Find Your Long-term Home, Business space or Land in Bali.

Connect Directly With Verified Property Owners

Privacy Policy

Last Updated: March 10, 2025

1. Introduction

Welcome to Property Plaza ("Company", "we", "our", "us"). The Privacy Policy governs your use of our website and services operated by Spanjaard Advice Agency B.V.

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by all the terms outlined in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.


1.1 Data Controller

For the purposes of the EU General Data Protection Regulation 2016/679 (GDPR), Spanjaard Advice Agency B.V. is the data controller responsible for your personal data with the following details:

  • Company Name: Spanjaard Advice Agency B.V.
  • Registration Number: 85692611
  • Registered Address: De Nieuwe Erven 3, Cuijk, the Netherlands
  • Email: info@property-plaza.com

2. Information We Collect

We collect several types of information from and about users of our Service, including:

2.1 Personal Data

Personal Data refers to information that can be used to identify you individually. According to the GDPR, 'personal data' means any information relating to an identified or identifiable natural person ('data subject'). We may collect the following Personal Data:

  • Identity Information: Full name, username or similar identifier, title, date of birth
  • Contact Information: Email address, telephone numbers, postal address
  • Financial Information: Payment card details, bank account information (processed via Stripe)
  • Profile Information: Preferences, feedback, survey responses
  • Technical Information: IP address, login data, browser type and version, device information, operating system
  • Usage Information: Information about how you use our Service, including browsing patterns and preferences
  • Location Data: Geographic location data if you allow our Service to access this information

2.2 Special Categories of Personal Data

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

2.3 Non-Personal Data

We also collect non-personal data that does not directly identify you but relates to your use of the Service:

  • Aggregated data
  • Statistical data
  • Demographic information
  • Anonymous usage data

3. Legal Basis for Processing Your Personal Data (GDPR)

We will only process your personal data when we have a legal basis to do so. The legal bases we rely on include:

3.1 Contract Performance

Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This applies when you:

  • Create an account with us
  • Purchase or use our services
  • Contact our customer support regarding our services

3.2 Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. Our legitimate interests include:

  • Improving and developing our services
  • Protecting our services against fraud and illegal activity
  • Marketing our services to existing customers

3.3 Legal Obligation

Processing is necessary for compliance with a legal obligation to which we are subject, such as:

  • Tax and accounting obligations
  • Responding to law enforcement requests
  • Complying with regulatory requirements

3.4 Consent

You have given consent to the processing of your personal data for one or more specific purposes, such as:

  • Sending marketing communications
  • Collecting certain types of sensitive data
  • Using cookies and similar tracking technologies

You have the right to withdraw your consent at any time by contacting us or using the unsubscribe function in our communications.


4. How We Collect Your Information

We use different methods to collect data from and about you, including:

4.1 Direct Interactions

Information you provide when:

  • Creating an account
  • Filling out forms on our Service
  • Subscribing to our newsletters
  • Posting listings
  • Contacting our support team
  • Participating in surveys or promotions

4.2 Automated Technologies

As you interact with our Service, we automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this data using:

  • Cookies: Small data files placed on your device
  • Web Beacons: Small electronic files to count users who have visited certain pages
  • Server Logs: Records of activities on our servers
  • Pixel Tags: Tiny graphics with a unique identifier

4.3 Third-Party Sources

We receive Personal Data about you from various third-party sources:

  • Authentication Providers: When you sign in using Google oAuth
  • Analytics Providers: Such as Sentry
  • Advertising Partners: Such as Facebook (Meta)
  • Payment Processors: Such as Stripe
  • Mapping Services: Such as Google Maps

5. How We Use Your Information

We use your information for the following purposes:

5.1 Provide and Maintain Our Service

  • Create and manage your account
  • Process transactions
  • Send service-related communications
  • Provide customer support

5.2 Improve Our Service

  • Monitor usage patterns
  • Conduct research and analysis
  • Develop new products and services
  • Fix bugs and resolve technical issues

5.3 Personalize Your Experience

  • Deliver content tailored to your interests
  • Remember your preferences
  • Provide location-based services

5.4 Marketing and Communications

  • Send promotional materials
  • Inform you about updates
  • Measure advertising effectiveness

5.5 Safety and Security

  • Detect and prevent fraud
  • Protect our Service against misuse
  • Enforce our terms and policies

6. Third-Party Service Providers and Their GDPR Compliance

We work with several third-party service providers to facilitate our Service. These providers may have access to your Personal Data only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. We ensure that all our data processors provide sufficient guarantees to implement appropriate technical and organizational measures to meet GDPR requirements.

