Privacy policy
In accordance the current legislation on the protection of personal data, with special attention to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter, "RGPD" ) and the Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter, "LOPDGDD") we inform the Client that their personal data will be processed as follows:
1. Personal data controller (*)
CEPSA AVIACIÓN, S.A., (hereinafter, MOEVE indistinctly), with registered office at Camino San Lázaro (aeropto. rodeos), s/n, CP 38206 (Spain), with Tax Identification Number (NIF) A35146034. It is registered in the Mercantile Register of Santa Cruz de Tenerife (Spain).
(*)If you have contracted products and/or services with MOEVE, S.A. ( MOEVE), NIF: A28003119 and registered office at Paseo de la Castellana, 259 A, CP 28046 Madrid (Spain), this company will be considered the Data Controller.
2. Purpose of personal data processing
The personal data provided at the time of contracting, as well as those provided in the future as a result of its development, will be included in a processing register owned by Moeve for the following purposes:
1. To provide, manage, control and maintain the contractual or commercial relationship requested;
Purpose: To fully manage the contractual or commercial relationship established, including the management of the Client's data as a user of the website, the creation of the unique Client ID within the Moeve Group, the administrative, accounting and operational processing necessary for its execution, as well as its maintenance and monitoring.
Type of data: Identifying data, contact data, and economic and financial data.
Basis of legitimacy: art. 6.1.b) RGPD - Contractual performance and establishment of pre-contractual measures.
2. Sending commercial communications directly related to the contracted services.
Purpose: To send commercial communications, by conventional and/or electronic means (e-mails, SMS, purchase ticket), relating to Moeve's own products and services and similar to those previously contracted/acquired by the Client, for the duration of their client relationship.
Type of data: Identification and contact data.
Basis of legitimacy : interest of Moeve, consisting of promoting the contracting of its products and services, in accordance with the requirements and conditions set out in Law 34/2002, on information society services and electronic commerce. You may request additional information on the legitimate interest invoked by contacting dpo@moeveglobal.com, and you may object at any time to the receipt of these commercial communications by writing to derechos.arco@moeveglobal.com
3. Sending commercial communications from third parties.
Purpose: To send commercial communications referring to benefits or advantages of third party companies, always communicated through Moeve, which will be based on collaboration agreements related to the following sectors: Leisure, travel, culture, cards and means of payment, automotive, transport, insurance, distribution and financing, gifts, fashion, home and technology.
Type of data: Identification and contact data.
Basis of legitimacy: Art. 6.1.a) RGPD - Customer consent. In no case does the withdrawal of this consent condition the execution of the main contract.
4. Segmentation and profiling.
Purpose: To carry out segmentation and profiling work through the analysis of the use of the services offered, in order to adapt the offers and marketing activities to each Client, carry out behavioural advertising studies or obtain statistical samples that may help the company to improve the personalisation of the offers it makes of its products and services, offering personalised products and services.
Type of data: Browsing data, online identifiers and, where appropriate, geographical location data, through cookies.
Basis of legitimacy: Art. 6.1.a) RGPD - Customer consent. In no case does the withdrawal of this consent condition the execution of the main contract.
5. Provision of services and information requested, either by web, post or telephone.
Purpose: To attend to and manage requests for information, services or products made by the interested party, whether by electronic, telephone or postal means.
Type of data: Identification and contact data
Basis of legitimacy: Art. 6.1.b) RGPD - Contractual performance and establishment of pre-contractual measures.
6. Call and confirmation.recording email
Purpose: To record telephone conversations made to the Customer Service Department, in order to guarantee a better quality of service. Likewise, e-mails may report a confirmation of their reception and reading.
Type of data: Identifying, contact and voice data.
Basis of legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest in guaranteeing the quality of the service and resolving possible disputes. You can obtain further information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
7. To deal with contractual incidents
Purpose: To deal with any incidents that may arise in the execution of the contract with Moeve. In this context, the Client may be contacted in the event of detecting or reasonably suspecting the existence of possible fraud or identity theft during the development of the contractual relationship.
Type of data: Identification and contact data.
Basis of legitimacy: art. 6.1.b) RGPD - Contractual performance and establishment of pre-contractual measures.
8. Develop satisfaction surveys.
Purpose: To carry out satisfaction surveys on the product or service contracted.
Type of data: Identification and contact data.
