In accordance with the legislation in force on the protection of personal data, with particular attention to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter, “GDPR” ) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter, “LOPDGDDD”), we inform the User, that their personal data will be processed as follows:
 
1. Personal data controller (*)
 
 
MOEVE COMMERCIAL S.A.U (“MOEVE”), with tax ID No.: A80298896, with registered office: Paseo de la Castellana, 259 A, 28046-Madrid (Spain) data protection delegate: dpo@moeveglobal.com.
 
(*) If you have contracted products and/or services with, MOEVE S.A. (MOEVE), NIF: A28003119 and registered office at  Paseo de la Castellana, 259 A, Postal Code 28046 Madrid (Spain), this company will be considered Data Controller.
 
 
2. Categories of personal data, purposes and legal basis for processing 
 
The personal data provided at contracting time, as well as those provided in the future as a result of their development, will be incorporated in a MOEVE personal data protection registry for the following purposes:
 
    1.To provide, manage, control and maintain the contractual or commercial relationship requested

Purpose: To comprehensively manage the established contractual or commercial relationship, including the management of Customer data as a user of the website, the creation of a unique Customer ID within the Moeve Group, the administrative, accounting, and operational processing necessary for its execution, as well as its maintenance and monitoring.
Type of data: Identification, contact, and economic and financial data.
Legal basis: Art. 6.1.b) GDPR - Contractual execution and establishment of pre-contractual measures.

2. Sending commercial communications directly related to the services contracted
Purpose: To send commercial communications, by conventional and/or electronic means (emails, SMS, purchase receipts), relating to Moeve's own products and services and similar to those previously contracted/purchased by the Customer, for the duration of their customer relationship.
Type of data: Identification and contact details.
Legal basis: art. 6.1.f) GDPR - Legitimate interest of Moeve, consisting of promoting the contracting of its products and services, in accordance with the requirements and conditions set forth in Law 34/2002 on information society services and electronic commerce. You can request additional information about the legitimate interest invoked by contacting dpo@moeveglobal.com, and you can object at any time to receiving these commercial communications by writing to derechos.arco@moeveglobal.com.

3. Sending commercial communications from third parties.
Purpose: Sending commercial communications regarding benefits or advantages offered by third-party companies, always communicated through Moeve, which will be based on collaboration agreements related to the following sectors: Leisure, travel, culture, cards and means of payment, automotive, transport, insurance, distribution and financing, gifts, fashion, home and technology.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.a) GDPR – Customer consent. Under no circumstances will the withdrawal of this consent affect the performance of the main contract.

4. Segmentation and profiling:
Purpose: To carry out segmentation and profiling tasks through the analysis of the use of the services offered, in order to tailor marketing offers and activities to each Customer, to conduct behavioral advertising studies, or to obtain statistical samples that may help the company improve the personalization of its product and service offerings by offering personalized products and services.
Type of data: Browsing data, online identifiers and, where applicable, geographical location data, through cookies.
Legal basis: Art. 6.1.a) GDPR – Customer consent. Under no circumstances does the withdrawal of this consent condition the execution of the main contract.


5. Provision of the services and information requested, whether via the website, by post or by telephone.
Purpose: To respond to and manage requests for information, services, or products made by the interested party, whether by electronic, telephone, or postal means.
Type of data: Identification and contact details
Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.


6. Call recording and email confirmation.
Purpose: To record telephone conversations made to Customer Service in order to ensure better quality of service. Likewise, emails may include confirmation of receipt and reading.
Type of data: Identification, contact, and voice data.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in ensuring service quality and resolving any disputes. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.

7.Handle incidents of a contractual nature.
Purpose: To deal with any incidents that may arise in the execution of the contract with Moeve. In this context, the Customer may be contacted if fraud or identity theft is detected or reasonably suspected during the course of the contractual relationship.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.

8. To conduct customer satisfaction surveys
Purpose: To conduct satisfaction surveys on the product or service contracted.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in knowing the level of satisfaction of its customers in relation to the products or services offered, in order to improve them.

9. Risk analysis and data verification for fraud prevention and creditworthiness purposes
Purpose: To analyze risk and compare or contrast your data in order to verify its accuracy and veracity in relation to entities that provide creditworthiness, credit, and fraud prevention services.
Type of data: Identification and contact details; social circumstances; transactions of goods and services; other categories of data; data derived from the use of the service.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in ensuring the lawful and proper management and development of the contractual relationship, avoiding the occurrence of unlawful and/or incorrect practices. You can obtain further information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.

10. Management of non-payments and compliance with financial obligations.
Purpose: Where applicable, to manage compliance with financial obligations in relation to any non-payments that may be made by the Customer. To this end, this financial information may be included in a file shared by the companies of the Moeve Group for the same purposes. In this regard, consultation of files relating to the breach of financial obligations may lead Moeve, as the Marketing Company, to take decisions with legal effects or that affect you, which may result in the contract not coming into force or its validity being conditional upon the provision of a payment guarantee. However, Moeve will always give the Customer the opportunity to argue whatever they deem relevant in order to defend their rights or interests.
Type of data: Identification, economic, and financial data.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in knowing the solvency of its customers in order to manage possible breaches and consequent economic losses for Moeve. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.


11. Management and maintenance of Customer data as a user of the Website.
Purpose: To manage and maintain, where applicable, Customer data through the website, as well as to control, manage and maintain the services inherent.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.


12. Data validation and identification in records through social media
Purpose: to validate the Customer's identity when they access the Website using social media credentials (social login), in order to guarantee the authenticity of their profile. Likewise, the Customer may be contacted if signs of identity theft, misuse of social media profiles, or attempts at fraud linked to access or registration are detected.
Type of data: Browsing data, online identifiers.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in protecting system security and preventing fraudulent access. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com. Art. 6.1.b) GDPR - Contract performance and establishment of pre-contractual measures

13. Compliance with legal obligations
Purpose: Compliance with legal obligations applicable to Moeve.
Type of data: Any categories of data processed in the context of the above purposes.
Legal basis: Art. 6.1 c) GDPR - Compliance with legal obligation.

