In accordance with the provisions of current on the protection of personal data, with particular reference to Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, ‘GDPR’) ) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, ‘LOPDGDD’), we inform the User that their personal data will be processed in the following manner:
1. THE DATA CONTROLLER
MOEVE, S.A. (hereafter MOEVE).
Tax ID Number: A28003119. Registered Office: Paseo de la Castellana 259 A, 28046 Madrid, Spain.
Data Protection Officer contact details: dpo@moeveglobal.com
2. PURPOSE OF PERSONAL DATA PROCESSING
Personal data provided via the website shall be incorporated into processing records owned by Moeve or the companies that comprise the Moeve Group, which can be checked on www.moeveglobal.com with the following purposes:
Purpose 1: User management
- Data processed for this purpose: To manage Website Users and, where applicable, activate and administer registration as a User in the reserved area of the Website.
- Description of the purpose: Manage the Users of the Website and, where appropriate, the activation and administration of the registration as a User in the reserved area of the Website.
- Basis of legitimacy: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
Purpose 2: Provision of Web Site Services
- Data processed for this purpose: To provide the services included on the Website and/or to provide the information requested, whether via the website, by email or by telephone.
- Description of the purpose: To provide the services included on the website and/or the information requested, either via the website, email or telephone. Phone calls may be recorded for the purpose of guaranteeing the quality of the service. Emails may register confirmation of receipt and reading.
- Basis of legitimacy: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
Purpose 3: Recording calls and confirming emails.
- Data processed for this purpose: To record telephone conversations made to Customer Service or the Complaints Channel, where applicable, in order to ensure better quality of service. Likewise, emails may include confirmation of receipt and reading.
- Data processed for this purpose: Identification, contact and voice data.
- Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in ensuring the quality of the service and resolving any disputes. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
Purpose 4: To manage the contractual relationship with Users.
- Data processed for this purpose: Comprehensively manage the contractual or commercial relationship established between Moeve and the User, including the management of User data as a user of the website, the creation of a unique customer ID within the Moeve Group, the administrative, accounting and operational processing necessary for its execution, as well as its maintenance and monitoring.
- Description of the purpose: Identification and contact details (such as name, surname, and email address) provided by the User when registering as a customer, as well as economic and financial data, as well as economic and financial data.
- Basis of legitimacy: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
Purpose 5: Incident management.
- Data processed for this purpose: To deal with any incidents that may arise in the performance of the contract with Moeve. In this context, the Customer may be contacted if fraud or identity theft is detected or reasonably suspected during the course of the contractual relationship.
- Description of the purpose: To deal with any incidents that may arise in connection with the use of the Web Site.
- Basis of legitimacy: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
Purpose 6: Query management.
- Data processed for this purpose: Manage queries submitted by users via the contact forms provided for this purpose on the website.
- Description of the purpose: Manage the queries made by users through the contact forms implemented for this purpose in the web portal.
- Basis of legitimacy: The treatment is based on the consent given by the User by means of the clear affirmative action that involves sending the query through the form prepared for this purpose.
Purpose 7: Manage queries regarding job opportunities.
- Data processed for this purpose: Manage enquiries regarding employment opportunities at MOEVE, submitted by users via the contact forms provided for this purpose on the website.
- Description of the purpose: Manage queries regarding employment opportunities in MOEVE, made by users through the contact forms implemented for this purpose in the web portal.
- Basis of legitimacy: The treatment is based on the consent given by the User by means of the clear affirmative action that involves sending the query through the form prepared for this purpose.
Purpose 8: Ethics channel management.
- Data processed for this purpose: Manage queries relating to MOEVE's corporate ethics channel submitted by users via the contact forms provided for this purpose on the website.
- Description of the purpose: Manage queries regarding MOEVE's corporate ethics channel made by users through the contact forms implemented for this purpose on the web portal.
- Basis of legitimacy: Art. 6.1 c) GDPR - Compliance with legal obligation, in relation to Directive (EU) 2019/1937 of the European Parliament and of the Council on the protection of persons who report on breaches of Union law and Law 2/2023, of 20 February, regulating the protection of persons who report on regulatory breaches and the fight against corruption.
Purpose 9: Send news alerts on the Website.
- Data processed for this purpose: In cases where the User subscribes, send alerts of new content published on the Website.
- Description of the purpose: In those cases in which the User subscribes, to send alerts of new content published on the Website.
- Basis of legitimacy: The treatment is based on the consent given by the User by means of the clear affirmative action that involves sending the query through the form prepared for this purpose.
Purpose 10: Implement cookies.
