Privacy Policy

The data controller responsible for processing personal data collected through urbanestate.com (the “Website”) is Urban Estate (update with registered legal name), with address at Sitges, Garraf, Barcelona, Spain (update with full address). You may contact us regarding privacy matters at contact@sigets-capital.com.

This Website is primarily directed at individuals interested in properties and services in Sitges, Garraf, and the Barcelona area, Spain. If you are in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) and applicable local laws (including Spanish data protection legislation) apply to our processing of your personal data.

This Privacy Policy explains what personal data we collect, why we use it, how long we keep it, who we share it with, and what rights you have. It should be read together with our Terms of Service and our cookie information (available when you open the cookie preferences on the Website).

We do not knowingly collect data from children under 16 for marketing purposes. If you believe we have done so, please contact us and we will delete it.

Contact form: when you submit our contact form, we collect the information you provide (such as name, email address, telephone number, inquiry type, budget range, property of interest, preferred contact method, timing preferences, and your message).

Browsing and technical data: our hosting and infrastructure providers may process server logs (e.g. IP address, browser type, date/time of requests) for security and reliability.

Analytics (optional): if you consent via our cookie tool, we may use Vercel Web Analytics and, when configured, Google Analytics and/or Google Tag Manager to understand aggregate traffic and usage. These tools may use cookies or similar technologies.

Marketing tags (optional): if you consent to the marketing category, we may load tags used for advertising or campaign measurement when we enable them.

To respond to your contact request and, where relevant, to take steps before entering into a contract — legal bases: performance of a contract (Article 6(1)(b) GDPR) and/or our legitimate interests in responding to business enquiries (Article 6(1)(f) GDPR), depending on the nature of your request.

To operate and secure the Website, including fraud prevention and abuse detection — legal basis: legitimate interests (Article 6(1)(f) GDPR).

To comply with legal obligations (e.g. tax or accounting rules where applicable) — legal basis: legal obligation (Article 6(1)(c) GDPR).

For analytics and marketing cookies or similar technologies — legal basis: your consent (Article 6(1)(a) GDPR), which you can withdraw at any time via “Cookie settings” in the footer without affecting the lawfulness of processing before withdrawal.

For optional commercial communications, where you have ticked a separate consent box — legal basis: consent (Article 6(1)(a) GDPR).

We use strictly necessary cookies (or local storage) to remember your language preference, store your cookie choices, and deliver core functionality. These do not require consent under the ePrivacy rules in the same way as optional analytics or marketing tools.

Optional categories (analytics, marketing) are only activated after you accept them in our cookie drawer or save customised preferences. You can change your mind at any time using “Cookie settings” in the footer.

Form submissions are transmitted to Formsync (formsync.app) or the endpoint we configure to receive form data, which acts as a processor on our behalf for the purpose of delivering your message to our team.

The Website is hosted on Vercel, Inc. (United States and other regions). Vercel may process technical and analytics data as described in their documentation.

If we enable Google Analytics or Google Tag Manager, Google Ireland Limited / Google LLC may process data according to Google’s policies.

We may also use other service providers (e.g. email, CRM) as our business needs evolve; we will update this policy when we add materially new categories of recipients.

Some processors are located outside the EEA. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or other mechanisms recognised under GDPR, in addition to any supplementary measures the provider implements.

We keep contact form submissions and related correspondence only as long as needed to handle your request, manage our relationship with you, and comply with legal obligations. Retention periods may vary depending on the nature of the enquiry and applicable law.

Server and security logs are kept for a limited period consistent with operational and security needs.

Depending on your location and applicable law, you may have the right to: access your personal data; rectify inaccurate data; erase data; restrict processing; object to processing based on legitimate interests; data portability (where processing is based on consent or contract and automated); and withdraw consent at any time where processing is consent-based.

To exercise these rights, contact us at contact@sigets-capital.com. You also have the right to lodge a complaint with a supervisory authority. In Spain, the Agencia Española de Protección de Datos (AEPD) — www.aepd.es.

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will change when we do. If we make material changes to how we use cookies, we may increase our consent policy version so that you are invited to review your choices again.