Privacy Policy

When you access our website, your device’s browser automatically sends certain technical information to our server. This information is temporarily stored in log files and is automatically deleted once a period of three (3) days has elapsed.

What personal data do we process?

• The IP address of the device from which the request is made.
• The date and time of access.
• The name and URL of the requested file.
• The website from which access to our website is made (referrer URL).
• The website accessed from our website.
• The browser used and, where applicable, the operating system of your device, as well as the name of your Internet service provider.

For what purposes do we process this data?

We process this data for the following purposes:

• To ensure a smooth connection to the website.
• To ensure convenient and proper use of our website.
• To assess system security and stability.
• For other internal administrative purposes.

What is our legal basis for processing this data?

The processing of technical data strictly necessary for the operation, security and administration of the website is based on our legitimate interest, in accordance with Article 6(1)(f) GDPR.

This website uses cookies and similar technologies that may involve the processing of personal data, such as information about users’ browsing activity, online identifiers or technical data relating to the device used.

Cookies are used, among other purposes, to enable the operation and security of the website, remember user preferences, carry out statistical analysis on the use of the website and, where applicable, display personalised advertising.

The processing of personal data resulting from the use of technical or strictly necessary cookies is based on the controller’s legitimate interest, pursuant to Article 6(1)(f) of Regulation (EU) 2016/679, consisting of ensuring the proper functioning, stability and security of the website.

The processing of personal data resulting from the use of non-essential cookies (such as analytics, measurement or advertising cookies) is based on the user’s consent, in accordance with Article 6(1)(a) of Regulation (EU) 2016/679.

Certain third parties may process personal data through cookies installed on this website, in accordance with their own privacy policies.

For detailed information on the use of cookies, the types of cookies used, the third parties involved, retention periods and how to manage or withdraw consent, users may consult the Cookie Policy, available at the following link: Cookie Policy

Through the tracking measures used, we aim to ensure that our website is designed in line with users’ needs and is continuously optimised. We also use tracking measures to statistically record the use of our website and analyse it for the purpose of improving our offering.

The specific purposes of the data processing and the categories of personal data processed can be found in the corresponding tracking tools described in this section.

The legal basis for this data processing is your consent, in accordance with Article 6(1)(a) GDPR.

Siteimprove Analytics

This website uses Siteimprove Analytics for the purposes described under the “Statistics” category. Siteimprove Analytics is a web analytics service provided by Siteimprove GmbH. The information is stored and processed on Siteimprove servers located in Denmark.

IP addresses are fully anonymised before the collected data can be viewed by EOS through the Siteimprove Suite platform. It is not possible to reverse the anonymisation of IP addresses or to associate IP addresses with the collected data.

Shariff Solution

On our website, we use Shariff buttons for the social networks Facebook, Twitter, LinkedIn and Xing. These buttons are simple HTML links. For this purpose, we use the Shariff solution.

With this solution, a script retrieves, for example, how many times a page’s share button has been clicked. To do so, the script communicates with the social network via its application programming interfaces (APIs) and retrieves such figures. No personal data are transmitted during this process. Instead of your IP address, only the address of our server is transmitted to Facebook and Twitter.

You will only come into direct contact with Facebook or Twitter when you actively perform an action. Until that moment, the social networks cannot collect any data about you. As long as you do not click on a link to share content, you remain invisible to these networks. If you click on such a link, the obligation to provide information on the collection and processing of data no longer lies with this website and becomes the responsibility of the respective social network operator.

YouTube

Our website includes links to videos from the provider YouTube (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

When you access a page on our website that contains one of these videos and activate its playback, a direct connection is established between your browser and the YouTube server. At that point, YouTube receives the information that you have visited our website together with your IP address. If you click on the link to the video, your IP address is transmitted to YouTube.

Please note that, as the provider of this website, we have no knowledge of the content of the data transmitted or how such data are used by YouTube. Further information can be found in YouTube’s privacy policy (https://www.youtube.com).

When you contact the Controllers through the available contact channels (for example, website forms, email, telephone or other means of communication), we process the personal data you provide in order to manage and respond to your enquiry or communication.

What personal data do we process?