Basis of legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest in knowing the state of satisfaction of its Clients, in relation to the products or services offered, in order to offer improvements to them.
9. Risk analysis and verification of data for the purposes of fraud prevention and solvency.
Purpose: To analyse the risk and compare or contrast your data in order to verify the accuracy and veracity of the same in relation to the entities providing solvency, credit and fraud prevention services.
Type of data: Identifying and contact data; social circumstances; transactions of goods and services; other categories of data; data derived from the use of the service.
Basis of legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest consisting of guaranteeing the lawful and appropriate management and development of the contractual relationship, avoiding the occasion of illicit and/or incorrect practices. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
10. Management of non-payment and fulfilment of monetary obligations.
Purpose: Where appropriate, to manage the fulfilment of monetary obligations with respect to non-payments that may occur on the part of the Client. To this end, this economic information may be included in a file shared by the Companies of the Moeve Group for the same purposes. In this sense, the consultation of files relating to the non-fulfilment of monetary obligations may lead Moeve as the Commercialisation Company to adopt decisions with legal effects or which affect it, which may, as a consequence, lead to the non-entry into force of the contract or condition its validity to the constitution of a payment guarantee. Nevertheless, Moeve will always grant the Client the possibility of alleging anything it deems pertinent in order to defend its rights or interests.
Type of data: Identifying, economic and financial data.
Basis of legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest in knowing the solvency of its clients, in order to manage possible non-compliance and consequent economic damages for Moeve. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
11. Management and maintenance of Customer data as a user of the Website.
Purpose: To manage and maintain, where applicable, Customer data through the website, as well as to control, manage and maintain the services inherent.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
12. Data validation and identification in records through social networks.
Purpose: to validate the identity of the Customer when accessing the Website using social network credentials (social login), in order to guarantee the authenticity of their profile. The Customer may also be contacted if indications of identity theft, misuse of social profiles or fraud attempts linked to access or registration are detected.
Type of data: Browsing data, online identifiers.
Basis of legitimacy: art. 6.1 c) RGPD- Compliance with legal obligation.
3. Third party personal data
If the personal data provided belong to a third party, the Client guarantees that he/she has informed said third party of this Privacy Policy and has obtained their authorisation to provide their data to Moeve for the aforementioned purposes. Likewise, the Client guarantees that the data provided is accurate and up to date, and is responsible for any direct or indirect damage or harm that may be caused as a consequence of the non-fulfilment of this obligation.
4. Personal data storage period
The personal data provided will be kept for the time required to fulfil the stated purpose in each case and for as long as the contractual relationship is maintained, their deletion is not requested by the interested party and they must not be deleted because they are necessary for compliance with a legal obligation or for the formulation, exercise and defence of claims.
At the end of the foreseen storage period (depending on the purpose), the personal data may be kept, duly blocked, during the periods of prescription of the legal actions and responsibilities that may arise, in each case, from the specific processing activity carried out, after which they will be completely deleted.
With regard to data processed for marketing purposes, in the event that the user has exercised his/her right to object to receiving commercial communications, his/her identification data may be kept for the purpose of preventing further communications from being sent to his/her contact e-mail addresses in the future.
5. Origin of the personal data
The personal data to be processed by Moeve for the provision of the contracted service has been provided in the majority of cases directly by the Client during the contracting process, such as name, surname, address, contact details, payment details. The Client is responsible for their accuracy and updating.
Likewise, Moeve will be able to obtain information collected through the web, as well as the use of the contracted service, such as statistical or browsing data, or where appropriate, interests and consumption data through "Gow" of Moeve.
Likewise, if the Client has accessed the website through their registration on social networks, Moeve will be able to obtain the necessary for the registration form directly from said social network. information
Moeve will use a token authentication system (a coded security key provided by the social network) for the identification or registration of the user in order to facilitate access to the private Client area.
Under no circumstances will data be collected from third parties other than the user. The Client's data will be those registered by you in the social network and the behavioural analyses and segmentations carried out on the basis of the comments or tweets will be carried out completely automatically and without human intervention. The Client is informed of the possibility of editing the information that they wish to share with Moeve, being able to allow wider or restricted access to their information as they wish, as well as the possibility of revoking the consent granted at any time.
