Privacy

Protection of personal data

The personal data collected through the website are only used for the purpose of providing the requested services as well as invoicing them. Your data will be placed in files owned by GRUPO ONDARA for billing purposes and will be archived for the legally required period of time. You may exercise your rights of access, rectification, cancellation and opposition in writing to Ondara Capital, S.L. and Vern Properties, S.L. at C/Muntaner 354, 4º,2ª 08021 Barcelona.

Intellectual property and responsibility for content

Any use of all the contents of the website, specifically the texts, design and source code, without the express authorisation of its owners is prohibited. Any unauthorized use will be duly prosecuted by the legitimate owners.
The owner of the website is not responsible for the content to which the links located on it are directed, as established in article 17 of the LSSICE.

Privacy Policy

The user, through the different areas that are part of the website, can visit, obtain information, use a series of applications or tools and contract services.

Any data that may be provided by users will be treated with absolute confidentiality. Both the person responsible for the files and those involved in any phase of the processing and to whom they have been communicated, under the protection of the authorisation granted by the user, legal obligation, legitimate interest, execution of the contract/operation, are subject to the strictest professional secrecy, expressly undertaking to adopt the levels of protection and the necessary measures of a technical and organisational nature that guarantee the security of the data of a personal and prevent their alteration, misuse, loss, theft, treatment or unauthorized access, either externally or within the framework of the structure and dependent personnel themselves, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether these come from human action or the physical or natural environment. Likewise, the processing and registration in files, programs, systems, equipment, premises and centers that meet the requirements and conditions of integrity and security established in the regulations in force at all times is guaranteed.

All this and however, the user must be aware and expressly warned that security measures on the Internet are not impregnable.

Finally, the user is warned that the Ondara Group’s web pages may facilitate access through links to different websites corresponding to companies, institutions or organisations outside the group. Ondara will not be responsible in relation to the registration of personal data on these websites by the user.

a) Navigation:

Simply browsing through the Ondara website is free of charge and does not require prior registration or on the part of the user. However, access, contracting or use of some products or services will require the registration of the user, the possession of passwords or identification cards and/or the payment of a price in accordance with the provisions of the specific conditions governing each product or service.

The user is expressly warned that the Ondara website uses “cookies”. These cookies are small data files that are generated on the user’s computer which are only associated with an anonymous user. The cookies used cannot read data from your hard drive or read cookie files created by other providers. Cookies allow users to be recognised only if they have registered, so that they do not have to do so on each visit to access the areas or services reserved exclusively for them. They also provide information on the date and time of the last time the user visited our website and the content chosen when browsing. The user has the possibility of configuring their browser to be notified of the receipt of cookies on their hard drive, and for this purpose they must consult the instructions and manuals of their browser for more information.

b) Personal data:

In the event that a user – an individual – is required to register their personal data, in order to enable access, use or contracting of any service provided through the Ondara website, they are expressly informed that said data, together with those originating as a result of the execution of the service, are necessary for the development, control, management and execution of the contracted services and products and that they will be incorporated into the files created for this purpose in each case. The introduction and registration of personal data by the user will imply the acceptance and express authorisation of Ondara for the collection, incorporation into the respective files and the processing of said personal data, as well as for their conservation during the periods provided for in the applicable provisions.

Basic information on the personal data protection regime for users and personnel

Responsible: Ondara Capital, S.L. and Vern Properties, S.L. (GRUPO ONDARA or ONDARA) with registered office: C/Muntaner 354, 4º,2ª, 08012, Barcelona. Contact details of the Data Protection Officer: dpo@ondara.group

Purposes and legitimacy: The main purpose is to process and manage your request, and the actions and operations that derive from it, which may involve sending electronic commercial communications, or contacting you through the location data provided. The basis of their standing is their own request.

Recipients: no data will be transferred to third parties unless legally required or in the event that you have given your consent by virtue of a specific agreement with Ondara.

Origin of the data: Provided by the interested party.

Rights: you can write to Ondara’s Data Protection Rights unit through its registered office or offices or through the following email address: dpo@ondara.group, in order to exercise your rights of access, rectification, opposition, deletion, limitation and portability and to exercise the right to oppose automated individual decisions that may significantly affect you or have legal effects, in accordance with Article 22 of EU Regulation 2016/679.

