PRIVACY POLICY – Stelliumestates.com

INDEX

Purpose of the Privacy Policy
Definition of personal data
Identity of the Data Controller
Applicable laws and regulations
Principles applicable to the processing of personal data
Security measures
Purposes of processing
Lawful basis for processing
Recipients of your data
Data processing activities carried out
Personal data of minors
Origin and types of data processed
Rights of data subjects
Modification

1. Purpose of the policy

At Isaac Shahar (hereinafter, “Stellium”), we respect your privacy and protect your personal data. This policy explains how we collect, use and share your information in accordance with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

This privacy policy applies to the website https://stelliumestates.com. If you do not provide us with your personal data, no processing of your information will be carried out.

We inform you about the purposes of the processing, the entities that may access your data and your rights as the data subject. Some processing may be based on legal obligations, contracts or legitimate interests and does not require your express consent.

If the website uses cookies, we will clearly notify you in our Cookie Policy, where you can obtain more information about the use of cookies and how to manage your preferences.

This policy guarantees transparency and is designed to enable you to understand and exercise your rights clearly.

2. Definition of personal data

Personal data: Personal data is understood as any information relating to an identified or identifiable natural person (“Website user”). An identifiable natural person is a person whose identity can be determined, directly or indirectly, by means of identifiers such as a name, an identification number, location data, an online identifier, or through factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

3. Identity of the data controller

Who collects and processes your data?

The Data Controller is:

Isaac Shahar Z0763431C

How can you contact us?

Postal address and offices: Costanilla de los desamparados 2, 1 izq . 28004, Madrid (Madrid), Spain
Email: privacy@stelliumestates.com
Phone: 627734503

Who can help you with our Data Protection Policy?

We have a person responsible for data protection who is in charge of ensuring that Stellium complies with current legislation and regulations. If you need to, you can contact them at:

privacy@stelliumestates.com

4. Applicable laws and regulations

This Privacy and Data Protection Policy is developed based on the following data protection regulations and laws:

Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).
Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI).

5. Principles applicable to the processing of personal data

At Stellium, we process personal data in accordance with the principles established in current regulations, ensuring that processing is:

Lawful, fair and transparent: We provide clear and accessible information about how data is collected and used.
Purpose limitation: Data is collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data minimisation: We only request data that is adequate, relevant and limited to what is necessary.
Accuracy: We keep data up to date and correct inaccurate data without delay.
Storage limitation: We keep data only for the time necessary for the purposes indicated.
Integrity and confidentiality: We apply appropriate technical and organisational measures to protect the data.
Accountability: We are responsible for and able to demonstrate compliance with these principles.

6. Security measures

What do we do to guarantee the privacy of your data?

At Stellium, we have implemented the necessary technical and organisational measures to guarantee the security of the personal data we process. These measures are designed to prevent the alteration, loss, unauthorised access or improper processing of data, and are adapted to the state of the art and the risks involved.

Among the measures we highlight:

Confidentiality: Only authorised persons can access the information.
Integrity: The information is kept accurate and protected against unauthorised modifications.
Availability: We ensure that the data is accessible to authorised persons when needed.
Continuous assessment: We regularly review and improve our security measures to adapt to new threats and technological developments.
Pseudonymisation and encryption: We apply these techniques where appropriate to reinforce data protection, especially for sensitive data.

7. Purposes of processing

What do we want to process your data for?

Below we detail the intended uses and purposes of the data processed through https://stelliumestates.com:

Website contact form and enquiry management

To receive and manage messages submitted through the website contact form; to assess the prospective client’s needs and suitability; to arrange confidential introductions or calls; and to maintain a short record of the exchanges for traceability and follow-up. Main purpose: handling website contact requests and pre-contractual communications with prospective clients.

Website cookies, technical logs and social media links

To operate and secure the website (including bot protection and hosting performance), to remember the user’s cookie preferences, and to provide links to Stellium’s official profiles on LinkedIn, X and Instagram. When the user clicks on those links, their browser connects directly to the relevant social network, which acts as an independent controller under its own privacy policy. Main purpose: management of technical cookies, security logs and social media links on the website.

