PRIVACY POLICY OF OBRASNUEVAS.COM

Full and Detailed Version

Last updated: October 2025

This Privacy Policy explains in detail how ALIANZ OBRAS Y SERVICIOS MÁLAGA 2012, S.L. (hereinafter, `Obrasnuevas.com`, `we` or `the Platform`) collects, processes, stores and protects the personal data of users who access and use the website www.obrasnuevas.com.

Your privacy is our priority. We are committed to processing your data securely, lawfully, transparently and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

1. DATA CONTROLLER

Company Name: ALIANZ OBRAS Y SERVICIOS MÁLAGA 2012, S.L.
Trade Name: Obrasnuevas.com
Tax ID: B93507259
Registered Office: Calle Santa Rosa nº 21-A, 29640 Fuengirola (Málaga), Spain
Email: info@alianzestates.com
Telephone: +34 951 083 3149
Website: www.obrasnuevas.com

Data Protection Officer (DPO): Currently, a Data Protection Officer has not been appointed as it is not mandatory under Article 37 of the GDPR. However, for any queries related to data protection, you can contact us at: info@alianzestates.com.

2. CATEGORIES OF PERSONAL DATA WE PROCESS

Depending on your use of the Platform, we may process the following categories of personal data:

2.1. Identification and Contact Data:

First and last name
Email address
Telephone number (landline and/or mobile)
Postal address
National Identity Document (DNI/NIE/Passport) (for identity verification in professional services)
Date of birth (to verify legal age)

2.2. User Account Data:

Username
Encrypted password
Profile picture or image
Account settings preferences
Activity history on the platform
Registration date and last login

2.3. Professional Information (for professional users/agencies):

Company name or business name
Company VAT/Tax ID number
Business address
Position or job title within the company
Professional license (if applicable)
Professional association membership details (real estate agents)

2.4. Listed Property Information:

Property description
Property location and address
Technical specifications
Photographs and audiovisual material
Price and terms of sale/rental
Cadastral reference (optional)

2.5. Financial and Billing Information:

Bank details (IBAN for direct debits)
Credit/debit card information (processed by payment gateway)
Transaction and payment history
Billing information (company name, VAT/Tax ID number, billing address)

2.6. Browsing and Technical Data:

IP address
Browser type and version
Operating system
Pages visited and time spent on the page
Cookies and similar technologies (see Cookie Policy)
Browsing language
Internet Service Provider (ISP)
Date and time of access
Referring URLs

2.7. Communications Data:

Content of messages sent through the platform
Communications via email, telephone, or chat
Reported incidents
Ratings and comments posted

2.8. Geolocation Data (with your consent):

Precise device location for nearby searches
Location history (if you enable this feature)

3. PURPOSES OF PROCESSING AND LEGAL BASIS

We process your personal data for the following purposes, each with its corresponding legal basis:

3.1. Registration and User Account Management

Purpose: To create, manage, and maintain your account on the Platform
Legal basis: Performance of a contract (Art. 6.1.b GDPR)
Retention: While the account remains active and for up to 1 year after its cancellation to address claims

3.2. Publication and Management of Real Estate Listings

Purpose: To publish your property listings and facilitate contact with potential buyers
Legal basis: Performance of a contract (Art. 6.1.b GDPR)
Retention: While the listing is active and for up to 6 months thereafter for statistical purposes

3.3. Provision of Payment Services

Purpose: To process payments for premium services, subscriptions, and additional features
Legal basis: Contract performance (Art. 6.1.b GDPR)
Retention: For the duration of the service and an additional 6 years for tax and accounting obligations

3.4. Customer Service and Support

Purpose: To respond to inquiries, manage incidents, complaints, and suggestions
Legal basis: Contract performance and legal obligation (Art. 6.1.b and c GDPR)
Retention: Until the inquiry is resolved and for an additional 3 years

