Privacy Policy
1. General Information
This Privacy Policy governs the processing of personal data through the website www.movements.mov (the "Website"), managed by MOVEMENTS Impact, S.L. ("MOVEMENTS").
This Privacy Policy governs the processing of the User's personal information on the Website and on the platform available through it (the "Platform") and describes how MOVEMENTS collects, uses, protects, and shares the User's data when the User uses the services offered through it (the "Services").
MOVEMENTS is committed to ensuring the confidentiality, security, and integrity of the personal data collected, processing the User's information in accordance with applicable regulations. The User is advised to read this document carefully to understand their rights and MOVEMENTS' obligations regarding privacy.
MOVEMENTS reserves the right to modify this Privacy Policy to adapt it to legislative or jurisprudential changes or to the Platform's own functionalities, informing the User of such modifications through the means MOVEMENTS deems appropriate.
The Website may include links to third-party websites. MOVEMENTS assumes no responsibility whatsoever for their privacy policies or the content that may be found on them. This Privacy Policy applies solely to personal data collected directly through the Website.
2. Who is responsible for processing your data?
The purpose of this clause is to inform the User about who is responsible for processing their personal data when using the Platform. It is essential to distinguish the different relationships that arise when using the Services:
1. MOVEMENTS as the Data Controller
For personal data associated with the User's account and the general use of the Platform, as well as for the provision of services by MOVEMENTS, such as Subscriptions, the data controller is:
| Data Controller: | MOVEMENTS IMPACT, S.L. |
|---|---|
| Tax ID and registration: | B22542377 Registered in the Madrid Commercial Registry, page M-856941, 1st entry |
| Address: | Calle Fuenterrabía 9 Local 6, 28014 Madrid (Spain) |
| Email: | contact@movements.mov |
| DPO Contact: | dpo@movements.mov |
This Privacy Policy applies solely to the processing of personal data carried out by MOVEMENTS in its capacity as Data Controller, that is, when it processes data for its own purposes. This Privacy Policy does not apply to data processing carried out by MOVEMENTS in its capacity as Data Processor on behalf of a Creator. In such cases, the Creator's own privacy policy shall apply, which will be made available to the User prior to their joining the Movement, in accordance with the provisions of the following section.
2. Creators as Data Controllers
By becoming a Member of a Movement, the User establishes a direct contractual relationship with the Creator of said Movement. In this context, the Creator acts as the Data Controller for the personal data that the Member provides through the Platform, being the sole party to determine the purposes and means of such processing.
Becoming a Member requires the User's express acceptance of the privacy policy that the Creator makes available to its Members. In such cases, MOVEMENTS will act as a Data Processor with respect to the data it processes on behalf of the Creator for the provision of the Platform's services.
The User must be aware that, for the proper provision of the Services offered on the Platform, the processing of certain personal data is essential. In particular, for a User to become a Member of a Movement, it is a necessary contractual requirement that their identifying and contact information be provided to the Creator of said Movement. This disclosure is essential for the Creator to manage their community of Members, send Content associated with the Movement, and fulfill the obligations arising from the direct relationship established between the Creator and the Member.
Consequently, the User is obligated to provide such data and to consent to its disclosure to the Creator if they wish to become a Member of a Movement. Refusal to provide this data or objection to its disclosure to the Creator will directly result in the inability to formalize Membership and, therefore, to access the specific Content and services of that Movement.
This processing is based on the performance of the contractual relationship that the User establishes with both MOVEMENTS and the Creator when applying for Membership.
3. What personal data do we collect and for what purposes?
MOVEMENTS collects and processes different categories of personal data for the following purposes:
| Category | Examples | Purpose |
|---|---|---|
| User account data | Username, age or date of birth, email address and password, profile photo, associated social media accounts | To create and manage the User's account, verify their identity, and grant access to the Platform |
| Financial Transaction Data | Credit/debit card information or other payment methods, billing address, transaction history | To enable technical integration with the payment service provider responsible for processing transactions for Movements Paid Memberships and MOVEMENTS Subscriptions. MOVEMENTS does not store full card details nor does it directly intervene in the processing of payments, which is carried out under the sole responsibility of the payment service provider. |
| Contact and support information | User identification data, information provided through forms. | To respond to requests, inquiries, or issues related to access to or use of the Platform and to provide support to the User |
| Usage and browsing data | IP address, unique device identifiers, browser, pages visited, interactions on the Platform, and cookie data. | Analyze Platform usage to improve the User experience, ensure service security, and personalize content |
| User-generated content | Requests, posts, events, comments, multimedia files, and any other content that the user publishes on the Platform. | To enable User participation on the Platform |
| Subscription Data | Information regarding the Subscriber's active Subscription, credit/debit card information or other payment methods, billing address, and transaction history. | To allow access to Content available through the MOVEMENTS Subscription and to enable payments for the purchase and renewal of Subscription periods |
| Paid Membership Data | Information regarding Movements in which a User purchases a Paid Membership. | To enable the technical implementation of the Paid Membership and to communicate the strictly necessary data to the relevant Creator, who will act as the Data Controller within the framework of the relationship with their Paid Members |
In addition to the data categories described in the table above, MOVEMENTS may process data derived from linking MOVEMENTS with social media profiles. You can view the privacy policies of the major social media platforms at the following links:
The use of cookies and similar technologies is governed by the Cookie Policy, where the User can manage their consent preferences.