Depending on the channel used and the content of your communication, we mainly process identification and contact data, such as your first name and last name, email address or telephone number, as well as the information you include in the message or enquiry you send to us. We may also process data associated with the communication itself, such as the date and time of contact, the channel used and, where applicable, basic records of the interaction.

We inform you that we will only process data that are strictly necessary to handle your request and that you should avoid including unnecessary or particularly sensitive information in your communications.

For what purposes do we process this data?

We process your personal data primarily for the purpose of handling, managing and responding to the enquiries, requests for information or communications you send to us. Additionally, the data may be used to maintain a basic record of communications for organisational, internal follow-up and control purposes.

What is our legal basis for processing this data?

The processing of your personal data for handling enquiries and communications is generally based on the legitimate interest of the Controllers (Article 6(1)(f) GDPR) in adequately addressing requests received, maintaining effective communication and properly managing their relationships with third parties.

Where the enquiry is related to a potential future contractual relationship or to a request for information prior to entering into a contract for our services, the processing may additionally be based on the application of pre-contractual measures requested by the data subject (Article 6(1)(b) GDPR), in all cases limited to what is strictly necessary for such purpose.

Where you maintain a debt or payment obligation whose ownership has been lawfully acquired or whose management has been assumed by any of the Controllers, we process only the personal data necessary to identify you, maintain contact with you and manage the outstanding debt.

What personal data do we process and for what purposes?

The main purpose of processing your personal data is the management and recovery of the outstanding debt, which includes, among other actions, maintaining an up-to-date record of the debt, carrying out the corresponding administrative and financial procedures, contacting you in order to claim or, where applicable, negotiate payment, as well as managing the actions necessary for the exercise or defence of legal claims, including those of a pre-litigation or judicial nature.

For these purposes, we process the following categories of personal data:

Identification data: we process data such as your first name and last name and the details of your identification document (national ID card, foreigner ID number or equivalent document) in order to reliably verify your identity and avoid errors in the management of the debt.

Contact data: we also process your usual contact details, such as your postal address (place of residence), telephone number and email address, in order to locate you and communicate with you in the context of debt recovery activities.

Economic and financial data: we also process economic and financial data related to the debt you maintain with us. This data includes the amount owed, the due date and the origin of the debt (for example, the reference to the contract or invoice that gave rise to the debt, originally entered into with a third party), as well as the history of payments and, where applicable, the existence of agreed payment arrangements or refinancing plans.

Where necessary for the management of collections or refunds, we also process your bank details, such as your bank account number or IBAN.

Data relating to communications: we retain data relating to the communications we maintain with you in the context of debt management. This includes copies of letters or emails sent, records of telephone calls or payment reminders, for the purpose of documenting the actions taken and the interactions maintained.

Judicial documentation: where necessary for the pre-litigation or judicial management of the debt, we also process documentation generated or provided in that context, such as written submissions, formal demands, claims, court decisions or other documents related to the exercise or defence of legal claims.

Recording of telephone calls: in relation to telephone communications, we inform you that conversations held with our company may be listened to and/or recorded. These recordings are made for training purposes, improvement of staff performance, verification of compliance with applicable legal and ethical frameworks, and quality control of communications related to debt management. You may object to the recording by informing your interlocutor at the beginning of the call.

Contractual data and guarantees: where the debt is linked to a specific contract or to a guarantee originally provided (such as a mortgage over a property or another type of security), we process the necessary data associated with that relationship, such as the identifying details of the original contract (number, date and contracting parties) and, where applicable, information relating to the asset provided as security, such as its identification, location or valuation.

Data of representatives: we may also process personal data of representatives, agents or persons appointed by you, such as lawyers, court representatives or other persons acting on your behalf, and communicate with them where necessary for the proper handling of the debt. This mainly consists of their contact details and representation-related information. In such cases, we will process only the contact data and the information necessary to verify and manage the representation.

All these data are processed exclusively for the purpose of effectively managing the debt and complying with the associated legal responsibilities, avoiding the collection of information that is not relevant for such purposes. This processing is consistent with the reasonable expectations of any person who maintains an unpaid debt, insofar as it is foreseeable that the lawful holder of the receivable will carry out the actions necessary for its management and recovery.