3.5. Commercial Communications and Marketing

Purpose: To send information about new services, promotions, newsletters, and personalized offers
Legal basis: Explicit consent (Art. 6.1.a GDPR) or legitimate interest for existing customers (Art. 6.1.f GDPR)
Retention: Until you withdraw your consent or object to the processing
Right to object: You can unsubscribe at any time via the link included in each communication or by writing to info@alianzestates.com

3.6. Platform Improvement and Analytics

Purpose: To analyze platform usage, improve functionalities, develop new services, and conduct statistical studies
Legal basis: Legitimate interest (Art. 6.1.f GDPR)
Retention: Anonymized data with no time limit; identifiable data for 2 years

3.7. Security and Fraud Prevention

Purpose: To detect, prevent, and combat fraud, abuse, spam, and misuse of the Platform
Legal basis: Legitimate interest and legal obligation (Art. 6.1.f and c GDPR)
Retention: For the time necessary for investigation and an additional 3 years

3.8. Identity Verification (professional users)

Purpose: To verify the identity of real estate agents and professionals in the sector
Legal basis: Compliance with legal obligations and performance of a contract (Art. 6.1.b and c GDPR)
Retention: For the duration of the contractual relationship and an additional 6 years

3.9. Compliance with Legal Obligations

Purpose: To comply with tax, accounting, anti-money laundering, and other legal obligations
Legal basis: Legal obligation (Art. 6.1.c GDPR)
Retention: According to the periods established by each regulation (generally between 4 and 6 years)

3.10. Exercise and Defense of Rights

Purpose: To establish, exercise, or defend legal claims
Legal basis: Legitimate interest (Art. 6.1.f GDPR)
Retention: For the applicable statutory limitation periods

4. LEGAL BASIS FOR PROCESSING THIRD-PARTY DATA

If you publish listings containing personal data of third parties (owners, tenants, contacts), you declare and guarantee that:

You have previously informed these individuals about the processing of their data in accordance with this Privacy Policy
You have obtained their explicit consent to publish their data on the Platform
This data is accurate and up-to-date

You will be solely responsible for any claim arising from the publication of third-party data without the corresponding authorizations.

5. OBTAINING CONSENT

5.1. Time of Obtaining

Your consent is obtained at the following times:

When registering: By expressly accepting the box `I have read and accept the Privacy Policy`
When posting listings: By confirming the publication, you accept the processing of the property data
When subscribing to communications: By checking a specific optional box to receive newsletters and offers
When using cookies: Through the cookie settings panel that appears on your first visit
When contracting paid services: During the checkout process, before confirming payment

5.2. Free and Revocable Consent

Your consent is:

Free: We do not condition access to the Platform on your acceptance of unnecessary data processing.
Specific: It is requested separately for each purpose.
Informed: You know exactly how we will use your data.
Revocable: You can withdraw it at any time without retroactive effect.

6. RECIPIENTS AND COMMUNICATION OF DATA

Your personal data may be communicated to the following categories of recipients:

6.1. Technology Service Providers

Hosting and Cloud Services:

Provider: [Name of hosting provider]
Location: European Union
Purpose: Data storage and platform hosting
Guarantees: ISO 27001 certification, standard EU contractual clauses

Email Marketing Services:

Provider: [Example: Mailchimp, Sendinblue]
Location: EEA or with an adequacy decision
Purpose: Sending newsletters and communications
Guarantees: Privacy Shield certification (if applicable) or standard contractual clauses

Payment Gateways:

Provider: [Example: Stripe, PayPal, Redsys]
Location: PCI DSS compliance
Purpose: Secure payment processing
Guarantees: PCI DSS Level 1 certification, SSL/TLS encryption

Analytics Services Web:

Provider: Google Analytics (with IP anonymization enabled)
Location: Configured for storage in the EU
Purpose: Analysis of traffic and user behavior
Guarantees: Standard contractual clauses, method of consent

Customer Service:

Provider: [Ticket system/CRM]
Location: European Union
Purpose: Handling inquiries and providing support
Guarantees: Data processing agreement compliant with GDPR

6.2. Real Estate Collaborators and Professionals

When you expressly authorize it, your contact information may be shared with:
Collaborating real estate agencies
Sales agents
Other users interested in your listings (only authorized contact information)

