Noddo Partners

Data Privacy Policy

  • Last update: 26/05/2026.

This Data Privacy Policy establishes the terms and conditions under which Javiera Papic, acting under the commercial trademark Noddo Partners (hereinafter, “the Data Controller” or “the Controller“), collects, processes, safeguards, and treats the personal data of users (hereinafter, “the Data Subject” or “the Data Subjects“) who access, browse, or use the features enabled on this website.

This policy has been drafted in strict compliance with the current regulatory framework, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR), as well as Organic Law 3/2018 of December 5 on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

Identifying Data of the Data Controller:

  • Legal Representative: Javiera Papic
  • Commercial Name: Noddo Partners
  • NIF/NIE: [Tax Identification Number / Foreigner Identification Number with letter]
  • Professional Address: [Tax address in Spain – Street, Number, Postal Code, City]
  • Contact Email for Privacy Purposes: [email protected] 

 

1. Data Security

The Data Controller assumes an unyielding commitment to guaranteeing the confidentiality, integrity, and availability of the Data Subject’s personal information. To this end, Noddo Partners has adopted and rigorously applies the necessary technical and organizational measures, in accordance with the provisions of Article 32 of the GDPR, to prevent the alteration, loss, unauthorized processing, or access to personal data.

Among the implemented security measures, the website utilizes secure socket layer encryption protocols (SSL/TLS certificates) to ensure that the transmission of data between the Data Subject’s browser and our servers is carried out in an encrypted and secure manner. Likewise, access to Noddo Partners’ databases is strictly restricted to authorized personnel and is subject to mandatory confidentiality agreements. The servers where the information is hosted feature intrusion prevention systems, firewalls, and continuous monitoring to mitigate any cyber vulnerability risks.

2. Collection and Storage of Personal Data: Nature and Purpose of Its Use

The processing of personal data by Noddo Partners is governed by the principles of lawfulness, fairness, transparency, data minimization, and purpose limitation. The collection of information varies depending on the Data Subject’s interaction with the website:

a) If the Data Subject visits our website

During mere navigation through our website, even if the Data Subject does not actively provide information, the underlying computer systems and software procedures automatically collect certain technical information whose transmission is inherent to the use of Internet communication protocols.

This information includes, but is not limited to: the IP address of the requesting equipment or device, the date and time of the request, the time zone difference relative to Greenwich Mean Time (GMT), the content of the request (specific page visited), the access status/HTTP status code, the volume of data transferred, the website from which the request originates (referrer URL), the browser type, the operating system and its interface, as well as the language and version of the browser software.

  • Purpose and Legal Basis: This data is temporarily stored in the server’s log files. The purpose of this processing is to safeguard the correct technical operation of the website, guarantee the stability and security of Noddo Partners’ computer systems, and detect potential anomalies or cyberattacks. The legal basis that legitimizes this processing is Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in operating a secure and functional website.

b) If the Data Subject uses our web forms or contact channels

For the purposes of this Policy, “using web forms or contact channels” is understood as the voluntary completion of contact forms, sending emails, requesting detailed information, or submitting proposals to establish professional or collaborative relationships.

In these cases, the Data Controller collects the following personal data:

  • Identifying Data: First and last name.
  • Contact Data: Email address and telephone number.

 

Purpose: To manage communication with the Data Subject, respond to their requests for information, assess their interest in the investment opportunities presented informatively on the website, and, exclusively upon their request, provide their contact data to the specific real estate developer or fund manager of the project in which the Data Subject expresses express interest. The legal basis is the Data Subject’s consent (Art. 6.1.a GDPR), pre-contractual measures (Art. 6.1.b GDPR), and legitimate interest in the operational management of the requests received (Art. 6.1.f GDPR).

Personal data will be stored for the time strictly necessary to fulfill the purpose for which it was collected, as long as the commercial or professional relationship persists, and, in any case, until the Data Subject requests its erasure. Subsequently, data will be kept duly blocked during the limitation periods of the corresponding legal responsibilities.

3. Consent for Data Disclosure and Transfers

As a general principle, Noddo Partners does not sell, lease, or transfer the personal data of Data Subjects to third-party corporate entities. The processing of information is internal and confidential.

However, there are exceptions strictly delimited by the nature of the information channel provided:

  • Transfer to Partners and Strategic Allies: When the Data Subject expresses a concrete interest in an investment opportunity presented by Noddo Partners, their identifying and contact data will be disclosed to the specific real estate developer or fund manager that owns the corresponding project (whose identity will be privately revealed to the Data Subject subject to a confidentiality agreement). This entity will act as an independent Data Controller for its own subsequent processing (including KYC/AML processes and the formalization of the definitive contract, to which Noddo Partners is not a party). This communication will only take place upon the express, specific, and verifiable consent of the Data Subject for each disclosure.
  • Data Processors and International Data Transfers: To guarantee the website’s technical infrastructure, the Controller contracts hosting and data storage services from external providers. The primary hosting provider is Hostinger, whose operational servers are located within Europe, specifically in the United Kingdom. Furthermore, disaster recovery backups are hosted on servers located in the Federal Republic of Germany.

