Privacy Policy

Last updated: 2025-12-09

This Privacy Policy explains how Movie Marathon (“we”, “us”, “our”) processes personal data when you visit or use https://movie-marathon.com/ (“Website”). We act in full compliance with the General Data Protection Regulation (GDPR) and applicable EU privacy laws.

1. Data Controller

The data controller responsible for the processing of your personal data is:

Movie Marathon
Website: https://movie-marathon.com/
Email: thomasjesperschmidt@gmail.com

2. Personal Data We Process

2.1. Data You Provide to Us

  • Email address
  • Password (securely hashed; we never store readable passwords)
  • User preferences, including saved marathons and profile settings
  • Payment-related information (processed by our payment providers; we do not store full card details ourselves)

2.2. Data Collected Automatically

When you use our Website, we automatically collect certain information, including:

  • IP address (anonymised where possible)
  • Device and browser information
  • Usage data such as pages visited, click behaviour, and session duration

This data is collected via, among others:

  • Google Analytics
  • Google Tag Manager
  • Google AdSense

3. Purposes of Processing

We process your personal data for the following purposes:

  • To operate, maintain, and improve the Website and its functionality
  • To enable you to create and manage a free Account
  • To offer and manage Premium Profiles and related payments
  • To analyse Website usage and improve performance and user experience
  • To display advertisements via Google AdSense
  • To prevent abuse, fraud, and unauthorised access
  • To comply with legal and administrative obligations

4. Legal Basis under the GDPR

We process personal data based on the following legal grounds under the GDPR:

  • Consent – for analytics, advertising, and other non-essential cookies (e.g. via our cookie banner).
  • Contractual necessity – to create and manage your Account and Premium Profile, and to provide related services.
  • Legitimate interest – for core Website functionality, security, and service improvement, where our interests are not overridden by your fundamental rights and freedoms.
  • Legal obligation – for record-keeping, tax, and other mandatory administrative obligations.

5. Sharing of Personal Data

We do not sell your personal data to third parties.

We only share data with trusted third parties where necessary, including:

  • Google (Analytics, Tag Manager, AdSense) for statistics and advertising.
  • Payment providers for processing Premium Profile transactions.
  • Hosting providers for operating our infrastructure.
  • The Movie Database (TMDb) – we use their API to request film and TV data, but we do not send your personal data to TMDb.

These parties process personal data in accordance with their own privacy policies and, where applicable, data processing agreements with us.

6. International Data Transfers

Some of our service providers (such as Google) are located outside the European Economic Area (EEA). As a result, your data may be transferred to countries that do not offer the same level of data protection as the EEA.

Where such transfers occur, we ensure compliance with the GDPR by implementing safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Technical and organisational security measures

7. Retention Periods

We retain personal data only for as long as necessary for the purposes described above, including:

  • Account data: retained for as long as your Account is active. If you delete your Account, we will delete or anonymise your data, unless retention is required by law.
  • Payment data: retained in accordance with statutory financial and tax obligations.
  • Analytics data: retained according to our Google Analytics settings (e.g. 14 months or as otherwise configured).
  • Server logs: retained for security and debugging purposes, generally up to 12 months.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Website, analyse traffic, and display advertisements. Cookies can be:

  • Essential – required for the Website to function properly.
  • Analytics – to understand how visitors use the Website.
  • Advertising – to show relevant ads via Google AdSense.

On your first visit, you will be asked for consent to place non-essential cookies via a cookie banner. You can withdraw or adjust your consent at any time via your browser settings or, where available, via our cookie preferences.

9. Security Measures

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission via HTTPS
  • Secure password hashing and access control
  • Restricted access to personal data for authorised personnel only
  • Regular software updates and security monitoring

10. Your Rights under the GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of access – to obtain confirmation whether we process your data and to receive a copy.
  • Right to rectification – to have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”) – to request deletion of your data in certain cases.
  • Right to restriction of processing – to limit processing under certain conditions.
  • Right to data portability – to receive your data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at . We may ask you to verify your identity before responding to your request.

You also have the right to lodge a complaint with your local data protection authority in The Netherlands if you believe that your data is not processed in accordance with applicable law.

11. Children’s Privacy

Our Website is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe that we have collected such data without consent, please contact us so we can delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will publish the updated version on the Website with a new “Last updated” date.

We encourage you to review this Privacy Policy periodically to stay informed about how we process and protect your personal data.

13. Contact

If you have any questions about this Privacy Policy or our data protection practices, you can contact us at:

Email: thomasjesperschmidt@gmail.com