Privacy Policy

Article author
Maddison Fitch
  • Updated

We take the utmost care and apply the highest security standards to protect your personal data from unauthorized access. The processing of personal data on our website https://www.justwatch.com and in the JustWatch apps (for the sake of simplicity, reference will only be made to the “website” apart from exceptional cases) is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR).

1. Responsible party

Responsible party in the sense of the GDPR:

JustWatch GmbH

Saarbrücker Straße 38

DE - 10405 Berlin

If you have any questions regarding the collection, processing or use of your personal data, or if you wish to provide information, correct, block or delete data, please contact: privacy@justwatch.com.

2. Data processing on our website

When you visit our website, our web server temporarily stores each access in a log file. The following data is collected and stored until it is deleted automatically:

 

  • IP address of the requesting computer
  • JustWatch ID
  • Date and time of access
  • Name and URL of the accessed file
  • Notification of whether the retrieval was successful
  • Identification data of the browser and operating system used.

 

This data is processed for the purposes of enabling the use of the website (establishing a connection), system security, technical administration, network infrastructure and the optimization of the online offer. This data cannot be attributed to specific persons, and will not be merged with other data sources without consent. The data will also be deleted after a statistical evaluation.

The legal basis for the data processing is art. 6 (1) (f) GDPR.

 

3. Collection, processing and use of personal data

During data processing, your interests that require protection are always taken into account in accordance with the legal provisions. Personal data (such as your name or email address) is only collected if you provide it to us voluntarily. This may be the case, for example:

 

  • when you make a contact request
  • when you register for a JustWatch account (JustWatch Pro)
  • when you leave feedback via our forms
  • when you take part in a survey
  • or when you tell us your zip code so we can help you find a cinema near you.

 

We use the data you provide without your specific consent exclusively to process your request and delete it when the process is complete and legal regulations do not prevent deletion.

The legal basis for the data processing is art. 6 (1) (f) GDPR.

3.1 Zendesk

We use the “Zendesk” customer relationship management (CRM) service on this website. The service provider is Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102, USA.

We use Zendesk for feedback automation. The use of Zendesk is optional. If you do not agree to Zendesk collecting your data, we offer alternative ways to contact us to submit feedback via email. To use Zendesk, you must provide at least one valid email address. The service can also be used pseudonymously. No information will be passed on to third parties.

In addition, cookies that process your IP address are created using Zendesk. These cookies are technically necessary to ensure the technical functionality of the website and to protect the website from bot attacks.

If the data in the contact forms is used to provide contractual services to data subjects, the legal basis for the processing is art. 6 (1) (b) GDPR. Furthermore, Art. 6 (1) (a) GDPR serves as the legal basis if you have consented to the data processing.

The data processing that takes place via the cookies is based on Art. 6 (1) (f) GDPR. Our legitimate interest is that we need to ensure the functionality and security of our website. The personal data will be retained for as long as necessary to fulfill the purpose of the processing. The data will be deleted as soon as it is no longer necessary to achieve the purpose.

In the context of processing via Zendesk, data may be transferred to the USA. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards.

For more information, please see Zendesk's privacy policy: https://www.zendesk.com/company/privacy-and-data-protection/.

 

3.2 RevenueCat

For the transmission and verification of in-app purchases (conclusion of a JustWatch Pro subscription), we use RevenueCat, a service provided by RevenueCat, Inc., 633 Tarava St. Suite 101, San Francisco, CA 94116, USA (“RevenueCat”).

As part of processing via RevenueCat, data may be transferred to the USA. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards. The SCC: https://www.revenuecat.com/dpa

 

The legal basis for the processing is art. 6 (1) (b) GDPR and art. 6 (1) (f) GDPR.

If you do not want RevenueCat to process your data, please do not make in-app purchases. You can also subscribe to JustWatch Pro on our website. For more information, please see RevenueCat’s Terms and Privacy Policy.

