Last updated July 21, 2022
Introduction – Scope
Welcome to the website www.moveo.ai (hereinafter “Website”) of the company under the name “Moveo AI, INC” and with the distinctive title “MOVEO”, based in 608 River Road – New Milford, New Jersey – 07646, USA (hereinafter “MOVEO”, “Company”, “us”, or “we”).
This Policy governs the management practices of personal data and information of natural persons (collectively, “Data Subjects” or “Subjects”) who either visit our Website individually on their own initiative or are customers who use the virtual service assistant application using artificial intelligence technology as a service (“SaaS application”), hereinafter collectively “Service”.
This Policy explains how we collect, process and protect Data Subjects’ information as part of the Service provided, in compliance with the applicable national and European regulatory framework for the protection of privacy and personal data, and in particular, Regulation (EU) 2016/679, also known as GDPR (‘GDPR’ or ‘Regulation’), Law 4624/2019 and Law 3471/2006, which incorporated the European Directive 2002/58/EC (e-Privacy Directive), as applicable, including the relevant decisions of national and European courts, as well as the relevant Guidelines and decisions of the competent supervisory authorities and the European Data Protection Board, hereinafter collectively referred to as “Applicable Legislation”. Any reference to your use of the Service in this Policy includes your visits and other interactions with the Website and the Service, regardless of whether you are a user of the MOVEO SaaS application.
By accessing and using the Service, you declare your acceptance of the terms of this Policy. If you do not agree or are not familiar with any aspect of this Policy or the Terms and Conditions of Use of Services, you should immediately discontinue access to or use of our Service.
1. Our relationship with you
On this point our relationship with you is defined. If you have provided to us some personal information, for instance by subscribing to our newsletter, then you are a “User” and MOVEO is Controller for processing your account information, such as your name and email address. If you are using the SaaS app, then you are a “Customer” and MOVEO is Processor performing the processing on your behalf. The ” Customer’s End User” is someone who provides personal information to our Customers. We do not have a direct relationship with them. Note that these categories do not rule out each other — you may belong to all three!
In order to fully understand your rights and MOVEO’s obligations under this Policy, it is important to determine your relationship with MOVEO.
“User” or “simple User” means the natural person who provides to us personal data through the Website, for instance by subscribing to our newsletter or creating an account. In this case, MOVEO shall be Controller of your personal data in compliance with Article 4 GDPR
‘Customer’ means a natural or legal person who chooses to use the SaaS application for the mutual benefit of himself/itself and his/its own customers. In this case, MOVEO shall act as Processor on behalf of the Customer in compliance with Article 4 GDPR.
“Customer’s End User” means any natural person who interacts on our Customers website/webpage and provides to them his personal information. MOVEO is not directly related to the Costumer’s End Users. We do not control the purposes or the means by which this personal information is collected and we have no direct relationship with the Customer’s End Users. For more details on the processing of your personal information as a Customer’s End User, see our respective Customers’ Privacy Policies.
Henceforth, we may refer to Customers and Users collectively as “you”.
2. What data we collect
We collect various categories of personal data (simple and – where applicable – sensitive data) that you voluntarily provide to us during your visit to the Website and/or when you use the SaaS application, either as a simple Usre, as a Customer or as a Customer’s End User. Anonymous or anonymised information does not fall into the category of personal data.
MOVEO collects various categories of personal information that you voluntarily provide to us during your interaction with the Website and the SaaS application, either as a simple User, as a Customer or as a Customer’s End User. The personal information we collect depends on the context of your interactions with us and the Website, the choices you make and your use of the Service. In summary, we collect the following data and information that you voluntarily disclose to us:
Registration data: full name, email address and social media account information (e.g. if you sign in through your Google (Gmail) or Facebook or GitHub account.
Financial Data: We collect only the data that is absolutely necessary to confirm your payment via Stripe.
Billing information:Postal billing address and VAT number (Tax ID or SSN for U.S. taxpayers).
Electronic identifiers: operating system, browser name and version and/or IP addresses.
Customers’ End-User Interaction Data with the Service: questions and answers, as well as any voluntarily provided information in the free text area of the virtual assistant -application, authentication data, security questions, any public social media posts, user ID, click flow data and other data collected through cookies and similar technologies. Please read MOVEO’s Cookie Policy for more information.
3. Minors data
We never collect personal data directly and deliberately about a natural person under the age of majority and unable to provide valid consent according to local requirements. If you notice that a minor has disclosed personal information to us without the consent of their parents and guardians, please let us know and we will act accordingly.
The age threshold of minors’ legal capacity ranges from 13 to 16 years old and varies from country to country. The Company does not intend to directly collect and process child data under the legal age of consent, as defined by the jurisdiction of the country in which the Data Subject is located. If you notice that minors’ data is disclosed through the Service without the consent and without the knowledge of their parents and guardians, please inform us immediately in order to close the account and take the appropriate protection measures.
4. Processing purposes
We process the information you provide to us in a lawful and fair manner according to the purpose pursued each time.