6.1 Hosting Providers

Vercel

  • What we share: Website usage data, IP addresses, browser information
  • Purpose: To host our web application and provide content delivery
  • Legal Basis: Legitimate interest and necessity for contract performance
  • Data Processing Location: EU and international data centers
  • Data Protection Measures: Vercel is EU-US Privacy Shield certified and implements appropriate safeguards for international transfers
  • GDPR Compliance: Vercel GDPR Compliance
  • Privacy Policy: Vercel Privacy Policy
  • DPA Available: Yes, contact us

Hetzner

  • What we share: Database information, including user accounts and listing details
  • Purpose: To host our databases and store customer information
  • Legal Basis: Legitimate interest and necessity for contract performance
  • Data Processing Location: Germany (EU)
  • Data Protection Measures: EU-based data centers with strict security standards
  • GDPR Compliance: Hetzner GDPR Information
  • Privacy Policy: Hetzner Privacy Policy
  • DPA Available: Yes, contact us

6.2 Analytics and Monitoring

Sentry

  • What we share: Error reports, performance data, usage information
  • Purpose: To monitor application performance and fix bugs
  • Legal Basis: Legitimate interest
  • Data Processing Location: US with EU data storage options
  • Data Protection Measures: Implements appropriate safeguards for international transfers
  • GDPR Compliance: Sentry GDPR Compliance
  • Privacy Policy: Sentry Privacy Policy
  • DPA Available: Yes, contact us

6.3 Marketing and Advertising

Facebook Pixel

  • What we share: Website activity, conversion data, behavioral data
  • Purpose: To measure advertising effectiveness and deliver targeted advertisements
  • Legal Basis: Consent (you can opt-out)
  • Data Processing Location: International data centers
  • Data Protection Measures: Meta has implemented Standard Contractual Clauses
  • GDPR Compliance: Meta GDPR Compliance
  • Privacy Policy: Meta Privacy Policy
  • DPA Available: Yes, contact us

6.4 Authentication

Google oAuth

  • What we share: Email address and basic profile information
  • Purpose: To enable users to log in using their Google accounts
  • Legal Basis: Consent when you choose to use Google login
  • Data Processing Location: International data centers
  • Data Protection Measures: Standard Contractual Clauses and appropriate technical measures
  • GDPR Compliance: Google Cloud GDPR Resource Center
  • Privacy Policy: Google Privacy Policy
  • DPA Available: Yes, contact us

6.5 Payment Processing

Stripe

  • What we share: Payment information, transaction details, billing address
  • Purpose: To process payments securely
  • Legal Basis: Necessity for contract performance
  • Data Processing Location: US and EU data centers
  • Data Protection Measures: Standard Contractual Clauses and appropriate technical measures
  • GDPR Compliance: Stripe GDPR Compliance
  • Privacy Policy: Stripe Privacy Policy
  • DPA Available: Yes, contact us

6.6 Mapping and Location Services

Google Maps

  • What we share: Location data, search queries
  • Purpose: To provide mapping functionality and location-based services
  • Legal Basis: Consent and legitimate interest
  • Data Processing Location: International data centers
  • Data Protection Measures: Standard Contractual Clauses
  • GDPR Compliance: Google Cloud GDPR Resource Center
  • Privacy Policy: Google Privacy Policy
  • DPA Available: Yes, contact us

7. Cookies and Similar Technologies

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Service. They help us recognize your device and remember certain information about your visit.

7.2 How We Use Cookies

We use cookies to:

  • Keep you signed in
  • Understand how you use our Service
  • Remember your preferences
  • Personalize your experience
  • Measure the effectiveness of our marketing campaigns

7.3 Types of Cookies We Use

Essential Cookies

  • Necessary for the Service to function
  • Legal basis: Legitimate interest
  • Storage period: Session or persistent (up to 2 years)
  • Cannot be disabled

Preference Cookies

  • Remember your preferences and settings
  • Legal basis: Consent
  • Storage period: Up to 1 year

Analytics Cookies

  • Collect information about how you use our Service
  • Help us improve our Service
  • Legal basis: Consent
  • Storage period: Up to 2 years

Marketing Cookies

  • Track your browsing habits
  • Deliver advertising relevant to your interests
  • Legal basis: Consent
  • Storage period: Up to 13 months

7.4 Cookie Consent

When you first visit our Service, we will ask for your consent to set cookies on your device, except for essential cookies which are necessary for the operation of our Service. You can withdraw your consent at any time by changing your cookie preferences in our Cookie Settings.

7.5 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can:

  • Delete existing cookies
  • Block cookies
  • Set your browser to alert you when cookies are being sent

Please note that disabling cookies may affect the functionality of our Service.

8. Data Sharing and Disclosure

We may share your information in the following situations:

8.1 Business Partners

We may share your information with our business partners to offer you certain products, services, or promotions. In such cases, we ensure that:

  • We have a legal basis for sharing your data
  • We have appropriate contracts in place
  • We only share data necessary for the intended purpose

8.2 Corporate Transactions

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. In such cases, we will:

  • Notify you before your personal data is transferred
  • Ensure the new controller complies with this Privacy Policy

8.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). When we receive such requests, we:

  • Verify the legitimacy of the request
  • Only disclose what is necessary
  • Notify you when possible and legally permitted

8.4 Protection of Rights

We may disclose your information to:

  • Enforce our Terms of Service
  • Investigate potential violations
  • Protect against legal liability
  • Protect the safety of users, the public, or our Service

9. International Data Transfers

We operate globally and may transfer your information to countries outside your country of residence, including countries outside the European Economic Area (EEA). When we do, we ensure that your information receives an adequate level of protection.