 

3.3 Stripe

When concluding a JustWatch Pro subscription, the payment process is handled by the payment service provider Stripe Inc. 510,Townsend St., San Francisco, CA 94103, "Stripe". This is in line with our legitimate interest in offering an efficient and secure payment method (art. 6 (1) (f) GDPR). In this context, we share data with Stripe to the extent necessary for the performance of the contract (art. 6 (1) (b) GDPR). This involves transaction data. This data includes, for example, the payment method (i.e. credit card, debit card or account number), bank code, currency, amount and date of payment. During a transaction, your name, email address, billing or shipping address, and sometimes your transaction history may be transmitted. This data is necessary for authentication. In addition, Stripe may also collect technical data (such as IP address), name, address, phone number and your country for fraud prevention, financial reporting and to fully provide its own services.

The processing of the data provided under this section is not required by law or contract. We cannot process a payment via Stripe without the submission of your personal data. Your data will be stored by us until the payment processing is completed. This includes the period necessary for processing refunds, claims management and fraud prevention.

Stripe has a dual role in data processing activities as a Controller and Processor. As a Controller, Stripe uses your data to comply with regulatory obligations. This is in accordance with Stripe's legitimate interest (pursuant to art. 6 (1) (f) GDPR) and serves the performance of the contract (pursuant to art. 6 (1) (b) GDPR). We have no influence on this process. Stripe acts as a Processor in order to be able to complete transactions within the payment networks. Within the scope of the processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of art. 28 GDPR to comply with the provisions of data protection law.

 

As part of processing via Stripe, data may be transferred to the USA. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards. Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please see Stripe's privacy policy.

 

3.4 Braze

We use “Braze” for our push messages. The service provider is Braze, Inc, 318 West 39th Street, 5th Floor New York, NY 10018. Braze processes user data such as push tokens, interaction data and IP addresses to control the sending of push messages and analyze user interactions.

 

In the course of processing by Braze, data may be transferred to the USA. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards.

 

The legal basis for this processing and the transfer of your personal data to Braze in the USA is your consent in accordance with art. 6 (1) (a) and art. 49 (1) (a) GDPR. You may withdraw your consent at any time, by changing your privacy settings on our website via the following link.

 

For more information about data processing by Braze, please see Braze’s privacy policy.

 

4. Use of functional cookies

We use so-called cookies to make your visit to our website comfortable and to enable the use of certain functions. Cookies are small text files that are used as identifiers. We transfer them to the hard drive of your computer via your web browser and can read them during your current visit (so-called session cookies). Please note that certain cookies are already stored as soon as you enter our website. Our cookies are protected against being read by third parties by means of your browser’s security standards. You have the option of preventing cookies from being stored on your computer via the appropriate settings in your browser. However, this may limit the functionality of our website or prevent you from accessing it.

The legal basis for the data processing is art. 6 (1) (f) GDPR.

5. Interest-based advertising

We would like to suggest the movies that best suit your personal taste and show you where you can watch them. What we do, provided you have given us your consent: to personalize your experience, we collect, process and store your interactions with our website. This allows us to send you tailored or interest-based advertisements that are optimized for your profile. These ads may be displayed on JustWatch as well as on other websites you visit or apps you use (using retargeting technology). They may also be delivered in emails. If you do not give your consent, we will still show you ads on our website, but they will not be personalized.

In general, all your data is collected in anonymized or pseudonymized form, but we may also collect personal data for explicitly defined use cases. Subject to your consent, we process certain data with the help of third parties and share your data with our business partners. More details on this can be found below. When you use our mobile app, we may collect your GPS location, subject to your additional consent. We may look at how often you use the app and where you downloaded it.

If you have given your consent to the use of a third-party provider, the legal basis for the data processing is art. 6 (1) (a) GDPR. Otherwise, your data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services) and the legal basis for the data processing is art. 6 (1) (f) GDPR.

What we don’t do: we never collect sensitive information such as financial data. We never sell user-level information (e.g., “What movie titles did a particular user click on?”) unless it is in aggregate form (e.g. “What titles are popular with users?”).

6. Affiliate links

On our website, we include so-called affiliate links or other references (which may include, for example, search masks or widgets) to offers and services from third-party providers. If you click on the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third parties.