 
 3. Third party personal data
 
In the event that the provided personal data was of a third party, the customer guarantees that he has informed the third party of this privacy policy and obtained his permission to provide Moeve his data for the stated purposes. It also ensures that the data provided is accurate and up-to-date, it being responsible for any loss or damage, direct or indirect, that might arise as a result of the non-compliance of such obligation.
 
 
  4. Personal data storage period
 
The personal data provided shall be kept for the time necessary to fulfill the purpose stated in each case and until the contractual relationship is maintained, its deletion is not request by the interested party and should not be deleted for the fulfilment of a legal obligation or for the formulation, exercise and defense of claims.
 
Once the established retention period has expired (depending on the purpose), personal data may be retained, duly blocked, for the duration of the limitation period for any legal actions and liabilities that may arise, in each case, from the specific processing activity carried out, after which it will be completely deleted.
With regard to data processed for marketing purposes, if the user has exercised their right to object to receiving commercial communications, their identification data may be retained for the purpose of preventing further communications from being sent to their contact email addresses in the future.
 
 
5. Origin of the personal data
 
 
The personal data that MOEVE will process is for the provision of the contracted services which have been provided mainly by the customer during the contracting process, such as name, surname, address, contact data, means of payment data. The customer is responsible for its accuracy and updating.
 
Furthermore, MOEVE may also obtain information collected through the web, as well as the use of the contracted services, such as statistics or navigation data, or in its case, of interests and consumption through the MOEVE program “Moeve GOW Club”.
 
Also, if the User has registered in the website through social networks, MOEVE will be able to obtain the required information for the registration form directly from that social network.
 
Moeve will use an authentication token system (a encoded security key that facilitates access to the network) for User identification or registration and can make the access to the private customer area easier.
 
In no case data from third parties will be collected from the User. The customer data will be entered by the same on the social networks and behavioral analysis and market segmentation will be obtained from comments or “tweets” automatically without human intervention. The User is informed of the possibility of editing the information he wants to share with MOEVE, allowing a wider access or restricting the information he wants to share, as well as the possibility to revoke the consent given at any given time.
 
Furthermore, data from the client’s device or terminal may be collected, provided that he has granted its consent for this, in order to facilitate the provision of services, to perform advertising activities and to provide him with personalized and appropriate information according to his location. The customer may at any time disable the access to geolocation data, as well as revoke the consent provided for his geolocation, by configuring the settings on his device or terminal. 
 
 
6. Transfers and recipients of personal data
 
 
All data assignments which MOEVE will perform are necessary for the fulfilment of the stated purposes, or are performed in order to fulfil a legal obligation regarding the following companies and public organizations:
 
    a) MOEVE Group companies, available at www.moeveglobal.com
    b) Government agencies and the judicial administration system.
    c) Companies providing financial solvency services, credit and fraud prevention, for risk analysis and to collate or analyze data in order to verify the accuracy and veracity of the same and companies providing payment services.
    d) Insurance, reinsurance, guarantee funds companies or any other third party acting as a guarantor of the risk or transactions when the customer uses MOEVE means of payment, in case the issuer of the payment means has agreements with the companies indicated and for the sole purpose of identifying his registration as a MOEVE cardholder.
  e) Where appropriate, distribution companies, in order to manage access to the network, User’s identity, address, consumption and non-payment situations, said data being incorporated in the supply points information system file, under the responsibility of the distribution company.
    f) Companies and entities collaborating with MOEVE, for the organization, management and/or promotion of competitions, events, special offers, and prize draws, in the event that the Participant has decided to register and/or take part in them.
  g) MOEVE suppliers: MOEVE has arranged a contract with Amazon Web Services, Inc. and Salesforce.com Inc. for its IT infrastructure and customer management using the “cloud computing" model under the EU-US Privacy Shield agreement. Information available at: https://www.privacyshield.gov/Participant?id=a2zt0000000TOWQAA4
The European Union has authorized the Salesforce.com Inc. Binding Corporate Rules (BCR) that allows international data transfers to be made within the business group. However, the User gives his express and unequivocal consent to the international transmission of his personal data to companies domiciled in countries which do not have adequate data protection regulations.
h) MOEVE has hired Google, Weborama Ibérica, S.L. and Salesforce.com Inc. as Suppliers for the purpose of measuring web traffic and customer behavior. Information on Cookies Policy from MOEVE and its suppliers available to the customer in their websites:
Weborama Ibérica, S.L. - http://www.weborama.com/e-privacy/our-commitment/
Google Analytics - https://support.google.com/analytics/answer/181881?hl=es
Salesforce.com, Inc.- https://www.salesforce.com/company/privacy/full_privacy.jsp#nav_info
 
 
  8. Customers’ Rights
 
 
The User may exercise before MOEVE Comercial Petroleo, S.A., if applicable, his access rights, rectification or suppression, data processing limiting, opposition, portability and opposition to automated individual decisions. He may also revoke his consent if he has granted it for any specific purpose, and may modify his preferences at all times.
 
The Customer may exercise his rights in the e-mail address: derechos.arco@moeveglobal.com.
, or at the registered office of MOEVE Comercial Petroleo, S.A. (Ref.: Data Protection-Legal Advice), at Paseo de la Castellana, 259 A, 28046-Madrid (Spain). The Customer is informed that he can direct any claim regarding personal data protection to the Spanish Data Protection Agency www.aepd.es, Spain Control Authority