YOUR PERSONAL INFORMATION
At Big Picture Film Club Limited (Hereinafter referred to as “Cinnect” “we”
“our Platform” and “us”), we are dedicated to the privacy of our website
visitors and users. We are committed to protecting and safeguarding your personal data. This privacy
policy gives you an insight on how we collect and use your data to maximise your experience on our
platform. It shows how we collect, use, protect the information collected and your rights regarding
Personal data, or personal information, means any information about an individual from which that
person can be identified. This includes information that you tell us, what we learn from you and the
choices you make about the marketing you want us to send to you. This policy explains how we do
this, what your rights are and how the law protects you.
By using this website or any of our services, you consent to the use of your personal data in the
manner contained in this policy, to the extent permitted by law. Please read this policy carefully
and note that the English version of this policy is binding, all other translations are only for
Please note that if you are in the European Economic Area, United Kingdom, Switzerland or any other
country that the EU General Data Protection Regulation 2016/679 (“GDPR”) applies
(hereinafter referred to as “Europe”), you will not be required to consent to this
Policy, however, by using Cinnect, you acknowledge that you have read and understood its terms. The
provisions of 14 of this policy apply to you specifically.
policy posted on our website at the time of your use. We recommend that you check the website from
time to time to inform yourself of any changes in this policy or any of our other terms, and you are
solely responsible for reviewing and becoming familiar with any modifications to this privacy
2. WHO WE AREWe are the Big Picture Film Club Ltd. (Hereinafter referred to as “Cinnect”
“we” “our Platform” and “us”). Our registered office is at
International House, 24 Holborn Viaduct, London EC1A 2BN. We are an end-to-end platform designed to
streamline and simplify the licensing & distribution process of independent film & TV
You can contact us here. If you need to you can write to us at the address listed.
Our representative for all queries in relation to this policy and your data protection rights is
When we refer to Our Website or Our Platform, we mean cinnect.net and associated applications
3. COLLECTING YOUR PERSONAL INFORMATION
To maximize your experience on our website, we may collect information in the following ways:
- Data you give to us:
- when you use our website;
- when you use our services;
register on our Platform (including but not limited to when you connect your profile on a
third-party platform with your registration details;
- when you visit our offices;
Request information from us or communicate with us through any medium of communication
if you take part in our competitions or promotions on social media;
- when you give us feedback
when you interact with us either online or offline in any manner whatsoever.
We also passively collect information when you use our service. This collection of information
can be from information in your browser or device.
As you interact with any of our platforms, we may automatically collect Technical information
about your equipment, browsing actions and patterns. We collect this personal data by using
cookies, server logs and other similar technologies. We may also receive technical information
about you if you visit other websites or when you visit our sites and applications or use our
applications on third-party sites or platforms using one or more devices which employs our cookies
whether or not you are logged in or registered. To disable cookies, please refer to our cookies
We also collect information through analytics tools including but not limited to Google
Analytics, etc. This collection happens when you use any of our services or visit our
personalized/targeted services, offers, promotions, adverts, products, and capture trends, in
accordance with our services. For safety and security purposes, service improvement, and data
collection, we may use software that receives and records the Internet Protocol (IP) addresses of
the computer’s users used to interact/contact our platform. We do not attempt to link these
addresses with the identity of individuals visiting our platform.
We also use social media tools or third-party applications to collect information, especially
when you join our platform or use our services through these third party or social media
platforms. To prevent us sharing your information with these third party platforms, please do not
third-party platforms to understand how your privacy is ensured by them.
We also collect your data from third parties we work with such as:
Location Managers we work with and have a contractual relationship with
Public information sources, such as Companies House, the Land Registry and property owner web
4. DATA WE COLLECT
Through the mediums stated in 3, either from those provided to us by you, through third parties or
through passive and automated means, we collect the following information from you.
Registration Data: When you create an account, link your profile through a third party platform
or use our services in any way, we collect your contact or log-in details which includes but are
not limited to name, email address, country of residence, zip/postcode, address, your username,
your account password, your date of birth, the name of all personnel associated to the account
(including but not limited to producers), any other data you choose to share with us such as (bio,
profile picture etc.). On profile picture, this image may be shown as a thumbnail next to some of
your activities on our platform. Please note that this image is not frozen in time, rather it is
of a dynamic nature. For example, If you change your image in 2024, it is the new image that will
appear next to your activities from 2021, not that from 2020.