Where do we obtain your personal data from?

The personal data processed in the context of the management, administration and recovery of the debt may originate from different sources, depending on the relationship maintained and the circumstances of the case file. In particular, such data may have been:

• Provided directly by the data subject during the communications maintained with the entity.
• Disclosed by the entity assigning the receivable or debt, as a result of the assignment or the corresponding debt management mandate.
• Provided by duly authorised legal or voluntary representatives, as well as by professionals involved in the handling of the case file.
• Obtained from public registers, publicly available sources or court decisions, to the extent necessary and in accordance with applicable legislation.

Furthermore, where necessary for the proper management of the case file and the localisation of the debtor, the entity may supplement or update personal data through the use of external service providers that provide ancillary services related to debt management. Such providers act as data processors, strictly following the entity’s instructions, using only lawful sources and processing the data exclusively for the purpose of debt management and recovery, and may not use the data for their own purposes.

What is our legal basis for processing this data?

The processing of your personal data is carried out in the context of the management of a debt arising from a contract entered into between you and the original creditor, the ownership and/or management of which has been lawfully acquired by one of the Controllers, and is primarily based on their legitimate interest (Article 6(1)(f) GDPR) in the management and recovery of overdue receivables and in the defence of the creditor’s rights and economic interests.

In particular, certain specific processing activities—such as the recording of telephone communications, the management and retention of communications exchanged, or the processing of documentation related to pre-litigation or judicial actions—are also based on the legitimate interest of the Controllers (Article 6(1)(f) GDPR) in ensuring service quality, compliance with applicable legal and ethical frameworks, and the proper defence of their rights and economic interests.

Furthermore, certain processing activities may be necessary for compliance with legal obligations applicable to the Controllers (Article 6(1)(c) GDPR), such as those arising from accounting and tax regulations, document retention obligations, compliance with requests from competent authorities, or other legal provisions applicable to debt management and recovery activities.

Where payment arrangements, refinancing agreements or acknowledgements of debt are entered into between you and any of the Controllers, certain data processing activities may additionally be based on the performance of such agreements (Article 6(1)(b) GDPR), strictly to the extent necessary for their management and fulfilment.

Where you are connected to a property owned by any of the Controllers, or to a property associated with debts held by them—for example, as a former owner, tenant, occupant or potential purchaser—we process the personal data necessary for the recovery, management, leasing or transfer of the property, as well as for handling the legal, administrative and operational actions associated with such processes.

What personal data do we process and for what purposes?

The main purpose of processing your personal data is the comprehensive management of the property within our ordinary business activities. This includes, among others, the recovery of possession, the regularisation of the occupancy situation, the execution and management of lease agreements, and the sale or transfer of the property, as well as all actions necessary for these purposes.

Depending on the specific circumstances, this may involve the management of eviction or possession recovery proceedings, the coordination of judicial or administrative actions, the carrying out of visits or operational checks, the execution of lease agreements, the management of incidents during the term of the lease, or the handling of marketing and sale processes relating to the property.

For these purposes, we process the following categories of personal data:

Identification and contact data: we process data such as your first name and last name, national ID number (DNI/NIE) where available, telephone number, postal address and email address, for the purpose of identifying you and communicating with you in relation to the property and the associated actions.

Land registry, cadastral and property data: we process information relating to the property and its legal and physical status, such as land registry and cadastral data, deeds and notarial documents, land registry extracts (nota simple), certificates, encumbrances and charges, as well as technical reports or other documentation necessary to compile and manage the property case file.

Information relating to the occupancy and condition of the property: we process data concerning the occupancy status of the property, its state of conservation and use, as well as records or observations resulting from visits, inspections or operational actions carried out directly or through authorised service providers.

Legal and administrative documentation: where judicial or administrative proceedings exist, we process documentation related to such actions, including submissions, decisions, notifications, court orders or other documents connected with the recovery of the property, the regularisation of the occupancy situation or the defence of rights.

Data relating to lease agreements: where the property is leased, we process identification and contact data, contractual information, documentation provided for the execution of the lease agreement, as well as information generated during the lease relationship (incidents, communications, maintenance reports).

