Privacy Policy
Last updated: January 15, 2026
1. Data controller
Distrainedgh S.L., with Tax ID B-84729163 and registered office at Calle Serrano 41, 3rd Floor, 28001 Madrid, Spain, is the entity responsible for processing personal data collected through this website (distrainedgh.com). You may contact our Data Protection Officer at dpo@distrainedgh.com.
2. Data we collect
We collect data that you provide directly when using our services: full name, email address, and the content of messages you send through the contact form. Additionally, we automatically collect technical information such as your IP address, browser type, operating system, pages visited, and duration of your visit.
3. Purpose of processing
We use your personal data to respond to your inquiries and information requests, manage commercial and pre-contractual relationships, send communications related to our real estate crowdlending services (only with your prior consent), comply with our legal and regulatory obligations before the CNMV and other competent bodies, and improve the functionality and security of our platform.
4. Legal basis for processing
The processing of your data is based on: your express consent when submitting the contact form (Article 6.1.a of the GDPR), the execution of a contract or pre-contractual measures (Article 6.1.b), compliance with legal obligations applicable to the Spanish financial sector (Article 6.1.c), and our legitimate interest in improving our services and ensuring platform security (Article 6.1.f).
5. Data recipients
Your personal data will not be shared with third parties except where legally required. We may share information with: technology service providers who assist us in operating the platform (under data processing agreements), regulatory authorities such as the CNMV, Bank of Spain, or AEPD when required by law, and legal advisors and auditors within the framework of our compliance obligations.
6. International transfers
In principle, your data is processed within the European Economic Area (EEA). In the event that a service provider is located outside the EEA, we will ensure that adequate safeguards exist in accordance with Article 46 of the GDPR, such as standard contractual clauses approved by the European Commission.
7. Data retention period
We will retain your personal data for the time necessary to fulfill the purpose for which it was collected. Contact data will be retained for a maximum of 2 years from your last interaction. Data relating to legal obligations will be retained for the periods required by applicable regulations (up to 10 years for tax and accounting matters).
8. Your rights
Under the GDPR and LOPDGDD, you have the right to: access your personal data, rectify inaccurate or incomplete data, request the deletion of your data when no longer necessary, object to processing in certain circumstances, request restriction of processing, and request portability of your data. To exercise these rights, you may write to dpo@distrainedgh.com stating your request and attaching a copy of your identity document. You also have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es).
9. Data security
We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include encryption of data in transit and at rest, role-based access controls, periodic security audits, and ongoing training of our staff in data protection matters.
10. Changes to this policy
We reserve the right to update this Privacy Policy to reflect changes in our data processing practices or in applicable legislation. We will notify you of any significant changes through a notice on our platform. We recommend that you review this policy periodically.