Moovax Privacy Policy

1. Introduction

This Privacy Policy describes how Moovax collects, uses, shares and protects the personal information of customers and visitors of our website (www.moovax.com). We respect your privacy and comply with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and Portuguese Law 58/2019.

Last updated: 21 May 2026.

2. Data Controller

The data controller for personal information collected through this website is:

  • Company: Moovax
  • Address: Travessa Monte de S. Gens 144, 4460-820 Custóias, Portugal
  • Email for privacy matters: [email protected]
  • Phone: +351 910 488 340

3. What information we collect

3.1 Information you provide directly

  • Identification: full name, email address, phone number
  • Service-specific data: origin and destination addresses, dates, type of move (residential, office, commercial), inventory of items, floor, elevator information
  • Business indicator: whether the request is for a company or an individual
  • Communication content: any messages, notes or photos you send to us

3.2 Information collected automatically when you visit the site

  • Technical data: IP address, browser, operating system, device type, referring website
  • Usage data: pages visited, time spent on each page, links clicked
  • Cookies and similar technologies (see Section 6 for the full list)

3.3 Marketing and advertising identifiers — only if you consent to marketing cookies

  • Google Click Identifier (GCLID) when you arrive via a Google Ads advertisement
  • UTM parameters from URLs (source, medium, campaign, content, term)
  • Google Ads ValueTrack data: campaign ID, ad group ID, keyword, match type, device, network
  • First-touch timestamp of when you first visited the site with marketing data

This information allows us to measure the effectiveness of our advertising and to attribute conversions to specific campaigns. We do not use this information to build profiles for sale to third parties.

4. Legal basis for processing

We process your personal data under the following legal bases of the GDPR:

  • Performance of a contract (Art. 6(1)(b)): to provide the requested service (quotation, transportation, storage)
  • Legitimate interest (Art. 6(1)(f)): to respond to your requests, prevent fraud and improve our services
  • Consent (Art. 6(1)(a)): for marketing cookies, analytics and use of advertising identifiers — you may withdraw consent at any time
  • Legal obligation (Art. 6(1)(c)): to comply with accounting, tax and consumer-protection rules

5. How we use your information

  • Process and respond to your quotation request and provide the contracted service
  • Send service-related communications (confirmations, scheduling, invoices)
  • Improve our website and services based on usage patterns
  • Measure the effectiveness of our online advertising and optimise our campaigns (consent-based)
  • Comply with legal and regulatory obligations (accounting, tax)
  • Establish, exercise or defend legal rights when needed

6. Cookies and similar technologies

We use cookies in three categories. You can accept or reject non-essential categories using our cookie banner.

6.1 Strictly necessary (always active)

  • csrftoken — Django CSRF protection, up to 1 year
  • cookies_accepted / accepted_c — Record your consent choice
  • django_language — Site language preference

6.2 Marketing / Advertising — only with consent

  • gclid — Google Ads click identifier, 90 days
  • utm_source, utm_medium, utm_campaign, utm_content, utm_term — Campaign tracking, 90 days each
  • campaignid, adgroupid, keyword, matchtype, device, network, placement, creative — Google Ads metadata, 90 days each
  • first_touch — Timestamp of first visit with marketing data, 90 days

6.3 Analytics — only with consent

  • _ga, _ga_*, _gid — Google Analytics 4, up to 2 years
  • _gcl_au — Google Ads conversion linker, 90 days

You can manage cookies in your browser settings at any time. We respect the GDPR consent gate: marketing and analytics scripts only run after you accept the cookie banner.

7. Third parties and subprocessors

To provide our service, we share specific data with the following providers under data-processing agreements:

  • Google LLC (United States) — Google Ads (advertising, conversion measurement), Google Analytics 4, Google Tag Manager, Google Maps Places API for address autocomplete. We may share your GCLID, hashed email and conversion value with Google Ads for offline conversion attribution.
  • Brevo SAS (France, formerly Sendinblue) — Sending transactional emails (quotation confirmations, communications about your order)
  • Microsoft Azure (Ireland / European region) — Hosting infrastructure of the website and database
  • Tax and accounting providers — only as required for invoicing

We do NOT sell your personal data. We only share data when necessary to provide the service, when required by law, or with your explicit consent.

8. International data transfers

Some of our service providers (notably Google LLC) are located outside the European Economic Area. In such cases we ensure adequate protection through:

  • EU-US Data Privacy Framework (DPF) — Google LLC is certified under the DPF
  • Standard Contractual Clauses (SCCs) approved by the European Commission, when DPF does not apply
  • Additional technical measures (encryption in transit and at rest, pseudonymisation) where appropriate

9. How long we keep your data

  • Non-converted leads (quotations not finalised): 24 months from last interaction, then anonymised or deleted
  • Confirmed clients (contracts and invoicing): 10 years, in accordance with Portuguese accounting law
  • Marketing cookies and identifiers in your browser: 90 days
  • Email correspondence: 5 years from last contact
  • Server access logs: 12 months

After these periods, data is deleted or fully anonymised so it can no longer be linked to you.

10. Your rights under the GDPR

You have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations
  • Restriction — request that we limit processing in specific circumstances
  • Objection — object to processing based on legitimate interest
  • Portability — receive your data in a structured, machine-readable format
  • Withdraw consent — at any time, for processing that requires consent (without affecting prior lawful processing)
  • Lodge a complaint — with the Portuguese supervisory authority CNPD — Comissão Nacional de Proteção de Dados (https://www.cnpd.pt)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by the GDPR.

11. Children's privacy

Our services are not directed at persons under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The updated version will be published on this page with a new last-updated date. For material changes we will provide a more prominent notice (such as a banner on the website).

13. Contact us

If you have questions, requests or concerns about this Privacy Policy or how we handle your personal data, please contact us:

  • Email: [email protected]
  • Phone: +351 910 488 340
  • Address: Travessa Monte de S. Gens 144, 4460-820 Custóias, Portugal
Your privacy At Moovax, your privacy and the security of your data are our top priority. We use cookies and similar technologies to personalize your experience and enhance our services, ensuring essential website functionality. By clicking accept, you are agreeing to our use of cookies as described in our detailed Cookie Policy.