Likewise, geolocation data may be collected from the Customer's device or terminal, provided that they have given their consent to do so, in order to facilitate the provision of services, carry out advertising activities and offer them personalised information appropriate to their location. The Client may at any time deactivate access to geolocation data, as well as revoke the consent given for their geolocation, by configuring the settings of their device or terminal.
6. TRANSFERS AND RECIPIENTS OF PERSONAL DATA
All the data transfers that Moeve will carry out are necessary for the fulfilment of the indicated purposes, or are carried out in order to comply with a legal obligation, with respect to the following Companies and Public Bodies:
Companies of the Moeve Group, available at https://www.moeveglobal.com/es.
Public Administrations and the Administration of Justice.
Companies providing creditworthiness, solvency and fraud prevention services, for risk analysis and for the comparison or contrast of their data in order to verify the accuracy and veracity of the same and to companies providing Payment Services.
Insurance companies, reinsurance companies, guarantee funds, or any other third party that acts as a guarantor of the risk or of the transactions that the Client carries out with means of payment Moeve, in the event that the issuer of the means of payment has agreements with the aforementioned companies and for the sole purpose of identifying its registration as a Cardholder of a card or means of payment Moeve.
Where applicable, distribution companies, in order to manage access to the network, the Customer's identity, address, consumption and situations of non-payment, with said data being included in the file of the Supply Point Information System, for which the Distribution Company is responsible.
Companies and entities collaborating with Moeve, for the organisation, management and/or promotion of competitions, events, promotions or draws, in the event that the Participant has decided to register and/or take part in them.
7. Customers´ Rights
The Client may exercise before Moeve Commercial , S.A.U., if applicable, the rights of access, rectification or suppression, limitation of processing, opposition, portability and to oppose automated individual decisions. Likewise, you may revoke your consent in the event that you have given it for a specific purpose, and you may modify your preferences at any time.
The Client may exercise their rights at the following e-mail address: derechos.arco@moeveglobal.com, or at the registered office of Moeve Commercial , S.A.U. (Ref.: Data Protection-Legal Advice), at Paseo de la Castellana, 259 A, 28046-Madrid (Spain). The Client is informed that he/she may address any type of complaint regarding the protection of personal data to the Agencia Española de Protección de Datos www.aepd.es the Spanish Supervisory Authority.
1. Personal data controller (*)
CEPSA AVIACIÓN, S.A., (hereinafter, MOEVE indistinctly), with registered office at Camino San Lázaro (aeropto. rodeos), s/n, CP 38206 (Spain), with Tax Identification Number (NIF) A35146034. It is registered in the Mercantile Register of Santa Cruz de Tenerife (Spain).
(*)If you have contracted products and/or services with MOEVE, S.A. ( MOEVE), NIF: A28003119 and registered office at Paseo de la Castellana, 259 A, CP 28046 Madrid (Spain), this company will be considered the Data Controller.
2. Purpose of personal data processing
The personal data provided at the time of contracting, as well as those provided in the future as a result of its development, will be included in a processing register owned by Moeve for the following purposes:
1. To provide, manage, control and maintain the contractual or commercial relationship requested;
Purpose: To fully manage the contractual or commercial relationship established, including the management of the Client's data as a user of the website, the creation of the unique Client ID within the Moeve Group, the administrative, accounting and operational processing necessary for its execution, as well as its maintenance and monitoring.
Type of data: Identifying data, contact data, and economic and financial data.
Basis of legitimacy: art. 6.1.b) RGPD - Contractual performance and establishment of pre-contractual measures.
2. Sending commercial communications directly related to the contracted services.
Purpose: To send commercial communications, by conventional and/or electronic means (e-mails, SMS, purchase ticket), relating to Moeve's own products and services and similar to those previously contracted/acquired by the Client, for the duration of their client relationship.
Type of data: Identification and contact data.
Basis of legitimacy : interest of Moeve, consisting of promoting the contracting of its products and services, in accordance with the requirements and conditions set out in Law 34/2002, on information society services and electronic commerce. You may request additional information on the legitimate interest invoked by contacting dpo@moeveglobal.com, and you may object at any time to the receipt of these commercial communications by writing to derechos.arco@moeveglobal.com
3. Sending commercial communications from third parties.
Purpose: To send commercial communications referring to benefits or advantages of third party companies, always communicated through Moeve, which will be based on collaboration agreements related to the following sectors: Leisure, travel, culture, cards and means of payment, automotive, transport, insurance, distribution and financing, gifts, fashion, home and technology.
