PRIVACY POLICY
Data Controller
Identity: ESEL AMI CONSULTING, S.L. – CIF B54929971
Address: Calle Maestro José Garberí Serrano No. 11, Block 5, Stairway 4 – 1C, Playa de San Juan, Alicante/Alacant, C.P. 03540, Spain
Contact email: privacy@casasfinanzas.es
The data processors engaged by ESEL AMI CONSULTING, S.L. will only have access to personal data when strictly necessary to provide the contracted service, always in accordance with the documented instructions of the Data Controller and under the corresponding data processing agreements, pursuant to Article 28 of the GDPR.
Purposes of Processing
The personal data provided by Users through the portal will be processed by ESEL AMI CONSULTING, S.L. for the following purposes:
a) To manage Participants’ access to the portal and enable the use of the electronic auction Platform.
b) To verify the identity and authorization of representatives and registered users on the portal.
c) To process registration, participation, and adherence in debt portfolio auctions.
d) To manage communications between Buyers, Sellers, and the Operator within the Platform.
e) To comply with legal obligations in the fields of anti-money laundering, tax, commercial, and accounting regulations.
f) To respond to requests for information, inquiries, or complaints submitted by Users.
g) To send communications related to the operation of the portal, service updates, changes to general terms, and technical aspects.
h) With express consent, to send commercial communications regarding services and activities related to the purchase and sale of debt portfolios and electronic auctions.
Legal Basis for Processing
The processing of Users’ personal data by ESEL AMI CONSULTING, S.L. is based on the following legal grounds:
a) Performance of a contract or pre-contractual measures: for managing registration, participation in auctions, and necessary communications between Participants, Buyers, Sellers, and the Operator.
b) Compliance with legal obligations: in particular, those arising from regulations on anti-money laundering and terrorist financing (Law 10/2010), tax, commercial, and accounting laws, as well as Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD).
c) Legitimate interest: in ensuring the correct management, operation, and security of the portal, and maintaining necessary communications between registered users and the operator.
d) Explicit consent of the User: with regard to the sending of commercial communications and, where applicable, the transfer of data to third parties, when strictly necessary and previously authorized.
The data processors engaged by ESEL AMI CONSULTING, S.L. will only access personal data when strictly necessary to provide the service, always following the documented instructions of the Data Controller and under the corresponding data processing agreements (Art. 28 GDPR).
Data Retention Periods
ESEL AMI CONSULTING, S.L. will retain Users’ personal data only for the time strictly necessary to fulfill the purposes described in this Privacy Policy.
In particular:
a) Contractual relationship: data will be kept for the duration of the contractual relationship and, once it ends, for the statutory limitation period for claims (generally 6 years for commercial matters and up to 10 years for obligations arising from anti-money-laundering regulations).
b) Legal obligations: data needed to comply with accounting, tax, or anti-money-laundering obligations will be retained for the periods required by the applicable regulations.
c) Consent: where processing is based on the User’s consent, data will be retained until such consent is withdrawn.
d) Security and fraud prevention: data related to security incidents or attempted fraud may be kept in a blocked state for the time necessary to enable the exercise or defense of legal claims.
Data Recipients
Users’ personal data will not be disclosed to third parties, except in the following cases:
a) Legal obligation: where it is necessary to disclose data to public authorities, supervisory bodies, or financial institutions in compliance with current regulations (including tax, commercial, anti-money-laundering rules, or court orders).
b) Service providers: ESEL AMI CONSULTING, S.L. may disclose data to suppliers providing services necessary for the operation of the Platform (technology services, support, server hosting, cybersecurity tools, etc.), all acting as data processors pursuant to Article 28 GDPR and subject to the corresponding contractual confidentiality and security obligations.
c) Platform users: within the context of auction operations, strictly necessary identifying data may be disclosed to other participants (sellers or buyers) solely to the extent indispensable for executing the transaction.
Under no circumstances will personal data be sold, rented, or used for purposes other than those set out in this Privacy Policy.