- Data processed for this purpose: Install tracking systems that report on browsing habits or cookies accepted by the data subject, in accordance with the provisions of this Website's Cookie Policy.
- Description of the purpose: Install those tracking systems that report on browsing habits or Cookies accepted by the interested party, as indicated in the Cookies Policy of this Website.
- Basis of legitimacy: The processing is based on the consent given by the User.
In each process where the User provides his/her personal data, he/she shall be informed of the mandatory or optional nature of their completion and the consequences of not providing them.
Purpose 11: Management and maintenance of Customer data as a user of the Website.
- Purpose: To manage and maintain, where applicable, Customer data through the website, as well as to control, manage and maintain the services inherent.
- Type of data: Identification and contact details.
- Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
Purpose 12: Compliance with legal obligations
- Description of the purpose: Compliance with legal obligations applicable to Moeve.
- Data processed for this purpose: Any categories of data processed in the context of the above purposes.
- Legal basis: Art. 6.1 c) GDPR - Compliance with legal obligation.
3. ORIGIN OF THE PERSONAL DATA
The personal data of an identifying and contact nature that Moeve will process, including name, last name, e-mail address, etc., have been provided mostly directly by the User himself/herself through forms. Users are responsible for the accuracy of the data and for updating it.
Likewise, Moeve may obtain information collected through the web, such as statistical or navigation data.
4. THIRD PARTY PERSONAL DATA
If the data provided belonged to a third party, the User guarantees that he or she has informed the third party of this Privacy Policy and obtained his or her consent to furnish his/her data to Moeve for the stated purposes. He/she also confirms that the data provided is accurate and up-to-date, and assumes liability for any loss or damages, whether direct or indirect, that may be incurred as a result of non-compliance with this obligation.
5. PERSONAL DATA STORAGE PERIOD
The personal data provided will be kept for the time necessary to fulfil the purpose stated in each case and for as long as the contractual relationship is maintained, the data subject does not request its deletion and it does not have to be deleted in order to comply with a legal obligation or for the formulation, exercise and defence of claims.
Once the specified retention period has expired (depending on the purpose), personal data may be retained, duly blocked, for the limitation periods of any legal actions and liabilities that may arise, in each case, from the specific processing activity carried out, after which it will be completely deleted.
With regard to data processed for marketing purposes, if the user has exercised their right to object to receiving commercial communications, their identification data may be retained for the purpose of preventing further communications from being sent to their contact email addresses in the future.
6. TRANSFERS AND RECIPIENTS OF PERSONAL DATA
All transfers specified below are necessary for the fulfillment of the aforementioned purposes, or are carried out in compliance with a legal obligation. Personal data can be transferred to:
- If necessary, to companies of the Moeve Group, which can be consulted at www.moeve.es for administrative purposes and management of the relationship with the client, based on MOEVE´s legitimate interest to that effect. The legitimate interest for the aforementioned purpose of assignment would consist of guaranteeing better organization and optimization, as well as unified management of the resources of the business group in cases in which, internally, it is necessary for the effective execution of the activity undertaken in the Website.
- Government Administrations and the Administration of Justice.
- MOEVE suppliers who, where appropriate, are contracted to measure web traffic and user behavior by means of cookies and similar systems, in accordance with the Cookies Policy, and who will act as data processors.
No international transfer of users’ personal data is foreseen. However, in the event of any international transfer, it will be carried out in compliance with the criteria and requirements of the regulations in force, through the adoption of appropriate legal guarantees, which may consist of the formalization with the recipient of the data of (i) Standard Contractual Clauses approved by the European Commission to legitimize the international transfer of data to third countries or (ii) in another valid legal instrument that allows guaranteeing an adequate level of protection equivalent to that of the European Economic Area.
7. RIGHTS OF DATA SUBJECTS
The User may exercise with MOEVE S.A., if applicable, their rights of access, rectification or deletion, limitation of processing, opposition, portability and to oppose automated individual decisions at the e-mail address derechos.arco@moeveglobal.com or at MOEVE´S registered office at Paseo de la Castellana, 259 A, 28046-Madrid (Spain). They may also revoke their consent if they have granted it for any specific purpose, and may modify their preferences at all times.
It is also noted that MOEVE has appointed a Data Protection Officer (DPO) to whom questions may be raised concerning the processing of personal data at their registered office and/or by email dpo@moeveglobal.com with the reference: “Data Protection”.
Additionally, the User is informed that they may address any type of claim regarding personal data protection to the Agencia Española de Protección de Datos (Spanish Data Protection Agency), www.aepd.es, if they consider their rights in the matter are being violated.