Privacy Policy

YOUR PERSONAL INFORMATION

At Big Picture Film Club Limited (Hereinafter referred to as “Cinnect” “we” “our Platform” and “us”), we are dedicated to the privacy of our website visitors and users. We are committed to protecting and safeguarding your personal data. This privacy policy gives you an insight on how we collect and use your data to maximise your experience on our platform. It shows how we collect, use, protect the information collected and your rights regarding your privacy.

Personal data, or personal information, means any information about an individual from which that person can be identified. This includes information that you tell us, what we learn from you and the choices you make about the marketing you want us to send to you. This policy explains how we do this, what your rights are and how the law protects you.

By using this website or any of our services, you consent to the use of your personal data in the manner contained in this policy, to the extent permitted by law. Please read this policy carefully and note that the English version of this policy is binding, all other translations are only for convenience purposes.

Please note that if you are in the European Economic Area, United Kingdom, Switzerland or any other country that the EU General Data Protection Regulation 2016/679 (“GDPR”) applies (hereinafter referred to as “Europe”), you will not be required to consent to this Policy, however, by using Cinnect, you acknowledge that you have read and understood its terms. The provisions of 14 of this policy apply to you specifically. 

This Privacy policy should be read and used together with our Cookies Policy and Terms and Conditions.

1. CHANGES TO THE PRIVACY POLICYYour use of our website and services will be subject to the most current version of this privacy policy posted on our website at the time of your use. We recommend that you check the website from time to time to inform yourself of any changes in this policy or any of our other terms, and you are solely responsible for reviewing and becoming familiar with any modifications to this privacy policy.

2. WHO WE AREWe are the Big Picture Film Club Ltd. (Hereinafter referred to as “Cinnect” “we” “our Platform” and “us”). Our registered office is at International House, 24 Holborn Viaduct, London EC1A 2BN. We are an end-to-end platform designed to streamline and simplify the licensing & distribution process of independent film & TV content.

You can contact us here. If you need to you can write to us at the address listed. 

Our representative for all queries in relation to this policy and your data protection rights is Presh Williams.

When we refer to Our Website or Our Platform, we mean cinnect.net and associated applications

3. COLLECTING YOUR PERSONAL INFORMATION 

To maximize your experience on our website, we may collect information in the following ways:

  1. Data you give to us:
  1. when you use our website;
  2. when you use our services;
  3. register on our Platform (including but not limited to when you connect your profile on a third-party platform with your registration details;
  4. when you visit our offices;
  5. Request information from us or communicate with us through any medium of communication
  6. if you take part in our competitions or promotions on social media;
  7. when you give us feedback
  8. when you interact with us either online or offline in any manner whatsoever.
  1. We also passively collect information when you use our service. This collection of information can be from information in your browser or device.
  2. As you interact with any of our platforms, we may automatically collect Technical information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical information about you if you visit other websites or when you visit our sites and applications or use our applications on third-party sites or platforms using one or more devices which employs our cookies whether or not you are logged in or registered. To disable cookies, please refer to our cookies policy here.
  3. We also collect information through analytics tools including but not limited to Google Analytics, etc. This collection happens when you use any of our services or visit our platform.
  4. In line with our cookies policy, We may use cookies to track user traffic patterns in order to create user’s personalized/targeted services, offers, promotions, adverts, products, and capture trends, in accordance with our services. For safety and security purposes, service improvement, and data collection, we may use software that receives and records the Internet Protocol (IP) addresses of the computer’s users used to interact/contact our platform. We do not attempt to link these addresses with the identity of individuals visiting our platform.
  5. We also use social media tools or third-party applications to collect information, especially when you join our platform or use our services through these third party or social media platforms. To prevent us sharing your information with these third party platforms, please do not access our services through them. It is also advisable that you read the privacy policy of these third-party platforms to understand how your privacy is ensured by them.
  6. We also collect your data from third parties we work with such as:
    1. Location Managers we work with and have a contractual relationship with
    2. Public information sources, such as Companies House, the Land Registry and property owner web platforms

4. DATA WE COLLECT

Through the mediums stated in 3, either from those provided to us by you, through third parties or through passive and automated means, we collect the following information from you.

