This is the Legal Notice & Private Policy for PRIVILEGE-PROPERTY, accessible from www.privilege-property.com

Informative clause:

“We process the information you provide us on behalf of our company with the purpose of providing the requested service, and billing for the service. The data provided will be kept as long as the business relationship is maintained or for the years necessary to comply with legal obligations. The data will not be transferred to third parties except in cases where there is a legal obligation.

Rights of the interested parties: you can exercise your rights of access, rectification, cancellation, opposition, suppression or limitation of the treatment by sending an email with the detail of your request and a photocopy of a valid Identity Card or Passport to PRIVILEGE-PROPERTY email address: info@privilege-property.com, also through the contact form of our website. We will be happy to assist you and we will do our best to attend your request.

By accepting, we will to offer you products and services related to those requested and to retain you as a client.”

Informative clause:

“We process the information you provide us on behalf of our company with the purpose of sending you publicity related to our products and services by any means (postal, email or telephone) and inviting you to events organized by our company. The data provided will be kept until you request the cessation of the activity. The data will not be transferred to third parties except in cases where there is a legal obligation or marketing purposes. You have the right to obtain confirmation as to whether PRIVILEGE-PROPERTY is processing your personal data, therefore you have the right to access your personal data, rectify the inaccurate data or request its erasure when the data are no longer necessary for the purposes that were collected”.

This document has been designed for processing of low-risk personal data, so it cannot be used for processing of personal data that includes personal data relating to ethnic or racial origin, political, religious or philosophical ideology, trade union membership, genetic and biometric data, health data, and sexual orientation data of individuals as well as any other data processing that result in a high risk to the rights and freedoms of natural persons.

Article 5.1.f of the General Data Protection Regulation (GDPR) determines the need to establish appropriate security safeguards against unauthorized or unlawful processing, against accidental loss, destruction or damage. This implies the establishment of technical and organisational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility (Article 5.2) to demonstrate that these measures have been implemented (accountability).

In accordance with the type of processing you defined when completing this form, the minimum security measures that you should take into account are the following:

INFORMATION TO BE KNOWN BY ALL STAFF WITH ACCESS TO PERSONAL DATA

All staff with access to personal data must be aware of their obligations regarding the processing of personal data and shall be informed of such obligations. The minimum information that shall be known by all staff will be the following:

• DUTY OF CONFIDENTIALITY AND SECRECY
  • Unauthorized access to personal data should be avoided, for that purpose: personal data will not be exposed to third parties (unattended electronic screens, paper documents in public access areas, media with personal data, etc.), this consideration includes screens used for the images display of the video-surveillance system. When you are absent from the workstation, the screen will be blocked or the session will be closed.
  • Paper documents and electronic media will be stored securely (lockers or restricted access rooms) 24 hours a day.
  • Electronic documents or media (CDs, pen drives, hard disks, etc.) will not be discarded with personal data without guaranteeing their destruction.
  • No personal data or personal information will be transferred to third parties, special attention will be paid not to disclose protected personal data during telephone consultations, emails, etc.
  • The duty of secrecy and confidentiality remains even when the worker’s employment relationship with the company ends.

• RIGHTS OF THE DATA SUBJECTS

All workers will be informed about the procedure to handle the rights of the data subjects, with mechanisms clearly defined to exercise the rights (electronic means, reference to the Data Protection Officer if any, postal address, etc.) taking into account the following:

• On presentation of their national identity card or passport, the data subject (stakeholders) may exercise their rights of access, rectification, erasure, to object and portability. The controller must respond to the data subject without undue delay.

For the right of access, the data subject will be provided with a list of the available personal data, together with the purpose at the time they were collected, the identity of the recipients of the data, the storage period, and the identity of the controller to exercise the rights of rectification, erasure and to object.

To exercise the right of rectification it will be required to modify the data of the data subject that were inaccurate or incomplete taking into account the processing purposes.