6.3. Authorities and Public Bodies

When there is a legal obligation, your data may be disclosed to:
State Security Forces and Corps
Tax Administration (AEAT)
Courts and Tribunals
Spanish Data Protection Agency (AEPD)
Other public bodies with legal competence

6.4. Professional Advisors

Law firms, auditors, and tax advisors bound by a duty of professional confidentiality

7. INTERNATIONAL DATA TRANSFERS

7.1. General Policy

We prioritize providers located in the European Economic Area (EEA). However, some services may involve international transfers.

7.2. Current Transfers

If we use services with servers outside the EEA, we apply the following safeguards:

For countries with an adequacy decision:

Transfers to countries recognized by the European Commission as safe (e.g., United Kingdom, Switzerland, Japan)

For other countries:

Standard Contractual Clauses: Approved by the European Commission (Decision 2021/914)
Additional measures: Data encryption, pseudonymization, minimization
Risk assessment: Case-by-case analysis according to the Schrems II case law

7.3. Specific Information

You can request detailed information about specific international transfers and applicable guarantees by writing to: info@alianzestates.com.

8. PROFILING AND AUTOMATED DECISION-MAKING

8.1. User Profiling

We use profiling techniques based on your activity to:

Recommend properties that may interest you
Personalize your user experience on the Platform
Show relevant ads and content
Detect suspicious or fraudulent usage patterns

Legal basis: Legitimate interest (Art. 6.1.f GDPR) and consent for advertising cookies.

Right to object: You can object to profiling at any time from your settings panel or by writing to info@alianzestates.com.

8.2. Automated Decisions

We do NOT make decisions based solely on automated processing that produce legal effects or significantly affect you, unless:

It is necessary for the performance of the contract
It is authorized by law
We have your explicit consent

In any case, you will have the right to request human intervention, express your point of view, and obtain an explanation of the decision.

9. MINORS

9.1. Age Restriction

The Platform is intended exclusively for individuals over 18 years of age. We do not knowingly collect data from minors.

9.2. Verification

By registering, you declare that you are over 18 years of age. We may request age verification via identity document if we have reasonable suspicion.

9.3. Detection of Minors

If we detect that a minor has provided personal data without parental authorization:

We will proceed to the immediate deletion of the account.
We will delete all data of the minor from our systems.
We will report the situation if legally required.

9.4. Obligation of Parents/Guardians

Parents or legal guardians must monitor the internet use of minors under their care.

10. DATA RETENTION PERIODS

10.1. General Criteria

Data is retained for the time necessary to fulfill the purposes for which it was collected and to:

Comply with legal obligations
Address potential liabilities arising from the processing
Respond to judicial or administrative requests

10.2. Specific Retention Periods by Purpose

Purpose	Retention Period	Legal Basis
Active user account	While the account is active	Contract execution
Account voluntarily cancelled	1 year from cancellation	Possible claims
Published ads	Publication duration + 6 months	Statistics and history
Billing data	6 years from issue	Tax obligation (LGT)
Paid contracts and services	Service duration + 6 years	Legal obligation
Commercial communications	Until withdrawal of consent	Consent
Browsing data (cookies)	Depending on type (see Cookie Policy)	Consent / Legitimate interest
Responded inquiries	3 years from resolution	Possible claims
Security incidents	3 years from resolution	Legitimate interest
Inactive accounts	2 years of total inactivity	Legitimate interest

10.3. Data Blocking

Once the retention periods have expired, the data will be blocked, remaining available only to:

Judicial or administrative authorities
The exercise or defense of legal claims

After the applicable statute of limitations expires, the data will be permanently deleted.

10.4. Proactive Deletion

We implement policies for the automatic deletion of obsolete or unnecessary data (data minimization principle).