  1. Registration Data: When you create an account, link your profile through a third party platform or use our services in any way, we collect your contact or log-in details which includes but are not limited to name, email address, country of residence, zip/postcode, address, your username, your account password, your date of birth, the name of all personnel associated to the account (including but not limited to producers), any other data you choose to share with us such as (bio, profile picture etc.). On profile picture, this image may be shown as a thumbnail next to some of your activities on our platform. Please note that this image is not frozen in time, rather it is of a dynamic nature. For example, If you change your image in 2024, it is the new image that will appear next to your activities from 2021, not that from 2020.
  2. Location Data- These are information about your location provided by a mobile or other device interacting with our platforms, or associated with your IP address, where we are permitted by law to process this information.
  3. Compliance Data: Information provided needed for compliance purposes as required for our service. These information might include your government ID and others as needed or required by law from time to time.
  4. Transaction Information: - This is collected when you contact us about a transaction on the platform, set up an offer, make a sale or a purchase on our platform or conduct any other transaction as offered on our platform. The information that will be collected includes but are not limited to banking information, contact information such as your phone number, email address, mailing address, any other information you provide to us.  Our payment processors also collect and retain information related to your withdrawal of funds from any campaign or transaction. Please note that in many cases, Connect cannot view or access all of the information you provide to us for compliance purposes, such as complete bank account numbers or payment information, as this may be transmitted in an automated manner directly to the vendor or party that requires that information to transfer the payment or monies related to the transaction.
  5. Technical data - internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
  6. Marketing and communications data – your preferences in receiving marketing from us, details of potential film productions and your communication preferences.
  7. Information about your visits to and use of our platform including the referral source, length of visit, page views, and website navigation paths.
  8. Information, such as your name and email address, that you enter in order to set up subscriptions to our emails, campaign updates and/or newsletters.
  9. Information that you post to our website with the intention of publishing it on the internet, which includes your username, profile pictures, and the content of your posts.
  10. Activity information about your use, and the use by any person(s) you authorize through your account, of our sites and applications, such as the content you view or post, how often you use our services, and your preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose from users who use our website or services. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website or account feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. If you provide those information in our public forums, we might not be able to protect such information. Please know that we will in no circumstance ask for these special category personal data information.

Please note that the information we collect from you are categorised as follows: (a) identifiers (name, email address, ip address, location information, profile photographs); (b) commercial information (transaction data); (c) financial and transaction information (transaction details, payment details etc); (d) Internet and device information (browsing history; IP address, cookies, device details, browser information) (e) inference information about you; (f) legally-protected information (if you reveal gender or race in public forums by your own volution); (g) sensory information (if you call us, send an email or leave a voicemail); (h) usage Information (such as information about how you use our website(s), products, and services); (i) marketing and communications information (This is tied to your preferences in receiving marketing from us and third parties and your communication preferences); and (h) other information that identifies or can be reasonably linked to you.

5. HOW WE USE YOUR PERSONAL INFORMATION

We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. 

In line with regulatory provisions, applicable laws, your preferences as set on our platform or third party platforms, we use information collected from you or related devices in the following manner or any other manner as stated on the relevant pages of our platform:

  1. Administering, improving or promoting our services and ensuring that we maximize the potentials of our platform for your use.
  2. Personalizing the use of our platform as selected and set by you.
  3. Internal use by our staff and contractors to ensure the maximization of your use of our platforms. 
  4. Analyzing data usage trends and preferences in order to improve the accuracy, effectiveness, security, usability or popularity of our Services.
  5. Communicating with you regarding a) marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you (you can inform us at any time if you no longer require marketing communications either by clicking unsubscribe at the bottom of the email or contacting us in other ways provided); b) your account or transactions on our platform; (c) send you Know Your Customer (KYC) information or request feedback about features on our platform; (d) notify you of changes to our policies; and (e) sending you non-marketing commercial communications such as dealing with inquiries and complaints made by or about you relating to our platform or any other communication to us from you.
  6. Technical activities, such as bug detection and error reporting, etc.
  7. providing third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
  8. verifying compliance with the terms and conditions governing the use of our website (including monitoring private messages sent through our website private messaging service); and
  9. Security, Fraud, and Legal Compliance, including to detect, investigate and prevent activities that may violate our policies or be illegal.
  10. If you are located in Europe, the United Kingdom and the EEA region, we process information as listed in this policy as necessary (i) to fulfil our obligations under our contract with you or in order to take steps at your request prior to entering into a contract, or (ii) for our legitimate interest, such as to maintain our relationship with you or to protect you when you use our platform. 
  11. Your information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. We will notify you if we need to use your information for unrelated purposes and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. SHARING YOUR PERSONAL INFORMATION