9.1 EU-US and Swiss-US Data Transfers

For users in the European Economic Area (EEA) or Switzerland, we ensure that transfers of personal data to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR.

Following the invalidation of the Privacy Shield framework, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules where applicable
  • Derogations under Article 49 of the GDPR where necessary

9.2 Safeguards

We implement appropriate safeguards for cross-border transfers, which may include:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Approved codes of conduct or certification mechanisms
  • Additional technical measures to ensure an adequate level of protection

9.3 List of Third Countries

Your data may be transferred to the following countries outside the EEA:

  • United States
  • Other countries where our service providers operate

10. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to:

  • Comply with our legal obligations
  • Resolve disputes
  • Enforce our legal agreements and policies
  • Continue to provide our Service

10.1 Retention Periods

We apply the following retention periods to your data:

  • Account information: As long as your account remains active, plus 2 years after account closure
  • Transaction data: 10 years (to comply with tax and accounting regulations)
  • Communication data: 2 years after the last communication
  • Marketing preferences: Until you withdraw your consent
  • Technical and usage data: 2 years from collection

When your Personal Data is no longer required, we will securely delete or anonymize it.

11. Data Security

We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

  • Encryption of Personal Data in transit and at rest (using TLS and AES-256)
  • Regular security assessments and vulnerability testing
  • Access controls and authentication procedures
  • Staff training on data protection
  • Incident response plans
  • Regular backups
  • Data minimization practices

However, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

11.1 Data Breach Notification

In the event of a personal data breach, we will notify:

  • The relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible, unless the breach is unlikely to result in a risk to your rights and freedoms
  • You, without undue delay, when the breach is likely to result in a high risk to your rights and freedoms

12. Your Data Protection Rights (GDPR)

Under the GDPR, if you are an EU resident, you have the following rights:

12.1 Right to Access

You have the right to request copies of your Personal Data. We will provide this information within 30 days, with a possibility to extend this period for particularly complex requests.

12.2 Right to Rectification

You have the right to request that we correct any inaccurate information or complete any incomplete information we have about you.

12.3 Right to Erasure ('Right to be Forgotten')

You have the right to request that we delete your Personal Data in certain circumstances, such as when the data is no longer necessary, when you withdraw consent, or when you object to processing.

12.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the data.

12.5 Right to Data Portability

You have the right to request that we transfer your Personal Data to another organization or directly to you, in a machine-readable format.

12.6 Right to Object

You have the right to object to our processing of your Personal Data in certain circumstances, including processing for direct marketing purposes or processing based on legitimate interests.

12.7 Right to Withdraw Consent

You have the right to withdraw your consent at any time where we rely on consent to process your Personal Data.

12.8 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

12.9 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within 30 days. We may ask for verification of your identity before responding to your request.

12.10 Fees for Data Requests

We do not charge a fee for processing your data protection requests unless your request is clearly unfounded, repetitive, or excessive.

12.11 Right to Complain to a Supervisory Authority

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside.

13. Additional Privacy Rights

13.1 For California Residents (CCPA/CPRA)

  • Right to Know: You have the right to request information about the Personal Data we collect, use, and disclose.
  • Right to Delete: You have the right to request deletion of your Personal Data.
  • Right to Opt-Out: You have the right to opt-out of the sale or sharing of your Personal Data.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
  • Right to Correct: You have the right to request correction of inaccurate Personal Data.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use of your sensitive Personal Data.

13.2 For Users in Other Jurisdictions

You may have similar rights under applicable local laws. To exercise any of these rights, please contact us using the information provided in the "Contact Us" section.

14. Children's Privacy

Our Service is not directed to individuals under the age of 16 ("Children"). We do not knowingly collect Personal Data from Children. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

For significant changes, we will take additional steps to notify you, such as:

  • Displaying a prominent notice on our Service
  • Sending you an email notification
  • Obtaining your consent again where required by law

16. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By email: info@property-plaza.com
  • By mail: Segment 3, Duiven, the Netherlands.
  • By using our contact form: http://property-plaza.id/en/contact-us

We aim to respond to all legitimate inquiries within 30 days.

17. Data Protection Officer

For users in the European Economic Area, you may contact our Data Protection Officer:

  • R. Theijs
  • dpo@property-plaza.com
  • De Nieuwe Erven 3, Cuijk, the Netherlands

18. Supervisory Authority

If you are located in the European Economic Area and believe that we have not adequately resolved your data protection concern, you have the right to lodge a complaint with your local data protection authority. Contact details for data protection authorities in the European Economic Area can be found at: https://edpb.europa.eu/about-edpb/board/members_en