Last updated: May 28, 2026
This Privacy Policy describes how Amanecer Austral SpA (hereinafter, "Amanecer Austral", "we" or "the agency") collects, uses, retains and protects the personal information of those who visit our site, communicate with us or engage our services.
1. Data controller
- Company name: Amanecer Austral SpA
- Address: Av. Urmeneta 1290, Of. 502, Puerto Montt, Los Lagos, Chile
- Site: amaneceraustral.com
- General email: urzula@amaneceraustral.com
- Privacy email: privacidad@amaneceraustral.com
- Legal representative: Urzula Velásquez, Founder
We are a boutique real-estate agency based in Puerto Montt, Chile. We market properties located in Chile and serve buyers who are both Chilean residents and international — including residents of the European Union, the United Kingdom and Latin America. For that reason, this policy addresses the data-protection frameworks that may apply depending on each person's place of residence.
2. Scope of application
This policy applies to:
- Anonymous visitors to amaneceraustral.com.
- People who create a visitor account (favorites, saved searches).
- People who submit a contact form, property inquiry, visit booking or sale request.
- People subscribed to email communications.
- Owners, principals and suppliers with whom we maintain a contractual relationship.
3. Regulatory framework
We process your personal information in compliance, as applicable, with:
- Chile: Law 19.628 on the Protection of Private Life and Law 21.719 (in force since December 2024, with full application in December 2026), supervised by the future Personal Data Protection Agency.
- European Union: Regulation (EU) 2016/679 ("GDPR") and Directive 2002/58/EC ("ePrivacy"), applicable when we offer services to, or monitor the behavior of, residents of the EU.
- United Kingdom: UK GDPR and the Data Protection Act 2018.
4. Data we collect
4.1 Data you provide to us
- Identity and contact: name, email, phone, preferred language.
- Visitor profile data (when you create an account): name, email, avatar photo (via OAuth with Google, Apple or Facebook), optional phone.
- Real-estate inquiry data: message, property of interest, indicative budget, intent (purchase, sale, appraisal, property management, expat legal advice, concierge), visit preferences.
- Seller principal data: information about the property, legal status, price expectations, supporting documentation.
- KYC/AML data when the transaction requires it: official identification, proof of address, source of funds, ultimate beneficial owner. See Section 9 of the Terms and Conditions.
4.2 Data collected automatically
- Technical identifiers: IP address, browser user agent, system language, approximate country via IP geolocation (provided by Cloudflare).
- Cookies and local storage: see our Cookie Policy. Cookies necessary for session (
aa_session), language (aa_locale) and currency (aa_currency). - Aggregate metrics: pages visited, time on page, referrer, via Plausible Analytics — a cookieless, privacy-first solution exempt from cookie consent under Art. 5.3 of the ePrivacy Directive.
- Marketing pixels (only with consent): Meta, Google Ads, GA4, TikTok, LinkedIn, as configured.
4.3 Data we receive from third parties
- OAuth providers (Google, Apple, Facebook) when you sign in: email, name, profile photo.
- Partner real-estate platforms when a lead reaches us via an external portal.
5. Purposes and legal bases for processing
| Purpose | Data | Legal basis | | ------------------------------------------------------ | ----------------------------------------------------------- | ----------------------------------------------------------------- | | Respond to inquiries and handle requests | Identity, contact, message | Performance of pre-contractual measures / legitimate interest | | Coordinate visits, offers and closing of transactions | Identity, contact, KYC | Performance of a contract | | Manage the visitor account (favorites, searches) | Profile, browsing behavior | Consent + performance of the requested service | | Comply with legal and tax obligations | KYC, contractual data | Compliance with a legal obligation | | Prevent money laundering and terrorist financing | KYC, source of funds, ultimate beneficial owner | Compliance with a legal obligation (Chile: Law 19.913; EU: AMLD) | | Comply with international sanctions (OFAC, EU, UN) | Identity, nationality, effective control | Compliance with a legal obligation | | Measure site performance (Plausible) | Aggregate metrics without identifiers | Legitimate interest (cookieless, privacy-first solution) | | Digital marketing and remarketing | Browsing behavior, advertising identifiers | Explicit consent (cookie banner) | | Send editorial communications (newsletter) | Email, language | Explicit consent (double opt-in) | | Defense of rights in judicial or administrative venues | Contractual and transaction data | Legitimate interest |
6. Processors and international transfers
We operate on globally distributed cloud infrastructure. Your data may be processed at points of presence located in the European Union, the United States and South America, depending on how the request is routed. The main processors are:
- Cloudflare Inc. (United States) — Edge hosting (Workers), database (D1), image storage (R2), security and bot mitigation (Turnstile). Covered by its own DPA + the European Commission's Standard Contractual Clauses (SCC).