 

To be able to track whether you have taken advantage of the offers of an affiliate link that we have included, it is necessary for the respective third-party provider to learn that you have clicked on an affiliate link on our website. The assignment of the affiliate link is for commission accounting purposes only and will be deleted as soon as it is no longer necessary.

 

In order to assign affiliate links, these can be supplemented by certain values that comprise a component of the link or that can be stored elsewhere, e.g. in a cookie. These values may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website where the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

 

If you have given us your consent to use a third-party provider, the legal basis for the data processing is art. 6 (1) (a) GDPR. However, the use of a third-party provider may also form part of our (pre)contractual services, in which case the legal basis for the data processing is Art. 6 (1) (b) GDPR. Otherwise, your data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services) and the legal basis for the data processing is Art. 6 (1) (f) GDPR.

 

7. Snowplow

We use the web tracking solution from SnowPlow Analytics Limited, Floor 6, 17 Bevis Marks, London EC3A 7LN, United Kingdom (“SnowPlow”) on our website. We use the data collected using SnowPlow for statistical purposes only. We place a cookie in your browser and use a tracking pixel to recognize a returning user as such. The SnowPlow cookie contains a date and a non-reversible random combination number (“hash”) as well as the number of the current session.

By using SnowPlow, we do not receive any personal data from you, but only statistical information about the use of our website. So, for example, we find out which movies or series are particularly popular, at which times our website is used particularly intensively, via which websites you have reached us, where you have come online from and which browser and operating systems you use. We use this information to continuously optimize the content and our site from a technical, design and editorial point of view and to make it more convenient for you.

This data collection and processing take place at all times without personal references. In particular, we do not store complete IP addresses. This does not therefore fall within the scope of application of the GDPR.

You can find more information in SnowPlow’s privacy policy. You can delete the relevant cookie at any time via your browser.

8. Sentry

This website uses the service Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA, (“Sentry”) to improve the technical stability of the website by monitoring system stability and identifying code errors. Sentry is used solely for these purposes and does not evaluate data for advertising purposes. User data, such as details of the device or time of error, are collected anonymously, are not used in a personalized manner and are subsequently deleted. Consequently, this does not fall within the scope of application of the GDPR. For more information about Sentry, please refer to the Sentry privacy policy.

9. Google

9.1 Google Tag Manager

We use Google Tag Manager (“Tag Manager”) from Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Tag Manager collects data on the website and forwards it to the connected analysis tools. The tools store and evaluate this data. Tag Manager does not store any data itself; it has no access to do so. Tag Manager only collects data on how individual tags are used. We collect data via Tag Manager about how you use our website and pass this on to the analysis tools integrated via Tag Manager. Some of this data is personal data, e.g. IP addresses.

A connection to Google’s servers is only established when you have consented to the use of Tag Manager. Until then, no cookies are set up by Tag Manager on your device. The information collected by the cookies may be sent to a Google server in the United States of America (USA) and stored there. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards. Google’s data protection terms and conditions, which comply with the SCCs, apply here.

 

The legal basis for this processing and the transfer of your personal data to Google in the USA is your consent pursuant to art. 6 (1) (a) and art. 49 (1) (a) GDPR. You may withdraw your consent at any time, by changing your privacy settings on our website via the following link.

 

You can block the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the transfer of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link. You also have the option of selecting the types of Google ads or disabling interest-based ads on Google via the ads settings.

 

For more information on the terms of use and privacy policy, please visit https://policies.google.com/technologies/ads?hl=en.

9.2 Google Analytics

We use Google Analytics, an advertising analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

 

Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site (e.g., to measure reach). The information generated by the cookie about your use of our website will be transmitted to and stored by Google on servers in the United States. However, because IP anonymization is enabled on this website, your IP address will be truncated beforehand by Google within a member state of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On our behalf, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. In connection with the use of Google Analytics, location data (information on the geographical position of a device or person) may be processed in addition to metadata and communication data (e.g. device information and IP addresses). Usage data (e.g. access to websites, clicks, access times), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms) or inventory data (e.g. names, addresses) may also be processed.

