Privacy Policy
Last updated: 23 June 2026
This Privacy Policy explains how Meyer Projects Pty Ltd, an Australian company since 2019 ("we," "us," "our"), ACN 633 019 468, operating the website CinemaCreators.com (the "Site"), collects, uses, shares, and protects personal data when you visit the Site, register an account, or submit content (text and images of installation projects) for publication. We are committed to data protection of all site contributors and visitors, including compliance with the EU/UK General Data Protection Regulation ("GDPR").
If you have questions about this policy or your data, contact us at:
Data Controller: Meyer Projects Pty Ltd
Email: david@meyerprojects.com
Managing Director: David Meyer
1. What Personal Data We Collect
1.1 Account data
Name, username, email address, password (stored hashed)
Profile information you choose or authorize to add (bio, avatar, location, links)
1.2 Content you submit
Blog posts, project descriptions, captions, and comments
Photos and images of installation projects, which may contain:
EXIF/metadata embedded in image files (e.g. GPS coordinates, device model, timestamp)
Images of yourself, your workplace, or other identifiable individuals or locations
Any personal data you choose to include in your text or images (e.g. names of clients, addresses, vehicle plates visible in photos)
1.3 Automatically collected data
IP address, browser type, device information, pages viewed, referral source
Cookies and similar tracking technologies (see Section 8)
1.4 Communications
Messages you send us via contact forms, email, or support channels
1.5 Data from third parties
If you log in via a third-party service (e.g. Google, Facebook), we receive the profile data you authorize that service to share
2. Why We Process Your Data and Our Legal Basis
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Publishing your submitted content for public display | Performance of a contract / consent (Art. 6(1)(b)/(a)) |
| Responding to enquiries | Performance of a contract / legitimate interests (Art. 6(1)(b)/(f)) |
| Site security, fraud prevention, abuse moderation | Legitimate interests (Art. 6(1)(f)) |
| Analytics and improving the Site | Legitimate interests (Art. 6(1)(f)) or consent where required (e.g., non-essential cookies) |
| Sending newsletters/marketing | Consent (Art. 6(1)(a)) |
| Legal compliance (e.g., responding to lawful requests, tax records) | Legal obligation (Art. 6(1)(c)) |
| Resolving disputes, enforcing our Terms | Legitimate interests / legal obligation |
3. Publicly Submitted Content — Important Notice
Because the Site is designed for publishing user-submitted text and images:
Anything you submit for publication (posts, photos, captions, comments) will be visible to other users and potentially the general public, and may be indexed by search engines.
Treat your submissions as public. Do not include personal data about yourself or others (e.g. full names, addresses, faces, license plates, location data) that you don't want publicly visible, unless you have the right and consent to share it.
If your photos include other identifiable people, you are responsible for ensuring you have their permission to publish their image. We are not in a position to verify third-party consent before publication.
Special note on images: Photos of installation projects may incidentally include identifiable people (e.g., contractors, family members in the background) or location data (via EXIF GPS metadata). By uploading images, you confirm you have the right to share them and the consent of any identifiable individuals depicted. We recommend stripping GPS metadata before uploading if you wish to keep your location private; however we DO strip EXIF metadata before publishing.
You may request removal of content you submitted at any time (see Section 7).
4. Who We Share Data With
We do NOT sell your personal data. Ever. We may share data with:
Service providers / processors acting on our instructions, e.g.:
Hosting, infrastructure and image storage providers
Email delivery
Analytics
Social media platforms for the purposes of Site content for promotion: e.g., Instagram, YouTube
Other Site users and the public, for content you choose to publish
Legal and regulatory authorities, where required by law, to enforce our terms, or to protect rights, safety, or property
Business transfers, if we undergo a merger, acquisition, or asset sale (you will be notified)
All processors are bound by data processing agreements requiring GDPR-equivalent protections.
5. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA) / UK, including in Australia and the United States. Where this occurs, we ensure appropriate safeguards are in place, such as:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions issued by the European Commission
Other legally recognized transfer mechanisms
You can request more information about these safeguards by contacting us.
6. Your Rights Under GDPR
If you are in the EEA, UK, or another jurisdiction with similar protections, you have the right to:
Access — request a copy of the personal data we hold about you
Rectification — correct inaccurate or incomplete data
Erasure ("right to be forgotten") — request deletion of your data and published content, subject to legal exceptions
Restriction — limit how we process your data in certain circumstances
Portability — receive your data in a structured, machine-readable format
Object — object to processing based on legitimate interests or for direct marketing
Withdraw consent — where processing is based on consent, at any time, without affecting prior lawful processing
Lodge a complaint with your local data protection supervisory authority
To exercise these rights, contact us at submissions@cinemacreators.com. We will respond within one month (generally within 48 hours, excluding weekends) as required by GDPR, extendable by two further months for complex requests, with notice.
Note: Removing your account does not automatically remove copies of your content already shared, cached, archived, or republished by others outside our control.
7. Cookies and Tracking
We use cookies and similar technologies for:
Essential cookies — required for login, security, and core site function (no consent required)
Analytics cookies — to understand site usage (requires consent where legally required)
Preference cookies — remembering your settings
You can manage cookie preferences via our cookie banner / your browser settings. We’re endeavoured to minimise invasiveness and make it easy and transparent for you to manage cookie preferences.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
Account data: retained while your account is active, deleted within 90 days of account deletion
Published content: retained until you request removal or delete your account, except where we are legally required to retain it longer
Server/security logs: retained for 12 months
Marketing data: retained until you unsubscribe or withdraw consent
9. Data Security
We implement technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS/TLS), access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security of data transmitted to the Site.
If we become aware of a data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals where required by law.
10. Children’s Privacy
The Site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, contact us so we can remove it.
11. Changes to This Policy
We may update this policy from time to time. We will post the revised version with an updated "Last updated" date and, where changes are material, provide additional notice (e.g. email or site banner).
12. Contact Us
We invite you to contact us by email if you have any concerns. Due to international time differences, please allow up to 24 hours for a response. EU/UK supervisory authority complaints: you may also lodge a complaint with the data protection authority in your country of residence, workplace, or where an alleged infringement occurred.