Privacy Policy

Miami House Market (“we”, “us”, “our”) is a lead-generation editorial site operated by Viru Group OÜ, a member of the Viru Group portfolio of companies. The site at miamihousemarket.eu connects international buyers with new-construction inventory in Miami-Dade, Florida.

For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and equivalent legislation, Viru Group OÜ is the data controller for personal data submitted via this site.

We only process data you choose to share with us. The categories are:

• Lead form submissions, name, email, phone (optional), budget range, project of interest, the language you wrote in, and any free-text message.
• Newsletter / list opt-in, email and the language at signup. Stored via our email provider (Resend, Inc., United States).
• Cookies + analytics, only if you consent. We use Google Tag Manager + Google Analytics 4 for aggregated usage, Meta Pixel + Conversions API for ad attribution, and a Cloudflare Turnstile token to verify the form was not submitted by a bot.
• Technical logs, IP address, browser user-agent, and request timestamp are written to our server logs and retained for 30 days for security and abuse-prevention purposes only.

We do not collect government identifiers, financial account numbers, payment-card data, or sensitive personal data (race, religion, health, sexual orientation, etc.) through this site.

• Performance of a contract / pre-contract steps (GDPR Art. 6(1)(b)), to respond to your enquiry and prepare a proposal for new-construction inventory.
• Consent (Art. 6(1)(a)), for marketing cookies, newsletter signup, and Meta/Google analytics.
• Legitimate interests (Art. 6(1)(f)), for fraud prevention, security logs, and operating our service. Balanced against your rights.

We never sell your personal data. We share only with processors strictly required to deliver our service:

• Resend, Inc. (United States), transactional email delivery (lead acknowledgements, team alerts) and audience contact storage. Resend is SOC 2 Type II certified and processes data under EU Standard Contractual Clauses where applicable.
• Meta Platforms Ireland, Conversions API and Pixel, only if you consent to marketing cookies. Hashed identifiers (SHA-256 email, phone) are sent so Meta cannot reverse the original value.
• Google Ireland Ltd, Google Analytics 4 and Google Ads conversion API, only with consent. IPs are anonymised at collection.
• WhatsApp Business / Meta, only if you initiate a chat. Message content is processed under Meta's Business Messaging terms.
• Cloudflare Inc., CDN, WAF, and Turnstile bot protection. Data may transit Cloudflare edge nodes globally.
• Hetzner Online GmbH (Germany / Finland) , application + database hosting. All EU-resident.

Data Processing Agreements (DPAs) under Article 28 GDPR are in place with every named processor. For transfers outside the EEA we rely on the EU Standard Contractual Clauses or equivalent.

• Lead enquiries, 24 months from the last meaningful interaction, then automatic deletion or anonymisation. Renewed if you continue the conversation.
• Newsletter, until you unsubscribe (one click in every email).
• Server access logs, 30 days.
• Database backups, encrypted snapshots rolled forward 30 days.

Under the GDPR (EU/EEA), the UK GDPR, California CCPA / CPRA, and equivalent regimes, you may at any time request:

• Access, a copy of the personal data we hold about you.
• Rectification, correction of inaccurate data.
• Erasure, deletion of your data (the “right to be forgotten”).
• Portability, export of your data in a machine-readable format.
• Restriction or objection , limit or stop our processing.
• Withdraw consent, for marketing, cookies, or newsletter at any time.
• Lodge a complaint with your local data protection authority (in Estonia: Andmekaitse Inspektsioon; in the EU broadly, your national supervisory authority).

To exercise any of these rights, email legal[at]virugroup[dot]company. We respond within 30 days at no charge.

Detailed cookie controls live inside our consent banner. Three categories:

• Strictly necessary, session, locale, CSRF, Turnstile token. Always on; no consent required.
• Analytics, Google Analytics 4. Off by default. Anonymised IPs only.
• Marketing, Meta Pixel, Google Ads conversion. Off by default.

You can change your choices at any time via the “Cookies” link in the footer, or by clearing site data in your browser.

This site is intended for adult buyers. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted data, email us and we will delete it immediately.

We may update this policy as the service evolves. Material changes will be flagged at the top of this page and, if you are on our newsletter, communicated at least 14 days before they take effect.

Controller: Viru Group OÜ
Privacy enquiries: legal[at]virugroup[dot]company
General contact: /contact