We would like to point out that on this website Google Analytics has been supplemented by the code "gat._anonymizeIp();" in order to ensure that IP addresses are collected anonymously (so-called IP masking).

A connection to the Google Analytics servers will only be established if you have consented to the use of Google Analytics. Before that, no cookies from Google Analytics will be stored on your device. The information collected by the cookies may be sent to a Google server in the United States of America (USA) and stored there. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards.

The legal basis for this processing and the transfer of your personal data to Google in the U.S. is your consent pursuant to art. 6 (1) (a) and art. 49 (1) (a) GDPR. You can withdraw your consent at any time, by modifying your privacy settings for our website via the following link.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link.

For more information on terms of use and data protection, please visit www.google.com/analytics/terms/de.html or www.google.com/intl/de/analytics/privacyoverview.html.

9.3 Google Ads

We use Google Ads conversion tracking and remarketing to place interest-based ads on external websites. Google Ads is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

 

Google Ads makes it possible to define the visitors to our website as a target group for the display of ads. We use Google Ads to display the ads that we place only to those users who have also shown an interest in their content (e.g. interest in certain movies and series).

 

Remarketing function allows us to present users of our website with interest-based ads on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). Your interaction with our website is analyzed in order to do this. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google display network. The cookies are used to uniquely identify a web browser on a particular device and not to identify a person.

These ads are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, which can be used to measure certain success parameters, such as ads displayed or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your end device. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your Internet browser. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We are only provided with statistical evaluations by Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify you on the basis of this information.

A connection to Google's servers is only established once you have consented to the use of Google Ads. Before that, no cookies are stored by Google Ads on your device. The information collected by the cookies may be sent to a Google server in the United States of America (USA) and stored there. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards. Google's privacy policy, which complies with the SCCs, applies here.

The legal basis for this processing and the transfer of your personal data to Google in the USA is your consent pursuant to art. 6 (1) (a) and art. 49 (1) (a) GDPR. You can withdraw your consent at any time, by changing your privacy settings for our website via the following link.

You can refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link. You also have the option to select the types of Google ads or disable interest-based ads on Google via the ads setting.

For more information on the terms of use and privacy policy, please visit https://policies.google.com/technologies/ads?hl=en.

9.4 Google Firebase

Our website uses “Firebase”, an analysis and monitoring tool from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

 

Firebase supports our login process by processing so-called “instance IDs”, which include a time stamp. These IDs are assigned to a specific user and allow the linking of different events or processes. This data does not allow us to draw any conclusions about the specific user. We do not carry out any personalization. We process this aggregated data in order to analyze and optimize user behavior, for example by evaluating crash reports. We further use Firebase Remote Config on our website and in the JustWatch mobile app. The service allows us to configure app settings so that we can change the app you have installed on your device without you having to install a new version from the Google Play Store or Apple App Store, for example. For this purpose, your device information, your language settings and your country settings are processed. You can find more information about Firebase Remote Config here

 

In order to continuously improve JustWatch, we conduct tests - for example, to find out more about an optimal design or the greatest possible clarity of JustWatch. For such testing purposes, we also collect statistical data and use the Firebase A/B Testing web analysis system (https://firebase.google.com/docs/ab-testing/) for this purpose. Firebase does not collect any personal data. The information about your use of this website is transmitted anonymously to a Firebase server and stored there.

 

The legal basis for the data processing by Firebase is art. 6 (1) (a) GDPR and art. 6 (1) (f) GDPR. You have the option to revoke your consent at any time. This is possible by adjusting your privacy settings for JustWatch via the following link.

 

As part of processing via Firebase, data may be transferred to the USA. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards. Google has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

 

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de). You can find more information about the processing of your data by Google here. You have the right to object to the processing of your personal data pursuant to art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation. If you wish to exercise your right to object, you can send us an email at: privacy@justwatch.com

 

9.5 Google Floodlight

Our website uses “Floodlight”, an analysis and monitoring tool from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

 

We use Floodlight to measure the effectiveness of our advertising campaigns, to limit the frequency with which you are shown a certain ad and to only display ads that are relevant to you and your interests. In particular, information about the ads you have clicked on, as well as your previous usage behavior on third party websites, is collected and stored. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google can use cookie IDs to record so-called conversions that are related to ad requests. The cookies do not contain any personal information such as email addresses, names or street addresses.