In respect and in compliance with the Applicable Legislation, we inform you about our purposes for the processing of Your Personal Information, as well as about the legal basis for such processing. Unless otherwise permitted by law, we may process the data and the personal information you provide to us for the following purposes:
| Purpose of processing | Legal basis | |
|---|---|---|
| 1 | For network and information security purposes against malicious actions of third parties
Without processing your relevant and necessary information, we may not be able to ensure the security of the Service. | In the case of: Art. 6(1)(c) GDPR Processing is necessary in compliance with a legal obligation; and/or Art. 6(1)(b) GDPR Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract; and/or Art. 6(1)(f) GDPR Processing is necessary for the purposes of the legitimate interests pursued by the Company. |
| 2 | For the proper provision of our services We process your data to provide the services you have chosen and perform the terms of the contract between us, as set out in the Terms and Conditions of Service. For instance, when you want to charge a customer for your work, we collect enrollment, finance, transaction, and interaction data to send the bill to the customer and receive payment. We cannot provide Services to you without this information. | Art. 6(1)(b) GDPR Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. |
| 3 | For communication purposes within the Service We may need to contact you to provide you with information related to your management or account, to keep you updated about the Service, to notify you of relevant security issues or updates, or to provide you with other information related to transactions. | Art. 6(1)(b) GDPR Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. |
| 4 | For ensuring quality control We process the data provided to us voluntarily for the quality control and training of our authorized personnel, to ensure that we continue to provide you with high quality services. Without the measures of quality control, you may face problems during the use of the Service, such as to address problems related to the uninterrupted operation of the Service. | Art. 6(1)(b) GDPR Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. |
| 5 | For your convenience or service When you contact the service channel, we process Subjects’ data to respond to requests, complaints, comments, or problems regarding the Service. We may process the provided data as a response to a Customer’s End User request, where appropriate. Without the processing of the said data for these purposes, we are unable to respond to the relevant requests. | Art. 6(1)(b) GDPR Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. |
| 6 | To facilitate your access to the Service We process Subjects’ data according to their options on how to access the Service for the purpose of providing access to the Service according to your preferences. For instance, you can share part of your social media account information with us for your authentication in order to sign up or sign in to your account. Without this processing of your data, we may not be able to secure access to the Service. | Art. 6(1)(f) GDPR Processing is necessary for the purposes of the legitimate interests pursued by the Company. |
| 7 | For research and development purposes We process the data you provide to us to better understand you and how you use and interact with the Service. For instance, interaction data can provide useful information that helps us measure, adapt, or improve the services we offer. In addition, this information helps us significantly to develop new and improved services to better serve you. | Art. 6(1)(f) GDPR Processing is necessary for the purposes of the legitimate interests pursued by the Company. |
| 8 | For marketing purposes Subject to your prior valid consent, we may process your data for advertising and commercial purposes (marketing), such as sending targeted advertising messages about our services, promotional offers and events of the Company or its partners. We allow you to withdraw any consent for these purposes easily and free of charge at any time. | Art. 6(1)(a) GDPR The processing shall be carried out with the validconsent of the Data Subject. |
We are committed to using your personal data solely for the above legitimate purposes or compatible ones. In addition to these purposes, the Company may process all or part of your data in order to comply with any obligations arising from a legal provision (Art.6(1)(c)GDPR)and/or in pursuit of further legitimate interests, such as the support and pursuit of the Company’s legal claims (Art.6(1)(f) GDPR).
5. Who has access to your data
Access to your data has Company’s authorized personnel and its partners, providing appropriate contractual guarantees. In certain cases, and to the extent necessary, we use third-party services, such as in payments, file storage and analytics. All these services comply with policies such as ours.
The Company carries out most of the data processing activities required to provide the Service on its own resources and personnel. However, where appropriate and according to the needs that arise, we work with third party service providers for the proper function and support of the Service, including our suppliers in the following areas:
-Stripe ‘s secure online payment processing services.
-Digital Ocean cloud storage services
-Customer support tools
-Product development tools
-IT and security service providers, and
-Google and Facebook marketing or analytics tools
Each service provider shall be controlled and bound by contractual obligations equivalent to or more stringent than this Policy.
6. International transfers
It is not our intention to transfer data to non-EU/EEA third countries per se. However, due to the location or multinational nature of certain technology service providers , your data may be transferred to non-EU/EEA third countries. In such case, our established policy is to use the European Commission’s Standard Contractual Clauses and other approved data transfer mechanisms to better protect your personal data in non-EU/EEA jurisdictions.
The Company uses approved data transfer mechanisms to transfer your personal data to and from the United States and other jurisdictions outside the EU/EEA. Primarily, we rely on Standard Contractual Clauses approved by the European Commission as a legal mechanism, where necessary, for any non-EU/EEA data transfers, to the extent that such transfers are made.
We recognise that the Court of Justice of the European Union ruled in July 2020 (Schrems II) that certification under the EU-US Privacy Shield can no longer serve as an exclusive basis for guaranteeing an adequate and equal level of protection of personal data and equal to the EU level. In this context, where necessary, the Company shall make every effort to the extent possible to ensure further guarantees as to the level of protection of personal data by non-EU/EEA providers and in particular in the United States, by adopting the respective Standard Contractual Clauses approved by the European Commission.
