Privacy Policy
1. General Information
This Privacy Policy regulates the processing of personal data through the website www.movements.mov (the "Website"), managed by MOVEMENTS Impact, S.L. ("MOVEMENTS").
This Privacy Policy regulates the processing of user personal information on the Website and on the platform available through it (the "Platform") and describes how MOVEMENTS collects, uses, protects and shares User data when using the services offered through it (the "Services").
MOVEMENTS is committed to ensuring the confidentiality, security and integrity of the personal data collected, treating User information in accordance with applicable regulations. Users are advised to read this document carefully to understand their rights and MOVEMENTS' obligations regarding privacy.
MOVEMENTS reserves the right to modify this Privacy Policy to adapt it to legislative or jurisprudential changes or to the Platform's own functionalities, informing Users of such modifications by the means MOVEMENTS deems appropriate.
The Website may include links to third-party websites. MOVEMENTS assumes no responsibility for their privacy policies or the content that may be found on them. This Privacy Policy applies only to personal data collected directly through the Website.
2. Who is responsible for processing your data?
This clause aims to inform the User about who is responsible for processing their personal data when using the Platform. It is essential to distinguish the different relationships generated when using the Services:
1. MOVEMENTS as Data Controller
For personal data associated with the User account and general use of the Platform, as well as for the provision of services by MOVEMENTS, the data controller is:
| Responsible: | MOVEMENTS IMPACT, S.L. |
|---|---|
| Tax ID and registration: | B22542377 Registered in the Commercial Registry of Madrid, sheet M-856941, entry 1 |
| Address: | Calle Eugenio Caxes, 4, 5B, 28026 Madrid |
| Email: | contacto@movements.mov |
| DPO Contact: | dpo@movements.mov |
This Privacy Policy only applies to the processing of personal data carried out by MOVEMENTS as Data Controller, that is, when it processes data for its own purposes. This Privacy Policy will not apply to data processing that MOVEMENTS carries out as Data Processor on behalf of a Creator. In such cases, the Creator's own privacy policy will apply, which will be made available to the User prior to joining the Movement, as provided in the following section.
2. Creators as Data Controllers
By subscribing to a Movement, the User establishes a direct contractual relationship with the Creator of that Movement. In this framework, the Creator acts as Data Controller of the personal data that the User provides through the Platform, being the only one who determines the purposes and means of such processing.
Joining a Movement will require express acceptance by the User of the privacy policy that the Creator makes available to its subscribers. In these cases, MOVEMENTS will act as Data Processor with respect to the data it processes on behalf of the Creator for the provision of Platform services.
The User must be aware that, for the correct provision of the Services offered on the Platform, the processing of certain personal data is essential. In particular, for a User to subscribe to a Movement, it is a necessary contractual requirement that their identification and contact data be communicated to the Creator of that Movement. This communication is essential so that the Creator can manage their community of Subscribers, send the Content associated with the Movement and fulfill the obligations arising from the direct relationship established between the Creator and the Subscriber.
Consequently, the User is obliged to provide such data and accept their communication to the Creator if they wish to subscribe to a Movement. The refusal to provide this data or opposition to their communication to the Creator will directly result in the impossibility of formalizing the subscription and, therefore, accessing the Content and specific services of that Movement.
This processing is supported by the execution of the contractual relationship that the User establishes both with MOVEMENTS and with the Creator when requesting the subscription.