- Resend (United States) — transactional email delivery (confirmations, replies to inquiries, password recovery). Covered by SCC.
- DeepL (Germany) — machine-assisted translation of editorial content when the agency requests it. EU-based processor.
- Plausible Analytics (Estonia / EU) — cookieless web analytics. EU-based processor.
- Vimeo (United States) — hosting and playback of property tour videos. Covered by SCC.
- Google, Apple, Meta — only when you voluntarily choose to sign in via OAuth or when you grant consent for marketing cookies.
When data is transferred outside the European Economic Area or Chile to jurisdictions without an adequate level of protection, we do so under the European Commission's Standard Contractual Clauses or equivalent measures contemplated in Law 21.719.
7. Data retention {#retencion-de-datos}
We retain your personal data only for as long as necessary for the purposes indicated:
- Unconverted leads: 24 months from the last contact, unless you request earlier deletion.
- Clients with a closed transaction: 6 years from closing, in compliance with tax (SII Chile) and anti-money-laundering (UAF, Law 19.913) obligations.
- Visitor account data: while the account is active; upon a deletion request, we anonymize within 30 days.
- Favorites and saved searches: linked to the account. Deleted when the account is closed.
- Cookie consent records: 24 months (regulatory audit).
- Technical and security logs: 90 days.
- Email communications: 3 years from the last interaction, unless a deletion request is made.
After these periods, we delete or anonymize the data so that it cannot be linked to an identifiable person.
8. Your rights
You may exercise the following rights over your personal data at any time:
- Access to the information we hold about you.
- Rectification of inaccurate or outdated data.
- Erasure ("right to be forgotten") when the data is no longer necessary or you withdraw consent.
- Portability in a structured, commonly used and machine-readable format.
- Objection to processing based on legitimate interest.
- Restriction of processing in specific cases.
- Not to be subject to automated decisions with significant effect. We do not carry out profiling or automated decisions with legal effect.
- Withdrawal of consent at any time, without affecting the lawfulness of prior processing.
How to exercise your rights
We have enabled a simple form to handle these requests:
Alternatively, you can write to us at privacidad@amaneceraustral.com indicating the right you wish to exercise. We will respond within a maximum of 30 calendar days (extendable by a further 30 days in complex cases), informing you in advance.
If you consider that the processing infringes your rights, you may file a complaint with:
- Chile: the future Personal Data Protection Agency (Law 21.719) or, today, the Council for Transparency.
- European Union: the supervisory authority of your member state of residence.
- United Kingdom: the Information Commissioner's Office (ICO).
9. Information security
We apply reasonable technical and organizational measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest (D1 / R2 encrypted at the provider level).
- PBKDF2-SHA256 hashing for passwords (100,000 iterations, native Web Crypto).
- Granular access control in the administration panel with roles (
owner,agent,assistant). - Audit log of all administrative mutations.
- Bot and form-abuse mitigation via Cloudflare Turnstile.
- Strict security headers (CSP, HSTS, X-Frame-Options).
- Anti-enumeration: administrative routes return 404 to unauthenticated visitors.
No system is invulnerable; we recommend that you do not share passwords and that you notify us immediately of any suspected unauthorized access to your account.
10. Use of artificial intelligence {#uso-de-ia}
Today we do not use generative artificial intelligence models to make decisions that affect you or to generate automated responses to your inquiries. Every communication you receive from the agency is written and signed personally by Urzula or by an authorized human agent.
The only use of AI in production today is:
- Machine-assisted translation of editorial content (property descriptions, region pages) using DeepL as the primary tool and, as an opt-in fallback, Cloudflare Workers AI models. Every translation remains in
pending_reviewstatus until an authorized team member approves it.
If in the future we incorporate other uses of AI with a significant effect on your experience or rights, we will update this section and request explicit consent where appropriate.
11. Minors
Our service is intended for adults. We do not knowingly collect data from persons under 18 years of age. If you are a parent, guardian or representative and believe that a minor in your care has provided us with data, please contact us to delete it.
12. Cookies and similar technologies
The use of cookies is governed by our Cookie Policy, where you will find the full inventory of the cookies we use, their categories and the mechanisms for managing consent.
13. Changes to this policy
We may update this policy to reflect legal, operational or technological changes. The current version always bears the "last updated" date at the top. If the changes are substantial, we will inform you through the usual means (a banner on the site or an email notice to those with an active account).
14. Contact
For any privacy inquiries, rights requests or complaints:
- Dedicated email: privacidad@amaneceraustral.com
- General email: urzula@amaneceraustral.com
- Postal: Av. Urmeneta 1290, Of. 502, Puerto Montt, Los Lagos, Chile
We will respond personally within a maximum of 5 business days for general inquiries and 30 calendar days for formal rights requests.