In accordance with the legislation in force on the protection of personal data, with particular attention to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter, “GDPR” ) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter, “LOPDGDDD”), , we inform the User that their personal data will be processed as follows:
1. Personal Data Controller (*)MOEVE COMMERCIAL S.A.U., (hereinafter Moeve), with tax ID No.: A80298896, with registered office: Paseo de la Castellana 259 A, 28046 Madrid, Spain.
(*) If you have contracted products and/or services with
MOEVE, S.A (MOEVE) (Tax ID No.: A28003119),
MOEVE RETAIL OPERATIONS, S.A.U. (CEDIPSA) (Tax ID No.: A28354520),
RED ESPAÑOLA DE SERVICIOS, S.A.U. (RESSA) (Tax ID No.: A25009192),
CEPSA GAS Y ELECTRICIDAD, S.A.U. (CGE) (Tax ID No.: A-28142552),
CEPSA GAS COMERCIALIZADORA, S.A. (CGC) (Tax ID No.: A-82485335, (any of them referred to hereinafter as “Moeve”, indistinctly), which registered offices located at Paseo de la Castellana, 259 A, CP 28046 Madrid (Spain), each of the above-mentioned companies will be considered as the Data Controller.
2. Categories of personal data, purposes and legal basis for processing The personal data provided at contracting time, as well as those provided in the future as a result of their development, will be incorporated in a MOEVE personal data protection registry for the following purposes:
1. To provide, manage, control and maintain the contractual or commercial relationship requested:
Purpose: To comprehensively manage the established contractual or commercial relationship, including the management of Customer data as a user of the website, the creation of a unique Customer ID within the Moeve Group, the administrative, accounting, and operational processing necessary for its execution, as well as its maintenance and monitoring.
Type of data: Identification, contact, and economic and financial data.
Legal basis: Art. 6.1.b) GDPR - Contractual execution and establishment of pre-contractual measures.
2. Sending commercial communications directly related to the services contracted
Purpose: To send commercial communications, by conventional and/or electronic means (emails, SMS, purchase receipts), relating to Moeve's own products and services and similar to those previously contracted/purchased by the Customer, for the duration of their customer relationship.
Type of data: Identification and contact details.
Legal basis: art. 6.1.f) GDPR - Legitimate interest of Moeve, consisting of promoting the contracting of its products and services, in accordance with the requirements and conditions set forth in Law 34/2002 on information society services and electronic commerce. You can request additional information about the legitimate interest invoked by contacting dpo@moeveglobal.com, and you can object at any time to receiving these commercial communications by writing to derechos.arco@moeveglobal.com.
3. Sending commercial communications from third parties.
Purpose: Sending commercial communications regarding benefits or advantages offered by third-party companies, always communicated through Moeve, which will be based on collaboration agreements related to the following sectors: Leisure, travel, culture, cards and means of payment, automotive, transport, insurance, distribution and financing, gifts, fashion, home and technology.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.a) GDPR – Customer consent. Under no circumstances will the withdrawal of this consent affect the performance of the main contract.
4. Segmentation and profiling:
Purpose: To carry out segmentation and profiling tasks through the analysis of the use of the services offered, in order to tailor marketing offers and activities to each Customer, to conduct behavioral advertising studies, or to obtain statistical samples that may help the company improve the personalization of its product and service offerings by offering personalized products and services.
Type of data: Browsing data, online identifiers and, where applicable, geographical location data, through cookies.
Legal basis: Art. 6.1.a) GDPR – Customer consent. Under no circumstances does the withdrawal of this consent condition the execution of the main contract.
5. Provision of the services and information requested, whether via the website, by post or by telephone.
Purpose: To respond to and manage requests for information, services, or products made by the interested party, whether by electronic, telephone, or postal means.
Type of data: Identification and contact details
Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
6. Call recording and email confirmation.
Purpose: To record telephone conversations made to Customer Service in order to ensure better quality of service. Likewise, emails may include confirmation of receipt and reading.
Type of data: Identification, contact, and voice data.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in ensuring service quality and resolving any disputes. You can obtain additional information on how we have assessed our legitimate interest by contacting us at
dpo@moeveglobal.com.
7. Handle incidents of a contractual nature.
Purpose: To deal with any incidents that may arise in the execution of the contract with Moeve. In this context, the Customer may be contacted if fraud or identity theft is detected or reasonably suspected during the course of the contractual relationship.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
8. To conduct customer satisfaction surveys
Purpose: To conduct satisfaction surveys on the product or service contracted.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in knowing the level of satisfaction of its customers in relation to the products or services offered, in order to improve them.
9. Risk analysis and data verification for fraud prevention and creditworthiness purposes
Purpose: To analyze risk and compare or contrast your data in order to verify its accuracy and veracity in relation to entities that provide creditworthiness, credit, and fraud prevention services.
Type of data: Identification and contact details; social circumstances; transactions of goods and services; other categories of data; data derived from the use of the service.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in ensuring the lawful and proper management and development of the contractual relationship, avoiding the occurrence of unlawful and/or incorrect practices. You can obtain further information on how we have assessed our legitimate interest by contacting us at
dpo@moeveglobal.com.