 

In addition, Floodlight allows us to understand whether you have taken certain actions after viewing or clicking on one of our display/video ads on another platform (conversion tracking). Google uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later.

 

A connection to Google's servers is only established once you have consented to the use of Floodlight. Before that, no cookies are stored by Floodlight on your device. The information collected by the cookies may be sent to a Google server in the United States of America (USA) and stored there. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards. Google's privacy policy, which complies with the SCCs, applies here.

 

The legal basis for this processing and the transfer of your personal data to Google in the USA is your consent pursuant to art. 6 (1) (a) and art. 49 (1) (a) GDPR. You can withdraw your consent at any time, by changing your privacy settings for our website via the following link.

 

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link. You also have the option to select the types of Google ads or disable interest-based ads on Google via the ads setting.

 

For more information on the terms of use and privacy policy, please visit https://policies.google.com/technologies/ads?hl=en

10. Social Media

10.1 Facebook

We have a so-called fan page on the “Facebook” social network and process user data in this context. We also use Facebook pixels on our website. The service provider is Facebook Inc, 1601 Willow Road, Menlo Park, California 94025; Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

We use our fan page to provide information about JustWatch and to communicate with users active there via the network. Furthermore, data may be processed through the use of Facebook for market research and advertising purposes. This is carried out, for example, on the basis of tracking, where interest- or behavior-based profiling or cookies may be used, among other things. However, remarketing and reach measurement are also used, for which purpose access statistics - which recognize returning visitors - are created, for example.

In this context, the following types of data may be processed: inventory data and contact data (e.g. name, address, email, telephone number), content data (e.g. entries in online forms, use of the message function), usage data (e.g. access to websites, clicks, access times), metadata and communication data (e.g. device information, IP addresses).

With the help of the Facebook pixel (or comparable functions, for the transmission of event data or contact information by means of interfaces in apps), it is possible for Facebook to define the visitors to our online offer into a target group for the display of ads ("Facebook ads"). We use the Facebook pixel to display the Facebook ads that we place only to those users on Facebook and within the services of partners cooperating with Facebook (“Audience Network”) who have also shown an interest in their content (e.g. interest in certain movies and series) and transmit this information to Facebook (“Custom Audiences”). The Facebook pixel also helps us to make sure that our Facebook ads correspond to your potential interest and are not a nuisance. In addition, the Facebook pixel allows us to track the effectiveness of the Facebook ads for statistical and market research purposes, because we can see whether users were redirected after clicking on a Facebook ad (“conversion measurement”).

In this context, the following types of data may be processed: content data (e.g. entries in online forms, use of the messaging function), usage data (e.g. website access, clicks, access times), metadata and communication data (e.g. device information, IP addresses), and event data (Facebook). Event data includes, for example, visits to websites, interactions with content, installations of apps and purchases of movies. Event data is processed to create target groups for content and advertising information (Custom Audiences). Event data does not include specific content (such as comments written), login information, or contact information (e.g. names, email addresses, and phone numbers). Event data is deleted by Facebook after a maximum of two years.

 

With regard to data processing on our Facebook fan page and through the Facebook pixel, JustWatch GmbH and Facebook Ireland are joint controllers according to art. 26 GDPR. The legal basis for the processing of personal data is art. 6 (1) (a) GDPR. You can assert your data subject rights with Facebook directly as well as with us. The primary responsibility under the GDPR for the processing of data lies with Facebook and Facebook fulfills all obligations under the GDPR with regard to the processing of data. You can view the joint processing agreement here. You can find Facebook's security terms here. When Facebook provides us with metrics, analytics, and reports (which are aggregated, i.e. without information on individual users and anonymous to us), this processing is not carried out under shared responsibility, but is based on a processing agreement, which you can view here.

We, as the operator, do not make any decisions regarding the processing of Insights data and any other information resulting from art. 13 GDPR, including legal basis, identity of the controller or storage period of cookies on user terminals.

