In accordance with current legislation on the protection of personal data, with particular attention to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter, “RGPD” ) and the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights ( hereinafter, “LOPDGDD”) we inform the Customer that personal data will be processed as follows:

1. PERSONAL DATA CONTROLLER

   Moeve Chemicals, S.A.U. (hereinafter MOEVE), with tax ID No.: A81861122, with registered office at Torre Picasso, Plaza Ruiz Picasso 1, CP 28020 Madrid (Spain).

   In Moeve we have a Data Protection Officer (hereinafter, “DPD” or “DPO”) who you can contact, if you need it, to obtain more information about any of the points included in our Privacy Policy and to send doubts, queries or complaints related to the processing of your personal data, through the e-mail address: dpo@moeveglobal.com.

2. PURPOSE OF PERSONAL DATA PROCESSING

   The personal data provided at contracting time, as well as those provided in the future as a result of their development, will be incorporated in a MOEVE personal data protection registry for the following purposes:

   • Provision, management, control and maintenance of the contractual or commercial relationship requested.
   • Purpose: To fully manage the contractual or commercial relationship established, including the administrative, accounting and operational processing necessary for its execution, as well as its maintenance and monitoring.
   • Type of data: Identifying data, contact data, and economic and financial data.
   • Legitimacy: art. 6.1.b) RGPD - Processing necessary to carry out the provision of the service. Contractual performance and establishment of pre-contractual measures.
   • Provision of services and information requested, either via web, mail or telephone.
   • Purpose: To attend and manage the requests for information, services or products made by the interested party, either through electronic, telephone or postal means.
   • Type of data: Identifying and contact data.
   • Legitimacy: art. 6.1.b) RGPD - Processing necessary to carry out the service. Contractual execution and establishment of pre-contractual measures.
   • Recording calls and confirmation of emails.
   • Purpose: To make, if necessary, the recording of telephone conversations, in order to ensure a better quality of the products and/or services contracted. Likewise, emails may report confirmation of receipt and reading.
   • Type of data: Identifying, contact and voice data.
   • Legitimacy: art. 6.1.f) RGPD - Moeve's legitimate interest in guaranteeing the quality of the service and resolving possible disputes. You may obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
   • Attention to contractual incidents
   • Purpose: To attend to the incidents that may arise in the execution of the contract with Moeve.
   • Type of data: Identification and contact data
   • Legitimacy: art. 6.1.b) RGPD - Necessary processing to carry out the provision of the service. Contractual execution and establishment of pre-contractual measures.
   • Risk analysis and data verification for fraud prevention and solvency purposes.
   • Purpose: To analyze the risk and compare or contrast your data in order to verify the accuracy and veracity of the same in relation to the entities that provide solvency, credit and fraud prevention services.
   • Type of data: Identifying and contact data; Social circumstances; Transactions of goods and services; Other categories of data; Data derived from the use of the service.
   • Legitimacy: art. 6.1.f) RGPD - Legitimate interest of Moeve consisting of guaranteeing lawful and adequate management and development of the contractual relationship, avoiding the occasion of illicit and/or incorrect practices. You can obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
   • Management of non-payments and fulfillment of monetary obligations.
   • Purpose: If applicable, to manage the fulfillment of the monetary obligations with respect to the non-payments that could occur on the part of the Client. To this end, this economic information may be included in a file shared by the Companies of the Moeve Group, which can be consulted at www.moeveglobal.com, with the same purposes. 
   • Type of data: Identifying, economic and financial data.
   • Legitimacy: art. 6.1.f) RGPD - Legitimate interest of Moeve consisting of knowing the solvency of its clients, in order to guarantee the solvency of its clients, in order to manage possible non-compliance and consequent economic damages for Moeve. You may obtain additional information on how we have assessed our legitimate interest by contacting us at dpo@moeveglobal.com.
   • Sending communications directly related to the contracted services.
   • Purpose: To send commercial communications related to Moeve's own products and services and similar to those previously contracted/acquired by the Client, for the duration of the client relationship.
   • Type of data: Identification and contact data.
   • Legitimacy: art. 6.1.f) RGPD - Legitimate interest of Moeve, consisting of promoting the contracting of its products and services, in accordance with the requirements and conditions set forth by Law 34/2002, of services of the information society and electronic commerce. You may request additional information on the legitimate interest invoked by contacting dpo@moeveglobal.com, and you may object at any time to the reception of these commercial communications by writing to derechos.arco@moeveglobal.com.
   • Processing based on tracking and tracing systems
   • Purpose: installation of tracking systems that report on browsing habits according to the Cookies Policy, or for the use of information related to your geographical location.
   • Type of data: Browsing data, online identifiers, and, where appropriate, geographic location data.
   • Legitimacy: Art. 6.1.a) RGPD - Customer consent. In no case the withdrawal of this consent conditions the execution of the main contract.
   • Management and maintenance of Customer data as a user of the Website.
   • Purpose: To manage and maintain, where applicable, Customer data through the website, as well as to control, manage and maintain the services inherent. 
   • Type of data: Identification and contact details.
   • Legitimacy: Art. 6.1.b) GDPR - Contractual performance and establishment of pre-contractual measures.
   • Fulfillment of legal obligations 
   • Purpose: Fulfillment of those legal obligations that are applicable to Moeve.
   • Type of data: Any categories of data processed in the context of the above purposes.
   • Legitimacy: art. 6.1 c) RGPD- Fulfillment of legal obligation.