How long do we keep your data?

We use your data for the time strictly necessary to fulfil the purposes indicated above. Unless there is a legal obligation or requirement, the foreseen retention periods are:

Website contact form and enquiry management

Personal data from website enquiries will be kept during the management of the enquiry and any pre-contractual exchanges with the data subject, and will subsequently be blocked and deleted within two (2) years from the last recorded interaction, unless a longer period is required for the establishment, exercise or defence of legal claims.

Website cookies, technical logs and social media links

Technical cookies are stored for the period indicated in the cookie banner (for example, from one session to one year, depending on the cookie). Server and security logs are kept for up to twelve (12) months for security and troubleshooting purposes. After these periods, data are deleted or anonymised.

8. Lawful basis for processing

Why do we process your data?

The collection and processing of your data is always legitimised by one or more lawful bases, which we detail below:

Website contact form and enquiry management

Art. 6(1)(a) GDPR – the data subject’s consent, granted by voluntarily completing and submitting the website contact form and accepting the Privacy Policy.

Website cookies, technical logs and social media links

Art. 6(1)(f) GDPR – legitimate interest of Stellium in ensuring the technical functionality, security, fraud prevention and proper display of the website, as well as in maintaining its corporate presence on social networks through simple links that the user may voluntarily click. Only strictly necessary cookies are used and no profiling or behavioural advertising is carried out on Stellium’s website.

9. Recipients of your data

Who do we disclose your data to within the European Union?

Website contact form and enquiry management

No disclosures to third-party controllers are foreseen for this processing activity. Personal data may be accessed by IT and hosting providers acting as data processors under written data processing agreements.

Website cookies, technical logs and social media links

No regular disclosures to third-party controllers are foreseen, except when the user voluntarily clicks on the social media links (LinkedIn, X, Instagram), in which case their browser will send connection data (such as IP address and user agent) to those platforms, which act as independent data controllers under their own privacy policies. Technical and security cookies may involve access to data by IT and hosting providers (such as Cloudflare, CookieYes and hosting services) acting as data processors under written data processing agreements, some of them involving international transfers with appropriate safeguards (such as Standard Contractual Clauses).

Do we carry out International Transfers of your data outside the European Union?

In the context of our data processing activities, we may use external services that involve the storage and/or processing of your data by organisations located outside the European Union (for example, cloud or security service providers and certain social networks). This may entail international transfers of your data.

In such cases, we will ensure that appropriate safeguards are in place, as required by applicable data protection law, such as the use of Standard Contractual Clauses adopted by the European Commission or other equivalent mechanisms. You may request further information about the international transfers that affect you by contacting us at privacy@stelliumestates.com.

10. Data processing activities

The main data processing activities carried out through https://stelliumestates.com are those described above, in particular:

Website contact form and enquiry management, for handling contact requests and pre-contractual communications with prospective clients.
Website cookies, technical logs and social media links, for ensuring the technical operation and security of the website and providing access to Stellium’s official social media profiles.

11. Personal data of minors

How do we handle the data of minors?

Minors under 14 years of age cannot use the services offered through our website without the prior authorisation of their parents, guardians or legal representatives. They will be solely responsible for all actions carried out through the website by the minors in their care, including filling in online forms with the personal data of the minors and, where appropriate, ticking the corresponding boxes.

In accordance with Article 8 of the GDPR and Article 7 of the LOPDGDD, only those over 14 years of age may give their consent for the lawful processing of their personal data by Stellium.

12. Origin and types of data processed

Where have we obtained your data from?

Website contact form and enquiry management

Data is obtained directly from the data subject when they complete and submit the website contact form or when they contact us using the contact details provided on the website. No data is taken from public sources or from third parties for this purpose.

Website cookies, technical logs and social media links

Data is obtained directly from the data subject when they browse the website, and indirectly through their device when connecting to the site (IP address, cookies, security logs, CAPTCHA/Cloudflare data). No data for this category are taken from public sources or third parties.

What types of your data have we collected and do we process?