The standard contractual clauses of the European Commission apply to the transfer of data to Facebook with the addition of the Facebook EU Data Transfer Supplement, available at https://www.facebook.com/legal/EU_data_transfer_addendum.

Although Facebook Ireland is the data controller according to the Facebook EU Data Transfer Supplement, we would like to point out that it cannot be ruled out that the information collected by the cookies will be sent to a Facebook server in the United States of America (USA) and stored there. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes.

Please note that it is possible to link the data with other data (sometimes also on other devices). This risk exists in particular if you have a Facebook account and are logged in to Facebook. To avoid further data linking, we recommend that you log out of Facebook before visiting our website.

The legal basis for this processing and the transfer of your personal data to the USA is your consent pursuant to art. 6 (1) (a) and art. 49 (1) (a) GDPR. You have the option to withdraw your consent at any time here.

For more information, please see Facebook Ireland’s privacy policy, available at: https://www.facebook.com/about/privacy.

10.2 Instagram

We maintain an online presence on the Instagram social network and process user data in this context. The service provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

We use Instagram to provide information about the company and to communicate with users active on the network. Furthermore, data may be processed through the use of Instagram for market research and advertising purposes. This is carried out, for example, on the basis of tracking, where interest- or behavior-based profiling or cookies may be used, among other things. However, remarketing and reach measurement are also used, for which purpose access statistics - which recognize returning visitors - are created, for example.

In connection with the use of our online presence on Instagram, the following types of data may be processed: inventory data and contact data (e.g. name, address, email, telephone number), content data (e.g. entries in online forms, use of the message function), usage data (e.g. access to websites, clicks, access times), metadata and communication data (e.g. device information, IP addresses).

Instagram is a product of Facebook and the text relating to Facebook applies accordingly.

10.3 Twitter Retargeting/Conversion Tracking

We use Twitter retargeting/conversion tracking “Twitter Ads” on our website. The service provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Within the European Union, the responsible body for handling data subject rights is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND (“Twitter”).

Twitter Ads enables us to collect data from users who visit our website. Cookies and code are used that connect our website to other third-party platforms such as Twitter. In the process, a non-reversible and non-personal checksum (hash value) is generated from your usage data and transmitted to Twitter for analysis and marketing purposes. In addition, a so-called “Twitter pixel” may be used to track the actions of users after they have viewed or clicked on a Twitter advertisement.

In this context, the following types of data may be processed: content data (e.g. entries in online forms, use of the messaging function), usage data (e.g. access to web pages, clicks, access times), metadata and communication data (e.g. device information, IP addresses). In “cross-device personalization” Twitter also attempts to identify and link all of a user’s devices. Since the data is stored and processed by Twitter, a link to the respective user profile on twitter.com is also possible.

Although Twitter Ireland is the data controller, we would like to point out that it cannot be ruled out that the information collected by the cookies will be sent to a Facebook server in the United States of America (USA) and stored there. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes.

The legal basis for this processing and the transfer of your personal data to the U.S. is your consent pursuant to art. 6 (1) (a) and art. 49 (1) (a) GDPR. You have the option to withdraw your consent at any time here.

Detailed information about data processing on Twitter, the option to object (opt out) and the possibility of enforcing data subject rights against Twitter can be found here: https://twitter.com/en/privacy. In Twitter’s privacy settings, you can personalize Twitter’s data processing and thus determine, for example, whether the service should tailor advertising to you and whether it may also include other apps installed on your mobile devices in the personalization. You can also set whether Twitter can analyze your location and use it for advertising purposes. Settings: https://twitter.com/personalization.

10.4 TikTok

We use a conversion tracking tool for advertisers, TikTok Pixel, on our website. The TikTok social media application is an international video portal. The service provider for the European region is TikTok Technology Limited, 10 Earlyfort Terrace Dublin, D02 T380, Ireland (“TikTok”).

