DETAILED INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA IN COMPLIANCE WITH REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

1. Data Controller

The International Institute for Nonviolent Action (NOVACT) is the data controller of both the website and the Moneda REC app. Its contact details are:

  • Identity: International institute of Noviolent Action (of now at forward “The ENTITY” or NOVACT).
  • VAT ID: G-62083357
  • Postal address: Carrer Junta de Comerç, No. 20, Pr 08001, Barcelona, Barcelona
  • Telephone: (+34) 93 551 47 14
  • Email:
  • Website:

NOVACT has a Data Protection Officer (DPO). For any matter specifically related to personal data, you can directly contact the DPO via email at

2. Purpose, legitimacy and categories of collected data

Personal data of the following individuals will be processed:

  1. The professional user, when considered as a self-employed or autonomous worker;
  2. Those of the individuals who, while providing their services to the professional user, come into contact with NOVACT to enable the maintenance, development and management of the relationship formalized by the professional user’s adherence to the campaign, to whom the professional user herself commits to transmit the content of this clause;
  3. Those of the private users who register to participate in the campaign.”

The personal data of the interested parties indicated will be processed for the following purposes:

  • Service Contracting
    • Purpose: To enable the maintenance, development and management of the relationship formalized by the professional or private user’s adherence to the campaign.
    • Legal Basis: a) In relation to the professional user who is a self-employed or autonomous worker, the execution of a contract in which the interested party is a part; b) In relation to the contact persons, NOVACT’s legitimate interest to contact the professional user through them; and c) In relation to private individuals who register to participate in the campaign, the execution of a contract in which the interested party is a part.
    • Type of data: name, surname, ID, location, banking data (credit or debit card), date of birth, postal address, email (optional), gender, and phone.
  • Communications about the service
    • Purpose: To keep users informed, including through electronic means (follow-up calls, SMS and/or emails), about news and the status of the “REC Cultural” campaign. This purpose may also include conducting surveys of private users and businesses adhering to the “REC Cultural” campaign.
    • Legal Basis: User consent. Users can unsubscribe from these communications and stop receiving requests to answer surveys at any time by withdrawing their consent, as explained below.
    • Type of data: email and phone (push notifications).
  • User image within the App
    • Purpose: To display the user’s image on the application profile and, if applicable, in the list of users of the same.
    • Legal Basis: User consent.
    • Type of data: personal image or photograph.
  • Exchanges with personal contacts
    • Purpose: To allow the sharing of RECs with personal contacts from the phone book.
    • Legal Basis: User consent.
    • Type of data: personal contacts from the phone.”

Data Retention

The data processed for these purposes will be kept until the user withdraws his or her consent and, after that, for the legally provided periods of retention and limitation of liability.

Third-Party Recipients

For these purposes, the data may be communicated to the following third-party recipients:

  • Barcelona Institute of Culture (ICUB) as a public administration for compliance with legal obligations;
  • Banking entities for the management of collections and payments.
  • The following categories of processors may also be notified: electronic communications providers, office automation, hosting, housing, IT maintenance, management, accounting, auditing, legal advice, and representation. Some of these processors may transfer personal data to processors located in third countries with which the European Commission’s standard data protection clauses have been adopted (Commission Decision (EU) 2021/914/EU of 4 June 2021).”

Security Measures

NOVACT, through its providers, has adopted the technical and organizational measures necessary to guarantee the security and integrity of the data, as well as to prevent its alteration, loss, treatment or unauthorized access.

In particular:

  • Data is stored in an encrypted database.
  • All communications are carried out with data encryption (TLS).
  • Daily backups are made, which are properly encrypted.
  • The cloud servers are located in European territory.

Exercise of Rights

Interested parties may exercise their rights of access, rectification, deletion, limitation of processing, data portability, and opposition by sending their request to NOVACT, as the data controller. Alternatively, they may file a complaint with the corresponding supervisory authority if they consider it appropriate.