4. What happens when a Creator imports external contact lists?
Creators can import external contact lists to invite new people to join their Movements. In this process, it is important to distinguish the different roles in data processing:
- The Creator as Data Controller: when importing a contact list, the Creator acts as the sole Data Controller of that data. Under their sole responsibility, they guarantee that they have obtained the data lawfully and transparently, that they have an adequate legal basis (for example, the data subject's express consent), and that they have informed the contacts about the purpose of sharing their data with MOVEMENTS.
MOVEMENTS assumes no liability whatsoever for the lawfulness, accuracy, or legitimacy of the contact lists imported by Creators, nor for the use they make of the personal data contained therein. The incorporation of third-party data into the Platform via this feature is carried out at the Creator's sole initiative and under their sole responsibility. Consequently, any claim, penalty, damage, or loss arising from the lack of legitimacy in the collection of data, the absence of adequate information provided to the data subjects, the lack of a sufficient legal basis, or any other violation of data protection regulations attributable to the Creator, shall be borne exclusively by the Creator, with MOVEMENTS being fully exonerated and entitled to seek reimbursement from the Creator for any costs, damages, or penalties it may incur as a result of such breaches.
- MOVEMENTS as Data Processor: During the initial phase of importing and sending the invitation, MOVEMENTS acts solely as a Data Processor, limiting itself to providing the technological infrastructure and sending, on behalf of the Creator, the invitation to join the Movement. MOVEMENTS does not use this data for its own purposes nor does it verify the legality of the imported lists.
- Becoming a MOVEMENTS User:
For a contact imported by a Creator to become a MOVEMENTS User and a Member of a Movement, it is necessary to follow a process designed to ensure the protection of their personal data and maximum transparency regarding the responsibilities of each party.
Upon receiving the invitation sent by MOVEMENTS on behalf of the Creator, the contact must complete registration on the Platform. This registration requires acceptance of MOVEMENTS' Terms and Conditions of Use and Privacy Policy, as well as the Creator's privacy policy. Only at that moment does the contact acquire the status of MOVEMENTS User (with respect to which MOVEMENTS acts as the Data Controller for the data associated with the account under the terms described in this Privacy Policy) and, at the same time, their Membership in the Creator's Movement is formalized, within the framework of which the Creator continues to act as an independent Data Controller for the data necessary to manage their community and send Content related to the Movement.
Express acceptance of these conditions constitutes an indispensable contractual requirement for the valid formalization of Membership in a Movement. In the event of a refusal to grant such consent, the contractual relationship with the Creator cannot be established, nor, consequently, can the status of Member of a Movement be acquired, as it is contractually required to first hold the status of User of the Platform.
- Membership: If the new User decides to become a Member of the Movement of the Creator who invited them, the provisions of Section 2 above regarding responsibility for the processing of their personal data shall apply.
- Exercise of Rights: Any person whose data has been imported into the Platform without actually registering must exercise their rights of access, rectification, erasure, and objection directly with the Creator who performed the import in their capacity as Data Controller. Once registered as a User, you may exercise your rights both with MOVEMENTS (regarding your account) and with the Creator (regarding Membership), in accordance with the provisions of this Privacy Policy.
To facilitate compliance with legal obligations regarding data protection, MOVEMENTS provides Creators with a default privacy policy template, which they may adapt and use in their Movements. Creators may request this template by writing to dpo@movements.mov or through the support channel available on the Platform. In any case, it is the sole responsibility of each Creator to verify that the policy is appropriate for their specific activities and to keep it updated in accordance with applicable regulations.
5. What is the legal basis for the processing of your data?
The processing of personal data by MOVEMENTS is based on the following legal grounds, depending on the purpose for which the data is processed:
- Performance of the contractual relationship: the processing of data is essential to provide the Services offered through the Platform.
This includes, among other cases, the creation and maintenance of the User account, the publication of Content, the handling of support requests related to the account, access to the Platform's features, the communication of necessary data to the payment service provider or the relevant Creator to formalize Membership and/or Paid Membership in the Movement, and Subscription to MOVEMENTS. - Consent of the data subject: certain processing activities are carried out on the basis of the User's free, specific, informed, and unambiguous consent.
This includes, among other things, sending newsletters containing information not directly related to the contracted services, responding to inquiries or comments, and the use of analytical or advertising cookies. - Compliance with legal obligations: in certain cases, the processing of personal data is necessary to comply with legal obligations imposed on MOVEMENTS.
