GDPR — Your Data Rights
Last Updated: April 10, 2026
1. What Is GDPR?
The General Data Protection Regulation (EU) 2016/679 (“GDPR”) is a comprehensive European Union data protection law that came into full effect on 25 May 2018. It gives individuals in the EU and EEA (European Economic Area) extensive rights over their personal data and places binding obligations on any organisation that processes it, regardless of where that organisation is located.
Since 31 January 2020, the United Kingdom has maintained equivalent legislation (UK GDPR) following its departure from the EU. Many other countries including Brazil (LGPD), Canada (PIPEDA / Bill C-27), Japan, South Korea and others have enacted similar laws.
2. MegDB.Com as Data Controller
Under GDPR Article 4(7), the “data controller” is the entity that determines the purposes and means of processing personal data. MegDB.Com is the data controller for any personal data processed in connection with your use of the Service.
Because we deliberately collect minimal personal data and do not engage in large-scale systematic monitoring of individuals, processing of special category data (health, biometric, political, religious data), or automated profiling with legal effects, we are not required to appoint a Data Protection Officer (DPO) under GDPR Article 37. If this changes, this page will be updated.
3. What Personal Data We Process
| Category | Data | Legal Basis | Retention | Where Stored |
|---|---|---|---|---|
| Server logs | IP address, browser info, request data | Art. 6(1)(f) | 30 days, then purged | Hosting servers |
| localStorage | Watchlist, history, preferences | Art. 6(1)(b) | Until you clear it | Your browser only |
| Contact enquiries | Name (optional), email (if provided), message | Art. 6(1)(f) | 12 months | Our email system |
We do NOTprocess: payment data, account credentials, precise location, device identifiers, advertising IDs, social graph data, health data, biometric data or any GDPR special category data (Article 9).
4. Legal Basis for Processing (Article 6 GDPR)
Article 6(1)(b) — Contractual Necessity
Processing of localStorage data is necessary to provide the watchlist and history features you have requested when you use MegDB.Com.
Article 6(1)(f) — Legitimate Interests
Processing of server logs for security monitoring, abuse prevention and service maintenance represents a legitimate interest that is not overridden by your fundamental rights and freedoms. We have assessed this under a three-part test: purpose test, necessity test and balancing test.
5. Your Rights Under GDPR (Articles 15–22)
You have the following rights under GDPR. Exercise any right by contacting us at megdb.com/contact (subject line “GDPR Rights Request”). We will respond within 30 daysas required by Article 12(3), or notify you if more time is needed (max 90 days total).
Article 15 — Right of Access
Right to Know What We Hold
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of it along with information about how it is used (legal basis, retention, recipients).
How to exercise: Contact us via megdb.com/contact. For localStorage data, you already have direct access via your browser Developer Tools (F12 → Application → Local Storage).
Article 16 — Right to Rectification
Right to Correct Inaccurate Data
You have the right to have inaccurate personal data corrected without undue delay. You also have the right to have incomplete personal data completed.
How to exercise: Contact us for server log issues. localStorage data can be edited directly in your browser.
Article 17 — Right to Erasure
Right to be Forgotten
You have the right to request deletion of your personal data in certain circumstances: when the data is no longer necessary, when you withdraw consent, when you object and there are no overriding legitimate grounds, or when the data was unlawfully processed.
How to exercise: For localStorage — clear browser storage directly. For server logs — contact us; logs are automatically purged after 30 days.
Article 18 — Right to Restriction
Right to Restrict Processing
You have the right to request that we restrict processing of your personal data in certain circumstances, for example while we verify a rectification request or consider an objection.
How to exercise: Contact us at megdb.com/contact with subject line GDPR Restriction Request.
Article 20 — Right to Data Portability
Right to Receive Your Data
You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g. JSON or CSV) and to have it transmitted to another controller where technically feasible.
How to exercise: Your localStorage data (watchlist, history) is stored as JSON and is fully portable via browser Developer Tools. Server log data requests: contact us.
Article 21 — Right to Object
Right to Object to Processing
You have the right to object at any time to processing of your personal data based on Article 6(1)(f) (legitimate interests). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms.
How to exercise: Contact us at megdb.com/contact with subject line GDPR Objection.
Article 22 — Automated Decision-Making
Protection Against Automated Profiling
You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you.
How to exercise: MegDB.Com does not use any automated decision-making, profiling or algorithmic decisions about individual users. This right is not at issue.
6. Data Retention
- Server logs: 30 days maximum, then automatically purged
- Contact enquiries: 12 months from receipt
- localStorage data: Under your exclusive control — no server-side retention
7. Security and Breach Notification
We implement appropriate technical and organisational measures to protect personal data. In the event of a personal data breach that is likely to result in high risk to your rights and freedoms, we will notify you without undue delay pursuant to GDPR Article 34.
Where a breach requires it, we will notify the relevant supervisory authority within 72 hoursof becoming aware of the breach, in accordance with GDPR Article 33.
8. Third-Party Data Controllers
The following third parties may independently process your data when you use MegDB.Com. They are independent data controllers and are solely responsible for their own GDPR compliance.
- TMDb (The Movie Database): Processes IP addresses through API requests. Privacy Policy: themoviedb.org/privacy-policy
- Google / YouTube: Processes data when you click to play a trailer. Privacy Policy: policies.google.com/privacy
9. International Data Transfers
Where personal data is transferred outside the EU / EEA, we ensure appropriate safeguards are in place. Our hosting infrastructure uses Standard Contractual Clauses (SCCs) approved by the European Commission, or operates under adequacy decisions (GDPR Article 45) where applicable.
10. Lodge a Complaint with a Supervisory Authority
If you believe MegDB.Com has violated your GDPR rights, you have the right to lodge a complaint with your national Data Protection Authority (DPA). We encourage you to contact us first at megdb.com/contact — we aim to resolve all concerns directly and promptly.
- EU DPAs: edpb.europa.eu/members
- UK ICO: ico.org.uk/make-a-complaint
11. Contact
For GDPR-related enquiries: megdb.com/contact — subject line “GDPR Enquiry”. We respond within 30 days.