data.
Integrity and confidentiality: personal data must be processed in such a way as to ensure adequate security of the personal data, including protection against unauthorised or unlawful processing, loss, destruction and accidental damage, by applying appropriate technical and organisational measures.
Information and training: one of the keys to ensuring the protection of personal data is providing training and information to staff involved in processing the data. During the life cycle of the data, all staff with access to the data must be properly trained on and informed about their obligations in terms of compliance with data protection legislation.
The REAL INVEST GRAN CANARIA, S.L. Data Protection Policy is distributed to all staff under the authority of the data controller and made available to anyone interested.
Consequently, the present Data Protection Policy involves all staff under the authority of the data controller, who must be familiar with the policy and take ownership of it; every single one of them is responsible for applying and verifying data protection regulations in their course of their work, as well as identifying and creating opportunities for improvement as appropriate with a view to achieving excellence in compliance.
This policy will be reviewed by the management board/governing body of REAL INVEST GRAN CANARIA, S.L. as often as necessary to ensure compliance with the provisions in force on the protection of personal data.
SECURING YOUR DATA
INFORMATION IN COMPLIANCE WITH PERSONAL DATA PROTECTION LEGISLATION
In Spain and the rest of Europe, there are data protection regulations in place designed to protect your personal data that, as a company, we need to be compliant with.
That is why it’s important to us that you clearly understand what we do with the data we request.
We will be transparent and ensure you have control over your data, using plain language and clear options that will allow you to decide what we are allowed to do with your personal data.
If anything is unclear after reading this information, please don’t hesitate to contact us.
For your peace of mind and security, we are inscribed in the following Spanish Public Registry/Commercial and Trade Registry: Real Invest Canaria S.L, inscrita en el Registro Mercantil de Las Palmas Tomo 1999 Libro 0 Folio 52 Hoja GC-44755
We are available should you need us. Please don’t hesitate to contact us.
Why do we use your data?
Generally, your personal data will be used to maintain a relationship with us in order to deliver our services to you.
Your data may also be used for other purposes, such as sending you marketing communications or promoting our services.
We do you need to use your data?
Your personal data is required for us to maintain a relationship with us in order to deliver our services to you. We will provide a series of tick-boxes that will allow you to make a clear and simple decision on how you want us to use your data.
Who will we share the data you provide with?
Generally, only our members of staff who have been duly authorised may access the data that you have provided.
Equally, we may pass your personal data on to other entities where this is required in order to provide our services to you. For instance, we will need to share your data with our bank if you pay for our services by credit card or bank transfer.
We will also need to pass your data on to public or private entities when we are obliged to do so by law. For example, Spanish tax law requires us to provide the tax authorities with information on financial transactions that exceed a certain amount.
Nevertheless, if we otherwise need to disclose your personal data to other entities, we will ask your permission beforehand, providing you with clear options that will allow you to make a decision.
How do we protect your data?
We protect your data using effective security measures in proportion to the risks involved in using your data.
We have adopted a Data Protection Policy, and we carry out checks and annual audits to verify that your personal data is secure at all times.
Will we transmit your data to other countries?
Many countries across the world offer secure protection for your data, while others not so much. The European Union, for example, is a secure environment for your data. Our policy is not to send your personal data to any country that does not offer secure protection for your data.
In the event that we need to send your data to a country that is not as secure as Spain, in order to deliver our services to you, we will always ask your permission beforehand and apply effective security measures to reduce the risk of sending your personal data to another country.
How long do we retain your data for?
We will store your data for the duration of our customer relationship, in compliance with the legislation. Once the statutory retention period has lapsed, we will then destroy your data in a secure and environmentally-friendly manner.
What are your rights when it comes to data protection?
You may contact us at any time to find out what personal data we hold about you, to have it rectified where it is incorrect and to have it erased once our customer relationship comes to an end, provided that it is lawful to do so.
You are also entitled to have your data transferred to other entities in certain situations, under your right to data portability.
If you wish to exercise any of these rights, please send us a written request, accompanied by a copy of your ID, so that we can confirm your identity.