Location Data- These are information about your location provided by a mobile or other device
interacting with our platforms, or associated with your IP address, where we are permitted by law
to process this information.
Compliance Data: Information provided needed for compliance purposes as required for our service.
These information might include your government ID and others as needed or required by law from
time to time.
Transaction Information: - This is collected when you contact us about a transaction on the
platform, set up an offer, make a sale or a purchase on our platform or conduct any other
transaction as offered on our platform. The information that will be collected includes but are
not limited to banking information, contact information such as your phone number, email address,
mailing address, any other information you provide to us. Our payment processors also
collect and retain information related to your withdrawal of funds from any campaign or
transaction. Please note that in many cases, Connect cannot view or access all of the information
you provide to us for compliance purposes, such as complete bank account numbers or payment
information, as this may be transmitted in an automated manner directly to the vendor or party
that requires that information to transfer the payment or monies related to the transaction.
Technical data - internet protocol (IP) address, your login data, browser type and version, time
zone setting and location, browser plug-in types and versions, operating system and platform and
other technology on the devices you use to access our website.
Marketing and communications data – your preferences in receiving marketing from us,
details of potential film productions and your communication preferences.
Information about your visits to and use of our platform including the referral source, length of
visit, page views, and website navigation paths.
Information, such as your name and email address, that you enter in order to set up subscriptions
to our emails, campaign updates and/or newsletters.
Information that you post to our website with the intention of publishing it on the internet,
which includes your username, profile pictures, and the content of your posts.
Activity information about your use, and the use by any person(s) you authorize through your
account, of our sites and applications, such as the content you view or post, how often you use
our services, and your preferences.
We also collect, use and share aggregated data such as statistical or demographic data for any
purpose from users who use our website or services. Aggregated data may be derived from your
personal data but is not considered personal data in law as this data does not directly or
indirectly reveal your identity. For example, we may aggregate your usage data to calculate the
percentage of users accessing a specific website or account feature. However, if we combine or
connect aggregated data with your personal data so that it can directly or indirectly identify you,
we treat the combined data as personal data which will be used in accordance with this privacy
We do not collect any special categories of Personal Data about you (this includes details about
your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political
opinions, trade union membership, information about your health and genetic and biometric data). Nor
do we collect any information about criminal convictions and offences. If you provide those
information in our public forums, we might not be able to protect such information. Please know that
we will in no circumstance ask for these special category personal data information.
Please note that the information we collect from you are categorised as follows: (a) identifiers
(name, email address, ip address, location information, profile photographs); (b) commercial
information (transaction data); (c) financial and transaction information (transaction details,
payment details etc); (d) Internet and device information (browsing history; IP address, cookies,
device details, browser information) (e) inference information about you; (f) legally-protected
information (if you reveal gender or race in public forums by your own volution); (g) sensory
information (if you call us, send an email or leave a voicemail); (h) usage Information (such as
information about how you use our website(s), products, and services); (i) marketing and
communications information (This is tied to your preferences in receiving marketing from us and
third parties and your communication preferences); and (h) other information that identifies or can
be reasonably linked to you.
5. HOW WE USE YOUR PERSONAL INFORMATION
We are only allowed to use personal information about you if we have a legal basis to do so, and we
are required to tell you what that legal basis is.
In line with regulatory provisions, applicable laws, your preferences as set on our platform or
third party platforms, we use information collected from you or related devices in the following
manner or any other manner as stated on the relevant pages of our platform:
Administering, improving or promoting our services and ensuring that we maximize the potentials
of our platform for your use.
Personalizing the use of our platform as selected and set by you.
Internal use by our staff and contractors to ensure the maximization of your use of our
Analyzing data usage trends and preferences in order to improve the accuracy, effectiveness,
security, usability or popularity of our Services.
Communicating with you regarding a) marketing communications relating to our business or the
businesses of carefully-selected third parties which we think may be of interest to you (you can
inform us at any time if you no longer require marketing communications either by clicking
unsubscribe at the bottom of the email or contacting us in other ways provided); b) your account
or transactions on our platform; (c) send you Know Your Customer (KYC) information or request
feedback about features on our platform; (d) notify you of changes to our policies; and (e)
sending you non-marketing commercial communications such as dealing with inquiries and complaints
made by or about you relating to our platform or any other communication to us from you.
