PRIVACY POLICY

WHO IS THE DATA CONTROLLER FOR THE PERSONAL DATA PROCESSED ON THIS WEBSITE/PORTAL?

DATA CONTROLLER
Company name	*"INSUR PROMOCIÓN INTEGRAL SLU"*
Tax Identification Number (NIF)	B91416438
Contact details	c/ Ángel Gelán, nº2. CP 41013 – Seville (Spain) info@igrupoinsur.com

As the Data Controller, "INSUR PROMOCIÓN INTEGRAL SLU" processes your personal data in compliance with all obligations established under Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).

All personal data processing carried out within the scope of Grupo Insur is performed in accordance with the following principles:

Lawfulness, fairness, and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality.

We reserve the right to amend this Privacy Policy. Users are therefore encouraged to review it periodically.

WHAT IS THE PURPOSE OF THE PROCESSING OF YOUR PERSONAL DATA AND THE CORRESPONDING LEGAL BASIS?

The purposes of the processing of personal data are linked, on the one hand, to browsing the website/portal and, on the other hand, to the activities and services that are provided and/or supported at an informational level through said website/portal:

Handling general information requests submitted by users through the electronic contact form. Legal basis: Data subject’s consent (Article 6.1(a) GDPR).
Handling specific information requests submitted through the form related to housing development offers and real estate leasing published on the website. Legal basis: Data subject’s consent (Article 6.1(a) GDPR).
Management of the physical security of the premises (access control and video surveillance systems at the headquarters located at 2 Ángel Gelán Street, Seville). Legal basis: Legitimate interest (Article 6.1(f) GDPR).
Management of the relationship with shareholders and investors, including the provision of relevant information, the convening and management of Shareholders’ Meetings, and compliance with obligations as a listed company. Legal basis: Compliance with a legal obligation (Article 6.1(c) GDPR), pursuant to commercial law (Spanish Companies Act) and securities market legislation.
Management of the supplier portal. Legal basis: Necessity for the performance of a contract or the application of pre-contractual measures (Article 6.1(b) GDPR).
Tax, accounting, and administrative management of contracted services. Legal basis: Necessity for the performance of a contract (Article 6.1(b) GDPR) and compliance with legal obligations under tax and commercial legislation (Article 6.1(c) GDPR).
Participation of clients in quality and satisfaction surveys. Legal basis: Legitimate interest (Article 6.1(f) GDPR).
Receipt and management of CVs. Legal basis: Implementation of pre-contractual measures (Article 6.1(b) GDPR) and explicit consent for retention beyond two years (Article 6.1(a) GDPR).
Management of requests for the exercise of data protection rights and communications arising from personal data security breaches. Legal basis: Compliance with a legal obligation (Article 6.1(c) GDPR), in relation to Articles 15 to 22 of the GDPR.
Management of the whistleblowing channel linked to the Internal Information System. Legal basis: Compliance with a legal obligation (Article 6.1(c) GDPR), pursuant to Article 10 of Law 2/2023 of 20 February, regulating the protection of persons who report regulatory infringements and the fight against corruption.
Compliance with obligations related to the prevention of money laundering and terrorist financing. Legal basis: Compliance with legal obligations (Article 6.1(c) GDPR), pursuant to Law 10/2010 on the Prevention of Money Laundering and Terrorist Financing.
Sending promotional and, in general, commercial communications related to services similar to those previously provided to clients. Legal basis: Legitimate interest of the Data Controller (Article 6.1(f) GDPR).
Sending promotional and, in general, commercial communications to potential clients. Legal basis: Explicit consent (Article 6.1(a) GDPR).
Sending newsletters containing financial information and updates about Grupo Insur. Legal basis: Explicit consent (Article 6.1(a) GDPR).
Creation and/or enrichment of consumer or commercial profiles based on the analysis of personal preferences and consumption habits. Legal basis: Legitimate interest (Article 6.1(f) GDPR), except where profiling is carried out automatically through the use of non-exempt cookies, in which case explicit consent will be required (Article 6.1(a) GDPR).
Management of non-exempt cookies (automatically configurable preference management cookies, analytics cookies, and advertising cookies). Legal basis: Explicit consent (Article 6.1(a) GDPR).

WHAT PERSONAL DATA DO WE PROCESS?

