Privacy Policy
DISCLAIMER: This page was machine-translated from the German original. Any legal disputes will use the German version as its basis.
Thank you for your interest in our company. Data protection has a particularly high priority for our company. A use of our internet pages is basically possible without any indication of personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary, we generally obtain the consent of the person concerned.
The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the RGPD/DS-GVO and in accordance with the country-specific data protection regulations applicable to our company. By means of this data protection declaration, our company wishes to inform data subjects of the rights to which they are entitled.
As the data controller, we have implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website, as well as our e-mail traffic. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, each person concerned is free to transmit personal data to us by alternative means, such as telephone.
- Definitions of our data protection guidelines
The Privacy Statement is based on the terms used by the European Directive and Regulation Maker in the adoption of the Basic Data Protection Regulation (RGPD/DS-GVO). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance.
We use the following terms in this data protection declaration:
a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
(b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
(c) Processing
Processing” means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
(d) Limitation of processing
Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.
e) Profiling
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
(f) pseudonymisation
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
(g) Controller or controller
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States on the basis of specific criteria.
(h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
(i) Recipient
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients.
(j) Third parties
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
(k) Consent
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.
- Data Controller
The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature:
The Sun of Mallorca S.L.
Marita Carls/Managing Director
Carretera Andratx 32, Local 3
07181 Portals Nous
Spain
Phone 971 679 393
Email info(at)sonnevonmallorca.com
Website sonnevonmallorca.com
- Administration
We process data in the context of administrative tasks as well as the organisation of our business, financial accounting and compliance with legal obligations, such as archiving. Here we process the same data that we process within the scope of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. RGPD/DS-GVO, Art. 6 para. 1 lit. f. RGPD/DS-GVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks which serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the data specified in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, on the basis of our business interests, we store information on suppliers, organisers and other business partners, e.g. for the purpose of establishing contact at a later date. This data, which is mainly company-related, is stored permanently until revoked.
- Rights of the user – Rights of our customers
You can exercise the following rights at any time using the contact details provided by our data protection officer:
Information about your data stored with us and their processing,
Correction of incorrect personal data,
Deletion of your data stored with us,
Restriction of data processing if we are not yet allowed to delete your data due to legal obligations,
Objection against the processing of your data by us and
Data transferability if you have consented to data processing or have concluded a contract with us.
If you have given us your consent, you can revoke it at any time with effect for the future.
- Legal basis of the processing
Art. 6 I lit. a RGPD/DS-GVO serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the rendering of any other service or consideration, the processing is based on Art. 6 I lit. b RGPD/DS-GVO. The same shall apply to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c RGPD/DS-GVO. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our site were injured and his name, age, health insurance information or other vital information would have to be disclosed to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d RGPD/DS-GVO.
Ultimately, processing operations could be based on Art. 6 I lit. f RGPD/DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47 sentence 2 RGPD/DS-GVO).
- Duration of storage of personal data
The criterion for the duration of the storage of personal data is the respective legal retention period. After this period has expired, the corresponding data will be routinely deleted unless they are no longer required for the fulfilment or initiation of the contract.
- Legal or contractual regulations
We will inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner).
Sometimes it may be necessary for a contract to be concluded that a person concerned makes personal data available to us which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide personal data would mean that the contract could not be concluded with the data subject.
- Hosting
The hosting services used by us serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services which we use for the purpose of operating this online service.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 lit. f RGPD/DS-GVO i.V.m. Art. 28 RGPD/DS-GVO (conclusion of an order processing contract).
- Server-Log-Files
In server log files, our website provider collects and stores information that your browser automatically transmits to our website. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
These data are not merged with other data sources. The data processing is based on Art. 6 para. 1 lit. b RGPD/DS-GVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
- SSL or TLS encryption
To protect your transmitted data in the best possible way, we use SSL encryption. You can recognize such encrypted connections by the prefix “https://” in the page link in the address bar of your browser. Unencrypted pages are identified by “http://”.
All data that you transmit to this website – for example when making enquiries or logging in – cannot be read by third parties thanks to SSL encryption.