Technical activities, such as bug detection and error reporting, etc.
providing third parties with statistical information about our users (but those third parties
will not be able to identify any individual user from that information);
verifying compliance with the terms and conditions governing the use of our website (including
monitoring private messages sent through our website private messaging service); and
Security, Fraud, and Legal Compliance, including to detect, investigate and prevent activities
that may violate our policies or be illegal.
If you are located in Europe, the United Kingdom and the EEA region, we process information as
listed in this policy as necessary (i) to fulfil our obligations under our contract with you or in
order to take steps at your request prior to entering into a contract, or (ii) for our legitimate
interest, such as to maintain our relationship with you or to protect you when you use our
Your information for the purposes for which it was collected, unless we reasonably consider that
we need to use it for another reason and that reason is compatible with the original purpose. If
you wish to obtain an explanation as to how the processing for the new purpose is compatible with
the original purpose, please contact us. We will notify you if we need to use your information for
unrelated purposes and we will explain the legal basis which allows us to do so. Please note that
we may process your personal data without your knowledge or consent, in compliance with the above
rules, where this is required or permitted by law.
6. SHARING YOUR PERSONAL INFORMATION
Except as provided in this policy, we will not provide your personal information to third parties.
The way in which we may disclose information collected from you are:
For compliance purposes like payment processing or identity verification.
For legal purposes which includes but are not limited to; complying with the requirements of the
law such as subpoenas, search warrants, court orders, and other legal processes; responding to
enquiries or requests from government, regulatory, law enforcement, public authorities, or content
protection organisations; defending the legal rights, privacy, safety or property of Cinnect, its
subsidiaries, employees, agents, contractors or users; permitting Cinnect to pursue available
remedies, commence, participate in or defend litigation, or limit the damages we may sustain; and
to enforce this Policy or any applicable Terms and Conditions are complied with.
To maximise our service to you, we might disclose to our partners and service providers which
includes but are not limited to banks and payment providers, third-party identity checking or
credit reference agencies, communication providers, analytics tools, Information Technology,
information security and cloud services providers.
We may share your information with other Users on the platform when you connect with them for a
transaction on the platform.
We may share your information with your consent, such as when you post personal information on
platforms accessible to third parties, or you share your profile activities with third-party
Please note that once we share your personal information with another company, the information
received by the other company is controlled by that company and becomes subject to the other
company’s privacy practices.
You can find more details of how these third parties use your personal information by looking at
their privacy policies (copies of which are available on request).We require all organisations who we share your data with to respect the security of your personal
data and to treat it in accordance with the law. We do not allow any of our service providers
to use your personal data for their own purposes and only permit them to process your personal data
for specified purposes and in accordance with our instructions.
7. FAILING TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you
and you fail to provide that data when requested, we may not be able to perform the contract we have
or are trying to enter into with you (for example, to provide you with services requested). In this
case, we may have to cancel a service you have with us but we will notify you if this is the case at
8. THIRD PARTY LINKS
Our website may include links to third party websites, plug-ins and applications. Clicking on
those links or enabling those connections may allow third parties to collect or share data about
you. We do not control these third-party websites and are not responsible for their privacy
statements. When you leave our website, we encourage you to read the privacy notice or policy
of every website you visit.
9. TRANSFERRING PERSONAL INFORMATION OUTSIDE THE EEA
The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein
and Norway. If we transfer your personal information outside the EEA we have to tell you.
- We will only send your data outside the EEA:
- If you have instructed us to do so;
- To comply with a legal duty; or
- To work with our suppliers who help us provide our services.
We may share your personal data with some third-party companies such as data processors to provide
technology for email, subscription and payment support. Some of these companies may be based outside
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is
afforded to it by ensuring at least one of the following safeguards is implemented:
We may transfer your personal data to countries that have been deemed to provide an adequate level
of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European
Commission which give personal data the same protection it has in Europe.
Please contact us here,
if you want further information on the specific mechanism used by us when transferring your personal
data out of the EEA.
10. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we
limit access to your personal data to those employees, agents, contractors and other third parties
who have a business need to know. They will only process your personal data on our instructions and
they are subject to a duty of confidentiality.
You are responsible for keeping the password you use for accessing our website confidential; we
will not ask you for your password (except when you log in to our website).
We have put in place procedures to deal with any suspected personal data breach and will notify you
and any applicable regulator of a breach where we are legally required to do so.
INFORMATION SECURITYWe work hard to protect Cinnect and our users from unauthorized
access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
- We encrypt some of our services using SSL.
We review our information collection, storage and processing practices, including physical security
measures, to guard against unauthorized access to systems.