We have specific forms that you can use to exercise these rights, which we would be happy to help you fill in.
For more information about your data protection rights, please visit the Spanish Data Protection Agency website at www.agpd.es.
Can you withdraw your consent if you change your mind later?
Yes, you can withdraw your consent at any time if you change your mind about how your data may be used.
For example, if you were previously interested in receiving marketing communications about our products or services, but you no longer wish to receive these, you can let us know by using the consent withdrawal form available from us.
How can you submit a complaint if you feel your rights have not been honored?
If you are not satisfied with how we have handled your request, you may submit a complaint to the Spanish Data Protection Agency, the Agencia Española de Protección de Datos. The agency can be contacted as follows:
Agencia Española de Protección de Datos
C/ Jorge Juan, 6
You can submit a complaint to the Spanish Data Protection Agency free of charge and you do not need the assistance of a solicitor or lawyer.
Do we build profiles about you?
Our policy is not to build any profiles about the users of our services.
However, there may be situations when we need to develop information profiles about you in order to provide a service, commercial or otherwise. An example would be where we use your purchase or service history to offer products or services tailored to your tastes or needs.
In such cases, we will apply effective security measures to protect your data at all times against unauthorized persons intending to use it for their own benefit.
Do you use your data for other purposes?
Our policy is not to use your data for any purposes other than those that we have explained. However, if we need to use your data for another purpose, we will always ask your permission beforehand, providing you with clear options that will allow you to make a decision.
INFORMATION IN COMPLIANCE WITH PERSONAL DATA PROTECTION LEGISLATION
What are cookies and why do we use them?
A cookie is a small data file that is stored by your browser each time you visit our website.
Cookies are useful because they remember your activity on our website, so when you visit again, they can identify you and configure the content based on your browsing habits, identity and preferences.
Cookies are harmless. They do not contain any malicious code such as viruses, trojans or worms that could damage your device, but they are relevant when it comes to protecting your data, since they collect certain personal information (browsing habits, identity, preferences, etc.).
What information does a cookie store? Cookies do not routinely collect special categories of personal data (sensitive data). The data saved includes technical information, personal preferences and custom content.
What kind of cookies are there? In general, there are five types of cookies:
Functional cookies: This is the most basic type of cookie. It allows users to browse through a website platform or application, and use the different options or services provided, such as monitoring data traffic and communication, identifying the session, accessing areas with restricted access, remembering the items of an order, completing the purchasing process, performing a request to register or take part in an event, applying security during navigation, storing content to distribute videos or sound files, and sharing content via social networks.
Custom cookies: This type of cookie allows users to access our services with some general predefined settings on the user’s device, such as the language, the type of browser used and the location where you are accessing the service.
Analytical cookies: These allow user behaviour to be tracked and analysed across websites that are linked. The information collected through this type of cookie is used to measure activity on websites, applications and platforms, and to create browsing profiles of users, so improvements can be made based on the analysis of how users use the services.
Advertising cookies: These allow adverts included on a website, application or platform used to provide the services to be managed as efficiently as possible, based on criteria such as the content published or frequency at which adverts are displayed.
Behavioural advertising cookies: These allow adverts included on a website, application or platform used to provide the services to be managed as efficiently as possible. These cookies store information about the behaviour of users, obtained by continuously monitoring your browsing habits, allowing us to build up a specific profile about you and show you relevant adverts.
Which cookies are our own and which are used by third parties?
First-party cookies: These are generated and managed by the same party responsible for providing the service requested by the user.
Third-party cookies: These are generated by entities other than our own (external services or suppliers, such as Google).
What kind of cookies does our website use? Below is a table listing the types of cookies we use on our website and for what purpose.
Type of cookie
When and how data is stored
Technical and strictly necessary cookie that contains the value of whether the installation of cookies has been accepted or not.
Technical cookies for the use of Google analytics.
Used every time you visit the web page.
What can I do about cookies? Cookies can be accepted, blocked or deleted, as desired. You can do this by adjusting your browser settings.
To find out how to manage or block cookies, please see the relevant user guide for your browser: