Privacy policy
At NOMAD we take the privacy of the people who interact with us seriously. This Privacy Policy describes how PT. NOMAD DEVELOPMENT GROUP(hereinafter, «NOMAD») processes the personal data of users of the website, forms, events and contact channels.
This policy has been drafted with reference to Regulation (EU) 2016/679, the General Data Protection Regulation («GDPR»), Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights («LOPDGDD») and the applicable Indonesian legislation on the protection of personal data.
1. Data controller
- Controller: PT. NOMAD DEVELOPMENT GROUP
- NPWP: 19.780.248.1-915.000
- Address: Jalan Pariwisata Kuta, Kuta, Pujut, Kab. Lombok Tengah, Nusa Tenggara Barat, Indonesia.
- Email: nomaddevelopmentgroup@gmail.com
- Phone: +34 604 37 28 25
To the extent that the processing is carried out from outside the European Economic Area and is also directed at persons residing in the EU, NOMAD applies the guarantees required by Article 3.2 of the GDPR and, where appropriate, standard contractual clauses or equivalent mechanisms for international transfers.
2. Data we process
We only process the personal data strictly necessary for the purposes described in this policy. Depending on the contact channel, these may include:
- Identifying data: first name, surname.
- Contact data: email, phone, country of residence.
- Professional data / data of interest: investor profile, indicative amount of interest, motivation, free-text comments.
- Browsing data: IP address, device identifiers, pages visited, date and time of access. See Cookie Policy.
The user warrants the truthfulness and accuracy of the data provided and undertakes to communicate any changes.
3. Purposes and legal bases for processing
| Purpose | Legal basis |
|---|---|
| To handle enquiries and requests for information sent via form, email, WhatsApp or social media. | Consent of the data subject and pre-contractual measures requested by the data subject (art. 6.1.a and 6.1.b GDPR). |
| To manage the relationship with investors and potential investors, including the sending of project dossiers. | Performance of pre-contractual measures and/or a contract (art. 6.1.b GDPR). |
| To send commercial communications and a newsletter about NOMAD's projects, events and news. | Explicit consent of the data subject (art. 6.1.a GDPR and art. 21 LSSI-CE). |
| To maintain the security of the website and prevent fraud. | Legitimate interest of the controller (art. 6.1.f GDPR). |
| To comply with legal, tax and accounting obligations. | Compliance with a legal obligation (art. 6.1.c GDPR). |
4. Retention periods
- Data provided for one-off enquiries: until the enquiry is handled and, subsequently, for a maximum of 12 months.
- Data of investors and potential investors: for the duration of the relationship and, once it has ended, for the applicable legal periods (in particular, tax and anti-money laundering periods).
- Subscribers to commercial communications: until the user revokes their consent or requests to unsubscribe.
5. Recipients and processors
The data may be disclosed to the following recipients where strictly necessary for the purposes described:
- Technology service providers acting as processors (hosting, CRM, email marketing, analytics, messaging).
- Legal, tax and financial advisers bound by a duty of confidentiality.
- Competent public authorities where there is a legal obligation.
Certain processors may be located outside the European Economic Area. In such cases, NOMAD adopts appropriate safeguards (European Commission Standard Contractual Clauses or equivalent) to ensure an adequate level of protection.
NOMAD does not carry out automated decisions with significant legal effects on the data subject, nor does it create profiles that produce such effects.
6. Rights of the data subject
The user may exercise at any time the following rights recognised by the data protection regulations:
- Access to their personal data.
- Rectification of inaccurate or incomplete data.
- Erasure of the data when it is no longer necessary.
- Objection to the processing, in the cases provided for by law.
- Restriction of the processing.
- Portability of the data in a structured format.
- Withdrawal of the consent given, without this affecting the lawfulness of the prior processing.
- Not to be subject to automated individual decisions with legal effects.
The rights may be exercised by sending a request to nomaddevelopmentgroup@gmail.com, indicating the right to be exercised and enclosing a copy of an identification document. NOMAD will respond within the maximum period provided for by the applicable regulations.
Likewise, users residing in the European Union have the right to lodge a complaint with the competent supervisory authority, in Spain the Spanish Data Protection Agency (www.aepd.es), where they consider that the processing does not comply with the regulations.
7. Security measures
NOMAD applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the processing, including, as applicable, encryption, access control, backups, staff training and confidentiality agreements with providers.
8. Minors
The website is not directed at minors under 14 years of age and NOMAD does not deliberately collect data from persons who have not reached that age. If the processing of minors' data without the appropriate authorisation is detected, it will be deleted.
9. Modifications
NOMAD may update this Privacy Policy to adapt it to regulatory changes or to its activity. The date of the last update appears in the header of this document.
10. Contact
For any query relating to data protection, you may contact us at:
- Email: nomaddevelopmentgroup@gmail.com
- Phone: +34 604 37 28 25