+34 951 322 687 | living@oneeden.com

UNIQUE RESIDENTIAL HOMES AND LIFESTYLE

Privacy Policy

1.Content and acceptance

This Privacy Policy tells you how we collect and process your personal data as well as your privacy rights and how the law protects you. This will allow you to make an informed decision on what information you provide us.

Access to and use of this website implies full acceptance by you and you undertake to comply fully with these terms and conditions.

You should carefully read this Policy each time you intend to use this website as there may be modifications from time to time.

 

  1. The Data Controller and the processing of your personal data

We collect your personal data through this website and/or website forms, as well as other media including but not limited to email, WhatsApp, telephone, chat bot and through client facing meetings via our sales office. ONE EDEN SPAIN LUXURY SLU (collectively referred to as “ONE EDEN”, “we”, “us” or “our”), with registered office at Plaza de Bulevar, Edificio B, Local 12, 1st Floor, Offices 1A and 1B, 29649, La Cala de Mijas, Málaga, is the data controller in this privacy policy and is responsible for your personal data.

ONE EDEN complies with the current legislation on the protection of personal data, the privacy of data subjects and the confidentiality of your personal data.

We have adopted the necessary technical and organisational measures to prevent the loss, misuse, alteration, unauthorised access, and theft of the personal data you provide.

You confirm that the personal data provided is true, accurate, complete and up to date and undertake to inform ONE EDEN of any change or modifications.

By clicking on “Submit” (or equivalent) on the website forms, by providing your details via the QR code or by signing any paper forms (, you confirm that the information and data provided this accurate and truthful.

This Privacy Policy aims to give you information on how ONE EDEN collect and process your personal data, how we use it and your options in relation to such data, including how to access and update it.

 

  1. The Joint Controller

ONE EDEN is the joint controller of your personal data together with the legal entities listed here.

  • FRESH COFFEE CONCEPT S.L., with CIF number B-42791798 Café Fresco
  • ITALIAN FOOD CONCEPT S.L.U., with CIF number B- 02828069 Pizza Express
  • ONE EDEN C.C. ALCAIDESA S.L., with CIF number B-93654325 Aqcua Alcaidesa, locales
  • ONE EDEN HOTEL & BEACH CLUB S.L., with CIF number B-93725489 – Chiringuito, Beach Club
  • ONE EDEN LIVING S.L., with CIF number B-93704922
  • FAIRHOMES (GIBRALTAR) LIMITED, with Company Number 75043

 

  1. The Data Protection Officer

The Data Protection Officer (DPO) is responsible for ensuring compliance with the data protection regulations to which ONE EDEN is subject. You may contact the appointed DPO using the following contact details: legal@oneeden.com

 

  1. Principles applicable to the processing of your personal data

The processing of your personal data shall be governed by the principles set out in article 5 of GDPR, and other applicable regulations, which are as follows:

  1. a) Principle of lawfulness, fairness and transparency: we will disclose the purposes for which we collect your personal and obtain your consent at all times.
  2. b) Principle of purpose limitation:the personal data collected shall be for a specified, express and legitimate purpose.
  3. c) Principle of data minimisation:your personal data will be limited to the purposes for which it was processed.
  4. d) Principle of accuracy of personal data:your personal data must be accurate and always up to date.
  5. e) Principle of limitation of the storage period:your personal data shall only be kept in a form that allows for your identification for the time necessary for the purposes for which they are processed.
  6. f) Principle of integrity and confidentiality:your personal data shall be processed in such a way as to guarantee their security and confidentiality.

 

  1. The processing of your personal data

Under GDPR when you complete any of the forms with the information requested, you must give unequivocal and explicit consent, that is easily withdrawn and which has not been given retrospectively.

ONE EDEN shall have the right to withdraw consent at any time. It shall be as easy to withdraw consent as it is to give it. In general, the withdrawal of consent should not affect the provision of services.

On occasions we will ask you to provide your data through forms to allow you to make an enquiry, request information or for reasons related to the provision of services. We will endeavor to inform you in the event that the completion of any such forms  is compulsory on the basis that they needed for the operation carried out.

 

6.1 The processing of the your personal data

We collect personal data through:

  • Phone
  • Email
  • WhatsApp
  • Forms
  • Post
  • Social Media (Facebook, Instagram, LinkedIn, Youtube, etc.).

Categories of personal data: We may collect, use, store and transfer different kinds of personal data about you which we have grouped as follows:

  • Identity and contact data (name, Surname, email, phone number, address, etc.).
  • Financial data (bank account and card payment details, etc.).
  • Personal data which allows us to comply with anti-money laundering and terrorist financing regulations.

Purpose of processing: The purposes for which we will use your personal data is for the management of our commercial, administrative and financial relationship; , to comply with our obligations under anti-money laundering and terrorist financing regulations and for sending you commercial information.

