INHABITAT STUDY HOUSES, S.L. is a company of the Grupo NEXUM.

Grupo NEXUM companies operate assuming the highest level of commitment to responsibility and compliance with data protection regulations. By virtue of the above, this document has been prepared in order to inform about the processing of personal data in the framework of the activities carried out by the companies of the Grupo NEXUM, as well as to inform about the data protection rights of the interested parties and the mechanisms of attention and support enabled in this matter.

Grupo NEXUM carries out its activities through a centralized organizational structure, managed from the offices Pozuelo de Alarcón (Madrid), Spain, therefore, the processing of personal data will be carried out in accordance with the regulatory framework of data protection instrumented through the General Data Protection Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (RGPD) and the Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDDD).

Scope of Application

This data protection information refers to the processing of personal data collected in the context of the activities and operations of the Grupo NEXUM through the various contact mechanisms available and processed for the purposes listed in the “Purposes” section.

Below is a list of the groups in respect of which we collect and process personal data:

  • Shareholders and investors
  • Board Members
  • Candidates
  • Employees
  • Trainees
  • Self-employed data (suppliers or collaborators
  • Personnel provided by Temporary Employment Agencies
  • People who visit the offices and facilities of Grupo NEXUM Entities
  • People who communicate with Grupo NEXUM Entities for any reason
  • Own legal representatives
  • Legal representatives and contact persons of clients / contracting authorities
  • Legal representatives and contact persons of suppliers
  • Legal representatives and contact persons of Partner Entities for the delivery of products and services
  • Persons involved in Grupo NEXUM projects for the purposes of coordination and compliance with regulatory requirements and occupational risk prevention
  • Stakeholders whose intervention is necessary in the provision of products and services in the capacity of Data Processor
  • Users of the regulatory compliance mechanisms implemented by the Group

Source

Directly from data subjects: Grupo NEXUM Entities collect personal data directly from data subjects when they send an e-mail, contact us by telephone, fill in a form, send their CV, complete a questionnaire, as well as when it is necessary for the formalization of an agreement of any nature or to request assistance through the channels provided for this purpose. 

Provided by third parties: personal data may also be collected when provided to us by a third party as part of the management and performance of a contract for the provision of services and for the coordination of regulatory requirements associated with it.

Processors: Grupo NEXUM Entities may collect, access and process personal data in their capacity as Processors by virtue of the services provided to their clients.

This processing shall be governed by the data protection policies and information provided by the Data Controller in question.

Data Controller

The present data protection information is established on behalf of the Grupo NEXUM, therefore, it applies to and encompasses all the companies belonging to the Group that will process personal data as Data Controllers.

The contact details of the Grupo NEXUM for the purposes of this data protection information, as well as those of the Group Data Protection Officer are as follows:

Address Grupo NEXUM. Calle Ciudad Real, 1, A, 28223, Pozuelo de Alarcon (Madrid)

E-mail: admin@nexumfinanza.es

Telephone: 911548520

 

Address INHABITAT STUDY HOUSES S.L. Calle Marqués de Campo 31ª – 3º. 03700 Denia (Alicante).

E-mail. info@inhabitat.es

Telephone. 900533874


Data Protection Delegate (DPO/DPD): dpdexterno@bonetconsulting.com

General channel of Grupo NEXUM: www.corporate-ethicline.com/nexum

Provenance

Directly from data subjects: Grupo NEXUM Entities collect personal data directly from data subjects when they send an e-mail, contact us by telephone, fill in a form, send their CV, complete a questionnaire, as well as when it is necessary for the formalization of an agreement of any nature or to request assistance through the channels provided for this purpose. 

Provided by third parties: personal data may also be collected when provided to us by a third party as part of the management and performance of a contract for the provision of services and for the coordination of regulatory requirements associated with it.

Processors: Grupo NEXUM Entities may collect, access and process personal data in their capacity as Processors by virtue of the services provided to their clients.

This processing shall be governed by the data protection policies and information provided by the Data Controller in question.  