Users’ Rights
In accordance with Articles 15 to 22 of the GDPR, Users may exercise the following rights regarding their personal data at any time:
a) Right of access: to obtain confirmation as to whether their data are being processed and to access such data.
b) Right to rectification: to request the correction of inaccurate or incomplete data.
c) Right to erasure: to request the deletion of data when they are no longer necessary for the purposes for which they were collected.
d) Right to restriction of processing: to request that processing be restricted in certain cases provided for under the GDPR.
e) Right to object: to object to the processing of their data on grounds relating to their particular situation.
f) Right to data portability: to receive their personal data in a structured, commonly used, machine-readable format and to transmit them to another controller.
g) Right not to be subject to automated decision-making, including profiling, unless necessary for the performance of a contract or authorized by law.
The exercise of these rights will be free of charge, unless requests are manifestly unfounded or excessive.
To exercise any of these rights, the User may contact ESEL AMI CONSULTING, S.L. by email at privacy@casasfinanzas.es or by postal mail to the registered address indicated in this document, enclosing a copy of their identification document.
Users also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if they consider that the processing of their personal data infringes current regulations.
Data Retention
The personal data provided will be retained only for the time strictly necessary to fulfill the purposes for which they were collected and for as long as the contractual or service relationship with the User remains in effect.
Once this relationship ends, the data will be blocked for the legally established periods in order to address any potential liabilities arising from the processing and will be made available only to judges, courts, the Public Prosecutor’s Office, or competent Public Authorities.
In particular, the following retention criteria will apply:
a) Data related to contract execution: retained for a maximum period of 6 years, in accordance with commercial law.
b) Data related to tax and accounting obligations: retained for a maximum period of 10 years, pursuant to applicable tax and anti-money-laundering legislation.
c) Data processed on the basis of User consent: retained until such consent is withdrawn.
Data processors engaged by ESEL AMI CONSULTING, S.L. will only access personal data when strictly necessary to provide the service, always following the documented instructions of the Controller and under the corresponding data processing agreements (Article 28 GDPR).
Security Measures
The company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.
These measures include, among others:
a) Encryption of communications and secure storage on servers located within the European Union.
b) Access control through personalized credentials for administrators and users.
c) Regular backups and incident recovery plans.
d) Continuous monitoring of technical infrastructure to prevent unauthorized access.
Data processors engaged by ESEL AMI CONSULTING, S.L. will only access personal data when strictly necessary to provide the service, always following the documented instructions of the Controller and under the corresponding processing agreements (Article 28 GDPR).
International Data Transfers
Personal data collected through the Platform are hosted on servers provided by DigitalOcean LLC (LEI Code: 549300EDRXGWOG3MUL20, https://www.digitalocean.com), with data centers located in the European Union (Amsterdam).
Therefore, any international data transfer is carried out with an adequate level of protection in compliance with Regulation (EU) 2016/679 (GDPR).
Data processors engaged by ESEL AMI CONSULTING, S.L. will only access personal data when strictly necessary to provide the service, always in accordance with the Controller’s documented instructions and under the corresponding data processing agreements (Article 28 GDPR).
Changes to This Policy
The Operator reserves the right to modify this Privacy Policy at any time to adapt it to new legislative developments, case law, industry practices, or the legitimate interests of the company.
Any modifications will be published on the portal, indicating the date of the latest update.
If the changes materially affect Users’ rights, this will be clearly communicated on the Platform and, where required, the consent of the data subjects will be requested again.
Data Protection Officer (DPO)
For any inquiries related to personal data protection, Users may contact the company at the following email address: privacy@casasfinanzas.es
Validity of the Policy
This Privacy Policy enters into force on the date indicated below and will remain valid until replaced by a duly published new version on the portal.