Data retention: Your pIn addition, your data will be retained for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements including complying with the rules on anti-money laundering and financing of terrorism.

Profiling: Customer profiling will be carried out but we will not make automated decisions that affect your rights and freedoms.

Lawful basis: Your consent for the specific purpose for we collected it for, performance of a contract with you, necessary to comply with a legal obligation and necessary for our legitimate interests , provided that the interests or fundamental rights and freedoms of the data subject .

Recipients: We confirm that your personal data may be transferred to public bodies or institutions to comply with our legal obligations, financial entities (banks), owners of the properties which you have shown an interest in and external service providers (such as email hosting, data analysis, marketing, etc.).

Except where indicated, your personal data will not be transferred to any third party save where necessary to comply with a legal obligation or with your prior consent.

International Transfers: In order to collect and process personal data about you we need to contract external service providers, (email hosting, data analysis, marketing). These external service providers assume that your personal  data is stored and / or processed by entities that are established or operate outside the European Union which by its very nature would imply making international data transfer.

Therefore, in order to guarantee the security and protection of personal data, Standard Contractual Clauses have been established with those third parties to whom the data is transferred and, where appropriate, Binding Corporate Rules (BCR).

 

6.2. The processing of the website user´s personal data

We could collect website user´s personal data through:

  • Website
  • Chatbot
  • Website forms
  • Cookies

Categories of personal data: The personal data that will be collect by the website users are identification data (Name and Surname, email, phone number, address, etc.) and IT usage data (IP address, cookies, number of accesses, etc.).

Purpose of processing: The purposes of personal data processing are to facilitate, expedite and fulfill the commitments established between the Website and the user; the maintenance of the relationship established in the forms that the user fills out; respond to a request or inquiry; personalization, operational and statistical purposes and activities of the corporate purpose; extraction, data storage and marketing studies, sending of commercial information.

Retention periods for personal data: Personal data will be retained for the minimum time necessary for the purposes of their processing.

Profiling: Website users profiling will be carried out but automated decisions that may affect the rights and freedoms of the data subjects will not be made.

Legal basis: The consent of the data subject for specific purposes.

Recipients: In compliance with the principle of transparency in the duty of information, we inform the data subjects that their personal data may be transferred to: Organizations and Public Administrations, for the compliance of legal obligations, owners of the properties in which the data subject data has shown interest and external providers (email hosting, data analysis, marketing, etc.).

Except for the cases indicated, the personal data of the data subjects will not be transferred to any third party, except by legal obligation, legal requirement or with the prior consent of the data subject.

International Transfers: In the personal data treatments processes, we need to contract external services, (email hosting, data analysis, marketing) that suppose that the data is stored and / or processed by entities that are established or operate outside the European Union, which that would imply making international data transfers.

Therefore, to guarantee the security and protection of personal data, Standard Contractual Clauses have been established with those third parties to whom the data is transferred and, where appropriate, Binding Corporate Rules (BCR).

 

6.3. The processing of the marketing´s personal data

We could collect website user´s personal data through:

  • Phone
  • Email
  • Chatbot
  • Cookies
  • Whatsapp
  • Forms
  • Letter
  • Social Media (Facebook, Instagram, LinkedIn, Youtube, etc.)

Categories of personal data: The personal data that will be collect are identification data (Name and Surname, email, phone number, address, etc.) and IT usage data (IP address, cookies, number of accesses, etc.).

Purpose of processing: The purposes of personal data processing are personalization, operational and statistical purposes; the extraction, storage of data and marketing studies and the sending of commercial information.

Retention periods for personal data: Personal data will be retained as long as the request for cancellation of the data subject does not occur.

Profiling: Marketing profiling will be carried out but automated decisions that may affect the rights and freedoms of the data subjects will not be made.

Legal basis: The consent of the data subject for specific purposes.

Recipients: In compliance with the principle of transparency in the duty of information, we inform the data subjects that their personal data may be transferred to: Organizations and Public Administrations, for the compliance of legal obligations, owners of the properties in which the data subject data has shown interest and external providers (email hosting, data analysis, marketing, etc.).

Except for the cases indicated, the personal data of the data subjects will not be transferred to any third party, except by legal obligation, legal requirement or with the prior consent of the data subject.

International Transfers: In the personal data treatments processes, we need to contract external services, (email hosting, data analysis, marketing) that suppose that the data is stored and / or processed by entities that are established or operate outside the European Union, which that would imply making international data transfers.

Therefore, to guarantee the security and protection of personal data, Standard Contractual Clauses have been established with those third parties to whom the data is transferred and, where appropriate, Binding Corporate Rules (BCR).

 

  1. Personal data of minors

ONE EDEN does not knowingly process personal information relating to children.