Purposes of treatment

Within the Grupo NEXUM we will keep, use and disclose personal information always within the limits of the data protection regulations in force and for the following purposes:

    • To manage your attention, visit and meetings in our facilities and/or managed properties
    • To manage any type of request, information, suggestion, petition or complaint about the different products and professional services provided by the entities of the Grupo NEXUM that the interested parties make to us on their own behalf or on behalf of an entity
    • To manage the relationship with our shareholders and investors
    • To manage the provision and performance of the services and products contracted:
      • Real State
        • Real Estate Promotion and Management
        • Consulting and Professional Advice
        • Locating and Negotiating Assets for Real Estate Investments
        • Marketing of Real Estate Projects
        • Architecture and Design
        • Commercial Design and Sales
        • Management of brokerage services as a real estate agent in commercial transactions of purchase and sale, exchange, transfer, assignment and lease of real estate, as well as for the processing and promotion of matters relating to real estate transactions and appraisal of real estate assets and rights of any kind.
        • Management for the purpose of guaranteeing the safety and prevention of labor risks in the works.
      • Finantial sector
          • Financial Consulting and Advisory Services
          • Analysis and valuation of economic situation
          • Concession of Loans with Mortgage Guarantee
          • Granting of Private Capital and Bank Loans
          • Financial Intermediation Services
          • Management of the Operations Portal
    • The user can access detailed information on the activities of the Grupo NEXUM in the “Services / Products” section of the website of the different companies of the Group (www.nexumfinanza.es, www.nexumintegra.es, www.gestoriza.es)
    • Comply with the requirements of coordination and regulatory compliance, especially with regard to occupational risk prevention in the provision of services and products and in health matters
    • Formalize and manage the relationship with suppliers and collaborators of the Entities
    • Manage the various websites, intranets, social networks and blogs owned by the Group
    • Formalize and manage the agreements of a Temporary Joint Venture (UTE) in which the Entities participate
    • To send informative and commercial communications about our promotions, products and services of the Grupo NEXUM related to the real estate and financial sector, as well as with the purpose of informing the recipients about upcoming events in which the Grupo NEXUM will participate, activities, articles about innovations related to both sectors and the solutions provided, as well as general information related to our services, products and projects that may be of interest
    • The reception of our communications may be cancelled at any time through the channel www.corporate-ethicline.com/nexum or by unsubscribing from these through the link provided in the communication itself
    • Manage the data provided by job candidates for selection and recruitment purposes
    • Formalize, develop, maintain and fulfill our obligations acquired by virtue of an employment or professional relationship or an agreement/agreement with a third party
    • To ensure the security of offices, facilities and people through access controls, video surveillance systems and other access control/identification systems
    • Manage and control the operation of the internal mechanisms, policies and protocols established by the Grupo NEXUM for the purposes of regulatory compliance, prevention of criminal liability, prevention of money laundering and management of whistleblowing channels.
    • To comply with the legal provisions that apply to the Entities and their activities
    • All those treatments that are applicable to us for due compliance with regulations and official / sectoral requirements to which our activity is subject

For the good purpose and development of your attention and management of the above purposes, the processing of your data for the purposes that correspond to the above mentioned will be carried out under the strictest compliance with the Data Protection regulations and the Policy that we are detailing. You may exercise your rights at any time (see specific section).

Legas basis for the treatment

The legal bases enabling the processing of personal data within the framework of the activities and operations of the Grupo NEXUM are as follows:

  • The consent of the interested parties for the processing and management of any request for information or consultation about our services, products and/or activities.
  • The framework for contracting and/or awarding services or products provided by the different business lines of the Grupo NEXUM, as well as compliance with the legal obligations associated with them.
  • The contractual framework established with our shareholders and investors, as well as compliance with the obligations imposed by corporate regulations.
  • The contracting framework of our suppliers.
  • Legitimate interest for the performance of due diligence checks and the formalization and management of joint venture agreements.
  • The legitimate interest to understand and analyze at Group level and at individual Entity level the development of the different lines of business, improve products and services and enhance the Group’s corporate development.
  • The legitimate interest to send informative and commercial communications related to our activity and the services and products offered through e-mail or any other means.
  • The legitimate interest to ensure the security of the offices, facilities and people.
  • The consent given by the candidate when registering for our job offer/s and the legitimate interest of the organization to include him/her in other selection processes of the Group’s companies, provided that it fits the candidate’s professional profile.
  • The fulfillment of the labor contract, professional contract and/or agreement formalized with training entities.
  • Legitimate interest in the implementation of a regulatory compliance system, as well as to comply with safety requirements and ethical and sustainability commitments.
  • Compliance with the legal requirements and obligations to which the Grupo NEXUM activity refers.