All e-mail traffic between you and our company is realised from our side via an encrypted connection (TLS).
- Contact form
Data transmitted via the contact form will be stored including your contact data in order to be able to process your request or to be available for follow-up questions. These data will not be passed on without your consent.
The processing of the data entered in the contact form takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a RGPD/DS-GVO). User data can be stored in a customer relationship management system (“CRM system”) or comparable software. A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage or until data storage is no longer necessary. Mandatory legal provisions – in particular retention periods – remain unaffected.
- Cookies
This website uses cookies for pseudonymised range measurement, which are transmitted either by our server or the server of third parties to the browser of the user. Cookies are small files that are stored on your end device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of this website.
If you do not want cookies to be stored on your end device for range measurement, you can object to the use of these files here:
- Cookie deactivation page of the network advertising initiative: optout.networkadvertising.org
- Cookie deactivation page of the US website: optout.aboutads.info
- Cookie deactivation page of the European website: optout.networkadvertising.org
Common browsers offer the option not to accept cookies. Note: There is no guarantee that you will be able to access all functions of this website without restrictions if you make the appropriate settings.
You can check and change your cookie settings under the following link: Cookie Settings
- Google Analytics
The data controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behaviour of visitors to Internet pages. A web analysis service collects data on, among other things, from which website a person concerned came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimise a website and to analyse the costs and benefits of Internet advertising.
The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The data controller uses the addition “_gat._anonymizeIp” for the web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the Internet connection of the person concerned if access to our Internet pages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics places a cookie on the information technology system of the person concerned. What cookies are has already been explained above. When the cookie is set, Google is able to analyse the use of our website. Each time you access one of the individual pages of this website, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the person concerned, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission statements.
The cookie is used to store personal information such as the access time, the location from which the access originated and the frequency of visits to our website by the person concerned. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.
The person concerned can prevent the setting of cookies by our website, as described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Furthermore, it is possible for the person concerned to object to and prevent the collection of data generated by Google Analytics and relating to the use of this website and the processing of this data by Google. For this purpose, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout . This browser add-on informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered a contradiction by Google. If the data subject’s information technology system is later deleted, formatted or reinstalled, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the person concerned or by another person within his/her sphere of control, the browser add-on may be reinstalled or reactivated.
For more information and to review Google’s current privacy policies, please visit https://www.google.de/intl/de/policies/privacy/ and www.google.com/analytics/terms/de.html Google Analytics is explained in more detail at https://www.google.com/intl/de_en/analytics/.
Change your settings here:
[borlabs_cookie_opt_out tracking=”google-analytics”]
- Google Fonts
In order to present our content correctly and graphically appealing across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser’s cache to avoid multiple loading. If the browser does not support Google Web Fonts or does not allow access, content will be displayed in a standard font and the display may differ from the actual display.
Calling script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – but currently also unclear whether and for what purposes – for the operators of such libraries to collect data.
The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated
- Google Maps
This website uses Google Maps API to visually display geographic information. When Google Maps is used, Google also collects, processes and uses data relating to the use of map functions by visitors. For more information about data processing by Google, please refer to the Google Privacy Notice (https://www.google.com/policies/privacy/). There you can also change your personal data protection settings in the data protection centre.
Detailed instructions on how to manage your own data in connection with Google products can be found here: www.dataliberation.org
Opt-Out: https://adssettings.google.com/authenticated
- Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users who communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Facebook
On this website we use functions of Facebook, a social media network of FIrma Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
You can read about the features (social plug-ins) provided by Facebook at https://developers.facebook.com/docs/plugins/ .
When you visit our website, information may be transferred to Facebook. If you have a Facebook account, Facebook may associate this information with your personal account. If you do not want this, please unsubscribe from Facebook.
The privacy policy about what information Facebook collects and how they use it can be found at https://www.facebook.com/policy.php.