Website contact form and enquiry management

We process the following categories of data:

Identification data (for example, name and surname).
Contact details (email address and, where provided, telephone number).
Location or country/city of interest, as indicated by the user.
Enquiry and engagement data (purpose of engagement, invitation code if provided, and the free-text message describing the client’s needs and preferences regarding property search or relocation).
Metadata associated with the communication (such as date and time of the enquiry).

Website cookies, technical logs and social media links

We process the following categories of data:

Online identifiers and technical data (IP address, cookie identifiers such as __cf_bm, elementor, wpEmojiSettingsSupports and cookieyes-consent, CAPTCHA/Cloudflare data, device and browser information).
Security and access log data (timestamps, URLs visited, technical error and performance logs).
Connection data sent to social networks when the user clicks on the links to Stellium’s official profiles (such as IP address and user agent), which are then processed by the corresponding platforms as independent controllers.

13. Rights of data subjects

What are your rights regarding your data?

Data protection regulations grant you specific rights that you can exercise in relation to the processing of your data. These rights are personal and non-transferable, which means that only you, as the data subject, can exercise them after verification of your identity.

Your rights include:

• Right of access: You can request confirmation as to whether Stellium is processing your data and access the information related to its processing.

• Right to rectification: If your personal data is inaccurate or incomplete, you can request its correction.

• Right to erasure (“right to be forgotten”): You can request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.

• Right to restriction of processing: You can request the limitation of the processing of your data, for example while its accuracy is being verified or in other cases provided for by law.

• Right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another data controller.

• Right to object: You can object to the processing of your data for reasons related to your particular situation, especially when the processing is based on legitimate interests.

• Right not to be subject to automated decisions: You can request not to be subject to decisions based solely on the automated processing of your data, including profiling.

• Right to withdraw consent: You can withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

• Right to lodge a complaint: If you consider that your rights have not been respected, you can file a claim with the corresponding supervisory authority.

To exercise any of these rights, you can contact Stellium using the following contact information:

Controller: Isaac Shahar
Address: -. 28043, Madrid (Madrid), Spain
E-mail: privacy@stelliumestates.com
Website: https://stelliumestates.com

You can also contact rgpd@auratechlegal.es if you need support or clarification regarding the exercise of your data protection rights.

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, erasure, restriction or objection, portability and withdrawal of your consent, you can do so by sending an email to rgpd@auratechlegal.es and/or privacy@stelliumestates.com, or by sending a written request by post to: -. 28043, Madrid (Madrid), Spain.

How can you file a complaint if you consider that your rights are not respected?

If you believe that the processing of your personal data does not comply with data protection regulations, you have the right to file a claim with the corresponding Supervisory Authority in your country of residence or place of business.

Depending on your location, you can address the competent authority in your country. For example:

• In Germany, you can contact the Berliner Beauftragte für Datenschutz und Informationsfreiheit.
• In France, the competent authority is the Commission Nationale de l’Informatique et des Libertés (CNIL).

The specific contact details for Spain are as follows:

Agencia Española de Protección de Datos
C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
Email: info@aepd.es – Telephone: 900 293 183
Web: https://www.aepd.es

If you are unsure which authority corresponds to you or need information about other supervisory authorities, you can consult the websites of the European data protection authorities or contact us for guidance.

14. Modification and principle of information

This document ensures that you understand how we process your personal data. By using our website or services, you confirm that you have been informed about the terms of our Privacy Policy, in accordance with the principle of information established in Article 13 of the GDPR. The lawful bases for the processing of your personal data are set out in Article 6 of the GDPR, and may include consent, the performance of a contract, compliance with legal obligations or legitimate interest, as described in this policy.

This policy has been drafted with the collaboration of Auratech Legal, a firm specialising in data protection, and will be reviewed periodically to ensure its adequacy and compliance.

Stellium reserves the right to modify this Privacy Policy based on legislative or case-law developments or guidelines from supervisory authorities. Any relevant modification that affects the purposes of the processing, retention periods or user rights will be communicated explicitly, for example by means of a notice on the website.

Last update: December 11th, 2025