10. Management of non-payments and compliance with financial obligations.
Purpose: Where applicable, to manage compliance with financial obligations in relation to any non-payments that may be made by the Customer. To this end, this financial information may be included in a file shared by the companies of the Moeve Group for the same purposes. In this regard, consultation of files relating to the breach of financial obligations may lead Moeve, as the Marketing Company, to take decisions with legal effects or that affect you, which may result in the contract not coming into force or its validity being conditional upon the provision of a payment guarantee. However, Moeve will always give the Customer the opportunity to argue whatever they deem relevant in order to defend their rights or interests.
Type of data: Identification, economic, and financial data.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in knowing the solvency of its customers in order to manage possible breaches and consequent economic losses for Moeve. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
11. Management and maintenance of the Moeve promotional system GOW
Purpose: To manage and maintain, where applicable, Customer data through the “Club Moeve GOW” promotional benefits and advantages system, as well as to control, manage, and maintain the services inherent thereto. (For more information, see the terms and conditions of “Club Moeve GOW” at https://www.moeve.es/es/particular/club-gow/formulario-gow-promo-bienvenida.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
12. Data validation and identification in records through social media
Purpose: to validate the Customer's identity when they access the Website using social media credentials (social login), in order to guarantee the authenticity of their profile. Likewise, the Customer may be contacted if signs of identity theft, misuse of social media profiles, or attempts at fraud linked to access or registration are detected.
Type of data: Browsing data, online identifiers.
Legal basis: Art. 6.1.f) GDPR - Moeve's legitimate interest in protecting system security and preventing fraudulent access. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com. Art. 6.1.b) GDPR - Contract performance and establishment of pre-contractual measures
13. Compliance with legal obligations
Purpose: Compliance with legal obligations applicable to Moeve.
Type of data: Any categories of data processed in the context of the above purposes.
Legal basis: Art. 6.1 c) GDPR - Compliance with legal obligation.
3. Third party personal dataIn the event that the provided personal data was of a third party, the customer guarantees that he has informed the third party of this privacy policy and obtained his permission to provide Moeve his data for the stated purposes. The Participant also confirms that the data provided is accurate and up-to-date, and assumes liability for any loss or damages, whether direct or indirect, that may be incurred as a result of non-compliance with this obligation.
4. Personal data storage periodThe personal data provided shall be kept for the time necessary to fulfill the purpose stated in each case and until the contractual relationship is maintained, its deletion is not request by the interested party and should not be deleted for the fulfillment of a legal obligation or for the formulation, exercise and defense of claims.
Once the established retention period has expired (depending on the purpose), personal data may be retained, duly blocked, for the duration of the limitation period for any legal actions and liabilities that may arise, in each case, from the specific processing activity carried out, after which it will be completely deleted.
With regard to data processed for marketing purposes, if the user has exercised their right to object to receiving commercial communications, their identification data may be retained for the purpose of preventing further communications from being sent to their contact email addresses in the future.
6. Origin of the personal dataThe personal data that Moeve will process is for the provision of the contracted services which have been provided mainly by the customer during the contracting process, such as name, surname, address, contact data, means of payment data. The customer is responsible for its accuracy and updating.
Furthermore, Moeve may also obtain information collected through the web, as well as the use of the contracted services, such as statistics or navigation data, or in its case, of interests and consumption through the Moeve program “Moeve GOW Club”.
Also, if the customer has registered in the website through social networks, Moeve will be able to obtain the required information for the registration form directly from that social network.
Moeve will use an authentication token system (an encoded security key that facilitates access to the network) for User identification or registration and can make the access to the private customer area easier
In no case data from third parties will be collected from the User. The customer data will be entered by the same on the social networks and behavioral analysis and market segmentation will be obtained from comments or “tweets” automatically without human intervention. The customer is informed of the possibility of editing the information he wants to share with Moeve, allowing a wider access or restricting the information he wants to share, as well as the possibility to revoke the consent given at any given time.
Furthermore, data from the client’s device or terminal may be collected, provided that he has granted its consent for this, in order to facilitate the provision of services, to perform advertising activities and to provide him with personalized and appropriate information according to his location. The customer may at any time disable the access to geolocation data, as well as revoke the consent provided for his geolocation, by configuring the settings on his device or terminal.
7. Transfers and recipients of personal dataAll data assignments which Moeve will perform are necessary for the fulfilment of the stated purposes, or are performed in order to fulfil a legal obligation regarding the following companies and public organizations:
1. If necessary, to companies of the Moeve Group, which can be consulted at
https://www.moeve.es/en for administrative purposes and management of the relationship with the client, based on Moeve's legitimate interest to that effect. The legitimate interest for the aforementioned purpose of assignment would consist of guaranteeing better organization and optimization, as well as unified management of the resources of the business group in cases in which, internally, it is necessary for the effective execution of the activity undertaken in the Website.