For more information on the European Commission’s Standard Contractual Clauses, please address to https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en For more information about the U.S. Privacy Shield program, please visit https://www.privacyshield.gov/. In case of conflict between the terms of the non-EU/EEA Providers Policy and this Policy, this Policy shall prevail.
7. Time to keep your data
We store and keep your data for as long as the contract between us stands or for as long as is necessary to fulfill the purpose for which your data was collected or for as long as the law requires on a case-by-case basis.
Subjects’ personal data is stored only for the period of time required to fulfill the purposes for which the data was originally collected. Furthermore, the Company retains your data as long as necessary to comply with requirements of the law, including any legal, accounting or other obligations in order to resolve any disputes arising from its activities. Although retention requirements may be different in each case, we apply some standard retention periods for part of your personal data, as described below:
-Contact information collected for marketing purposes, such as name and email address, is kept on an ongoing basis until you request to opt-out or withdraw any prior consent.
-Browser interaction data, such as data from cookies and related tracking technologies, is retained for the periods provided for in the Company’s applicable Cookie Policy or until the withdrawal of any prior consent.
-Data provided during the use or in the framework of the Service shall be kept for a period of five (5) years from the date of the last interaction of the Subject or the termination of the contract between us accordingly, unless otherwise specified by law.
8. Security
The security of your personal data is a priority for us and therefore we ensure that all the appropriate contractual, technical and organisational measures are implemented.
We are committed to protecting the physical and digital security of subjects’ personal data by implementing appropriate contractual, technical, and organisational measures. Indicatively, such measures are the following:
-Internal Policies and Procedures for the protection of personal data
-Confidentiality and privacy clauses in contracts with our service providers and business partners
-Event management and disaster recovery plan
-Data recovery plan
-Keeping backups
-Authorized access to files and databases (Authentication and identification)
-Classified access depending on the role of each user
-Maintenance and regular upgrade of hardware and software and their security control
-Periodic system and infrastructure security screening
-Keeping backup copies
-Encryption and pseudonymisation (if applicable)
-Raising awareness and training of personnel on privacy and information security issues
9. Your rights
The Company ensures the exercise of your rights as stipulated in the Articles 15-22 GDPR, such as the right of access and the right to be informed, the right to erasure, etc., upon request at [email protected].
Our Company is committed to the protection and respect of your rights as defined by Articles 15-22 of the GDPR and in particular:
-Your right to be informed about the processing of your personal information (right of access) and to request more information about the processing that is being performed.
-Your right to rectification of inaccurate personal data.
-The right to erasure of the personal information you have provided unless this is not permitted for legitimate reasons.
-Your right to restriction of processing.
-Your right to data portability, if possible.
-Your right to object to further processing of your data and
-Your right to withdraw any prior consent.
In such cases, the Company will evaluate and respond accordingly to your request within one (1) month of the receipt of your request and your identification. In case your request is complex or there is a large number of requests, our Company will inform you within the above period of one month of a time period extension of up to two (2) additional months, in compliance with the GDPR. Moreover, our Company may refuse to grant your request in whole or in part, only when this is possible in compliance with the GDPR or national law.
Furthermore, in the event of the exercise of one or more of the above mentioned rights to rectification, erasure and restriction of your data, your requests may also be shared with any third party to whom your data may have been transferred in pursuit of the above mentioned processing purposes.
For the exercise of these rights, you can send us an online request at [email protected]. If the reply you receive from us does not satisfy you or if your personal data is deemed to still be infringed, then you have the right to contact the national Data Protection Authority (www.dpa.gr submission of a complaint) or to any other competent supervisory authority concerning you (you can find more information here).
10. Restrictions on your rights
Your rights to your personal information are not unlimited and may be rejected in accordance with the stated circumstances.
In certain circumstances, the Company may refuse to respond to certain rights or requests in connection with your personal data, when:
-Refusal of access is required or permitted by law,
-The provision of access would have a negative impact on the rights and freedom of third natural persons, or
-Where the request is manifestly unfounded or excessive.
11. Changes to this Policy
We update the Privacy Policy when necessary to better inform you or when we need to comply with new legislation.
From time to time and according to our needs, we may update this Policy to better inform you. The updated version of this Policy will be posted on the Website indicating the effective date of the latest version, which is the date of its posting on the Website and of your free access to it. If we make significant changes to this Policy, we may notify you either by posting a specific notice of these changes on the Website or by sending you a notice directly by e-mail to the address you have provided to us. In any case, we encourage you to frequently review this Policy for your reliable and timely information on how we process and protect your personal data.
12. Contact us
For more information about the protection of your personal data and the Privacy Policy of our Company, as well as the exercise of your rights, you can contact us at the following information:
Moveo AI, Inc
608 River Road – New Milford, New Jersey, 07646, USA
Email: [email protected]
