GDPR Compliance

1. Introduction

Movinnoo ("we," "our," "us"), operating via www.movinnoo.com, is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection in accordance with the General Data Protection Regulation (EU) 2016/679 ("EU GDPR"), the UK General Data Protection Regulation ("UK GDPR"), and the Data Protection Act 2018.

This GDPR Compliance Statement outlines our commitment to data protection principles, the rights available to you as a data subject, and the measures we have implemented to safeguard your personal data. This statement should be read alongside our Privacy Policy, which provides full details on how we collect, use, and protect your personal information.

2. Our Data Protection Principles

We are dedicated to processing personal data in accordance with the following principles, as set out in Article 5 of the GDPR:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner. We provide clear information about how and why we process your data through our Privacy Policy and this Compliance Statement.
• Purpose Limitation: We collect personal data only for specified, explicit, and legitimate purposes, and do not process it in any manner incompatible with those purposes.
• Data Minimisation: We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
• Storage Limitation: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.
• Integrity and Confidentiality: We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
• Accountability: We take responsibility for our data processing activities and can demonstrate compliance with the GDPR principles through our policies, procedures, and documentation.

3. Data Controller Information

For the purposes of the GDPR, Movinnoo is the data controller responsible for your personal data. If you have any questions about our data processing practices, wish to exercise your data protection rights, or need to raise a concern, please contact us using the details provided in Section 13 of this statement.

4. Personal Data We Process

We collect and process the following categories of personal data:

• Account and Identity Data: Name, email address, username, and subscription details.
• Contact Data: Phone number and messaging app identifiers (such as WhatsApp contact details).
• Transaction Data: Payment method details, transaction history, and billing information, processed by secure third-party payment processors. We do not store complete payment card numbers on our servers.
• Technical Data: IP address, browser type and version, device type and operating system, and unique device identifiers.
• Usage Data: Information about how you use our website, including pages visited, time spent on pages, and navigation paths.
• Communication Data: Records of your correspondence with us, including support requests and feedback.

5. Legal Basis for Processing

We rely on the following legal bases for processing your personal data, as outlined in Article 6 of the GDPR:

• Contractual Necessity (Article 6(1)(b)): Processing necessary for the performance of our contract with you, specifically to deliver the IPTV service you have subscribed to, manage your account, process payments, and provide customer support.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including improving the quality and security of our Service, preventing fraud, and analysing website usage patterns. We conduct a balancing test to ensure our interests do not override your fundamental rights and freedoms.
• Consent (Article 6(1)(a)): Where we process your data based on your freely given, specific, informed, and unambiguous consent, such as for marketing communications. You have the right to withdraw consent at any time.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with a legal obligation to which we are subject, such as tax, accounting, and regulatory requirements.

6. Your Rights as a Data Subject

Under the GDPR, you have the following rights with respect to your personal data:

• Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data. We will respond within 30 days of receiving a valid request.
• Right to Rectification (Article 16): You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.
• Right to Erasure (Article 17): You have the right to request the deletion of your personal data in certain circumstances.
• Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right Not to be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing. We do not currently engage in automated decision-making that falls within the scope of this provision.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

7. How to Exercise Your Rights

To exercise any of your data protection rights, please contact us via:

• Email: support@movinnoo.uk
• WhatsApp: Available on our website

To protect your privacy and security, we may need to verify your identity before processing your request. We will acknowledge your request within 72 hours and provide a substantive response within 30 days of receiving a valid, verified request. We will not charge a fee for processing your request unless the request is manifestly unfounded or excessive.

8. Data Security Measures

We have implemented appropriate technical and organisational security measures to protect your personal data:

Technical Measures:

• Encryption of data in transit using TLS/SSL protocols;
• Secure storage of personal data with access restricted through authentication controls;
• Regular security assessments and vulnerability monitoring;
• Firewalls and intrusion detection systems to protect our infrastructure.

Organisational Measures:

• Access to personal data restricted to authorised personnel on a need-to-know basis;
• Staff awareness of data protection responsibilities;
• Documented data handling and incident response procedures;
• Regular review and update of security policies and practices.

9. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside the United Kingdom or the European Economic Area ("EEA") where data protection laws may differ. Where we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by Article 34 of the GDPR.

11. Supervisory Authority and Complaints

If you are dissatisfied with how we handle your personal data or believe that our processing activities infringe the GDPR, you have the right to lodge a complaint with the relevant supervisory authority.

• For UK residents: Information Commissioner's Office (ICO) — www.ico.org.uk — Telephone: 0303 123 1113
• For EEA residents: You may contact the supervisory authority in the EU Member State of your habitual residence. A list of EU Data Protection Authorities can be found at edpb.europa.eu.

We would appreciate the opportunity to address your concerns before you approach a supervisory authority, so please do not hesitate to contact us first.

12. Changes to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our data processing practices, legal requirements, or organisational structure. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this statement periodically.

13. Contact Us

For any questions, concerns, or requests regarding this GDPR Compliance Statement or our data protection practices, please contact us:

• Email: support@movinnoo.uk
• WhatsApp: Available on our website

Movinnoo is committed to maintaining the highest standards of data protection and to upholding your rights as a data subject under the GDPR.