We use reasonable administrative, physical and electronic security measures to protect against the
loss, misuse and alteration of your information.
You acknowledge that no transmission of data over the Internet is guaranteed to be completely secure.
It may be possible for third parties not under the control of Cinnect to intercept or access
transmissions or private communications unlawfully. While we strive to protect personally identifiable
information, neither Cinnect nor our service providers can ensure or warrant the security of any
information you transmit to us over the Internet. Any such transmission is at your own risk.
11. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
The length of time we will hold or store your personal data will depend on the services we perform
for you and how long you require these, however we will only retain your personal data for as long
as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying
any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature,
and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure
of your personal data, the purposes for which we process your personal data and whether we can
achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see Clause 13(c) for further
12. CHILD PRIVACY.Our Services are not designed for use by individuals under the age of 18 in the European Economic
Area (EEA). For minors outside the EEA who are between the age of 13 and 18, the use of our platform
or any of our services must be through the use of an account owned and operated by a parent or legal
guardian. The parent must also provide affirmative consent and supervise the use of their account.
Users are solely responsible for any use of their account by a minor. If you have reason to believe
that a child under the age of 18 has provided personal information to Cinnect through the Services,
please contact us here, and we will delete that information from our databases to the extent required by law.
13. YOUR RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your
personal data. These rights are:
The right to request access to your personal data (commonly known as a “data subject access
request”): this enables you to receive a copy of the personal data we hold about you and to check that we
are lawfully processing it.
The right to request correction of such personal data that we hold about you: this enables you to have any incomplete or inaccurate data we hold about you corrected. However,
we may need to verify the accuracy of the new information you provide to us.
Request erasure of your personal data: this enables you to ask us to delete or remove personal data where there is no good reason for
us continuing to process it. You also have the right to ask us to delete or remove your personal
data where you have successfully exercised your right to object to processing (see below), where
we may have processed your information unlawfully or where we are required to erase your personal
data to comply with local law. Note, however, that we may not always be able to comply with your
request of erasure for specific legal reasons which will be notified to you, if applicable, at the
time of your request.
The right to object to processing of your personal data, where we are relying on a legitimate interest (or those of a third party) and there is
something about your particular situation which makes you want to object to processing on this
ground as you feel it impacts on your fundamental rights and freedoms: You also have the right to
object where we are processing your personal data for direct marketing purposes. In some cases, we
may demonstrate that we have compelling legitimate grounds to process your information which
override your rights and freedoms.
The right to request restriction of processing of your personal data: this enables you to ask us to suspend the processing of your personal data in the following
scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the
data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even
if we no longer require it as you need it to establish, exercise or defend legal claims; or (d)
you have objected to our use of your data, but we need to verify whether we have overriding
legitimate grounds to use it.
The right to request the transfer of your personal data to you or to a third party: we will provide to you, or a third party you have chosen, your personal data in a structured,
commonly used, machine-readable format. Please note that this right only applies to automated
information which you initially provided consent for us to use or where we used the information to
perform a contract with you.
The right to withdraw consent at any time where we are relying on consent to process your
personal data, you can do that by clicking here. However, this will not affect the lawfulness of any processing carried out before you withdraw
your consent. If you withdraw your consent, we may not be able to provide certain products or
services to you. We will advise you if this is the case at the time you withdraw your
In ensuring that we address your requests:
You will not have to pay a fee to access your personal data (or to exercise any of the other
rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive,
or excessive. Alternatively, we may refuse to comply with your request in such
We may need to request specific information from you to help us confirm your identity and ensure
your right to access your personal data (or to exercise any of your other rights). This is a
security measure to ensure that personal data is not disclosed to any person who has no right to
receive it. We may also contact you to ask you for further information in relation to your request
to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer
than a month if your request is particularly complex, requires additional efforts or you have made
several requests. In this case, we will notify you and keep you updated.
For the purpose of this clause 13, legitimate interest means the interest of our business in
conducting and managing our business to enable us to give you the best service/product and the
best and most secure experience. We make sure we consider and balance any potential impact on you
(both positive and negative) and your rights before we process your personal data for our
legitimate interests. We do not use your personal data for activities where our interests are
overridden by the impact on you (unless we have your consent or are otherwise required or
permitted to by law). You can obtain further information about how we assess our legitimate
interests against any potential impact on you in respect of specific activities by contacting
There may be legal reasons why we need to keep or use your data, which we will tell you if you
exercise one of the above rights such as in cases where we are processing your personal data on the
basis of our legitimate interest, you can ask us to stop for reasons connected to your individual
situation. We must then do so unless we believe we have a legitimate overriding reason to continue
processing your personal data.