Except as provided in this policy, we will not provide your personal information to third parties. The way in which we may disclose information collected from you are:

  1. For compliance purposes like payment processing or identity verification.
  2. For legal purposes which includes but are not limited to; complying with the requirements of the law such as subpoenas, search warrants, court orders, and other legal processes; responding to enquiries or requests from government, regulatory, law enforcement, public authorities, or content protection organisations; defending the legal rights, privacy, safety or property of Cinnect, its subsidiaries, employees, agents, contractors or users; permitting Cinnect to pursue available remedies, commence, participate in or defend litigation, or limit the damages we may sustain; and to enforce this Policy or any applicable Terms and Conditions are complied with. 
  3. To maximise our service to you, we might disclose to our partners and service providers which includes but are not limited to banks and payment providers, third-party identity checking or credit reference agencies, communication providers, analytics tools, Information Technology, information security and cloud services providers. 
  4. We may share your information with other Users on the platform when you connect with them for a transaction on the platform.
  5. We may share your information with your consent, such as when you post personal information on platforms accessible to third parties, or you share your profile activities with third-party platforms. 
  6. Please note that once we share your personal information with another company, the information received by the other company is controlled by that company and becomes subject to the other company’s privacy practices. 

You can find more details of how these third parties use your personal information by looking at their privacy policies (copies of which are available on request).We require all organisations who we share your data with to respect the security of your personal data and to treat it in accordance with the law.  We do not allow any of our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. FAILING TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services requested). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

8. THIRD PARTY LINKS

Our website may include links to third party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.

9. TRANSFERRING PERSONAL INFORMATION OUTSIDE THE EEA

The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal information outside the EEA we have to tell you. 

  1. We will only send your data outside the EEA:
    1. If you have instructed us to do so;
    2. To comply with a legal duty; or
    3. To work with our suppliers who help us provide our services.
  2. We may share your personal data with some third-party companies such as data processors to provide technology for email, subscription and payment support. Some of these companies may be based outside the EEA.
  3. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
    1. We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
    2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Please contact us here, if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. 

10. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

INFORMATION SECURITYWe work hard to protect Cinnect and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

  1. We encrypt some of our services using SSL.
  2. We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  3. We use reasonable administrative, physical and electronic security measures to protect against the loss, misuse and alteration of your information.

You acknowledge that no transmission of data over the Internet is guaranteed to be completely secure. It may be possible for third parties not under the control of Cinnect to intercept or access transmissions or private communications unlawfully. While we strive to protect personally identifiable information, neither Cinnect nor our service providers can ensure or warrant the security of any information you transmit to us over the Internet. Any such transmission is at your own risk.

11. HOW LONG WE KEEP YOUR PERSONAL INFORMATION

The length of time we will hold or store your personal data will depend on the services we perform for you and how long you require these, however we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data: see Clause 13(c) for further information.

12. CHILD PRIVACY.Our Services are not designed for use by individuals under the age of 18 in the European Economic Area (EEA). For minors outside the EEA who are between the age of 13 and 18, the use of our platform or any of our services must be through the use of an account owned and operated by a parent or legal guardian. The parent must also provide affirmative consent and supervise the use of their account. Users are solely responsible for any use of their account by a minor. If you have reason to believe that a child under the age of 18 has provided personal information to Cinnect through the Services, please contact us here, and we will delete that information from our databases to the extent required by law.