Data relating to sales processes: in the context of marketing and sale processes, we process identification and contact data, information contained in offers and communications, contractual or pre-contractual documentation, information derived from visits or operational checks, as well as public documentation generated during the process (deeds, certificates, land registry extracts).

Data of representatives: we may also process personal data of representatives, agents or persons appointed by you, such as lawyers or other persons acting on your behalf, and communicate with them where necessary for the proper management, recovery, leasing or transfer of the property, or for handling related administrative or judicial actions. In such cases, we process only identification and contact data and the information strictly necessary to verify and manage the representation.

All these data are processed exclusively for the purpose of managing the property and the actions necessary for its recovery, leasing or transfer, avoiding the collection of information that is not relevant for such purposes. This processing is consistent with the reasonable expectations of any person connected to a property managed by a third party that holds legitimate rights or interests in relation to it.

Where do we obtain your personal data from?

In the case of individuals connected to properties, personal data may originate both from the data subjects themselves and from third parties involved in the management of the property, such as tenants, occupants, purchasers or representatives. Data may also derive from information contained in public registers, notarial or administrative documentation, and from data provided or generated by service providers that support us in the management of the asset, as well as from information generated in the course of such management activities.

What is the legal basis for processing this data?

Where the processing of personal data is necessary for the performance of a contract or for the application of pre-contractual measures at your request—for example, in the context of lease or sale agreements—the legal basis is Article 6(1)(b) GDPR.

In cases involving the recovery of possession, regularisation of the occupancy situation, vacating of the property or the defence of rights, the processing is based on the legitimate interest of the Controllers (Article 6(1)(f) GDPR) in protecting, managing and recovering the property, as well as in exercising or defending legal claims, having duly balanced such interest against your fundamental rights and freedoms.

Furthermore, certain processing activities may be necessary for compliance with legal obligations (Article 6(1)(c) GDPR), such as those arising from judicial or administrative proceedings, requests from public authorities, land registry, notarial or tax obligations, or any other obligations applicable in the real estate sector.

Where you act as a signatory, legal representative, contact person or interlocutor of an entity or third party with which the Controllers interact in the course of their activities—such as entities assigning receivables, clients, suppliers, partners, public authorities or other third parties with whom interaction is necessary—we process the personal data necessary to manage such relationships and related actions.

What personal data do we process and for what purposes?

The main purpose of processing your personal data is to enable proper communication and management of the professional, contractual, administrative or institutional relationships between the Controllers and the entity or third party you represent or with which you act as a contact person.

This includes the identification of contact persons, the management of communications, the handling of operational, administrative or legal actions, as well as, where applicable, responding to requests, claims and the exercise or defence of legal actions arising from such relationships or activities.

Furthermore, where applicable, we process your personal data for the compliance with legal obligations, including those that may involve duties of identification, verification or provision of information to competent authorities, courts, tribunals, registers or other public bodies, in accordance with applicable legislation.

For these purposes, we process the following categories of personal data:

Professional identification and contact data: first name and last name, position or role, professional contact details and signature, where applicable.

Representation or contact-related data: information strictly necessary to verify or manage your status as a representative, authorised person or contact person of the relevant entity or third party.

Data derived from actions or communications: information contained in correspondence, communications, notifications or documentation exchanged in the context of the relationships or activities described above.

All such data are processed exclusively in a professional or institutional context, and only to the extent necessary for the purposes indicated.

Where do we obtain your personal data from?

With regard to representatives or contact persons of entities, personal data are usually provided directly by the entity you represent or by yourself, and in some cases may be obtained from publicly available sources, such as professional websites or corporate directories. This information may also be generated in the context of the actions and communications carried out during our commercial or institutional relationship.

What is the legal basis for processing this data?

The processing of your personal data is primarily based on the legitimate interest of the Controllers (Article 6(1)(f) GDPR) in maintaining appropriate professional, administrative or institutional relationships, properly managing their activities and defending their rights and interests, using professional contact data for such purposes.

In addition, certain processing activities may be based on compliance with legal obligations applicable to the Controllers (Article 6(1)(c) GDPR), in particular where it is necessary to respond to requests from public authorities, comply with legal provisions or cooperate with competent bodies in the exercise of their functions.