Facebook pixels
On this website we use the Facebook pixel of Facebook, a social media network of the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The code implemented on this page can evaluate the behaviour of visitors who have come to this website from a Facebook advertisement. This can be used to improve Facebook advertisements and this information is collected and stored by Facebook. The information collected is not visible to us and can only be used in connection with advertisements. Cookies are also set through the use of the Facebook pixel code.
By using the Facebook pixel, the visit to this website is communicated to Facebook so that visitors can see suitable ads on Facebook. If you have a Facebook account and are logged in, the visit to this website is assigned to your Facebook user account.
To learn how Facebook pixel is used for advertising campaigns, visit https://www.facebook.com/business/learn/facebook-ads-pixel.
You can change your ad settings in Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are logged in to Facebook. At http://www.youronlinechoices.com/de/praferenzmanagement/, you can manage your preferences for usage-based online advertising. You can deactivate or activate many providers at once or configure the settings for individual providers.
For more information about Facebook’s data policy, please visit https://www.facebook.com/policy.php.
Change your settings here:
[borlabs_cookie_opt_out tracking=”facebook-pixel”]
- Brokerage services
We process the data of our customers, contractual partners and interested parties (uniformly referred to as “customers”) in accordance with Art. 6 Para. 1 lit. b. RGPD/DS-GVO in order to provide them with our contractual or pre-contractual services. The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying order. This basically includes inventory and master data of the customers (name, address, etc.), as well as the contact data (e-mail address, telephone, etc.), the contract data (content of the order, fees, terms, information on the real estate brokered) and payment data (commissions, payment history, etc.). We can also process information on the characteristics and circumstances of persons or items belonging to them if this is part of our order. This can be, for example, information on mobile or immovable goods.
As part of our assignment it may also be necessary for us to process special categories of data in accordance with Art. 9 Para. 1 RGPD/DS-GVO, in particular information on the health of a person. In accordance with Art. 6 para. 1 lit. a., Art. 7, Art. 9 para. 2 lit. a. RGPD/DS-GVO, we obtain the express consent of the customer, if necessary.
If required by law or for the performance of the contract, we disclose or transmit customer data to providers of the brokered properties, service providers such as cooperating companies, financial service providers, credit institutions as well as tax consultants, legal advisors and notaries within the scope of concluding and processing contracts. Furthermore, we may commission subcontractors such as subbrokers. We obtain the consent of the customer if this is necessary for the disclosure/transmission of the consent of the customer (which may be the case, for example, in the case of special categories of data pursuant to Art. 9 RGPD/DS-GVO).
The data will be deleted after expiry of statutory warranty and comparable obligations, whereby the necessity of data retention is reviewed every three years; otherwise the statutory retention obligations apply.
In the case of statutory archiving obligations, deletion shall take place after their expiration. According to Spanish law, consulting protocols, broker contract notes and broker contracts for 5 years as well as generally 5 years for documents relevant to commercial law and 10 years for documents relevant to tax law are subject to retention.
- Newsletter data
To send our newsletter, we need an e-mail address from you. It is necessary to verify the e-mail address provided and consent to receive the newsletter. Supplementary data is not collected or is voluntary. The use of the data takes place exclusively for the dispatch of the newsletter.
The data provided during newsletter registration will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a RGPD/DS-GVO). A revocation of your already given consent is possible at any time. To revoke your consent, simply send an informal e-mail or use the “unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Data entered to set up the subscription will be deleted if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
- Mailchimp
The newsletters are sent by the mail service “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f RGPD/DS-GVO and an order processing contract pursuant to Art. 28 para. 3 sentence 1 RGPD/DS-GVO.
The dispatch service provider can use the data of the recipients in pseudonymous form, i.e. without allocation to a user, for the optimisation or improvement of its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
- Newsletter performance measurement
The newsletters contain a so-called “web-beacon”, i.e. a file the size of a pixel, which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from its server. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected.
This information is used to technically improve the services on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is, however, neither our endeavour nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
- Profiling
As a responsible company, we refrain from automatic decision-making or profiling.
- Changes
We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.
DISCLAIMER: This page was machine-translated from the German original. Any legal disputes will use the German version as its basis.