To this end, they may do so by written communication addressed to:

ONDARA

Ondara Capital, S.L.

Vern Properties, S.L.

C/Muntaner 354, 4º,2ª
C.P. 08021 – Barcelona
Phone: +34 932 20 22 63
hello@ondara.group

Roles and duties of staff

Any user with access to GRUPO ONDARA information systems or services, and especially to personal data, is obliged to know and observe the measures, rules, procedures, rules and standards that affect the functions they perform and that are specified in this document.

It is the user’s obligation to notify the Data Protection Officer (DPO), through dpo@ondara.group, of any security incidents of which he or she is aware. We understand a security incident as any anomaly that affects or may affect the security of data, such as loss or deterioration of data in any transmission, failure of computer systems, vulnerability of access credentials or loss of any physical or automated medium that may contain confidential or personal data.

Identification names and access codes

To access computer systems or services, authentication by means of a username and password will be required. This authentication must be of sufficient security, with a password of no more than one year and adequate complexity.

It is forbidden to disclose the user identifier and access code. If the user suspects that another person knows their identification and access data, they must change their password or inform the DPO in order to be assigned a new temporary password that the user must change on the first access. The responsibility for any action carried out with the credentials of a user will initially fall on the user, which may be of a criminal nature.

In the event of a temporary withdrawal or absence of the user, the Head of his Department may request the DPO to create new identifiers and access codes for the designated person.

The user is obliged to use the corporate cloud of the ONDARA GROUP and its data without engaging in activities that infringe the rights of the entity or third parties, or that may violate the morals or etiquette rules of the telematic networks.

Any user who makes a copy to another medium or location of any information likely to contain personal data must request the authorisation of the DPO, if this is contemplated in its functions, and must notify that such a copy has been made, the data it contains and the purpose of the same.

The following activities are expressly prohibited:

  • Sharing or providing the user identifiers and access codes provided by GRUPO ONDARA with another natural or legal person, including the entity’s own personnel. In the event of a breach of this prohibition, the user is solely responsible for the acts performed by the natural or legal person who uses the user’s identifier in an unauthorized manner.
  • Attempt to decipher the keys, encryption systems or algorithms and any other security element involved in the telematic processes of GRUPO ONDARA.
  • Destroy, alter, render useless or in any other way damage the data, programs or electronic documents of the Entity or of third parties.
  • Voluntarily obstructing the access of other users to the network through the massive consumption of the entity’s computer and telematic resources, as well as carrying out actions that damage, interrupt or generate errors in said systems.
  • Send email messages in bulk or for commercial or advertising purposes without the consent of the recipient and the DPO
  • Attempt to read, delete, copy, or modify other users’ e-mail messages or files.
  • Using the system to attempt to access restricted areas of the computer systems of GRUPO ONDARA or third parties.
  • Voluntarily introduce programs, viruses, macros, applets, ActiveX controls or any other logical device or sequence of characters that cause or are likely to cause any type of alteration in the computer systems of the entity or third parties.
  • Introducing, downloading from the Internet, reproducing, using or distributing computer programs not expressly authorised by GRUPO ONDARA, or any other type of work or material whose intellectual or industrial property rights belong to third parties, when there is no authorisation to do so.
  • Installing illegal copies of any program and/or deleting any of the legally installed programs.
  • Using GRUPO ONDARA’s telematic resources, including the Internet, in a manner inappropriate to the activities related to the user’s workplace.
  • Introducing obscene, immoral or offensive content and, in general, unhelpful for the objectives of the entity, into the entity’s corporate network.