 

International data transfers to the United Kingdom are fully protected legally by the Adequacy Decision issued by the European Commission, which certifies that said territory guarantees a level of protection substantially equivalent to that required within the European Union. Hosting in Germany, as an EU Member State, is subject to the direct jurisdiction of the GDPR. Calendly is utilized for calendar management and booking meetings with the Data Subject. Calendly processes personal data such as name, email, and booking details. It is domiciled in the United States; international transfers are protected by the European Commission’s Standard Contractual Clauses (SCCs) and by Calendly’s adherence to the EU-U.S. Data Privacy Framework when applicable.

4. Cookies

This website employs “cookies” and similar tracking technologies. Cookies are small text files that the web server temporarily or persistently places on the user’s terminal device (computer, tablet, smartphone) through the web browser, which store specific information linked to that device.

Noddo Partners utilizes the Complianz consent management plugin to ensure regulatory compliance in the deployment of these technologies, implementing Google Consent Mode. This ensures that non-essential cookies (those intended for analytical or statistical purposes) are not installed on the user’s device without their prior explicit and unequivocal consent granted through the corresponding informational banner. The Data Subject holds the absolute power to configure their browser to reject the installation of all cookies or to be notified of their emission, as well as to withdraw their consent at any time.

5. Web Analytics

For the purpose of systematically evaluating user interaction with the digital environment and optimizing information architecture and site usability, the Data Controller processes certain usage data through web analytics tools.

Google Analytics

This website uses Google Analytics 4 (hereinafter, “GA4”), a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). GA4 uses analytical cookies that allow the Data Controller to perform statistical measurements and navigation behavior analysis.

It is imperative to underscore that the configuration implemented by Noddo Partners does not pursue advertising purposes (neither Google Ads nor remarketing features are employed), limiting the use of the tool to extracting aggregated metrics related to traffic volume, landing pages, session duration, and interaction rates. GA4 employs pseudonymization mechanisms by default and anonymizes the IP addresses of users within Member States of the European Union or other States party to the Agreement on the European Economic Area prior to any transmission to Google servers located in the United States. The legal basis for the use of this tool and the corresponding data transfer is the explicit consent granted by the user through the acceptance of analytical cookies (Article 6(1)(a) of the GDPR).

6. Information, Rectification, Restriction, and Erasure (Rights of the Data Subject)

The current legal framework establishes a series of unrenouncable prerogatives in favor of the Data Subject regarding their personal data. In accordance with Articles 15 to 21 of the GDPR, any user who has provided their data to Noddo Partners holds the right to exercise the following faculties:

  • Right of Access: The faculty to obtain confirmation as to whether or not personal data concerning them is being processed, and, if so, the right to access said data and detailed information about the processing.
  • Right to Rectification: The faculty to demand the immediate correction of inaccurate personal data or the completion of incomplete data.
  • Right to Erasure (Right to be forgotten): The faculty to require the deletion of their personal data without undue delay when any of the circumstances provided by law apply, such as when the data is no longer necessary in relation to the purposes for which it was collected.
  • Right to Restriction of Processing: The faculty to request the temporary freezing or blocking of the processing of their data under specific legally established conditions.
  • Right to Data Portability: The faculty to receive the personal data provided in a structured, commonly used, and machine-readable format, and to transmit it to another data controller without hindrance.
  • Right to Object: The faculty to object at any time, on grounds relating to their particular situation, to personal data concerning them being processed.

 

The exercise of these rights is strictly personal, free of charge, and not subject to excessive formal requirements. To make these rights effective, the Data Subject must send a written communication, reliably identifying themselves, to the email address enabled for this purpose: [email protected]

Additionally, the Data Subject is informed of their right to lodge a complaint with the competent supervisory authority, which in Spanish territory corresponds to the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD), in the event that they consider their rights regarding personal data protection to have been violated.

7. Changes to the Data Privacy Policy

The Data Controller reserves the unilateral authority to review, modify, update, or amend this Data Privacy Policy at any time. Such modifications may arise from the need to adapt the policy to legislative developments, regulatory requirements, jurisprudential rulings, guidelines issued by the Spanish Data Protection Agency, or intrinsic variations in the architecture, operational services, or structure of Noddo Partners’ processing operations.

The current version will always be the one published on this webpage of the website. Data Subjects are urged to review this document regularly to stay informed about the safeguard measures implemented regarding their personal information.