11. USER RIGHTS

As a user, the GDPR grants you the following rights, which you can exercise at any time:

11.1. Right of Access (Art. 15 GDPR)

You have the right to:

Confirm whether we are processing your personal data
Obtain a copy of your data
Know the purposes of the processing, categories of data, recipients, and retention periods
Know whether there are automated decisions or profiling

How to exercise this right: From your user panel (option `Download my data`) or by requesting it via email.

11.2. Right to Rectification (Art. 16 GDPR)

You can request the correction of inaccurate or incomplete data.

How to exercise this right: From your settings panel, you can modify most of your data. For other changes, please contact us.

11.3. Right to Erasure / “Right to be Forgotten” (Art. 17 GDPR)

You can request the deletion of your data when:

They are no longer necessary for the purposes for which they were collected
You withdraw your consent and there is no other legal basis
You object to the processing and there are no overriding legitimate grounds
The data have been unlawfully processed
They must be erased due to a legal obligation

Exceptions:

Compliance with legal obligations
Exercise or defense of legal claims
Public interest

How to exercise this right: Select the “Delete account” option in your profile or request it by email.

11.4. Right to Restriction of Processing (Art. 18 GDPR)

You can request the temporary suspension of processing when:

You contest the accuracy of the data (during verification)
The processing is unlawful but you do not want the data erased
We no longer need the data but you need it for legal claims
You have objected to the processing (while we verify legitimate grounds)

How to exercise this right: Send a request to info@alianzestates.com.

11.5. Right to Object (Art. 21 GDPR)

You can object at any time to:

Processing based on legitimate interest (we must demonstrate compelling reasons)
Direct marketing (your objection always prevails)
Profiling for commercial purposes

How to exercise this right:

Marketing: “Unsubscribe” link in emails or from your profile
Other: Request to info@alianzestates.com

11.6. Right to Data Portability (Art. 20 GDPR)

You can receive the data you have provided to us in a structured, commonly used, and machine-readable format (CSV, JSON) and transmit it to another data controller.

Applies to:

Data processed by automated means
Based on consent or contract performance

How to exercise this right: “Export data” option in your user panel.

11.7. Right to Withdraw Consent

When processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of the processing prior to withdrawal.

How to exercise this right: Same means as for giving your consent (account settings, cookie management, links in emails).

11.8. Right Not to Be Subject to Automated Decisions (Art. 22 GDPR)

You have the right not to be subject to decisions based solely on automated processing that produce significant legal effects, except where otherwise provided by law.

12. PROCEDURE FOR EXERCISING YOUR RIGHTS

12.1. Ways to Exercise Your Rights:

You can exercise your rights through the following means:

a) Through the Platform:

Access your user panel > Settings > Privacy and Data
Use the available options (download, modify, delete)

b) By email:

Send your request to: info@alianzestates.com
Subject: `EXERCISE OF GDPR RIGHTS - [Type of right]`

c) By mail:

ALIANZ OBRAS Y SERVICIOS MÁLAGA 2012, S.L.
Ref: Data Protection
Calle Santa Rosa nº 21-A, 29640 Fuengirola (Málaga), Spain

12.2. Required Information:

Your request must include:

Full name and ID/NIE number
Contact email address
Right you wish to exercise
Date and signature (if by mail)
Copy of your ID/NIE or other identification document

12.3. Response Time:

1 month from receipt of your request
Extendable by 2 more months in complex cases (we will inform you within the first month)

12.4. Cost:

Exercising your rights is free of charge. We may only charge a reasonable fee if:

The requests are manifestly unfounded or excessive
You request additional copies of your data

12.5. Refusal:

If we cannot fulfill your request, we will explain the reasons and inform you of your right to lodge a complaint with the supervisory authority.

13. RIGHT TO LODGE A COMPLAINT

If you believe that the processing of your personal data violates the GDPR or you have a complaint about our privacy practices, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

Website: www.aepd.es
Electronic Office: https://sedeagpd.gob.es
Postal Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
Telephone: +34 912 663 517

Procedure:

Try to resolve the issue directly with us first.
If the issue remains unresolved, submit your complaint to the AEPD.
The AEPD will investigate and resolve your complaint.

However, we encourage you to contact us first to try to resolve any problems amicably.

