At Movie'n'co we take privacy and transparency seriously. This policy is governed by the EU General Data Protection Regulation 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD), in line with Spanish Law 34/2002 (LSSI). For users in the United Kingdom, the UK GDPR (the retained version of the EU GDPR) and the Data Protection Act 2018 also apply.
Below you will find details of the personal-data processing we carry out and all the related information.
Personal data protection — full information
1. Who is the controller of your personal data?
- Publisher: Diego López García
- NIF (Spanish tax number): 05288583D
- Contact email: [email protected]
For postal contact, please see the address published in the Legal information page.
2. What categories of personal data do we process?
- Identification and contact details provided at sign-up: alias or name, email address and, where applicable, date of birth.
- Identifiers obtained from social sign-in (Facebook, X, Google) when the User chooses to authenticate that way.
- User-generated content: comments, reviews, ratings and any other contributions published on the site.
- Data linked to the premium subscription handled by our payment provider (subscription status, customer and transaction identifiers); we do not store card details.
- Technical identifiers: IP address, approximate IP-based geolocation, browser and device information, and the push-notification endpoint when the User authorises it.
- Browsing behaviour collected through cookies and equivalent technologies as described in the Cookie Policy.
3. What do we use your personal data for?
- Registration, authentication and improvement of the User experience.
- Community participation (comments, reviews and ratings) and its moderation.
- Social sign-in through third-party providers (Facebook, X, Google) when the User chooses it.
- Transactional email, newsletters and other communications the User submits or authorises.
- Regional adaptation of content based on IP geolocation.
- Fraud prevention, anti-spam protection and blocking of abusive access to the site and its APIs.
- Premium-subscription lifecycle management (sign-up, renewal, cancellation, billing) when the User takes out the service.
- Push notifications relating to editorial activity, subject to the User's express consent.
- Advertising personalisation and measurement, as described in the Cookie Policy.
If you do not provide the required data —in particular your email address— we may not be able to deliver the features above. We do not take automated decisions producing significant legal effects on the User.
4. How long do we keep your personal data?
Account data is kept for as long as you remain a registered user and do not cancel the registration or request erasure. Once cancelled, data may be blocked for the legal periods applicable to handle potential claims.
Subscription-related data is kept for the tax and commercial retention periods applicable in Spain. The push-notification endpoint is kept until you revoke permission from your browser or device.
5. What is the legal basis for processing your data?
The legal bases under article 6(1) of the GDPR and UK GDPR are:
- Consent (art. 6(1)(a)): user registration, push-notification opt-in and, where applicable, measurement and advertising cookies.
- Performance of a contract (art. 6(1)(b)): sign-up and management of the premium subscription.
- Legal obligation (art. 6(1)(c)): retention of tax and commercial records relating to transactions.
- Legitimate interests (art. 6(1)(f)): moderation of user-generated content, fraud and spam prevention, and basic editorial personalisation.
Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before the withdrawal.
6. Who do we share your personal data with?
The publisher does not itself transfer personal data to third parties unless required by law. Any transfers that do occur take place through the providers listed below:
- Payment provider: Stripe Payments Europe, Ltd., acting as a data processor for premium-subscription billing.
- Social sign-in providers: Meta Platforms Ireland (Facebook), X Internet Unlimited Company and Google Ireland Limited, acting as independent controllers when the User opts to authenticate through their services.
- Push-notification provider: OneSignal, Inc., acting as a data processor for the delivery of notifications when the User opts in.
- Advertising and measurement partners: identified in the Cookie Policy, where the full list and their privacy policies are available.
7. International transfers
The publisher does not itself carry out transfers of personal data to third countries outside the European Economic Area or the United Kingdom. Any transfers that take place through the providers listed in section 6 rely on the safeguards set out in articles 44 et seq. of the GDPR / UK GDPR (adequacy decisions or standard contractual clauses).
8. What are your rights?
The GDPR and UK GDPR grant you the following rights over the personal data we hold about you:
- Access: confirmation of whether we process your data and, if so, a copy.
- Rectification: correction of inaccurate or incomplete data.
- Erasure: deletion of data that is no longer needed for the purposes it was collected.
- Objection: objection to processing on grounds relating to your particular situation; we will stop unless we have compelling legitimate grounds or need the data to defend legal claims.
- Restriction: request that we limit processing, in which case we only keep the data to handle legal claims.
- Data portability: receive your data in a structured, commonly used, machine-readable format.
- Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, write to [email protected] with a copy of your identification document.
If you consider that your rights have been infringed —particularly if we have not addressed your request satisfactorily— you can lodge a complaint with the Spanish Data Protection Agency through its online complaint form. If you are located in the United Kingdom, you may also raise a complaint with the Information Commissioner's Office (ICO) via ico.org.uk.
9. Where do we get your personal data from?
The personal data we process comes from the data subject —either provided directly (such as your email address or the content you publish), through social sign-in providers when you choose to authenticate that way, or through automated processes (such as your IP address or approximate geolocation).
Additional information
Last updated: 12 May 2026.
