Who is responsible for processing your data?
The party responsible for processing your data is:
GLOBAL PAYMENTS MONEYTOPAY, EDE, S.L.
Tax no.: B65866105
Address: Calle de Caleruega 102, Madrid
Contact of the Data Protection Delegate: www.caixabank.com/delegadoprotecciondedatos
What information do we compile?
We also compile information sent to us automatically by your web browser whenever you visit one of our web pages, to analyse and improve your user experience.In the forms on our website we identify as "obligatory" the fields where the information we need to provide the service requested, and as "optional" fields where the information, while useful, is optional in relation to processing your request. If you do not fill in the obligatory fields, we cannot deal with your request.
For what purposes do we process your data?
The data you supply us with are processed for the following purposes:
a) To fulfil the contract and verify the correctness of the operation of your card.
b) To comply with the regulatory obligations required, prevent fraud and guarantee the security both of your data and of our networks and systems.
c) Unless you have indicated otherwise or do so in the future, to send updates or information about products or services similar to those you have already contracted. We will also process your information (account transactions, card transactions, loans, etc.) to personalise your commercial experience on our channels on the basis of previous use, in order to offer you products and services suited to your profile, to apply any benefits and promotions we currently offer and to which you are entitled. In this processing we will only use information supplied by you, or generated by the products you have contracted over the last year. For any other commercial use, your consent will be requested.
Furthermore, the data we compile when you browse our website are processed for the purpose of ascertaining your browsing preferences, in order to personalise and improve our services and maintain the security of the site.
Third-party personal data received by "MoneyToPay" from the client to provide the payment services requested will be processed solely and exclusively for the said purposes and not
passed on to any third parties except in cases where the nature of the service necessarily involves such communication, which will be limited to the stated purpose.
What is the legitimacy for the processing of your data?
Your personal data will be processed for the purposes outlined above and on the basis of the following legitimacy:
a) Processing of data for contractual and legal purposes and to prevent fraud:
Legitimacy: fulfilment of the contract. The personal data requested are necessary to handle and make the contract for the product or service.
b) Processing of data to send commercial communications: Legitimacy: Legitimate interest of Money to Pay. You can exercise your right of objection to this processing at any time, in accordance with the information in the section "Do you have a right to withdraw your consent?".
For how long do we keep your data?
Who do we pass your data on to?
We communicate your data to companies providing services on our behalf, such as for example website technical support or data hosting services. Our service providers are not authorised to share or use the personal data we pass to them for any purposes other than those for which we contract their services.
Your personal data and those on the transactions carried out by you may be communicated by legal imperative to authorities or official bodies in other countries, both inside and outside the European Union, within the framework of efforts to prevent the financing of terrorism or serious organised crime and money laundering.
In the event of failure to meet any of your payment obligations undertaken under contract, your data and those concerning your debit may be added to files on compliance or non-compliance with financial obligations.
Except in these cases, we will not pass on your data to third parties unless a legal obligation exists.
How do we protect your data?
We have implemented appropriate technical measures to ensure an adequate level of security given the nature of the personal data processed and the circumstances of their processing and risks to people's rights and freedoms, in order to avoid, as far as possible and always subject to the state of technology, the destruction, any unauthorised alteration, loss, processing or access to the said data.
MoneyToPay will take the measures necessary to guarantee that the personal data belonging to individuals that it gathers, stores and processes are handled in a lawful, faithful and
transparent way, keeping the said data secret and meeting the obligations imposed by the legal provisions applicable to its activities.
What are your rights in relation to the processing of your data?
You are entitled to information about the processing of your personal data by M2P. Specifically:
-You are entitled to access your personal data to find out what personal data concerning you we are processing, as well as to request correction of inaccurate data or, where appropriate, to request their deletion where, among other reasons, the data are no longer necessary for the purposes for which they were gathered.
-In certain circumstances, you may request limitation of the processing of your data, in which case we will only keep them for the exercise or defence of claims.
-In certain circumstances and for reasons connected with your personal situation, you may object to processing of the data. MoneyToPay will cease processing your data, except for imperative, legitimate reasons or in the exercise or defence of any claims.
-You have a right to portability, i.e. for the personal data you supplied to be passed on to another responsible party in a structured, commonly-used mechanically-readable format where this is technically possible.
You can exercise the above rights (i) by letter, attaching a copy of your identity document, addressed to GLOBAL PAYMENTS MONEYTOPAY, EDE, S.L. at P.O. Box 209-4608 Valencia; or else (ii) via the website www.caixabank.es/GDPR_at.
We will respond to your requests as promptly as possible, and in any case within one (1) month of receiving your request. In certain circumstances, this period may be extended for a further two (2) months, in which case we will duly inform you within one (1) month of receiving your request.
If you believe the processing of your personal data infringes data protection regulations, or you do not believe we have satisfied your exercise of your rights, you can lodge a complaint with https://www.dsb.gv.at/