We take the utmost care and apply the highest security standards to protect your personal data from unauthorized access. The processing of personal data with regard to JustWatch’s Partner Dashboard (hereinafter “Dashboard”) is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR).
1. Responsible party
Responsible party in the sense of the GDPR:
JustWatch GmbH
Saarbrücker Straße 38
DE - 10405 Berlin
If you have any questions regarding the collection, processing or use of your personal data, or if you wish to provide information, correct, block or delete data, please contact:
2. Data processing on the Dashboard
When you visit the Dashboard, our web server temporarily stores each access in a log file. The following data is collected and stored until it is deleted automatically:
- Date and time of access
- Name and URL of the accessed file
- Notification of whether the retrieval was successful
This data is processed for the purposes of enabling the use of the Dashboard (establishing a connection), system security, technical administration, network infrastructure and the optimization of the online offer. This data cannot be attributed to specific persons, and will not be merged with other data sources without consent. The data will also be deleted after a statistical evaluation.
The legal basis for the data processing is art. 6 (1) (f) GDPR.
3. Data processing on the Dashboard
We collect and process the personal data of our partners for the execution of the partner contract, invoicing and disbursement of revenue. The legal basis for the data processing is art. 6 (1) (b) GDPR.
Furthermore, we have a legitimate interest in processing the personal data of our customers and partners for the purpose of direct mail advertising. The legal basis for the data processing is art. 6 (1) (f) GDPR.
The following categories of data are affected: Name, function, address, e-mail address and other business contact data. In principle, the personal data is collected directly during the registration process, unless it is provided by another body, in particular by public authorities or - if third parties are named as a reference to us - by these third parties. The personal data will be stored for as long as is necessary for the processing of the contract and invoicing, and/or insofar as statutory retention obligations prevent the deletion of the data.
The personal data is processed by our service providers that we use for invoice processing. The Dashboard is hosted Auth0, Inc. a subsidiary of Okta, 100 First Street, 6th Floor San Francisco, CA 94105, USA. All references to Customer Identity Cloud include Auth0 by Okta. A Data Processing Agreement (DPA) together with SCCs was concluded. In this context, it may happen that the data is transferred to countries outside the European Union. We would like to point out that there is no general adequacy decision of the European Commission for the USA, which certifies that the USA has an adequate level of data protection. By transferring the personal data, there is a risk that US authorities will access it and process it for their own purposes.
You can find more information about Okta's data processing here.
4. How we store and protect your data
We process and store your data in highly secure data centers within the EU, operated by Amazon Web Services and the Google Cloud Platform. These data centers are secured and certified to the highest standards (at least ISO 27001, 27017, 27018 and EU Standard Contractual Clauses (SCCs)) and protected by signed data processing addenda.
All information provided is encrypted both during transmission (TLS) and at rest. Access to personalized information by employees is limited and audited.
5. Data subject rights under the GDPR
Under the GDPR, you are entitled to the following statutory data subject rights, provided that the preconditions are met:
- Right to information about your data stored by us under art. 15 GDPR.
- Right to correction of inaccurate data under art. 16 GDPR
- Right to deletion of data stored by us under art. 17 GDPR
- Right to restriction of the processing of data stored by us under art. 18 GDPR.
- Right to data portability under art. 20 GDPR
- Right to withdraw at any time pursuant to art. 7 (3) GDPR any consent granted to us (Consent Manager); this has the consequence that we may no longer continue the data processing based on this consent in the future.
- Right to lodge a complaint with a competent supervisory authority under art. 77 GDPR if you believe that the processing of personal data concerning you violates the provisions of the GDPR.
If you wish to exercise your data subject rights under the GDPR, we will be happy to respond to your request at any time - please send an E-Mail to privacy@justwatch.com and we will get back to you as soon as possible, but no later than the grace period specified by the GDPR.
Right of objection
Insofar as your personal data is processed on the basis of legitimate interests pursuant to art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation.
If you wish to exercise your right to object, you can send us an email at:
You can contact us with any questions regarding data protection via privacy@justwatch.com or by post to the postal address of JustWatch GmbH.