Last update: 17 / 10 / 2025
Data Controller
Identity: ESEL AMI CONSULTING, S.L. – CIF B54929971
Address: Calle Maestro José Garberí Serrano No. 11, Block 5, Stairway 4 – 1C, Playa de San Juan, Alicante/Alacant, C.P. 03540, Spain
Contact email: privacy@casasfinanzas.es
The data processors engaged by ESEL AMI CONSULTING, S.L. will only have access to personal data when strictly necessary to provide the contracted service, always in accordance with the documented instructions of the Data Controller and under the corresponding data processing agreements, pursuant to Article 28 of the GDPR.
Purposes of Processing
The personal data provided by Users through the portal will be processed by ESEL AMI CONSULTING, S.L. for the following purposes:
a) To manage Participants’ access to the portal and enable the use of the electronic auction Platform.
b) To verify the identity and authorization of representatives and registered users on the portal.
c) To process registration, participation, and adherence in debt portfolio auctions.
d) To manage communications between Buyers, Sellers, and the Operator within the Platform.
e) To comply with legal obligations in the fields of anti-money laundering, tax, commercial, and accounting regulations.
f) To respond to requests for information, inquiries, or complaints submitted by Users.
g) To send communications related to the operation of the portal, service updates, changes to general terms, and technical aspects.
h) With express consent, to send commercial communications regarding services and activities related to the purchase and sale of debt portfolios and electronic auctions.
Legal Basis for Processing
The processing of Users’ personal data by ESEL AMI CONSULTING, S.L. is based on the following legal grounds:
a) Performance of a contract or pre-contractual measures: for managing registration, participation in auctions, and necessary communications between Participants, Buyers, Sellers, and the Operator.
b) Compliance with legal obligations: in particular, those arising from regulations on anti-money laundering and terrorist financing (Law 10/2010), tax, commercial, and accounting laws, as well as Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD).
c) Legitimate interest: in ensuring the correct management, operation, and security of the portal, and maintaining necessary communications between registered users and the operator.
d) Explicit consent of the User: with regard to the sending of commercial communications and, where applicable, the transfer of data to third parties, when strictly necessary and previously authorized.
The data processors engaged by ESEL AMI CONSULTING, S.L. will only access personal data when strictly necessary to provide the service, always following the documented instructions of the Data Controller and under the corresponding data processing agreements (Art. 28 GDPR).
Data Retention Periods
ESEL AMI CONSULTING, S.L. will retain Users’ personal data only for the time strictly necessary to fulfill the purposes described in this Privacy Policy.
In particular:
a) Contractual relationship: data will be kept for the duration of the contractual relationship and, once it ends, for the statutory limitation period for claims (generally 6 years for commercial matters and up to 10 years for obligations arising from anti-money-laundering regulations).
b) Legal obligations: data needed to comply with accounting, tax, or anti-money-laundering obligations will be retained for the periods required by the applicable regulations.
c) Consent: where processing is based on the User’s consent, data will be retained until such consent is withdrawn.
d) Security and fraud prevention: data related to security incidents or attempted fraud may be kept in a blocked state for the time necessary to enable the exercise or defense of legal claims.
Data Recipients
Users’ personal data will not be disclosed to third parties, except in the following cases:
a) Legal obligation: where it is necessary to disclose data to public authorities, supervisory bodies, or financial institutions in compliance with current regulations (including tax, commercial, anti-money-laundering rules, or court orders).
b) Service providers: ESEL AMI CONSULTING, S.L. may disclose data to suppliers providing services necessary for the operation of the Platform (technology services, support, server hosting, cybersecurity tools, etc.), all acting as data processors pursuant to Article 28 GDPR and subject to the corresponding contractual confidentiality and security obligations.
c) Platform users: within the context of auction operations, strictly necessary identifying data may be disclosed to other participants (sellers or buyers) solely to the extent indispensable for executing the transaction.
Under no circumstances will personal data be sold, rented, or used for purposes other than those set out in this Privacy Policy.