14. OBLIGATIONS UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
In addition to the clauses contained in this Policy, if you are a user in Europe, as directed by
the GDPR, the following provisions apply to you. However, if you have doubts on whether the
provisions in this (12) applies to you, please contact a legal practitioner for advice.
Cinnect is a data controller under the provisions of the GDPR, and we are responsible for how
your information is collected, used and disclosed however another User may also be data
controllers of some data belonging to another If you are a User that has access to data on our
Platform, please note that - the information collected by us is controlled by the terms of this
policy, and our cookies policy
Also be informed that if you provide information to us through any third-party platform, that
third party platform may also collect your information separately. The information collected by
Privacy choices you have made on the third party’s platform will not apply to our use of the
information we have collected directly through our platforms.
Also be informed that our platform may contain links to third party websites, we are not
responsible for the privacy practices of those sites. It is our advice to you that you please pay
We only collect information to the extent needed and germane for the performance of our contract
to you, provide services on our platform and perform all the rights, obligations, responsibilities
and terms contained in our Terms and Conditions.
We also collect information for our legitimate interest, on the basis of consent, to improve the
quality of service provided to you, to respond to your questions, to provide marketing information
to you, for legal reasons, to make and receive payment for the security of our platform, to
enforce our Terms and Conditions, to engage in business change, to comply with a legal or
regulatory obligation and to create anonymous data.
For the purpose of (e), legitimate interest means the interest of our business in conducting and
managing our business to enable us to give you the best service/product and the best and most
secure experience. We make sure we consider and balance any potential impact on you (both positive
and negative) and your rights before we process your personal data for our legitimate interests.
We do not use your personal data for activities where our interests are overridden by the impact
on you (unless we have your consent or are otherwise required or permitted to by law). You can
obtain further information about how we assess our legitimate interests against any potential
impact on you in respect of specific activities by contacting us.
For the purpose of (e), compliance with a legal or regulatory obligation means processing your
personal data where it is necessary for compliance with a legal or regulatory obligation that we
are subject to.
Users in Europe have the right to opt-out of all of our processing of their data for direct
marketing purposes, to do this you click “unsubscribe” at the bottom of a marketing
email or edit your preferences in your account setting.
Users in Europe and the United Kingdom also have the rights contained in 13 (a-g). In addition,
they may also object to our uses or disclosures of personal data, to request a restriction on its
processing, or withdraw any consent, though such actions typically will not have retroactive
effect. They also will not affect our ability to continue processing data in lawful ways (for
example, if you opt-out of the use of your telephone number for direct marketing, we might still
decide to contact you by phone regarding potential fraud on your account).
Users in Europe also have the right to lodge a complaint with the local data protection authority
if you believe that we have not complied with applicable data protection laws. You also have the
right to lodge a complaint with the supervisory authority of your residence, place of work or
where the incident took place. However, please endeavour to contact us first here.
We will only keep and retain the collected information as needed and pertinent for the collected
data and as permitted by law. As soon as we no longer need to keep the data, we will remove it
from our platforms and systems. We will also take needed steps to anonymise the collected
When we no longer need to use your information, we will remove it from our systems and records
and/or take steps to anonymise it and take other steps to protect them. We regularly review our
security procedures to consider appropriate protection methods. However, please be aware that
despite our best efforts, no security measures are perfect or impenetrable.
When determining the retention period, we take into account various criteria, such as the type of
products and services requested by you or that you are provided with by us, the nature and length
of our relationship with you, possible re-enrolment with our services, the impact on our platform
if we delete the information about you, mandatory retention periods provided by law and the
statute of limitations.
For any transfer, wherever your personal data is transferred, stored or processed by us, we will
take steps to safeguard the privacy of your personal information. For any information on your
privacy, any question and these regulations, you can reach us here.
Please let us know if you are unhappy with how we have used your personal information or if you
have any other questions on the use of your data. You can do that by contacting us here.
For Users in the United Kingdom, you also have a right to complain to the Information
Commissioner’s Office. You can find their contact details at www.ico.org.uk. For Users in other jurisdictions, you have the right to complain to your local data
protection offices too. We would be grateful for the chance to deal with your concerns before you
approach the ICO so please contact us in the first instance.
Last updated: 1st April 2021