In relation to the purposes described above, the categories of personal data we process fall within the following groups:

Basic identification and contact data; namely, data provided by users and clients to formalize a contractual or pre-contractual relationship, or to communicate with us: first name, last name, ID/NIE/Passport number, postal address, email address, landline and/or mobile phone number.
Professional contact data of company representatives and designated points of contact (where the client is a corporate entity): professional email address and phone number.
Data relating to natural persons who are suppliers or representatives of suppliers (supplier portal): identification and professional contact data, billing information, IBAN, and transactional data.
Access codes or credentials for restricted areas or platforms.
Shareholder and investor data: shareholding position, number of shares, percentage of capital, banking information (for dividend distribution), and representation data.
Curriculum data: identification and contact data, professional and academic information (education, qualifications, work experience, and any other information included in the CV).
Website usage data and metadata, related to security management and website use: IP address, browser type, operating system, language, pages visited on our website, and date and time of connection.
Preference and consumption profile data: data obtained from the analysis of your behaviour and use of our services and website
Physical security data of the facilities: images captured by video surveillance systems and access control records for offices or common areas.

Unless required by law or with explicit consent, we do not process special categories of personal data, such as health data, ethnic or racial origin, political opinions, or similar data.

WHO MAY BE THE RECIPIENTS OF YOUR PERSONAL DATA?

Your personal data may be processed by external service providers who are contractually bound to"INSUR PROMOCIÓN INTEGRAL SLU" and who process such data in accordance with our explicit instructions.

Additionally, personal data may be transferred to other companies within Grupo Insur for purposes of centralized administrative management (justified by legitimate interest and in accordance with Recital (48) of the GDPR), or to third parties exclusively when required by law—for example, at the request of courts or public authorities in the exercise of their powers.

DO WE CARRY OUT INTERNATIONAL TRANSFERS OF PERSONAL DATA?

The use of technological resources (such as hosting services, cybersecurity, IT maintenance, and similar services) may involve international transfers of personal data—generally to the United States—even though we prioritize contracting such resources within the EU/EEA region (EU Data Boundary), thereby limiting data flows outside these areas. Where such transfers are indispensable, we apply one of the legally recognized safeguard mechanisms, preferably EU adequacy decisions or the European Commission’s standard contractual clauses.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Personal data obtained through the contact form for general inquiries will be retained only for as long as necessary to respond to the requests, and in any case, for a maximum of one year after the inquiry has been resolved.

Personal data linked to accounting records will be kept for six years and subsequently blocked if any liabilities remain outstanding.

Data related to contracts will be maintained for the duration of the contracts and, after their termination, will remain blocked for five years (the general limitation period for contractual civil liability). However, data collected to comply with obligations related to the prevention of money laundering and terrorist financing will be retained for ten years after the termination of the business relationship or the completion of the occasional transaction, in accordance with Law 10/2010 on the Prevention of Money Laundering and Terrorist Financing (PBCyFT)

Personal data used for sending commercial information will be retained until you object to such processing, revoke your consent, or until it is deleted as part of routine database maintenance.

Data obtained through the receipt of CVs that are added to our candidate database will be retained for a period of two years.

Personal data relating to shareholders and investors will be retained while such status is maintained and, subsequently, for six years as legally required under commercial legislation (Companies Act) or for the limitation period of any legal liability arising from that relationship.

Personal data linked to the internal information channel will be retained for three months from the receipt of the communication, unless a legal extension applies in the event of an internal investigation. After three months, if no investigation has been initiated, the data will be deleted.

The lifespan of each cookie will be a maximum of thirteen months, and the data collected through cookies will be retained for a maximum of twenty-five months.

Images captured by the video surveillance system will be retained for a maximum of one month.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT AND HOW CAN YOU EXERCISE THEM?

As a data subject—that is, a natural person to whom the personal data being processed relates—the law recognizes the following rights: access, rectification, deletion, objection, restriction, portability, and protection against decisions based solely on automated processing. Additionally, you may withdraw any consent previously given, without retroactive effect.

To exercise these rights, you may submit your request through one of the following channels:

By postal mail addressed to "INSUR PROMOCIÓN INTEGRAL SLU" c/ Ángel Gelán, nº2. CP 41013 – Seville, Spain.
By email addressed to our Data Protection Officer (DPO).

For processing that is strictly necessary to comply with obligations under the Prevention of Money Laundering, the exercise of deletion and objection rights may be limited or denied due to a legal obligation to retain and process data imposed by Law 10/2010 on the Prevention of Money Laundering and Terrorist Financing.

HOW CAN YOU CONTACT OUR DATA PROTECTION OFFICER?

To contact our Data Protection Officer (DPO), please write to: dpo@grupoinsur.com.

WHO CAN YOU CONTACT IF YOU WISH TO FILE A COMPLAINT?

If you consider it appropriate, you may file a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), located at Calle Jorge Juan, nº6, CP 28001 Madrid, Spain.