This includes, among other things, retaining information derived from transactions for tax and accounting purposes, responding to requests from judicial or administrative authorities, fulfilling cooperation obligations regarding information society services (including the removal or blocking of illegal content), as well as managing requests to exercise personal data protection rights. - Legitimate interest: In certain cases, data may be processed based on MOVEMENTS' legitimate interest, provided that the fundamental rights and freedoms of the data subjects do not prevail.
This includes, among other cases, the preparation of aggregated statistical analyses on the use of the Platform, the sending of commercial communications regarding our own services similar to those contracted by the User, and the adoption of security measures to ensure the integrity of the service and the prevention of fraud or misuse. - Contact lists imported by Creators: when a Creator imports contact lists, they act as the sole Data Controller and ensure they have an adequate legal basis (typically, the express consent of the data subjects) for sharing the data with MOVEMENTS.
6. How long do we retain your data?
MOVEMENTS will retain the User's personal data only for as long as necessary to fulfill the purposes for which it was collected and to determine any potential liabilities that may arise from such purposes and the processing of the data. To this end, the following criteria will apply:
| Data Category | Approximate retention period |
|---|---|
| User account data | Registration and profile data will be retained as long as the User maintains an active account on the Platform. When the User requests to close their account, their data will be blocked. |
| Financial transaction data | Information regarding billing and transactions will be retained for the periods required by tax and commercial regulations, which is generally six (6) years. |
| Contact and support data | Data collected to address inquiries or issues will be retained only for the time necessary to manage and resolve the request. |
| Usage and browsing data | Usage data associated with the User's account will be retained for as long as the account remains active to enable service personalization. Data collected for purely analytical or statistical purposes will be retained for a maximum period of 24 months from the date of collection, after which it will be anonymized. |
| User-generated content | Content that the User posts on the Platform will remain visible as long as the User keeps their account active, unless they decide to voluntarily delete such content beforehand, in which case any data that allows it to be associated with their account will be deleted. |
| Subscription Data | Information regarding Subscriptions will be retained for the duration of the contractual relationship between the Subscriber and MOVEMENTS, that is, as long as the Subscription remains active. |
| Membership and Paid Membership Data | Information regarding Memberships and Paid Memberships will be retained for the duration of the contractual relationship between the User and the Creator, that is, as long as the Membership or Paid Membership remains active. |
Once the retention periods corresponding to each purpose have expired, MOVEMENTS will keep the data properly blocked—that is, with restricted access—for the statute of limitations periods of any legal actions that may arise from the relationship with the User. Once these periods have elapsed, the data will be permanently deleted.
7. To whom will your data be disclosed?
Users' personal data may be accessed or disclosed in certain cases necessary for the provision of the Services, compliance with legal obligations, or the protection of MOVEMENTS' legitimate interests. The possible recipients are detailed below:
1. Access to Data
Certain third parties may access personal data in their capacity as data processors, always acting under MOVEMENTS' instructions and without using the data for their own purposes:
- Technology service providers: They provide the infrastructure, data hosting, email services, analytics, and technical support necessary for the Platform's operation.
- Professional advisors: provide legal, tax, accounting, or auditing services to MOVEMENTS, accessing only the data essential for the performance of their duties.
2. Data Disclosure
Personal data may be disclosed, when necessary, to the following categories of recipients, who will act as data controllers from that point forward:
- Movement Creators: They are provided with the data strictly necessary for them to manage their community.
- Payment service providers: they are involved in processing payments related to MOVEMENTS Subscriptions or Paid Memberships on MOVEMENTS, acting as data controllers with respect to the financial information they manage.
- Administrative and judicial authorities and law enforcement agencies: may access the data when required by applicable regulations or a valid court order.
3. International Data Transfers
No international data transfers outside the European Economic Area are planned.
8. What are your rights when you provide us with your data?
In accordance with current data protection regulations, data subjects may exercise the following rights:
- Right of access: allows you to find out whether MOVEMENTS processes personal data concerning you, as well as to access such information.
- Right to rectification: allows you to request the correction of inaccurate or incomplete data.
- Right to erasure: allows you to request the deletion of your personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
- Right to object: allows you to object to the processing of your data for reasons related to your particular situation. In that case, MOVEMENTS will cease processing it, except for compelling legitimate grounds or for the establishment, exercise, or defense of legal claims.
- Right to restriction of processing: under certain circumstances, you may request that the processing of your data be restricted, in which case it will only be retained for the exercise or defense of legal claims, the protection of another person's rights, or for reasons of public interest.
- Right to data portability: This allows you to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller when the processing is based on consent or on the performance of a contract.
- Right not to be subject to automated decision-making: This right allows the User to avoid being subject to decisions based solely on the automated processing of their data, including profiling, unless such decisions are necessary for the performance of a contract, are authorized by law, or the User has given explicit consent. MOVEMENTS does not currently engage in this type of processing.
The data subject may exercise these rights, in accordance with legal provisions, by sending a request accompanied by a copy of their identification document through the following channels:
If the User believes that the processing of their personal data does not comply with the provisions of the regulations, they may file a complaint with the Spanish Data Protection Agency (www.aepd.es).
Date of last update: April 6th