Type of data: Identification and contact data.
Basis of legitimacy: Art. 6.1.a) RGPD - Customer consent. In no case does the withdrawal of this consent condition the execution of the main contract.
4. Segmentation and profiling.
Purpose: To carry out segmentation and profiling work through the analysis of the use of the services offered, in order to adapt the offers and marketing activities to each Client, carry out behavioural advertising studies or obtain statistical samples that may help the company to improve the personalisation of the offers it makes of its products and services, offering personalised products and services.
Type of data: Browsing data, online identifiers and, where appropriate, geographical location data, through cookies.
Basis of legitimacy: Art. 6.1.a) RGPD - Customer consent. In no case does the withdrawal of this consent condition the execution of the main contract.
5. Provision of services and information requested, either by web, post or telephone.
Purpose: To attend to and manage requests for information, services or products made by the interested party, whether by electronic, telephone or postal means.
Type of data: Identification and contact data
Basis of legitimacy: Art. 6.1.b) RGPD - Contractual performance and establishment of pre-contractual measures.
6. Call and confirmation.recording email
Purpose: To record telephone conversations made to the Customer Service Department, in order to guarantee a better quality of service. Likewise, e-mails may report a confirmation of their reception and reading.
Type of data: Identifying, contact and voice data.
Basis of legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest in guaranteeing the quality of the service and resolving possible disputes. You can obtain further information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
7. To deal with contractual incidents
Purpose: To deal with any incidents that may arise in the execution of the contract with Moeve. In this context, the Client may be contacted in the event of detecting or reasonably suspecting the existence of possible fraud or identity theft during the development of the contractual relationship.
Type of data: Identification and contact data.
Basis of legitimacy: art. 6.1.b) RGPD - Contractual performance and establishment of pre-contractual measures.
8. Develop satisfaction surveys.
Purpose: To carry out satisfaction surveys on the product or service contracted.
Type of data: Identification and contact data.
Basis of legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest in knowing the state of satisfaction of its Clients, in relation to the products or services offered, in order to offer improvements to them.
9. Risk analysis and verification of data for the purposes of fraud prevention and solvency.
Purpose: To analyse the risk and compare or contrast your data in order to verify the accuracy and veracity of the same in relation to the entities providing solvency, credit and fraud prevention services.
Type of data: Identifying and contact data; social circumstances; transactions of goods and services; other categories of data; data derived from the use of the service.
Basis of legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest consisting of guaranteeing the lawful and appropriate management and development of the contractual relationship, avoiding the occasion of illicit and/or incorrect practices. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
10. Management of non-payment and fulfilment of monetary obligations.
Purpose: Where appropriate, to manage the fulfilment of monetary obligations with respect to non-payments that may occur on the part of the Client. To this end, this economic information may be included in a file shared by the Companies of the Moeve Group for the same purposes. In this sense, the consultation of files relating to the non-fulfilment of monetary obligations may lead Moeve as the Commercialisation Company to adopt decisions with legal effects or which affect it, which may, as a consequence, lead to the non-entry into force of the contract or condition its validity to the constitution of a payment guarantee. Nevertheless, Moeve will always grant the Client the possibility of alleging anything it deems pertinent in order to defend its rights or interests.
Type of data: Identifying, economic and financial data.
Basis of legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest in knowing the solvency of its clients, in order to manage possible non-compliance and consequent economic damages for Moeve. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
11. Management and maintenance of Customer data as a user of the Website.
Purpose: To manage and maintain, where applicable, Customer data through the website, as well as to control, manage and maintain the services inherent.
Type of data: Identification and contact details.
Legal basis: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
12. Data validation and identification in records through social networks.
Purpose: to validate the identity of the Customer when accessing the Website using social network credentials (social login), in order to guarantee the authenticity of their profile. The Customer may also be contacted if indications of identity theft, misuse of social profiles or fraud attempts linked to access or registration are detected.
Type of data: Browsing data, online identifiers.
Basis of legitimacy: art. 6.1 c) RGPD- Compliance with legal obligation.