14. SECURITY MEASURES

14.1. Security Commitment:

Obrasnuevas.com implements appropriate technical and organizational measures to guarantee a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

14.2. Technical Measures:

Encryption:

HTTPS (SSL/TLS) connections throughout the Platform
Encryption of data in transit and at rest
Passwords stored with secure hash algorithms (bcrypt, Argon2)

Access Control:

Multi-factor authentication (MFA) available
Role-based access control (RBAC)

14.3. Organizational Measures:

Confidentiality agreements with all employees and collaborators
Periodic staff training on data protection and cybersecurity
Access limitation strictly to authorized personnel
Incident response and data breach notification procedures

14.4. Monitoring and Auditing:

Regular vulnerability assessments and penetration testing
Continuous monitoring of systems and access logs
Annual security audits by independent experts
Ongoing evaluation and improvement of implemented measures

15. COOKIES AND SIMILAR TECHNOLOGIES

15.1. Use of Cookies:

We use cookies and similar technologies (tracking pixels, web beacons, local storage) to improve your experience and analyze the use of the Platform.

15.2. Types of Cookies:

Technical Cookies: Necessary for the website to function
Preference Cookies: Remember your settings
Analytical Cookies: Usage statistics (Google Analytics)
Advertising Cookies: Display personalized ads

15.3. Detailed Information:

For complete information on which cookies we use, their purpose, duration, and how to manage them, please see our Cookie Policy.

15.4. Settings:

Cookie settings panel (accessible from the footer)
Your browser settings
`Do Not Sell My Personal Information` option (CCPA)

16. SOCIAL NETWORKS AND PLUGINS

16.1. Social Media Links:

The Platform may include social media links and buttons (Facebook, Instagram, LinkedIn, Twitter, etc.). When you interact with these buttons:

You may be redirected to the corresponding social network.
The social network may install cookies on your device.
Your interaction will be subject to that social network`s privacy policy.

16.2. Responsibility:

We are not responsible for the privacy practices of third parties. We recommend that you review their policies before sharing information.

16.3. Social Login:

We will receive the basic profile data you have authorized.
We will not have access to your social network password.
You can revoke access from the social network settings.

17. POLICY CHANGES AND UPDATES

17.1. Modifications:

We may update this Privacy Policy to:

Adapt it to regulatory changes
Reflect new Platform functionalities
Improve clarity and transparency
Incorporate new data processing activities

17.2. Notification of Changes:

When we make substantial changes:

We will publish the new version on the Platform with the `Last Updated` date
We will notify you by email if the changes significantly affect your rights
For changes that require new consent, we will request your explicit acceptance

17.3. Version History:

You can request previous versions of this Policy by writing to info@alianzestates.com.

17.4. Acceptance:

Your continued use of the Platform after the publication of changes constitutes your acceptance of the updated Policy, unless the changes require explicit consent.

18. DATABASES AND REGISTERED FILES

In accordance with Spanish regulations, we inform you that the personal data processed forms part of the following files:

File: USERS_NEW_PROJECTS

Purpose: User and account management
Data Controller: ALIANZ OBRAS Y SERVICIOS MÁLAGA 2012, S.L.

File: REAL_PROPERTY_ADS

Purpose: Publication and management of property listings
Data Controller: ALIANZ OBRAS Y SERVICIOS MÁLAGA 2012, S.L.

File: CLIENTS_INVOICING

Purpose: Accounting and invoicing management
Data Controller: ALIANZ OBRAS Y SERVICIOS MÁLAGA 2012, S.L.

19. DATA PROTECTION BY DESIGN AND BY DEFAULT

19.1. Privacy by Design:

Data minimization: we only collect what is strictly necessary
Pseudonymization where possible
Impact assessments for high-risk processing
Security built into development

19.2. Privacy by Default:

We only process strictly necessary data
Marketing communications are disabled by default (opt-in)
Profile visibility is limited by default
Non-essential cookies require prior consent

20. PROCESSING OF SENSITIVE DATA

20.1. Special Categories:

We do NOT intentionally request or process special categories of personal data (Art. 9 GDPR):

Ethnic or racial origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic or biometric data
Health data
Data concerning sex life or sexual orientation

20.2. Prohibition:

Users are expressly prohibited from including this type of data in their profiles, advertisements, or communications through the Platform.