3. What personal data do we collect and for what purposes?
MOVEMENTS collects and processes different categories of personal data for the following purposes:
| Category | Examples | Purpose |
|---|---|---|
| User account data | Username, age or date of birth, email address and password, profile photo, associated social networks | Create and manage the User account, verify their identity and allow access to the Platform |
| Economic transaction data | Credit/debit card information or other payment methods, billing address, transaction history | Enable technical integration with the payment service provider responsible for processing Subscription transactions. MOVEMENTS does not store complete card data or directly intervene in payment processing, which is carried out under the exclusive responsibility of the payment service provider. |
| Contact and support data | User identification data, information provided through forms | Handle requests, inquiries or incidents related to Platform access or use and provide User support |
| Usage and navigation data | IP address, unique device identifiers, browser, pages visited, Platform interactions and cookie data | Analyze Platform use to improve User experience, ensure service security and personalize content |
| User-generated content | Petitions, publications, events, comments, multimedia files and any other content the user publishes on the Platform | Allow User participation on the Platform |
| Subscription data | Information about the Movements a User subscribes to | Enable technical execution of the subscription and communicate strictly necessary data to the corresponding Creator, who will act as Data Controller in the framework of the relationship with their subscribers |
In addition to the data categories described in the table above, MOVEMENTS may process data derived from linking MOVEMENTS with social network profiles. You can consult the privacy policy of the main social networks at the following links:
The use of cookies and similar technologies is governed by the Cookie Policy, where the User can manage their consent preferences.
4. What happens when a Creator imports external contact lists?
Creators can import external contact lists to invite new people to join their Movements. In this process it is important to distinguish the different roles in data processing:
- The Creator as Data Controller: when importing a contact list, the Creator acts as the sole Data Controller of that data. Under their exclusive responsibility, they guarantee that they have obtained it lawfully and transparently, that they have an adequate basis for legitimacy (for example, the express consent of the interested party) and that they have informed the contacts about the purpose of communicating their data to MOVEMENTS.
- MOVEMENTS as Data Processor: during the initial import and invitation sending phase, MOVEMENTS acts solely as Data Processor, limiting itself to providing the technological infrastructure and sending, on behalf of the Creator, the invitation to join the Movement. MOVEMENTS does not use this data for its own purposes nor verify the legality of imported lists.
- Conversion to MOVEMENTS User: for a contact imported by a Creator to become a Movement Subscriber, it is necessary to follow a process designed to ensure the protection of their personal data and maximum transparency regarding the responsibilities of each party.
- Movement Subscription: if the new User decides to subscribe to the Movement of the Creator who invited them, the provisions of section 2 above will apply regarding responsibility for processing their personal data.
- Exercise of rights: any person whose data has been imported to the Platform without registering must exercise their rights of access, rectification, deletion and opposition directly with the Creator who performed the import in their capacity as Data Controller. Once registered as a User, they may exercise their rights both with MOVEMENTS (regarding their account) and with the Creator (regarding subscription to the Movement), in accordance with this Privacy Policy.
To facilitate compliance with legal obligations regarding data protection, MOVEMENTS makes available to Creators a default privacy policy template, which they can adapt and use in their Movements. Creators can request this template by writing to dpo@movements.mov or through the support channel enabled on the Platform. In any case, it will be the exclusive responsibility of each Creator to verify the adequacy of the policy to their specific activities and keep it updated in accordance with applicable regulations.
5. What is the legal basis for processing your data?
The processing of personal data by MOVEMENTS is based on the following legal bases, depending on the purpose for which it is processed:
- Performance of the contractual relationship: data processing is essential to be able to provide the Services offered through the Platform.
This includes, among other cases, the creation and maintenance of the User account, publication of Content, handling support requests related to the account, access to Platform functionalities and communication of necessary data to the payment service provider or the corresponding Creator to formalize the Movement subscription. - Consent of the interested party: certain processing is carried out based on free, specific, informed and unequivocal consent granted by the User.
This includes, among other cases, sending newsletters with information not directly linked to contracted services, handling inquiries or comments, and use of analytical or advertising cookies. - Compliance with legal obligations: in certain cases, personal data processing is necessary to comply with legal obligations imposed on MOVEMENTS.
This includes, among others, retention of transaction information for tax and accounting purposes, handling requirements from judicial or administrative authorities, compliance with cooperation duties regarding information society services (including removal or blocking of illicit content), as well as managing requests to exercise data protection rights. - Legitimate interest: in certain cases, data may be processed based on MOVEMENTS' legitimate interest, provided that the fundamental rights and freedoms of the interested parties do not prevail.
