Privacy Policy

General Privacy Policy of the EXACT CHANGE Group

Any personal data that the user provides for the use of the services of this website and/or the Exact Group branches will be subject to the provisions of this data protection policy. However, please note that some services may contain specific conditions with particular provisions regarding personal data protection.

The internal information channel includes additional data protection information in its Annex II.

In any case, the processing of personal data will be carried out in accordance with Regulation (EU) 2016/679 of 27 April (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD).

Who is responsible for processing your data?

  • Identity: MACCORP EXACT CHANGE, E.P., S.A. (hereinafter "MACCORP")
  • Tax ID (CIF): A79182788
  • Postal address: Calle Orense 6 (PC 28020) Madrid – Spain
  • Email address: atencionalcliente@grupoexact.com

The foreign currency reservation services via the Website with collection at the Puerto Banús office (Málaga – Spain) are provided by AIRPORT CHANGE, S.A. (Tax ID (CIF) A80832231 and address at Calle Orense 6 (PC 28020) Madrid – Spain), which, in its capacity as Data Controller, will process the personal data arising from the provision of the foreign currency reservation service in accordance with this privacy policy.

Tax refund operations and Western Union transfer operations carried out at Exact Group branches are services provided by third parties (identified in the corresponding information clause of the service). On these occasions, MACCORP and AIRPORT process personal data in their capacity as Agents and Data Processors, with the aforementioned companies acting as Data Controllers.

MACCORP has appointed a Data Protection Officer. Data subjects may contact him/her via the email dpo@grupoexact.com.

For what purposes do we process your data?

Communications, complaints and information requests

The personal data collected through contact forms, help chat or emails will be processed for the purpose of managing, responding to and/or handling users’ communications and requests:

  • Information or assistance requests: they will be processed to manage the request and provide the user with the information requested.
  • Satisfaction surveys: they will be processed for the optimization of MACCORP’s services.
  • Complaints form: the data will be processed to handle, resolve, register and issue the corresponding resolution in accordance with the Customer Protection Regulation.

Legal basis: Legitimate interest (Art. 6.1.f GDPR) and legal obligation for claims (Art. 6.1.c GDPR).

Recovery or modification of identification passwords

The data requested in the forms to retrieve or modify the user identification password will be processed to provide the data subject with the necessary instructions to obtain said password.

Legal basis: Performance of the service (Art. 6.1.b GDPR).

Provision of services and fulfilment of related obligations

MACCORP will process the data in order to provide the contracted services, as well as to comply with the contractual obligations arising from them. By way of example: carrying out and managing the requested foreign currency purchase or reservation service; managing payments, handling customer complaints or claims, presales service, after-sales service, etc.

In this context, MACCORP may send electronic communications strictly necessary for the management of the operations initiated by the customer, such as reminders of processes pending confirmation or not completed. These communications are informational and not promotional in nature.

In the case of foreign currency reservation operations at the Puerto Banús office, AIRPORT CHANGE, S.A. will also act as Joint Controller in the processing of the data.

Legal basis: Performance of the service (Art. 6.1.b GDPR).

Compliance with applicable legal obligations

MACCORP will carry out the processing operations necessary to comply with its legal obligations arising from anti-money laundering and counter-terrorist financing regulations, tax and accounting regulations, conduct and transparency regulations, customer protection rules and any other regulations that may apply.

Customer identification (AML/CFT)

To comply with the legal identification duty established by Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) regulations, we request the presentation of an identity document.

This document is usually scanned using QSCAN, a secure system that allows the automated capture of only the data strictly necessary to manage the operation, without retaining a copy of the document. This process ensures privacy protection and compliance with the GDPR’s data minimisation principle.

A copy of the identity document will only be retained for those operations in which AML/CFT regulations expressly require its retention.

Compliance with legal obligations (Art. 6.1.c GDPR).

Carrying out commercial actions

MACCORP will send commercial and informational communications, including by electronic means, as well as commercial calls related to updates, offers, promotions, services or products connected to its activity and to the tourism and travel sector. Likewise, MACCORP collects information through data storage and retrieval devices such as cookies, pixels, web beacons, etc.

Legal basis: Consent (Art. 6.1.a GDPR) or legitimate interest (Art. 6.1.f GDPR).

Recording of incoming calls

MACCORP records incoming telephone calls for the optimization of its services, quality control and customer service, and also as a means of evidence for the contracting of services and operations requested by the customer.

Legal basis: Legitimate interest (Art. 6.1.f GDPR).

Recording of outgoing commercial calls

In compliance with Circular 1/2023 of 26 June regarding the application of Article 66.1(b) of Law 11/2022 of 28 June, General Telecommunications Law, MACCORP records the commercial telephone calls it makes as a means to demonstrate compliance with data protection regulations.

