Last updated: 2026-06-07
This Privacy Policy explains how CinemaGo OÜ collects, uses, shares and protects personal data when you use our website at cinemago.eu and the services we provide through it (together, "Service"). It should be read together with our Terms and Conditions. Words defined in the Terms and Conditions have the same meaning here unless stated otherwise.
1. Who we are (data controller)
The controller responsible for your personal data is:
We have not appointed a Data Protection Officer. For any question about this Policy or your personal data, contact us at [email protected].
2. The personal data we collect
Depending on how you use Service, we may collect:
3. How we use your data and our legal bases
We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):
4. Payments
Payments and top-ups are handled through a secure hosted checkout provided by Stripe Payments Europe, Ltd. Stripe acts as an independent controller of the card data you enter and processes it under its own privacy policy. We never see or store your full card details. Please review Stripe's privacy policy for how it handles your data.
5. Cookies and analytics
We use cookies and similar technologies. Strictly necessary cookies are required to operate Service (for example to keep you signed in, secure your session and run checkout) and do not require your consent. Analytics and other non-essential cookies are used only with your consent, which we request through a cookie banner and which you can change or withdraw at any time through your browser or the cookie settings on Service.
We currently use Google Analytics to understand how Service is used, subject to your consent. We may change our analytics and similar providers from time to time and will keep this Policy up to date.
6. Who we share data with
We do not sell your personal data, and we do not share it with the cinemas whose vouchers you obtain through Service. We share it only with:
7. International transfers
Some of our providers (for example Google and Stripe) may process data outside the European Economic Area. Where they do, the transfer is protected by an appropriate safeguard under the GDPR — such as an adequacy decision, the EU–US Data Privacy Framework, or the European Commission's Standard Contractual Clauses. You may contact us for more information about the safeguards in place.
8. How long we keep your data
9. Your rights
Subject to the conditions in the GDPR, you have the right to: access your personal data; have inaccurate data corrected; have your data erased; restrict or object to processing; receive your data in a portable format; and, where we rely on consent, withdraw that consent at any time (this does not affect processing carried out before withdrawal). To exercise any of these rights, email us at [email protected].
If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee), or with the supervisory authority in your country of residence.
10. Children
Service is intended for users aged 16 and over, and we do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it.
11. Security
We use appropriate technical and organisational measures to protect your personal data. However, no method of transmission over the internet or of electronic storage is completely secure, and we cannot guarantee absolute security.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make a material change, we will take reasonable steps to notify you (for example by a notice on Service or, where appropriate, by email). The "Last updated" date at the top shows when this Policy was last changed.
13. Contact us
If you have any questions, requests or complaints about this Privacy Policy or your personal data, contact us at [email protected].