By using the TikTok pixel (or comparable functions, for the transmission of event data or contact information via interfaces in apps), it is possible for TikTok to define the visitors to our online offering into a target group for the display of ads. We use the TikTok pixel to display ads that we place only to users on TikTok who have also shown an interest in their content (e.g. interest in certain movies and series) and transmit this information to TikTok. We also use the TikTok pixel to ensure that our ads match your potential interest and are not a nuisance. In addition, the TikTok pixel allows us to track the effectiveness of TikTok ads for statistical and market research purposes, because we can see whether users have been redirected after clicking on a TikTok ad (“conversion measurement”).

In this context, the following types of data may be processed: content data (e.g. entries in online forms, use of the messaging function), usage data (e.g., access to websites, clicks, access times), metadata and communication data (e.g., device information, IP addresses), and event data. Event data includes, for example, visits to websites, interactions with content, installations of apps, and purchases of movies. Event data is processed to create target groups for content and advertising information (Custom Audiences). Event data does not include specific content (such as comments written), login information, and contact information (e.g. names, email addresses, and phone numbers).

With regard to the data processing by the TikTok Pixel, JustWatch GmbH and TikTok are joint controllers according to art. 26 GDPR. You can view the joint processing agreement here.

Although TikTok Ireland is the data controller, we would like to point out that it cannot be ruled out that the information collected by the cookies will be sent to a TikTok server in the United States of America (USA) and stored there. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes. The transfer of data to TikTok is subject to the Standard Contractual Clauses of the European Commission.

Please note that a linking of the data with other data (partly also on other devices) is possible. This risk exists in particular if you have a TikTok account and are logged in to TikTok. To avoid further data linking, we recommend that you log out of TikTok before visiting our company website.

The legal basis for this processing and the transfer of your personal data to the USA is your consent pursuant to art. 6 (1) (a) and art. 49 (1) (a) GDPR. You have the option to withdraw your consent at any time here.

For more information, please see TikTok's terms of use https://www.tiktok.com/legal/terms-of-use?lang=en and privacy policy https://www.tiktok.com/legal/privacy-policy-eea?lang=en.

10.5 YouTube

We integrate video content from the “YouTube” service of the provider Google and process user data in this context. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We use YouTube to show you video content, especially movie or series trailers.

The use of video content from YouTube in particular involves the processing of metadata and communication data (e.g. device information and IP addresses). However, usage data (e.g. access to websites, clicks, access times), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms) or inventory data (e.g. names, addresses) may also be processed.

We use YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about the users of our website before they have consented to the processing or watch the video. The disclosure of data by YouTube, on the other hand, is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network, regardless of whether you watch a video.

A connection with YouTube’s servers is only established when you have consented to the use of YouTube on the embedded preview image of the service. Before that, no cookies are stored by YouTube on your device. Please note that a linking of the data with further data (partly also on other devices) is possible.
This risk exists in particular if you have a YouTube account and are logged in to YouTube. To avoid further data linking, we recommend that you log out of YouTube before visiting our company website.

The information collected by the cookies is usually sent to a Google server in the United States of America (USA) and stored there. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes.

The legal basis for data processing in the context of embedding and displaying the preview images is art. 6 (1) (f) GDPR.

The legal basis for this processing and the transfer of your personal data to the U.S. is your consent pursuant to art. 6 (1) (a) and art. 49 (1) (a) GDPR. You have the option to withdraw your consent at any time here.

Detailed information on data processing can be found in the privacy policy at: https://policies.google.com/privacy. Information on the opt-out option can be found at: https://tools.google.com/dlpage/gaoptout?hl=en. Information on the settings for the display of ads can be found at: https://adssettings.google.com/authenticated.

YouTube’s Terms of Service you can find here.

10.6 Pinterest

We operate a company page on “Pinterest”. The service provider is Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA.

We would like to point out that you use the offered Pinterest service at your own risk and that we are not aware of all the details of data processing at Pinterest at this time. This applies in particular to the use of the interactive functions (e.g. sharing, commenting).

We process the data you enter on Pinterest, in particular your username and the content published under your account, insofar as we include it in our services and make it available to our followers.

If you visit our website and are logged into your Pinterest account at the same time, Pinterest can directly assign your visit to our website to your Pinterest account. If you do not want Pinterest to assign your data to your account, you must log out of Pinterest before visiting our website.