This includes, among other cases, preparation of aggregate statistical analyses on Platform use, sending commercial communications about own services similar to those contracted by the User, adoption of security measures to ensure service integrity and prevention of fraud or misuse. - Contact lists imported by Creators: when a Creator imports contact lists, they act as the sole Data Controller and guarantee that they have an adequate legal basis (usually, express consent of the interested parties) for communicating the data to MOVEMENTS.
6. How long do we keep your data?
MOVEMENTS will retain user personal data only for as long as necessary to fulfill the purposes for which it was collected and to determine possible liabilities that could arise from that purpose and data processing. The following criteria will apply:
| Data category | Indicative period |
|---|---|
| User account data | Registration and profile data will be retained as long as the User keeps their account active on the Platform. When the User requests account deletion, their data will be blocked. |
| Economic transaction data | Information relating to billing and transactions will be retained for the periods legally required by tax and commercial regulations, which generally is six (6) years. |
| Contact and support data | Data collected to handle inquiries or incidents will be retained only for the time necessary to manage and resolve the request. |
| Usage and navigation data | Usage data associated with the User account will be retained while it remains active to allow service personalization. Data collected for purely analytical or statistical purposes will be retained for a maximum period of 24 months from collection, after which it will be anonymized. |
| User-generated content | Content that the User publishes on the Platform will remain visible while the User keeps their account active, unless they decide to voluntarily delete such content earlier, in which case any data that allows it to be associated with their account will be deleted. |
| Subscription data | Information about subscriptions will be retained for the duration of the contractual relationship between the User and the Creator, that is, while the subscription remains active. |
Once the retention periods corresponding to each purpose have ended, MOVEMENTS will keep the data duly blocked, that is, with restricted access, during the limitation periods for legal actions that could arise from the relationship with the user. After these periods have elapsed, it will be permanently deleted.
7. To which recipients will your data be communicated?
Users' personal data may be accessed or communicated in certain cases necessary for the provision of Services, compliance with legal obligations or protection of MOVEMENTS' legitimate interests. The possible recipients are detailed below:
1. Data access
Certain third parties may access personal data as data processors, always acting under MOVEMENTS' instructions and without using it for their own purposes:
- Technology service providers: provide the infrastructure, data hosting, electronic messaging, analytics and technical support necessary for Platform operation.
- Professional advisors: provide legal, tax, accounting or audit services to MOVEMENTS, accessing only the data essential for the performance of their functions.
2. Data communication
Personal data may be communicated, when necessary, to the following categories of recipients, who will then act as data controllers:
- Movement Creators: they are communicated the strictly necessary data so they can manage their community.
- Payment service providers: intervene in the processing of payments linked to Movement Subscriptions, acting as controllers regarding the financial information they manage.
- Administrative, judicial authorities and security forces: may access data when required by applicable regulations or a valid resolution.
3. International transfers
International data transfers outside the European Economic Area are not planned.
8. What are your rights when you provide us with your data?
In accordance with current data protection regulations, personal data subjects may exercise the following rights:
- Right of access: allows you to know whether MOVEMENTS processes personal data concerning you, as well as to access such information.
- Right of rectification: allows you to request modification of inaccurate or incomplete data.
- Right of deletion: allows you to request deletion of your personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
- Right of opposition: allows you to object to the processing of your data for reasons related to your particular situation. In that case, MOVEMENTS will stop processing it, except for compelling legitimate reasons or for the formulation, exercise or defense of claims.
- Right to restriction of processing: in certain circumstances, you may request that the processing of your data be restricted, in which case it will only be retained for the exercise or defense of claims, protection of another person's rights or for reasons of public interest.
- Right to data portability: allows you to receive your personal data in a structured, commonly used and machine-readable format, and transmit it to another controller when processing is based on consent or execution of a contract.
- Right not to be subject to automated decisions: allows the User not to be subject to decisions based solely on automated processing of their data, including profiling, unless they are necessary for the execution of a contract, authorized by law or express consent has been given. MOVEMENTS does not currently apply this type of processing.
The personal data subject may exercise these rights, in the terms legally provided, by sending a request accompanied by a copy of their identity document through the following channels:
If the User considers that the processing of their personal data does not comply with the regulations, they can file a complaint with the Spanish Data Protection Agency (www.aepd.es).