In the event that we discover the mistaken collection of information relating to a minor during a review process, we will carry out all necessary measures to ensure that we delete such information as soon as possible, save for those cases where as a matter of law it is necessary to keep it or

 

  1. Secrecy and confidentiality of personal data.

The data collected in all private communications between you and ONE EDEN shall be treated confidentially.

ONE EDEN has a duty to keep your personal data confidential and to take all necessary measures to prevent alteration, loss and unauthorised access or treatment.

ONE EDEN shall not be liable for any leakage of information that may occur due to mismanagement of information by you.

Likewise, ONE EDEN guarantees the data subject the fulfilment of the duty of secrecy with respect to the data subject´s personal data and the duty to keep them. The data subject may access the Privacy Policy at any time.

In addition, to ensure that the protection of professional secrecy between ONE EDEN and the data subject is preserved in all communications, he/she must not disclose confidential information to third parties.

 

  1. Integrity and security of personal data

ONE EDEN undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected, so as to ensure the security of personal data and to prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication of or access to such data.

However, ONE EDEN cannot guarantee the impregnability of the Internet, nor the total absence of hackers or others gaining fraudulent access to personal data. Therefore, the ONE EDEN undertakes to notify the data subject without undue delay, when a breach of security of personal data occurs, which is likely to involve a high risk to the rights and freedoms of natural persons.

Following the provisions of Article 4 of the GDPR, a personal data breach means any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication or access of such data.

Personal data will be treated as confidential by the ONE EDEN, who undertakes to inform and to ensure by means of a legal or contractual obligation that such confidentiality is respected by its employees, partners, and any other person to whom the information is made accessible.

 

  1. Your legal rights

You have the following rights in the GDPR:

  1. a)Right of access:It is the right to obtain confirmation of whether ONE EDEN is processing the data subject´s personal data and, if so, to obtain information about their personal data and the processing that ONE EDEN has carried out.
  2. b) Right to rectification:It is the right to modify personal data that prove to be inaccurate or incomplete.
  3. c) Right to erasure (“the right to be forgotten”): It is the right to obtain the deletion of personal data when they are no longer necessary for the purposes for which they were collected; the data subject has withdrawn their consent to the treatment, and it has no other legal basis; the data subject opposes the processing; the personal data has been unlawfully processed or the personal data must be deleted in compliance with a legal obligation.
  4. d) Right to restriction of processing:It is the right to limit the processing of data subject´s personal data.
  5. e) Right to data portability:In the event that the processing is carried out by automated means, the data subject will have the right to receive from the ONE EDENtheir personal data in a structured, commonly used, and readable format, and to transmit them to another ONE EDEN.
  6. f) Right to object:It is the right not to carry out the processing of data subject´s personal data.
  7. g) Right not to be subject to a decision based solely on automated processing, including profiling:It is the right not to be the subject of an individualized decision based solely on the automated processing of data subject´s personal data, including profiling.

You may exercise your rights by contacting the DPO of ONE EDEN at the following e-mail address: legal@oneeden.com You must include in the subject matter the following details:

– Name, surname and reference to an official identity document.

– Specific reasons for the request or information to be accessed.

– Your e-mail address.

– Date and your signature.

– Any document that accredits the request being made.

This request, and any other attached documents, should be sent to the following address and/or e-mail address:

Postal address: Plaza de Bulevar, Edificio B, Local 12, 1ª Planta, Oficinas 1A y 1B, 29649, La Cala de Mijas, Málaga.

E-mail: legal@oneeden.com.

 

  1. Availability of data

The availability of data on the Internet may be limited by many external factors which cannot be controlled or foreseen ONE EDEN will not be responsible for any damages or losses that these could cause trying to provide services by alternative means to the Internet.

ONE EDEN will maintain the highest standards of security to ensure confidentiality, integrity and availability.

 

  1. Complaints to the supervisory authority.

In the event that the data subject considers that there is a problem or infringement of current regulations in the way in which his/her personal data is being processed, he/she is entitled to effective judicial protection and to file a complaint with a supervisory authority, in particular, in the state in which he/she has his/her habitual residence, place of work or place of the alleged infringement in the case of Spain the supervisory authority is the Spanish Data Protection Agency (http://www.aepd.es).

 

  1. Acceptance and changes to this Privacy Policy.

It is necessary that the data subject has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as that he/she agrees to the processing of his/her personal data so that the ONE EDEN can proceed in the manner, during the periods and for the purposes indicated.

The use of the Website implies acceptance of the privacy policy.

ONE EDEN reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the supervisory authority (Spanish Data Protection Agency).

“We keep our privacy policy under regular review. This version was last updated on July 2022. Historic versions can be obtained by contacting us.

This Privacy Policy is adapted to GDPR.

This privacy policy will enter into force on July 2022.