The legal basis for the data processing is art. 6 (1) (f) GDPR.

Data collected when using Pinterest is processed by Pinterest and thereby transferred to countries outside the European Union. In the USA, there is no equivalent to the general adequacy decision of the European Commission certifying an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities will access and process it for their own purposes.

For information on how to contact Pinterest and how Pinterest processes your data, please see the privacy policy at https://policy.pinterest.com/en/privacy-policy.

Information on how you can manage or delete information yourself can also be found at https://policy.pinterest.com/en/privacy-policy.

11. How we store and protect your data

We process and store your data in highly secure data centers within the EU, operated by Amazon Web Services and the Google Cloud Platform. These data centers are secured and certified to the highest standards (at least ISO 27001, 27017, 27018 and EU Standard Contractual Clauses (SCCs)) and protected by signed data processing addenda.

All information provided is encrypted both during transmission (TLS) and at rest. Access to personalized information by employees is limited and audited.

The processing and storage of information that may be personally identifiable is kept to the minimum necessary for the operation of the service (e.g., your mobile GPS location is rounded to the nearest hundred meters before our systems are prompted to find movie theaters near you). Where necessary, this type of information is subject to access control, strict retention, and pseudonymization.

12. Your rights and options

12.1 Managing tracking technologies and deleting cookies

Depending on whether the processing is based on consent or legal permission, you have the option at any time to withdraw your consent or to object to the processing of your data via cookies. You can initially declare your objection by means of your browser settings, e.g. by deactivating the use of cookies (which may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, e.g. via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Processing of cookie data on the basis of consent: we use a cookie consent management procedure from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, in the context of which the consent of users to the use of cookies, or to the processing and providers mentioned in the cookie consent management procedure, can be obtained and managed and withdrawn by users. In this context, the declaration of consent is stored in order not to have to repeat its request and to be able to prove consent in accordance with legal obligations. The storage can take place on the server side and/or in a cookie (a so-called opt-in cookie, or with the help of comparable technologies), in order to be able to assign the consent to a user or their device.

You can also control certain tracking tools on your mobile devices. For your convenience, here are instructions that may work for your mobile device; however, please note that the setting features may vary from device to device.

Google Android

Devices running Google Play Services 4.0 and later use the Google Android Advertising ID (AAID). Learn more about restricting ad tracking using this ID:

 

  • Go to Settings on your device
  • Select Ads
  • Select Disable interest-based ads

Apple iOS

Devices running iOS 6 and later use the Apple Advertising Identifier (IDFA). For more information about restricting ad tracking using this ID:

 

  • Go to Settings on your device
  • Select Privacy
  • Select Tracking
  • De-select Allow Apps to Request to Track

12.2 Data subject rights under the GDPR

Under the GDPR, you are entitled to the following statutory data subject rights, provided that the preconditions are met:

 

  • Right to information about your data stored by us under art. 15 GDPR.
  • Right to correction of inaccurate data under art. 16 GDPR
  • Right to deletion of data stored by us under art. 17 GDPR
  • Right to restriction of the processing of data stored by us under art. 18 GDPR.
  • Right to data portability under art. 20 GDPR
  • Right to withdraw at any time pursuant to art. 7 (3) GDPR any consent granted to us (Consent Manager); this has the consequence that we may no longer continue the data processing based on this consent in the future.
  • Right to lodge a complaint with a competent supervisory authority under art. 77 GDPR if you believe that the processing of personal data concerning you violates the provisions of the GDPR.

 

If you wish to exercise your data subject rights under the GDPR, we will be happy to respond to your request at any time - please send your unique pseudonymous identifier to our email address privacy@justwatch.com and we will get back to you as soon as possible, but no later than the grace period specified by the GDPR.

Right of objection

Insofar as your personal data is processed on the basis of legitimate interests pursuant to art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation.

If you wish to exercise your right to object, you can send us an email at: privacy@justwatch.com

You can contact us with any questions regarding data protection via privacy@justwatch.com or by post to the postal address of JustWatch GmbH.