3. Third party personal data
If the personal data provided belong to a third party, the Client guarantees that he/she has informed said third party of this Privacy Policy and has obtained their authorisation to provide their data to Moeve for the aforementioned purposes. Likewise, the Client guarantees that the data provided is accurate and up to date, and is responsible for any direct or indirect damage or harm that may be caused as a consequence of the non-fulfilment of this obligation.
4. Personal data storage period
The personal data provided will be kept for the time required to fulfil the stated purpose in each case and for as long as the contractual relationship is maintained, their deletion is not requested by the interested party and they must not be deleted because they are necessary for compliance with a legal obligation or for the formulation, exercise and defence of claims.
At the end of the foreseen storage period (depending on the purpose), the personal data may be kept, duly blocked, during the periods of prescription of the legal actions and responsibilities that may arise, in each case, from the specific processing activity carried out, after which they will be completely deleted.
With regard to data processed for marketing purposes, in the event that the user has exercised his/her right to object to receiving commercial communications, his/her identification data may be kept for the purpose of preventing further communications from being sent to his/her contact e-mail addresses in the future.
5. Origin of the personal data
The personal data to be processed by Moeve for the provision of the contracted service has been provided in the majority of cases directly by the Client during the contracting process, such as name, surname, address, contact details, payment details. The Client is responsible for their accuracy and updating.
Likewise, Moeve will be able to obtain information collected through the web, as well as the use of the contracted service, such as statistical or browsing data, or where appropriate, interests and consumption data through "Gow" of Moeve.
Likewise, if the Client has accessed the website through their registration on social networks, Moeve will be able to obtain the necessary for the registration form directly from said social network. information
Moeve will use a token authentication system (a coded security key provided by the social network) for the identification or registration of the user in order to facilitate access to the private Client area.
Under no circumstances will data be collected from third parties other than the user. The Client's data will be those registered by you in the social network and the behavioural analyses and segmentations carried out on the basis of the comments or tweets will be carried out completely automatically and without human intervention. The Client is informed of the possibility of editing the information that they wish to share with Moeve, being able to allow wider or restricted access to their information as they wish, as well as the possibility of revoking the consent granted at any time.
Likewise, geolocation data may be collected from the Customer's device or terminal, provided that they have given their consent to do so, in order to facilitate the provision of services, carry out advertising activities and offer them personalised information appropriate to their location. The Client may at any time deactivate access to geolocation data, as well as revoke the consent given for their geolocation, by configuring the settings of their device or terminal.
6. TRANSFERS AND RECIPIENTS OF PERSONAL DATA
All the data transfers that Moeve will carry out are necessary for the fulfilment of the indicated purposes, or are carried out in order to comply with a legal obligation, with respect to the following Companies and Public Bodies:
Companies of the Moeve Group, available at https://www.moeveglobal.com/es.
Public Administrations and the Administration of Justice.
Companies providing creditworthiness, solvency and fraud prevention services, for risk analysis and for the comparison or contrast of their data in order to verify the accuracy and veracity of the same and to companies providing Payment Services.
Insurance companies, reinsurance companies, guarantee funds, or any other third party that acts as a guarantor of the risk or of the transactions that the Client carries out with means of payment Moeve, in the event that the issuer of the means of payment has agreements with the aforementioned companies and for the sole purpose of identifying its registration as a Cardholder of a card or means of payment Moeve.
Where applicable, distribution companies, in order to manage access to the network, the Customer's identity, address, consumption and situations of non-payment, with said data being included in the file of the Supply Point Information System, for which the Distribution Company is responsible.
Companies and entities collaborating with Moeve, for the organisation, management and/or promotion of competitions, events, promotions or draws, in the event that the Participant has decided to register and/or take part in them.
7. Customers´ Rights
The Client may exercise before Moeve Commercial , S.A.U., if applicable, the rights of access, rectification or suppression, limitation of processing, opposition, portability and to oppose automated individual decisions. Likewise, you may revoke your consent in the event that you have given it for a specific purpose, and you may modify your preferences at any time.
The Client may exercise their rights at the following e-mail address: derechos.arco@moeveglobal.com, or at the registered office of Moeve Commercial , S.A.U. (Ref.: Data Protection-Legal Advice), at Paseo de la Castellana, 259 A, 28046-Madrid (Spain). The Client is informed that he/she may address any type of complaint regarding the protection of personal data to the Agencia Española de Protección de Datos www.aepd.es the Spanish Supervisory Authority.