Confidentiality of information

  • It is not permitted to send confidential information from GRUPO ONDARA to third parties by means of material supports or through any means of communication, including simple viewing or access. Third parties shall be considered to be any user, service or device external to the corporate network (public and private cloud) of GRUPO ONDARA.
  • Any information entered into the corporate network through messages of any means must comply with the requirements established in these regulations and, in particular, those referring to intellectual and industrial property, privacy and the control of viruses and other malicious codes.
  • Users of corporate information systems must maintain the utmost confidentiality and not disclose or use, directly or through third parties or entities, the data, documents, methodologies, keys, analyses, programs and other information to which they have access during their contractual relationship with GRUPO ONDARA and related entities, both in material and electronic format. This obligation will continue in force after the termination of the contract, until the aforementioned information is no longer confidential or passes into the public domain.
  • In the event that, for reasons directly related to the job, the user comes into possession of confidential information under any type of medium, it must be understood that such possession is strictly temporary, with an obligation of secrecy and without this determining any right of possession, ownership, copying or collection of the aforementioned information. Likewise, the user must return these materials to the entity, immediately after the completion of the tasks that have given rise to the temporary use of them and, in any case, at the end of the contractual relationship. The continued use of the information in any format or medium in a manner other than that agreed and without the knowledge of the entity does not imply, in any case, a modification of this heading.
  • Any file not generated by professional activity, especially with personal information or suspected of malware or copyright infringement, located in any storage owned by GRUPO ONDARA, will be blocked or deleted, notifying the user and registering the corresponding incident.

Using email and cloud applications

The computer system, the corporate network, Internet access, the terminals and the services provided to the user are the property of GRUPO ONDARA. The use of these means provided by the organization is limited to issues directly related to the activity of the Entity and the functions of the job. They are for the exclusive use of their owner in order to facilitate their work and professional activity and only for the duration of the relationship between the user and the Entity.

Private services must not be used for professional purposes (personal email, Dropbox, Facebook…), especially those uses in which confidential or personal data are involved. Reciprocally, GRUPO ONDARA resources or services must not be used for private purposes (corporate mail, storage, PC, tf, etc.).

Access from devices outside GRUPO ONDARA, especially if they are mobile, must be carried out with the greatest security that allows productive use.

If, for the sake of productivity, it is convenient for the user to install the client of an application on a home PC, laptop or personal Smartphone for access to a service that processes confidential information, these devices must have sufficient security measures more rigorously: updated antivirus, secure password, session lock for at least 5 minutes and, if necessary, encryption of the data.

If the device is lost or access by an unauthorised person is suspected, the DPO must be notified immediately for the password change and the AEPD must be notified, if applicable, of the security incident.

Data protection for staff

Prohibited acts:

  • Create personal data files without the authorization of the DPO.
  • Cross-referencing information relating to data from different files or services in order to establish personality profiles, consumption habits or any other type of preferences, without the express authorisation of the DPO.
  • Any other activity expressly prohibited in this document or in the data protection regulations and Instructions of the AEPD. Personal data collected through the website are only used for the purpose of providing the requested services as well as invoicing them. Your data will be placed in files owned by Préstamo Capital for billing purposes and will be archived for the legally required period of time. You may exercise your rights of access, rectification, cancellation and opposition in writing to Grupo Ondara – Ondara Capital, S.L. or Vern Properties, S.L. at C/Muntaner 354, 4º,2ª 08021 Barcelona.

Informative clause on the right of the entity Ondara Capital, S.L. to consult the CIR to the Bank of Spain.

  • The CIR or Central Risk Information Centre of the Bank of Spain or CIRBE is a public service dedicated to managing a database that contains all the loans, credits, guarantees and risks that financial institutions assume with their customers, whether they are natural or legal persons.
  • Law 5/2019, of 15 March, regulating real estate credit agreements, contains transparency and conduct rules that impose obligations on lenders and credit intermediaries, as well as their appointed representatives, completing and improving the current existing framework of Order EHA/2899/2011, of 28 October and Law 2/2009, of 31 March, which regulates the contracting with consumers of mortgage loans or credits and intermediation services for the conclusion of loan or credit contracts. It describes, in turn, the use of real estate credit intermediaries and reporting entities where they may only process the information provided by the Bank of Spain for the assessment of the risk related to the operations that justify the request for the CIR report; may not use the data for any other purpose.
  • In compliance with regulations, and specifically paragraph 5 of section b), in the sixteenth rule of Circular 1/2013, of 24 May, of the Bank of Spain, on the Central Risk Information Centre, the Ondara Group, informs through this clause of the right of the Ondara Group to request the data in the CIR report in order to assess the risk of the operation.