   At any time, the user has the right to object to the processing carried out on the basis of legitimate interest, by contacting the address derechos.arco@moeveglobal.com.

3. THIRD PARTY PERSONAL DATA

   If the personal data provided is that of a third party, the Client guarantees that he/she has informed him/her of the Privacy Policy and has obtained his/her authorization to provide his/her data to Moeve for the aforementioned purposes. Likewise, he/she guarantees that the data provided are accurate and updated, being responsible for any damage or harm, direct or indirect, which could be caused as a consequence of the non-fulfillment of such obligation.

4. PERSONAL DATA STORAGE PERIOD

   Personal data provided shall be kept until the contractual relationship is maintained, its deletion is not requested by the interested party and should not be deleted for the fulfilment of a legal obligation or for the formulation, exercise and defense of claims.

   If the customer revokes his consent or exercises his rights of cancellation or deletion, his data shall be kept blocked at the disposal to Court of Justice within the time limits legally established to meet the possible responsibilities derived from the processing of the same.

   The user may contact Moeve's DPO, in case he/she wishes to obtain further information on the applicable retention periods. 

   At the end of the foreseen retention period (depending on the purpose), the personal data may be kept, duly blocked, during the periods of prescription of the legal actions and responsibilities that may derive, in each case, from the specific processing activity carried out, after which they will be completely deleted. 

   With respect to data processed for marketing purposes, in the event that the user has exercised his/her right to object to receiving commercial communications, his/her identification data may be kept for the purpose of preventing further communications from being sent to his/her contact e-mail addresses in the future.

5. ORIGIN OF THE PERSONAL DATA

   The personal data that Moeve will process for the provision of the contracted service have been provided directly by the Client during the contracting process, such as the name, surnames of their legal representatives, contact persons and/or third parties for the execution of the contract. The Client is responsible for their veracity and updating.

6. TRANSFERS AND RECIPIENTS OF PERSONAL DATA

   All data assignments which Moeve will perform are necessary for the fulfilment of the stated purposes, or are performed in order to fulfil a legal obligation regarding the following companies and Public Administrations and Courts of Justice:

   1. If necessary, to companies of the Moeve Group, which can be consulted at www.moeveglobal.com or dpo@moeveglobal.com, for administrative purposes and management of the relationship with the client, based on the legitimate interest of Moeve for this purpose. The legitimate interest for the aforementioned purpose of the communication would consist of guaranteeing better organization and optimization, as well as a unified management of the resources of the business group in those cases in which, internally, it is necessary for the effective execution of the activity carried out.
   2. Government Agencies and Court of Justice.
   3. Companies providing financial solvency services, credit and fraud prevention, for risk analysis and to collate or analyze data in order to verify the accuracy and veracity of the same and companies providing payment services.
   4. Insurance, reinsurance, guarantee funds companies or any other third party acting as a guarantor of the risk or transactions when the customer uses Moeve means of payment, in case the issuer of the payment means has agreements with the companies indicated and for the sole purpose of identifying his registration as a Moeve cardholder.
   5. Moeve suppliers: Moeve has arranged a contract with Amazon Web Services, Inc. and Salesforce.com Inc. for its IT infrastructure and customer management using the “cloud computing" model under the EU-US Privacy Shield agreement. Information available at: https://www.privacyshield.gov/Participant?id=a2zt0000000TOWQAA4

   European Union has authorized Salesforce.com Inc. binding Corporate Rules (BCR) that allows international data transfers to be made within the business group. However, the User gives his express and unequivocal consent to the international transmission of his personal data to companies domiciled in countries which do not have adequate data protection regulations.

   • Moeve has hired Google, Weborama Ibérica, S.L. and Salesforce.com Inc. as Suppliers for the purpose of measuring web traffic and customer behavior. Information on Cookies Policy from Moeve and its suppliers available to the customer on their websites:
   • Weborama Ibérica, S.L. - http://www.weborama.com/e-privacy/our-commitment/
   • Google Analytics - https://support.google.com/analytics/answer/181881?hl=es
   • Salesforce.com, Inc.- https://www.salesforce.com/company/privacy/full_privacy.jsp#nav_info

   The international transfer of participants' personal data is not foreseen. However, in the event of any international transfer, it will be carried out in accordance with the criteria and requirements of current legislation, through the adoption of appropriate legal guarantees, which may consist of the formalization with the recipient of the data of (i) Standard Contractual Clauses approved by the European Commission to legitimize the international transfer of data to third countries or (ii) another valid legal instrument that ensures an adequate level of protection equivalent to that of the European Economic Area. 

   If you wish, you may obtain additional information about international transfers by contacting our DPO at dpo@moeveglobal.com.

7. CUSTOMERS’ RIGHTS

   The User may exercise before Moeve Chemicals, S.A.U., if applicable, his access rights, rectification or suppression, data processing limiting, opposition, portability and opposition to automated individual decisions. He may also revoke his consent if he has granted it for any specific purpose, and may modify his preferences at all times.

   The Customer may exercise his rights in the e-mail address:  derechos.arco@moeveglobal.com, or at the registered office of Moeve Chemicals, S.A.U (Ref.: Data Protection-Legal Department), at Torre Picasso, Plaza Ruiz Picasso 1, CP 28020 Madrid (Spain). The Customer is informed that he can direct any claim regarding personal data protection to the Spanish Data Protection Agency www.aepd.es, Spain Control Authority.