Privacy Policy

This privacy policy applies to the processing of personal data of customers and/or users of https://www.norcan.es , hereinafter the WEBSITE, which is owned by the commercial company Norcan Real Estate, SL, hereinafter the DATA CONTROLLER.

‍

Applicable regulations

Our Privacy Policy has been designed in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR EU 2016/679, and insofar as it does not contradict the aforementioned Regulation, by the provisions of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights, hereinafter LOPDGDD 3/2018.

By providing us with their data, the client and/or user declares that they have read and understood this Privacy Policy, giving their unequivocal and express consent to the processing of their personal data in accordance with the purposes and terms expressed herein.

Basic information on data protection


	BASIC INFORMATION ON DATA PROTECTION
	Responsible	Norcan Real Estate, S.L
	Purpose	To respond to information requests received, answer queries raised, provide the requested real estate services, as well as send commercial communications about our services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or other equivalent electronic means of communication, provided that the interested party has consented to the processing of their personal data for this purpose.
	Legitimation	Performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. Legitimate interest of the controller. Consent of the data subject.
	Recipients	Data will not be transferred to third parties, except where legally required.
	Rights	You have the right to access, rectify and delete your data, as well as other rights, as indicated in the additional information, which you can exercise by contacting the data controller at info@norcan.es
	Additional information	You can consult additional and detailed information on Data Protection in the attached clauses found at https://www.norcan.es/politica-de-privacidad

Additional information on data protection

The data controller is:

Identity: Norcan Real Estate, SL
N.I.F.: B76169200
Address: Pasaje de Los Pescadores, 44 | Playa de Mogán, 35140 Mogán (Gran Canaria)
Telephone: (+34) 928 56 54 32
Email: info@norcan.es

Purposes and legal basis of the processing

a) In general

The DATA CONTROLLER processes the personal data provided by its clients and/or users for the following purposes:

Purpose: To respond to information requests received, answer queries raised, provide the requested real estate services, carry out administrative, commercial, accounting and tax management, as well as send commercial communications about our services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other equivalent electronic means of communication, provided that the interested party has consented to the processing of their personal data for this purpose.

Legal basis for this processing: Performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. Legitimate interest. The data subject's consent, which may be withdrawn at any time.

b) Electronic forms WEBSITE

The DATA CONTROLLER processes the personal data provided by customers and/or users through the electronic forms for collecting personal data on the WEBSITE for the purposes identified below:

Regarding the “Contact Form” and other inquiries (which may be sent via the email addresses listed on the WEBSITE):

Purpose: To contact the interested party, attend to the requests for information received and answer the queries raised, as well as send commercial communications about our services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other equivalent electronic means of communication, provided that the interested party has consented to the processing of their personal data for this purpose.
Legal basis that legitimizes this processing: The consent of the interested party, which may be withdrawn at any time.

When the data requested in the electronic forms is necessary, the DATA CONTROLLER will indicate this mandatory nature at the time of the collection of data from clients and/or users and failure to provide it will mean that the corresponding request cannot be processed.

What type of data do we process?

For the purposes set out in the previous section, the Customer data set is processed, which can be divided into the following sources and categories:

a) Data provided directly by the client and/or user: data provided directly by the client and/or user, either at the time of requesting the service through the completion of electronic forms for collecting personal data or in paper format enabled for this purpose, such as data provided throughout the contractual relationship through various means, such as requests for information or complaints filed. The client and/or user is responsible for its accuracy and updating.

b) Data obtained from sources other than the client and/or user: data obtained from sources other than the client and/or user, either with their consent or by any other legal authorization (legitimate interest, compliance with a legal obligation…).

c) Data derived from the development of the business relationship: data provided indirectly by the client and/or user as a result of the provision of the contracted service and the maintenance of this activity. This category includes traffic data, browsing data through the public website or access to the private area, and other data of a similar nature.

‍

Record of treatment activities

We inform you that the personal data obtained from the client and/or user as a result of completing the electronic forms on the WEBSITE form part of the Register of Processing Activities (RAT) of the DATA CONTROLLER, which will be updated periodically in accordance with the provisions of the GDPR EU 2016/679 and the LOPDGDD 3/2018.

