I. Privacy and Data Protection Policy

At Greystone International Real Estate Group, hereinafter referred to as “the Company” or “the Website,” we are committed to safeguarding your privacy and adhering to all relevant data protection laws and regulations. In this revised Privacy and Data Protection Policy, we outline our commitment to protecting your personal data and ensuring its secure processing.

Applicable Laws

This Privacy Policy complies with Spanish and European data protection regulations, including:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
  • Organic Law 15/1999, of December 13, on the Protection of Personal Data (LOPD).
  • Royal Decree 1720/2007, of December 21, which approves the Regulation for the development of Organic Law 15/1999 (RDLOPD).
  • Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce (LSSI-CE).

Data Controller

The entity responsible for processing your personal data at Greystone International Real Estate Group is Greystone Real Estate Group SL., with NIF: B13821954 (hereinafter, “Data Controller”). You can contact us using the following details:• Address: CALLE RIO AMAZONAS S/N 29660 MARBELLA MALAGA

Data Collection

We collect personal data through forms on our website, and this information is stored in an automated file under the responsibility of the Data Controller. This file is duly declared and registered with the General Registry of the Data Protection Agency, which can be accessed on the website of the Spanish Agency for Data Protection (http://www.agpd.es). The data is collected to facilitate our services, maintain user relationships, and respond to inquiries.

Principles of Data Processing

We adhere to the following principles as outlined in Article 5 of the GDPR:

  • Legality, loyalty, and transparency: We obtain user consent transparently and inform them about the purpose of data collection.
  • Purpose limitation: We collect data for specific, legitimate purposes.
  • Data minimization: We only collect data necessary for the intended purposes.
  • Accuracy: We ensure that personal data is accurate and up-to-date.
  • Storage limitation: We retain data only for as long as necessary for processing.
  • Integrity and confidentiality: We maintain data security and confidentiality.
  • Proactive responsibility: We are responsible for ensuring compliance with these principles.Categories of Personal Data We collect only identifying data, and we do not process special categories of personal data under Article 9 of the GDPR.

Legal Basis for Processing

The legal basis for processing personal data is user consent. We obtain explicit and verifiable consent from users for specific purposes. Users have the right to withdraw consent at any time, and withdrawal will not affect website usage unless explicitly stated.

Purpose of Data Processing

We collect and process personal data to facilitate services, maintain relationships with users, respond to inquiries, and for commercial purposes, including personalization, operations, statistics, and marketing to improve website quality and user experience.

Data Retention Period

We retain personal data for the minimum necessary period to fulfill processing purposes, typically until the end of the client relationship or until the user requests deletion. Users will be informed of data retention periods when data is collected.

Personal Data of Minors

We only process personal data of individuals aged 14 and above with their lawful consent. For minors under 14, parental or guardian consent is required.

Data Security

We employ appropriate technical and organizational measures to protect personal data against unauthorized access, destruction, alteration, or disclosure. Our website uses SSL encryption for secure data transmission.

User Rights

Users have rights under the GDPR, including:

  •  Access: Users can request information about their personal data and processing.
  • Rectification: Users can correct inaccurate or incomplete data.
  • Right to be Forgotten: Users can request the deletion of their data under certain conditions.
  • Limitation of Processing: Users can limit data processing in specific circumstances.
  • Data Portability: Users can receive their data in a structured format and transfer it to another controller.
  • Objection: Users can object to data processing.
  • No Automated Decision Making: Users won’t be subject to solely automated decisions.

Links to Third-Party Websites

Our website may contain links to third-party websites, each with its own data protection policies. We are not responsible for the data practices of these third-party websites.

Complaints to Supervisory Authority

If users believe there is a breach of data protection regulations, they can submit a complaint to the relevant supervisory authority. In Spain, this authority is the Spanish Agency for Data Protection


II. Acceptance and Changes to This Privacy Policy

By using our website, you accept and agree to this Privacy and Data Protection Policy. We reserve the right to modify this policy based on our criteria or changes in relevant regulations. Any changes will be explicitly communicated to users.

This Privacy and Data Protection Policy was last updated on June 13, 2018, to align with GDPR regulations.