13. YOUR RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights are:

  1. The right to request access to your personal data (commonly known as a “data subject access request”): this enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 
  2. The right to request correction of such personal data that we hold about you: this enables you to have any incomplete or inaccurate data we hold about you corrected. However, we may need to verify the accuracy of the new information you provide to us.
  3. Request erasure of your personal data: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  4. The right to object to processing of your personal data, where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms: You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  5. The right to request restriction of processing of your personal data: this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  6. The right to request the transfer of your personal data to you or to a third party: we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. The right to withdraw consent at any time where we are relying on consent to process your personal data, you can do that by clicking here. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

In ensuring that we address your requests:

  1. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
  2. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  3. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex, requires additional efforts or you have made several requests. In this case, we will notify you and keep you updated.
  4. For the purpose of this clause 13, legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

There may be legal reasons why we need to keep or use your data, which we will tell you if you exercise one of the above rights such as in cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

14. OBLIGATIONS UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”) 

In addition to the clauses contained in this Policy, if you are a user in Europe, as directed by the GDPR, the following provisions apply to you. However, if you have doubts on whether the provisions in this (12) applies to you, please contact a legal practitioner for advice.

  1. Cinnect is a data controller under the provisions of the GDPR, and we are responsible for how your information is collected, used and disclosed however another User may also be data controllers of some data belonging to another If you are a User that has access to data on our Platform, please note that - the information collected by us is controlled by the terms of this policy, and our cookies policy
  2. Also be informed that if you provide information to us through any third-party platform, that third party platform may also collect your information separately. The information collected by any third parties is subject to the third-party’s privacy policy. Please note that the Privacy choices you have made on the third party’s platform will not apply to our use of the information we have collected directly through our platforms. 
  3. Also be informed that our platform may contain links to third party websites, we are not responsible for the privacy practices of those sites. It is our advice to you that you please pay attention to the privacy policy of these third-party platforms. 
  4. We only collect information to the extent needed and germane for the performance of our contract to you, provide services on our platform and perform all the rights, obligations, responsibilities and terms contained in our Terms and Conditions. 
  5. We also collect information for our legitimate interest, on the basis of consent, to improve the quality of service provided to you, to respond to your questions, to provide marketing information to you, for legal reasons, to make and receive payment for the security of our platform, to enforce our Terms and Conditions, to engage in business change, to comply with a legal or regulatory obligation and to create anonymous data.
  6. For the purpose of (e), legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. 
  7. For the purpose of (e), compliance with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
  8. Users in Europe have the right to opt-out of all of our processing of their data for direct marketing purposes, to do this you click “unsubscribe” at the bottom of a marketing email or edit your preferences in your account setting. 
  9. Users in Europe and the United Kingdom also have the rights contained in 13 (a-g). In addition, they may also object to our uses or disclosures of personal data, to request a restriction on its processing, or withdraw any consent, though such actions typically will not have retroactive effect. They also will not affect our ability to continue processing data in lawful ways (for example, if you opt-out of the use of your telephone number for direct marketing, we might still decide to contact you by phone regarding potential fraud on your account).
  10. Users in Europe also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. You also have the right to lodge a complaint with the supervisory authority of your residence, place of work or where the incident took place. However, please endeavour to contact us first here.
  11. We will only keep and retain the collected information as needed and pertinent for the collected data and as permitted by law. As soon as we no longer need to keep the data, we will remove it from our platforms and systems. We will also take needed steps to anonymise the collected information.
  12. When we no longer need to use your information, we will remove it from our systems and records and/or take steps to anonymise it and take other steps to protect them. We regularly review our security procedures to consider appropriate protection methods. However, please be aware that despite our best efforts, no security measures are perfect or impenetrable.
  13. When determining the retention period, we take into account various criteria, such as the type of products and services requested by you or that you are provided with by us, the nature and length of our relationship with you, possible re-enrolment with our services, the impact on our platform if we delete the information about you, mandatory retention periods provided by law and the statute of limitations.
  14. For any transfer, wherever your personal data is transferred, stored or processed by us, we will take steps to safeguard the privacy of your personal information. For any information on your privacy, any question and these regulations, you can reach us here.

15. COMPLAINTS

Please let us know if you are unhappy with how we have used your personal information or if you have any other questions on the use of your data. You can do that by contacting us here.

For Users in the United Kingdom, you also have a right to complain to the Information Commissioner’s Office.  You can find their contact details at www.ico.org.uk.  For Users in other jurisdictions, you have the right to complain to your local data protection offices too. We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

Last updated: 1st April 2021