2. Government agencies and the judiciary.
3. Companies providing financial solvency services, credit and fraud prevention, for risk analysis and to collate or analyze data in order to verify the accuracy and veracity of the same and companies providing payment services.
4. Insurance, reinsurance, guarantee funds companies or any other third party acting as a guarantor of the risk or transactions when the customer uses Moeve means of payment, in case the issuer of the payment means has agreements with the companies indicated and for the sole purpose of identifying his registration as a Moeve cardholder.
5. Where appropriate, distribution companies, in order to manage access to the network, customer's identity, address, consumption and non-payment situations, said data being incorporated in the supply points information system file, under the responsibility of the distribution company.
6. Companies and entities collaborating with Moeve, for the organization, management and/or promotion of requests, competitions, events, special offers, and prize draws, in the event that the Participant has decided to register and/or take part in them.
7. MOEVE suppliers who, where appropriate, are contracted to measure web traffic and user behavior by means of cookies and similar systems, in accordance with the Cookies Policy, and who will act as data processors.
No international transfer of users’ personal data is foreseen. However, in the event of any international transfer, it will be carried out in compliance with the criteria and requirements of the regulations in force, through the adoption of appropriate legal guarantees, which may consist of the formalization with the recipient of the data of (i) Standard Contractual Clauses approved by the European Commission to legitimize the international transfer of data to third countries or (ii) in another valid legal instrument that allows guaranteeing an adequate level of protection equivalent to that of the European Economic Area.
Further information on international transfers can be obtained by contacting our DPO at dpo@moeveglobal.com
8. Customers' RightsCustomers may exercise before Moeve, where applicable, their rights to access, rectification, erasure, restrict processing, object, portability and objection to automated decision making and profiling. He may also revoke his consent if he has granted it for any specific purpose, and may modify his preferences at all times.
Customers may exercise their rights through the following email address:
derechos.arco@moeveglobal.com, or at the registered offices of Moeve. (Ref.: Data Protection-Legal Advice), at Paseo de la Castellana, 259 A, 28046-Madrid (Spain). Customers are likewise informed that Moeve has appointed a Data Protection Officer (DPO) who can be contacted by email
dpo@moeveglobal.comand who can address any type of complaint regarding personal data protection before the Spanish Data Protection Agency
www.aepd.es, the Spanish Control Authority.
PRIVACY POLICY VIDEO SURVEILLANCE MOEVE RETAIL OPERATIONS, S.A.U., Tax ID Number: A28354520 (hereinafter, “Moeve Retail Operations”), provides you with the following information regarding the processing of personal data (images) collected during recordings made by camera or video camera systems installed on its premises.
WHO IS RESPONSIBLE FOR THE PROCESSING?
MOEVE RETAIL OPERATIONS, S.A.U., Paseo de La Castellana, 259-A. 28046 Madrid.
Tax ID number: A28354520.
Data Protection Officer:
dpo@moeveglobal.comWHAT DATA IS PROCESSED, FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS?
Purpose 1: to protect the safety of people, property, and facilities belonging to the Moeve Group entity acting as data controller in each case, against theft and intrusion, as well as against any type of vandalism or criminal action that could compromise the safety of said people, property, and facilities.
Type of data: images captured by video surveillance systems.
Legal basis: Article 6.1.e) of the GDPR, fulfillment of a task carried out in the public interest, in accordance with Law 5/2014, of April 4, on Private Security, and Royal Decree 2364/1994, of December 9, which approves the Private Security Regulations.
Purpose 2: Work monitoring. The data and images obtained through video surveillance cameras may be processed for work monitoring and disciplinary purposes.
Type of data: images captured by video surveillance systems.
Legal basis: legal authorization (legitimate interest) and legal powers granted by Article 20.3 of the Workers' Statute, in relation to the employment contract signed with the employee. For more information regarding the legitimate interest invoked by Moeve Retail Operations, employees may contact our DPO at the following email address:
dpo@moeveglobal.com
RECIPIENTS
In general, we will not transfer your personal data, except when necessary in accordance with a legal obligation of Moeve Retail Operations. In this regard, your data may be communicated to law enforcement agencies, courts and tribunals, and insurance companies.
PERSONAL DATA STORAGE PERIOD
We will process your data for a maximum period of 30 days from the date of recording, except in cases where it is necessary to investigate a specific incident or comply with a legal obligation, in which case the data will be stored for as long as necessary to clarify the facts and process the appropriate procedures or comply with applicable regulations.
Once this period has expired, any files or media will be deleted. This retention period may only be extended to comply with legal obligations.
RIGHTS OF DATA SUBJECTS
Data subjects have the right to access, rectify, delete, or transfer their data, and to limit or object to its processing in certain cases. These rights may be exercised by writing to the above postal address or by emailing
derechos.arco@moeveglobal.com with the subject line “Data Protection,” including your name, surname, address for notification purposes, and the right you wish to exercise. They may also lodge a complaint with the Spanish Data Protection Agency (www.aepd.es), particularly if they are not satisfied with the exercise of their rights.