Recipients

The personal data of the interested parties will be communicated to the recipients indicated below:

a) In general:

The suppliers of the DATA CONTROLLER as data processors, within the framework of the corresponding provision of services (lawyers, accounting, tax and labor advisors, consultants and information technology service providers –website hosting and email service-).

The competent authorities and bodies, to the extent necessary for compliance with legal obligations.

b) Regarding the “Contact Form” and other inquiries (which may be sent via the email accounts listed on the WEBSITE):

Data will not be transferred to third parties, except where legally required.

‍

Transfers to third countries

EU-US Data Privacy Framework Adequacy Decision.
Data transfers to third countries without an adequate level of protection are not planned.

‍

Storage periods

Personal data will be retained:

a) In general:

The data will be kept until you request its deletion, and, in any case, for the years necessary to comply with legal obligations.

b) Regarding the “Contact Form” and other inquiries (which may be sent via the email accounts listed on the WEBSITE):

Personal data will be kept until the end of the relationship between the DATA CONTROLLER and the client and/or user, unless the latter requests their deletion beforehand, or until the interested party withdraws the consent granted at any time, without this affecting the lawfulness of the processing based on the consent prior to its withdrawal.

For these purposes, the interested party is reminded that they must forward to the DATA CONTROLLER, as the recipient to whom they communicate personal data, any rectification or deletion of the data of their representatives, authorized persons and other contact persons.

Once the relationship has ended, to the extent that the personal data of the interested parties are relevant for the purposes of the responsibility of the DATA CONTROLLER towards the clients and/or users, that data will be kept, duly blocked, at the disposal of the judicial authorities or the competent public administrations, for the demand of the responsibilities arising from the processing for the period of limitation thereof.

‍

Rights of interested parties

Customers and/or users of the WEBSITE may exercise the following rights before the DATA CONTROLLER, to the extent applicable: access to personal data, rectification, erasure (right to be forgotten), restriction of processing, data portability, objection to processing, no longer being subject to automated individual decisions and, where processing is based on consent, the right to withdraw it at any time.

Customers and/or users may exercise these rights by means of a written and signed request sent to the postal address of the DATA CONTROLLER located at Pasaje de Los Pescadores, 44 | Playa de Mogán, 35140 Mogán (Gran Canaria) or through the email address info@norcan.es , attaching, in both cases the interested party, a legally valid proof of identity, such as a photocopy of the DNI/NIE or equivalent document, and clearly indicating the right they wish to exercise.

Customers and/or users also have the right to file a complaint with the competent Supervisory Authority (Spanish Data Protection Agency) if they observe that the processing does not comply with current regulations or consider that their rights regarding the protection of their personal data have been violated, especially when they have not obtained satisfaction in the exercise of their rights, through the website https://www.aepd.es

These rights will be addressed by the DATA CONTROLLER within 1 month, which may be extended to 2 months if the complexity of the request or the number of requests received so requires. This is without prejudice to the obligation to retain certain data in accordance with legal requirements and until any potential liabilities arising from processing, or, where applicable, from a contractual relationship, have expired.

In addition to the above, and in relation to data protection regulations, Users who request it have the possibility of organizing the fate of their data after their death.

Sending commercial communications

In compliance with the provisions of the second final provision of Law 9/2014, of May 9, on Telecommunications, which modifies Law 34/2002, of July 11, on information society services and electronic commerce, commercial communications made electronically must be clearly identifiable as such, and the natural or legal person on whose behalf they are made must also be clearly identifiable, without prejudice to the provisions of the regulations issued by the Autonomous Communities with exclusive powers on consumer affairs.

The client and/or user, who provides their contact information to the DATA CONTROLLER by clicking on the “SUBMIT” button on the electronic forms for collecting personal data on the website and affirmatively checks the two boxes for obtaining consent, “I accept the processing of my data according to the purposes indicated in the basic data protection information” and “I consent to receive commercial communications about your services”, expressly authorizes and grants their express, free and unequivocal consent to the DATA CONTROLLER to process their personal data for the purpose of sending them commercial communications about their services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other equivalent electronic means of communication.

The legal basis that legitimizes this processing is the consent of the interested party, which may be revoked at any time.