Data retention criteria

Management and execution of the projects: the personal data included in the contracts, offers and/or service proposals, as well as those of other persons whose intervention is necessary in the established contractual relationship, will be kept for as long as the agreements for the provision of services/products are in force. At the end of the relationship, the personal data will be kept in the cases that could result in liabilities between the parties or in compliance with other regulatory frameworks that are applicable to it and that require the conservation of these. The personal data will be kept in a way that allows the identification and exercise of the rights of those affected and under the legal and organizational technical measures necessary to ensure the confidentiality and integrity of these. Among other cases:

  • Analysis and evaluation of the economic situation: Personal data will be kept for the time necessary to carry out the study of the granting of loans to interested persons.
  • Management of Mortgage Loan Concessions: The personal data provided in the contract will be kept for the duration of the contract. At the end of the contract, the data will be kept in the cases necessary to comply with Law 2/2009, of March 31, which regulates the contracting with consumers of mortgage loans or credits and intermediation services for the conclusion of loan or credit contracts, as well as in the cases that could result in liabilities with the Entity and/or in compliance with other regulatory frameworks of application that require their conservation.
  • Curriculum Vitae Management: As a general rule, we keep your Curriculum Vitae for a maximum period of one year; at the end of this period, it will be automatically destroyed, in compliance with the principle of data quality.
  • Management of Employment Contracts, Internship Agreements and/or contracts formalized with Temporary Employment Companies: personal data will be kept, in any case, for the duration of the employment relationship, the time agreed in the internship agreement or in the contract formalized with the Temporary Employment Agency and, at the end of the same, in the cases that could result in liabilities between the parties and when required by a regulation with the rank of law.
  • Others: the rest of the data and information provided by the interested parties by any means, will be kept for the time necessary to fulfill the purpose for which they were collected and within the framework of responsibility and regulatory compliance associated with them. In any case, the legal deadlines for data conservation will be respected and, if there is no legal requirement that prevents it, the data will be destroyed or anonymized.

 

Security and control measures

General

Grupo NEXUM in compliance with its commitment to comply with data protection regulations, will keep the personal data in a way that allows the identification and exercise of the rights of the affected parties and under the technical, legal and organizational measures detailed below:

  • Designation of a Group Data Protection Officer (DPO).
  • Implementation of policies and protocols for data protection and information security.
  • Formalization of Data Processor contracts with all third parties that have access to and process data on our behalf.
  • Implementation of policies to control access to resources and systems, identification and authentication policies, as well as delegation of authorizations to users according to their functions.
  • Backup and security copies of our information and personal data.
  • Auditing and periodic data protection controls by an external expert.
  • Please inform the Data Protection Officer / Delegate through the contact details / Channel established in this Privacy Policy, any security risk, of which you have evidence or knowledge, which may compromise the integrity and confidentiality of personal data and / or confidential information, in order to take the necessary measures to prevent unauthorized processing, loss, destruction or accidental damage.

 

Cibersecurity

As a specific and complementary concept to the above, the Entity applies cybersecurity measures to prevent and manage possible attacks and fraud by cybercriminals that threaten the privacy and protection of the data that our Entity treats and accesses in the scope of its activities and operations.

In this sense, we would like to alert that in case of possible risk situations due to communications whose content and/or format generate doubts of authenticity, we recommend omitting them and contacting the Data Protection Officer / Delegate through the contact details indicated in this Privacy Policy.