Users’ Rights
In accordance with Articles 15 to 22 of the GDPR, Users may exercise the following rights regarding their personal data at any time:
a) Right of access: to obtain confirmation as to whether their data are being processed and to access such data.
b) Right to rectification: to request the correction of inaccurate or incomplete data.
c) Right to erasure: to request the deletion of data when they are no longer necessary for the purposes for which they were collected.
d) Right to restriction of processing: to request that processing be restricted in certain cases provided for under the GDPR.
e) Right to object: to object to the processing of their data on grounds relating to their particular situation.
f) Right to data portability: to receive their personal data in a structured, commonly used, machine-readable format and to transmit them to another controller.
g) Right not to be subject to automated decision-making, including profiling, unless necessary for the performance of a contract or authorized by law.
The exercise of these rights will be free of charge, unless requests are manifestly unfounded or excessive.
To exercise any of these rights, the User may contact ESEL AMI CONSULTING, S.L. by email at privacy@casasfinanzas.es or by postal mail to the registered address indicated in this document, enclosing a copy of their identification document.
Users also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if they consider that the processing of their personal data infringes current regulations.
Data Retention
The personal data provided will be retained only for the time strictly necessary to fulfill the purposes for which they were collected and for as long as the contractual or service relationship with the User remains in effect.
Once this relationship ends, the data will be blocked for the legally established periods in order to address any potential liabilities arising from the processing and will be made available only to judges, courts, the Public Prosecutor’s Office, or competent Public Authorities.
In particular, the following retention criteria will apply:
a) Data related to contract execution: retained for a maximum period of 6 years, in accordance with commercial law.
b) Data related to tax and accounting obligations: retained for a maximum period of 10 years, pursuant to applicable tax and anti-money-laundering legislation.
c) Data processed on the basis of User consent: retained until such consent is withdrawn.
Data processors engaged by ESEL AMI CONSULTING, S.L. will only access personal data when strictly necessary to provide the service, always following the documented instructions of the Controller and under the corresponding data processing agreements (Article 28 GDPR).
Security Measures
The company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.
These measures include, among others:
a) Encryption of communications and secure storage on servers located within the European Union.
b) Access control through personalized credentials for administrators and users.
c) Regular backups and incident recovery plans.
d) Continuous monitoring of technical infrastructure to prevent unauthorized access.
Data processors engaged by ESEL AMI CONSULTING, S.L. will only access personal data when strictly necessary to provide the service, always following the documented instructions of the Controller and under the corresponding processing agreements (Article 28 GDPR).
International Data Transfers
Personal data collected through the Platform are hosted on servers provided by DigitalOcean LLC (LEI Code: 549300EDRXGWOG3MUL20, https://www.digitalocean.com), with data centers located in the European Union (Amsterdam).
Therefore, any international data transfer is carried out with an adequate level of protection in compliance with Regulation (EU) 2016/679 (GDPR).
Data processors engaged by ESEL AMI CONSULTING, S.L. will only access personal data when strictly necessary to provide the service, always in accordance with the Controller’s documented instructions and under the corresponding data processing agreements (Article 28 GDPR).
Changes to This Policy
The Operator reserves the right to modify this Privacy Policy at any time to adapt it to new legislative developments, case law, industry practices, or the legitimate interests of the company.
Any modifications will be published on the portal, indicating the date of the latest update.
If the changes materially affect Users’ rights, this will be clearly communicated on the Platform and, where required, the consent of the data subjects will be requested again.
Data Protection Officer (DPO)
For any inquiries related to personal data protection, Users may contact the company at the following email address: privacy@casasfinanzas.es
Validity of the Policy
This Privacy Policy enters into force on the date indicated below and will remain valid until replaced by a duly published new version on the portal.
Last update: 17 / 10 / 2025
Head Office
Contacto
Regus Rivas Square Garden
C/ Marie Curie, 9-15, 4ª planta
Edificio B - Bioma
28521 Rivas Vaciamadrid
C/ Marie Curie, 9-15, 4ª planta
Edificio B - Bioma
28521 Rivas Vaciamadrid
Casas Finanzas