Legal basis: Legal obligation – principle of proactive accountability (Art. 6.1.c and 5.2 GDPR).

Managing the job pool (applicants only)

In the case of job applications received, the data will be processed to assess the applicant’s potential incorporation into MACCORP’s workforce and Group companies, carrying out an analysis of the applicant’s profile with the aim of selecting the best candidate for the vacant position.

Legal basis: Consent (Art. 6.1.a GDPR).

Processing of biometric handwritten signatures in electronic documents

MACCORP may collect and process the biometric handwritten signature of data subjects in cases where documentation is digitally signed in the Exact Group offices. The purpose of the processing is to allow the signing of contractual, legal or informational documents through digital procedures that ensure the identity of the signer, the integrity of the document and the authenticity of the expressed consent.

The technology used makes it possible to capture not only the image of the signature, but also biometric data associated with the stroke (such as pressure, speed, acceleration and rhythm), integrating them into the encrypted document without these data being stored separately.

Biometric data are processed exclusively for the validation of the signature of the document in which they are embedded; they are not used for subsequent identification of the signer nor are they kept independently from the signed document.

Legal basis: Performance of the contract (Art. 6.1.b GDPR) and compliance with legal obligations (Art. 6.1.c GDPR).

Is profiling carried out?

Customer profiling is carried out in order to comply with MACCORP’s obligations under anti-money laundering regulations, for the purpose of assessing the risk level of MACCORP’s customers in accordance with such regulations. No automated decisions will be made based on such profile.

How long will we keep your personal data?

As a general rule, data will be kept no longer than necessary to maintain the purpose of the processing, or for as long as there are legal provisions that require their retention.

Anti-money laundering regulations

The necessary data and documentation will be retained for 10 years from the occasional transaction or the end of the business relationship.

Commercial and analytical purposes

Data will be retained until the user requests their deletion or objects to the processing. Thereafter, they will be blocked for 3 years to demonstrate regulatory compliance.

Once the retention periods have ended, the data will be erased using appropriate security measures to ensure the anonymisation or complete destruction of the information.

To whom do we disclose personal data?

The following disclosures, assignments and transfers of users’ data are envisaged:

To service providers

Service providers and data processors that provide services which, by their nature, require access to, custody of or processing of users’ data – such as advisors, auditors, agents, etc. – will have legitimate access to the data as a result of the service provision contract, data processing agreement and confidentiality undertaking that they sign with MACCORP.

Transfers and disclosures for service provision

The necessary data will be communicated to entities involved in the service (such as the bank or destination entity of the transfer), which may, depending on the destination country of the transaction, entail international data transfers to third countries whose data protection legislation does not grant the same rights and level of protection as in the EU. Data subjects may request more information about these transfers from the Data Protection Officer via email dpo@grupoexact.com.

International transfer due to use of the help chat

MACCORP has subcontracted the technology used to integrate the help chat on its website to Zendesk Inc., with whom it has signed the EU Standard Contractual Clauses. The data processed through this service are transferred outside the EEA with appropriate safeguards in accordance with Article 46 of the GDPR. Data subjects may request more information from the Data Protection Officer via email dpo@grupoexact.com.

Disclosures to public authorities due to legal obligation

In compliance with MACCORP’s legal obligations, data will be communicated to the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences for the management of the Financial Ownership File (FTF), to public authorities with powers in anti-money laundering, to the tax administration and to other supervisory bodies.

Compliance with court orders and similar requests

We will also disclose any data that are necessary to comply with court orders or similar binding requests. Likewise, we will disclose data when necessary to: (1) cooperate in police investigations or emergency situations that require it; (2) defend the interests and rights of MACCORP and its group companies, their owners, partners, employees and directors; and (3) prevent or stop unlawful conduct or behaviour contrary to good faith.

What are your rights?

Access

Obtain confirmation as to whether we process your personal data and access such data.

Rectification

Request the correction of inaccurate or incomplete data.

Erasure

Request the deletion of your data when they are no longer necessary.

Portability

Receive your data in a structured format and transfer them to another controller.

Objection

Object to the processing of your data in certain circumstances.

Restriction

Request the restriction of processing in certain cases.

Withdrawal of consent: Data subjects have the right to withdraw the consent given to MACCORP at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.

Complaint: Data subjects have the right to lodge a complaint with a competent Data Protection Supervisory Authority.

How can you exercise your rights?

To exercise their rights, data subjects may contact:

You may also use the downloadable forms for rights requests available at www.aepd.es.

Mandatory or optional nature of the information

All fields marked with "*" are mandatory. If the user does not complete them, MACCORP may be unable to register the user or provide the corresponding service.