To exercise the right of erasure data will be deleted when the data subjects express their refusal or opposition to the consent for their data processing and there is no legal duty that prevents it.

To exercise the right to data portability, data subjects must communicate their decisions and inform data controller about the identity of the data controller who is to be provided with his personal data, if it is the case.

The controller must inform all people with access to personal data about the terms of compliance to address the data subject’s rights, the form and procedure to handle those rights.

Identification

• When the same computer or device is used for the processing of personal data and personal use purposes it is recommended to have several profiles or different users for each of the purposes. Professional and personal uses of the computer should be kept separate.
• It is recommended to have profiles with administration rights for the system installation and configuration and users without privileges or administration rights to access to personal data. This measure will prevent a cybersecurity attack and gain access privileges to modify the operating system.
• It will be guaranteed the use of passwords to access personal data stored in electronic systems. The password will have at least 8 characters, a mixture of numbers and letters.
• When personal data are accessed by different people, for each specific person with access to personal data, a specific user and password will be available (unambiguous identification).
• The confidentiality of passwords must be guaranteed so that they are not exposed to third parties. For the management of passwords, you can consult the Privacy and security guide on the internet of the Spanish Data Protection Agency and the National Institute of Cybersecurity.

The following are the minimum technical measures to ensure the safeguarding of personal data:

• UPDATING OF COMPUTERS AND DEVICES: The devices and computers used for the storage and processing of personal data should be kept updated as possible.
• MALWARE: On computers and devices where the automated processing of personal data is carried out, an anti-virus system will be available to guarantee, as far as possible, the theft and destruction of information and personal data. The antivirus system should be updated periodically.
• FIREWALL: In order to avoid undue remote access to personal data, it must be ensured that a firewall is activated on computers and devices in which personal data are stored and / or processed.
• DATA ENCRYPTION: When it is necessary to bring personal data outside the facilities where their processing is performed, either by physical or electronic communications means, the possibility of using an encryption method to guarantee the confidentiality of the data must be assessed to avoid unauthorized access to information.
• BACKUP COPY: A backup copy will be made periodically on a second media other than the one used for daily work. The copy will be stored in a safe place, other than that in which the computer is located with the original files, in order to allow the recovery of personal data in case of loss of information.

The security measures will be periodically reviewed, the revision can be performed by automatic mechanisms (software or computer programmes) or manually. Consider that any computer security incident that had happened to any other data controller or processor may happen to you, therefore you should prevent it from happening.

Responsible: Identity: PRIVILEGE-PROPERTY – : TIN: X2188317M Notification address: Murillo, 58, Attic A, 07013, Santa Catalina, Palma de Majorca, Balearic Islands, Spain.Telephone: +34 637 861 618 Email: info@privilege-property.com

Hopefully, that has clarified things for you and as was previously mentioned if you are still looking for more information then you can contact us through our preferred contact method:

This legal text has been designed for processing the Booking Center requirements.

8/2012, 19th of July in Illes Balears tourism Law, determines the need to establish appropriate processing registration for Holiday Rental Advertising.

This implies in accordance with the measures to demonstrate that these measures have been implemented.

Responsible: Identity: Patrick Schröder -: Booking center reg. number: CR/231 Notification address: Murillo, 58, Attic A, 07013, Santa Catalina, Palma de Majorca, Balearic Islands, Spain. Telephone: +34 637 861 618 Email: info@privilege-property.com.

Privilege-Property Real Estate is responsible for answering questions and dealing with complaints about holiday rental measures.

Privilege-Property Real Estate has procedures to deal with complaints. We encourage you to talk to the real estate agent about the issue first, because this may be the quickest and easiest way to resolve the issue.

If you are still not satisfied, please call us or email us to talk about your complaint. We can help you decide the best way to resolve the problem and we can also send you a complaining form process.

Hopefully, that has clarified things for you and as was previously mentioned if you are still looking for more information then you can contact us through our preferred contact method: