1. Introduction

House of Blanca (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, disclose and protect your personal data when you visit our website, use our services, or otherwise interact with us (together, “Services”).

Our website is operated from Spain, and we process data in accordance with the GDPR and Spain’s LOPDGDD, as may be amended.

Global Legal Post

By using our Services, you accept the practices described in this Policy. If you do not agree with this Policy, please do not use the Services or provide your personal data.

2. Data Controller and Contact Details

The data controller responsible for the processing of your personal data is:

House of Blanca, [insert registered address, Spain]

If you have any questions about this policy or how we handle your data, you may contact our Data Protection Officer (or designated person) at: [insert contact email]

You also have the right to lodge a complaint with the Spanish supervisory authority, the Agencia Española de Protección de Datos (“AEPD”).

3. What Personal Data We Collect

We may collect and process the following categories of personal data about you:

3.1 Data you provide directly

• Contact details (e.g., name, postal address, email address, telephone number) when you enquire about a property, register for our newsletter, request a valuation or use our services.
• Financial or transaction‑related information (e.g., payment details, invoice information) when you engage in sales or lettings.
• Identification information or documentation that you choose to submit (such as proof of identity or address) as part of the services.
• User account information (username, password) if you register on our website.
• Communications you send to us, including when you contact us via chat, email or phone.

3.2 Data collected automatically

• Technical information from your device and use of the website (such as your IP address, browser type and version, operating system, referring website, pages visited, location, device identifiers, and click‑stream data).
• Cookies and similar tracking technologies (see Section 5).

3.3 Data from third parties

• Where permitted, we may receive data about you from external sources (such as public registers, credit reference agencies, property search portals, social media platforms or marketing partners) that supplement our records.
• If you provide us details of a third‑party (for example a co‐buyer or co‐tenant) you confirm you have their permission to share that information.

3.4 Sensitive / special category data

We generally do not process “special category” data (e.g., racial or ethnic origin, political opinions, health information, biometric data) unless strictly necessary and where we have a lawful basis and, where required, explicit consent.

4. How and Why We Use Your Personal Data: Purposes and Legal Bases

We will only process your personal data when we have a valid legal basis. Below are the main purposes and the bases we rely on:

We will not use your personal data for purposes incompatible with those listed above. If we wish to use your data for a new purpose, we will notify you and, where required, obtain your consent.

5. Cookies and Third‑Party Tracking Technologies

5.1 Cookies
Our website uses cookies and similar technologies to distinguish you from other users, help us provide you with a good experience and improve the website. A “cookie” is a small text file downloaded onto your device when you access the site.

We use different types of cookies:

• Essential cookies: required for website functionality, enabling you to navigate and use features.
• Performance / analytics cookies: collect information about how you use the website (e.g., which pages you visit, if you get error messages) to help us improve.
• Functional cookies: allow the website to remember choices you make (such as language, region).
• Marketing cookies / tracking cookies: used by us or third‑parties to track your browsing behaviour and deliver relevant advertising.

You can manage or disable cookies through your browser settings or via the cookie banner (or settings panel) on the website. However, if you disable essential cookies, some parts of the site may not work properly.

5.2 Third‑party tracking technologies
We may permit third‑party service providers (such as analytics providers, advertising networks, remarketing services) to place their cookies or tracking technologies on our site. These providers may collect information about your online actions over time and across different websites.

We ensure that such third parties only act in accordance with their privacy policies and your consent (where required).

In some cases you may be required to provide separate consent for such tracking; you can withdraw that consent at any time via our cookie settings or by contacting us.

5.3 Legal/regulatory compliance
Under Spanish law, the use of cookies and automatic tracking requires prior informed consent for non‑essential cookies. The supervisory authority has been active in sanctioning websites that deploy cookies without adequate consent mechanisms.

6. Data Sharing and Disclosure

6.1 Within our organisation
Your data may be accessed by our staff or agents who need to process it in order to deliver our services or manage our business.

6.2 Service providers / processors
We may share your personal data with third‑party service providers (data processors) who perform functions on our behalf (e.g., IT hosting, analytics, marketing, payment processing, professional advisors). We require each processor to act only under our instructions and to implement appropriate technical and organisational security measures as required by law. For relationships governed by the GDPR, we will ensure a data processing agreement is in place as required under Article 28.

6.3 Legal obligations and protection of rights
We may disclose your data if required by law, regulation, by a competent authority (including the AEPD) or as necessary to protect our rights, your rights, or the rights of others.

6.4 Business reorganisation or sale
In the event of a business sale, merger, financing, insolvency or other corporate reorganisation, your personal data may be transferred as part of that transaction (subject to confidentiality safeguards). We will inform you in any case.

6.5 International transfer of data
If we transfer your data outside the European Economic Area (“EEA”), we will ensure that appropriate safeguards are in place (e.g., appropriate contractual clauses, binding corporate rules) in conformity with the GDPR’s requirements and national law.

7. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, including to comply with legal, accounting or reporting obligations.

The criteria we use to determine retention periods include:

• The length of our relationship with you;
• Whether we are subject to a legal obligation to retain the data (for example tax or anti‑money‑laundering laws);
• Whether the data is needed to defend or bring legal claims;
• Whether the consent (if any) remains valid and whether you have requested erasure.
• When data is no longer needed, we will securely delete or anonymise it.

8. Data Security and Integrity

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful access, alteration, disclosure or destruction. These measures include (but are not limited to):

• Access controls and authentication;
• Encryption of data in transit and (where appropriate) at rest;
• Secure servers and firewalls;
• Regular back‑up and disaster recovery procedures;
• Regular security reviews and staff training on data protection;
• Internal policies for data handling and breach response.
  Nevertheless, no system is wholly immune to risk; if you believe your data has been compromised, you should contact us immediately.

In the event of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms, we will notify the AEPD without undue delay and, where required, communicate the breach to affected individuals.

9. Your Rights as a Data Subject

Under the GDPR and the LOPDGDD you have the following rights in relation to your personal data:

9.1 Right of access
You have the right to request confirmation whether we are processing your personal data and, if so, to obtain a copy of the data and further information about how it is processed.

9.2 Right to rectification
If you believe any data we hold about you is inaccurate or incomplete, you have the right to request correction or completion of the data.

9.3 Right to erasure (“right to be forgotten”)
In certain circumstances you may request that we delete your personal data (for example if the data is no longer needed, or you withdraw consent and there is no other legal basis for processing). We will comply unless we have a valid reason to retain it (for legal claims, defence of rights, etc.).

9.4 Right to restriction of processing
You may request that we restrict how we process your personal data (e.g., where you contest accuracy, or if you object to processing pending verification).

9.5 Right to data portability
Where the processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly‑used and machine‑readable format and to request that we transmit it to another controller where technically feasible.

9.6 Right to object
You have the right to object at any time to processing of your personal data where processing is based on our legitimate interests or for direct marketing. If you object, we will stop processing unless we can demonstrate compelling legitimate grounds.

9.7 Right to withdraw consent
Where we rely on your consent to process your data (for example for marketing or cookies), you may withdraw consent at any time. Such withdrawal will not affect the lawfulness of processing before consent was withdrawn.

9.8 Right to lodge a complaint
If you believe we have not complied with data protection laws, you have the right to lodge a complaint with the AEPD (www.aepd.es).

To exercise any of these rights, please contact us using the contact details set out in Section 2. We will respond without undue delay and in any event within one month of receipt of your request (this may be extended by two further months in complex cases, and we will inform you of any such extension).

10. Children’s Privacy

Our services are not directed at children under 16 years of age. If you are under 16 please do not provide us with any personal data.

In Spain, the LOPDGDD emphasises special protection for minors’ data and the requirement for parental consent where needed.

If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that data.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or for other operational reasons. We will publish the new version on our website and indicate the date of last revision. We encourage you to review this policy periodically.

If the changes are significant, we may provide you with a more prominent notice (such as email notification).

12. Additional Information for EU/Spain Users

12.1 Legal basis summary
We process data only where we have a lawful basis (e.g., consent, contract, legal obligation, legitimate interest) in line with the GDPR’s principle of lawfulness, fairness and transparency.

12.2 Data transfers outside the EEA
If we transfer your data outside the EEA, we will ensure safeguards are applied (e.g., Standard Contractual Clauses) and you may obtain a copy of such safeguards on request.

12.3 Supervisory authority
The AEPD is the supervisory authority in Spain responsible for monitoring compliance with data protection legislation. You may contact them at www.aepd.es

12.4 Rights in relation to automated decision‑making and profiling
Where we process your data for profiling or automated decision‑making that produces legal or similarly significant effects, you are entitled to request human intervention, express your point of view, obtain an explanation of the logic involved, and challenge the decision.

12.5 Retention and deletion
As above we apply storage‑limitation and will anonymise or delete data when no longer required for the purposes for which it was collected.

13. Real Estate Specific Considerations

Because our business concerns property sales, lettings and related services, specific additional considerations apply:

• We will retain property transaction records, client identity verification, due‑diligence information, valuations and related correspondence for as long as required by Spanish property, tax, anti‑money laundering and real‑estate legislation.
• When you submit a property listing, we may publish photos, address details and features of the property. We will ensure you have given consent (or otherwise lawful basis) for such publication.
• When introducing you to third‑parties (e.g., mortgage advisors, surveyors, property managers), we will only share the minimum necessary personal data and under appropriate confidentiality/security safeguards.
• If you refuse to provide data that is necessary for us to perform a contract (e.g., verifying identity prior to letting a property) we may be unable to provide the service.

14. How to Contact Us

If you have any questions about this Privacy Policy or our data‑processing practices, please contact us at:

House of Blanca
Email: charley@thehouseofblanca.com

Last updated: November 12, 2025