20.3. Detection and Deletion:

We will proceed to its immediate deletion
We will notify the user
We will take measures to prevent its disclosure

21. VIDEO SURVEILLANCE (IF APPLICABLE)

If our physical premises have video surveillance systems:

This will be indicated by signs in a visible location.
Recordings will be kept for a maximum of 30 days.
Only authorized personnel will have access.
Purpose: security of facilities and people.
Legal basis: legitimate interest (Art. 6.1.f GDPR).

22. DATA RETENTION AND DELETION POLICY

22.1. Periodic Review:

Identify obsolete or unnecessary data
Verify compliance with retention periods
Update records of processing activities

22.2. Secure Deletion:

Secure erasure of digital media (multiple overwrites)
Certified destruction of physical media, if any
Deletion of backups according to the established schedule
Notification to data processors so they can do the same

22.3. Anonymized Data:

Aggregate statistics
Research and development
Service improvement

23. RECORD OF PROCESSING ACTIVITIES

In accordance with Article 30 of the GDPR, we maintain an internal record of all processing activities, which includes:

Purposes of processing
Categories of data subjects and data
Categories of recipients
International transfers
Retention periods
Security measures

This record is available to the Spanish Data Protection Agency (AEPD) upon request.

24. DATA PROTECTION IMPACT ASSESSMENTS (DPIAs)

24.1. When We Conduct Them:

We introduce new technologies or processing activities
We carry out systematic and comprehensive profiling
We process sensitive data on a large scale
We systematically monitor publicly accessible areas

24.2. Content:

Description of the processing and its purposes
Assessment of necessity and proportionality
Assessment of risks to rights and freedoms
Measures planned to address the risks

25. PRIOR CONSULTATIONS WITH THE SUPERVISORY AUTHORITY

If a Data Protection Authority (DPIA) indicates that the processing would entail a high risk and we cannot mitigate it, we will consult with the Spanish Data Protection Agency (AEPD) before initiating the processing.

26. PROCESSING OF BROWSING DATA

26.1. Server Logs:

IP address
Date and time of access
Pages visited
Browser and operating system
HTTP response code

Purpose: Security, technical diagnostics, statistics

Retention period: 3 months (except for incident investigations)

26.2. IP Anonymization:

We apply IP anonymization techniques for web analytics (Google Analytics with anonymization enabled).

27. MARKETING AND COMMERCIAL COMMUNICATIONS

27.1. Types of Communications:

Newsletters with Platform updates
Special offers and promotions
Information about new properties that match your preferences
Invitations to events or webinars
Satisfaction surveys

27.2. Frequency:

Maximum of 2 commercial communications per week
You can adjust the frequency from your profile

27.3. Personalized Content:

Your activity on the Platform
Previous searches
Saved properties
Declared preferences

27.4. Easy Unsubscribe:

A functional `Unsubscribe` link in each email
A link to the preference center
Immediate unsubscribe confirmation (maximum 48 hours)

28. ADDITIONAL RIGHTS (CCPA AND INTERNATIONAL REGULATIONS)

28.1. CCPA (California):

Right to know what data we sell or share
Right to object to the sale of your data
No discrimination for exercising your rights
Important note: Obrasnuevas.com does NOT sell users` personal data.

28.2. Other Jurisdictions:

If you reside outside the EU and Spain, please consult applicable local laws.
We will strive to comply with the highest standards of protection.