Likewise, any request you receive from our Entity regarding changes in payment methods, requests for contact details or persons or confidential (non-public) information, bank and/or credit card details and/or other official data, should not be answered without direct confirmation from our Entity by an alternative means. We appreciate and need your cooperation in communicating and reporting any notification of this type of requests and other possible situations of risk of cyber-attacks in which our Entity may be used, as well as any possible security risk that you may be aware of.

Target

Grupo NEXUM, as far as necessary to achieve the purposes described above, will share personal data with the following third parties: 

  • Companies of the Grupo NEXUM: when necessary for the proper management of a contract for the provision of services or products, for the management of the Group by virtue of its centralized organizational structure, for the sending of commercial communications related to the real estate and financial sector, as well as to share data of candidates whose profiles may fit vacancies in the Entities.
  • Collaborating entities: when their participation is required within the framework of a contract and/or agreement for the provision of products and services established with our clients or a public entity. Likewise, personal data may be communicated within the framework of a joint venture agreement for the execution of a project.
  • Suppliers: personal data may be communicated to various suppliers for the provision of services by them that require access to and processing of personal data, such as, for example, suppliers of consulting and legal services, suppliers of labor, tax and accounting advice, suppliers of software and software maintenance services, etc.
  • Procurators: if its intervention is required as a result of a judicial proceeding.
  • Financial entities: when necessary to provide private equity solutions and materialize the financing management service.
  • Notaries: when its intervention is necessary to act as a notary public of the transaction or formalization of the contract, making full proof of the reality of the granting, of the literalness of the manifestations of the parties and of the identity of these.
  • Public administrations or agencies: in compliance with applicable regulations (labor, occupational risk prevention, tax, accounting, data protection, etc.).
  • Courts and Tribunals and the State Security Forces and Corps: Personal data will be communicated to these entities whenever we are officially required to do so.

 

Apart from the cases detailed above, personal data will not be communicated to third parties, except in compliance with a legal provision.

Rights

Right of Access, Rectification and Deletion: Interested parties have the right to obtain confirmation as to whether or not the Grupo NEXUM is processing personal data concerning them, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Right of Limitation and Opposition: in certain circumstances, data subjects may request that we restrict the processing of their data, in which case we will only retain it for the purpose of asserting or defending claims or when required to do so by law. Also, in certain cases and for reasons related to their particular situation, data subjects may object to the processing of their data. We will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.

Likewise, the interested parties may revoke the consent granted for the processing of data for specific purposes, and such revocation shall not produce retroactive effects.

The interested persons will be able to exercise their rights of protection of information by means of writing to the postal address c/ Ciudad Real, 1, A, 28223, Pozuelo de Alarcón (Madrid) or across the general Channel of the Group www.corporate-ethicline.com/nexum or specific of GESTORIZA INVERTIA, S.L. www.corporate-ethicline.com/gestoriza. Also, in case of not receiving answer on our part in the space of one month, it will be able to claim before the Control Authority (Spanish Agency of Protection of Information: www.agpd.es).

Security breaches

In order to act diligently in the face of possible data protection risks, the interested parties may communicate any indication or knowledge of possible security violations (breaches) and/or possible breaches or irregularities regarding the Data Protection regulations or the policies and commitments of the Grupo NEXUM through the Group’s general Channel.

www.corporate-ethicline.com/nexum or the specific Channel of GESTORIZA INVERTIA, S.L. www.corporate-ethicline.com/gestoriza.

Supervisory Authority

In case of disagreement with the Entity in relation to the processing of your data, you have the right to file a complaint with the relevant Data Protection Supervisory Authority. In Spain, this Authority is the Spanish Data Protection Agency (www.aepd.es).

Attention and support

Grupo NEXUM has appointed a Data Protection Officer (DPD) to provide support and information in relation to data protection and in relation to the information provided in this Privacy Policy. The contact details of the DPD are specified at the beginning of this Policy.

Updates and modifications

Grupo NEXUM reserves the right to modify and/or update the information on data protection, when necessary for the correct compliance with the regulations on this matter. In the event of any modification, the new text will be published in this section of the website.

In each case, the relationship with users will be governed by the rules provided at the precise moment when the website is accessed.