In compliance with the provisions of Articles 21 and 22 of Law 34/2002, of July 11, on information society services and electronic commerce, the user may object to the processing of their data for promotional purposes and revoke the consent given to receive commercial communications via email by simply notifying the PROVIDER of their will through a simple and free procedure, consisting of sending an email to the email address info@norcan.es , indicating in the Subject of the message “UNSUBSCRIBE” or “DO NOT SEND”.

The data provided will be kept for as long as the business relationship is maintained or for the years necessary to comply with legal obligations.

‍

Social Media Policy

The DATA CONTROLLER has profiles on the main social networks on the Internet.

‍

In this case, the entity is considered responsible for the processing of its users' data, including followers, subscribers, fans, or simply people who make comments or inquiries through these channels.

‍

In this regard, the DATA CONTROLLER could use this profile to inform its users of news that it considers appropriate for the purpose of the services offered, or perhaps it could also share current information or articles published by other social media users.

In no case will personal information of users be used without their consent to have relationships other than those expected on the aforementioned social network, requesting the consent of the user in question.

‍

Veracity of the data provided by the interested parties

The client and/or user is responsible for ensuring that the information provided by completing the electronic forms available on the WEBSITE or by sending emails to the various accounts under the internet domain norcan.es is true, and is responsible for the accuracy of all data communicated and will keep it updated to reflect a real situation, being responsible for false or inaccurate information provided and for any damages, inconveniences and problems that may be caused to the DATA CONTROLLER or to third parties.

‍

Security measures

The DATA CONTROLLER guarantees that it has implemented on the WEBSITE the appropriate technical and organizational policies to apply the security measures established by the GDPR EU 2016/679 and the LOPDGDD 3/2018 in order to protect the rights and freedoms of clients and/or users and has communicated to them the appropriate information so that they can exercise them.

‍

The DATA CONTROLLER, in order to protect individual rights, especially in relation to automated processing and with the desire to be transparent with clients and/or users, has established a policy that includes all such processing, the purposes pursued by the latter, the legitimacy of the same and also the instruments available to the client and/or user so that they can exercise their rights.

‍

The WEBSITE is created with the cloud-based web development platform of the company Webflow, Inc., complemented with the Weglot plugin (language translation), the Elsfight plugin to add Google reviews and the Google Maps plugin and has an activated SSL encryption certificate installed for the entire domain and the reCAPTCHA system to detect traffic from automated programs or bots allowing the user to securely send their personal data through the existing electronic forms for collecting personal data, designed with the native webflow contact form.

‍

Webflow, Inc., is committed to the protection of personal data and complies with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

Webflow, Inc., complies with the EU-U.S. Data Privacy Framework , which ensures the security and trustworthiness of international transfers of personal data flows between the EU and the U.S.

‍

The WEBSITE is hosted on servers that Webflow, Inc. provides to the DATA CONTROLLER, with the assigned IP address being in the European range.

All information will be stored and managed with due confidentiality, applying the necessary computer security measures to prevent unauthorized access or use of your data, its manipulation, damage or loss.

‍

However, the client and/or user should be aware that the security of computer systems is never absolute. When personal data is provided over the Internet, this information could be collected without consent and processed by unauthorized third parties. The DATA CONTROLLER declines any responsibility for the consequences that such actions may have for the User if they voluntarily published the information.

‍

Acceptance and consent

The client and/or user declares having been informed of the conditions regarding the protection of personal data, accepting and consenting to the automated processing thereof by the DATA CONTROLLER in the manner and for the purposes indicated in this Privacy Policy. Certain services provided on the WEBSITE may contain specific conditions with provisions regarding the protection of personal data.

Changes to this privacy policy

The Data Controller reserves the right to modify this Privacy Policy to adapt it to new legislation, case law, interpretations by the Spanish Data Protection Agency, as well as industry practices.

In such cases, the DATA CONTROLLER will announce the changes made on the websites with reasonable notice before they are implemented.

This privacy policy may be supplemented by the Legal Notice, Cookies Policy and the General Terms and Conditions of Contract that, where applicable, are included for certain products or services, if such access involves any special considerations regarding the protection of personal data.