29. EMAIL RETENTION POLICY

29.1. Communications with You:

Account management emails: 3 years
Support emails: 3 years from resolution
Marketing emails: until you unsubscribe
Purchase/payment confirmations: 6 years (tax obligation)

29.2. Your Emails to Other Users:

Messages are retained while both accounts are active
You can delete your sent messages from your dashboard
If you delete your account, your messages may remain visible to the recipient for 6 months

30. TECHNICAL PORTABILITY

30.1. Available Formats:

JSON (structured format for developers)
CSV (compatible with Excel spreadsheets)
PDF (readable format)

30.2. Included Data:

Profile information
Published ad history
Search history
Sent and received messages
Account settings

30.3. Direct Transfer:

We can facilitate direct transfer to another data controller if technically feasible.

31. TRANSPARENCY AND PROACTIVE ACCOUNTABILITY

31.1. Principle of Proactive Responsibility:

This detailed Privacy Policy
Records of processing activities
Impact assessments carried out
Contracts with data processors
Documented procedures
Staff training

31.2. Transparency:

Providing clear and understandable information
Answering your questions about privacy
Publishing transparency reports (annually)
Proactively notifying you of relevant changes

32. DATA PROTECTION CONTACT

32.1. Data Protection Officer:

Email: info@alianzestates.com Subject: DATA PROTECTION - [Your query]

32.2. Response Time for Inquiries:

General inquiries: 5 business days
Exercising rights: 1 month (extendable to 3 months in complex cases)
Security emergencies: 24-48 hours

32.3. Full Contact Details:

ALIANZ OBRAS Y SERVICIOS MÁLAGA 2012, S.L.
Attention: Data Protection Department
Address: Calle Santa Rosa nº 21-A, 29640 Fuengirola (Málaga), Spain
Email: info@alianzestates.com
Telephone: +34 951 083 3149 (office hours)
Website: www.obrasnuevas.com

33. GLOSSARY OF TERMS

Personal Data: Information relating to an identified or identifiable natural person
Processing: Any operation performed on data (collection, recording, consultation, communication, erasure, etc.)
Data Controller: The entity that decides on the purposes and means of the processing (Obrasnuevas.com)
Data Processor: The entity that processes data on behalf of the data controller (service providers)
Data Subject/User: The natural person whose data is processed
Consent: A freely given, specific, informed, and unambiguous expression of will
Anonymization: An irreversible process that prevents identification
Pseudonymization: A reversible process that makes identification difficult
Security breach: A breach that causes loss, destruction, or unauthorized access to data

34. ADDITIONAL RESOURCES

34.1. Supplementary Documentation:

Cookie Policy - Detailed information about cookies
Terms and Conditions - Terms of use of the Platform
Legal Notice - Legal information of the website
Moderation Policy - Content guidelines

34.2. Information on Data Protection:

Spanish Data Protection Agency: www.aepd.es
GDPR Guide: https://www.aepd.es/reglamento/index.html
European Data Protection Portal: https://edpb.europa.eu

34.3. Consumer Information:

Municipal Consumer Information Office (OMIC)
Andalusian Directorate General for Consumer Affairs:www.juntadeandalucia.es/consumo

35. OBRASNUEVAS.COM COMMITMENTS

Processing your data lawfully, fairly, and transparently
Collecting data only for specific, explicit, and legitimate purposes
Applying the principle of data minimization
Keeping data accurate and up-to-date
Retaining data only for as long as necessary
Guaranteeing the security and integrity of your data
Responding to your requests within the legal timeframes
Respecting all your rights as a user
Being transparent in all our practices
Continuously improving our policies and procedures

36. EFFECTIVE DATE AND PERIOD

This Privacy Policy is effective upon publication and will remain in effect until it is modified or replaced by a new version.

Last updated: October 2025 | Version: 2.0

37. ACCEPTANCE

Use of the www.obrasnuevas.com Platform implies knowledge and acceptance of this Privacy Policy.

If you have any questions or disagree with any point, please contact us before providing your personal data or continuing to use the Platform.

Thank you for trusting Obrasnuevas.com. Your privacy is our priority. We are here to help.

Document prepared in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), Law 34/2002 (LSSI-CE), and other applicable regulations regarding the protection of personal data and digital rights.

Document verification code: PP-OBRAS-2025-V2.0 | Generation date: October 2025