DNEG

Introduction and scope

DNEG is a technology-oriented company that delivers visual effects, animation and creative technologies for film, TV, and immersive content. When you use our websites, visit our studios, purchase our products or services, or otherwise interact with us, we may collect information about you.

We are committed to safeguarding the privacy and security of your Personal Data and ensuring that it is processed lawfully, fairly, and transparently.

The Privacy and Cookie Notice (referred to as “Notice”) is intended to provide transparency in accordance with global data protection laws, including (but not limited to) the EU General Data Protection Regulation (GDPR), UK GDPR, India’s Digital Personal Data Protection Act 2023, the California Consumer Privacy Act (as amended by CPRA), the Australian Privacy Act 1988, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

This Notice explains how DNEG and its Group companies (as mentioned below) collect, use, share, and safeguard your Personal Data when you engage with us, whether by using our websites, visiting our studios, purchasing our products or services (collectively referred to as “Services”), or otherwise interacting with us or with any of the DNEG Group companies globally. Depending on the jurisdiction, this may include information defined as “personal data” or “personal information” under applicable privacy laws.

Country	Data Controller
United Kingdom	Double Negative Limited
Bulgaria	DNEG Bulgaria EOOD
Hungary	Double Negative Hungary Limited Kft
Canada	Double Negative Montréal Productions Ltd, Double Negative Canada Productions Ltd, Double Negative Toronto Productions Ltd
India	DNEG India Media Services Limited (India)
United States of America	DNEG North America Inc
Spain	DNEG Spain SL
Australia	DNEG Australia Pty Ltd

In this Notice, we will use the terms “DNEG”, “we”, “us” and “our” to refer to DNEG or any DNEG subsidiary (such as ReDefine).

For information about how DNEG processes your data as part of the recruitment process, you should refer to the Candidate Privacy Notice on the DNEG careers webpages.

Types of information we process and where it comes from

We collect information when you interact with us, and this information is either:

provided directly by you,
collected automatically when you use our Services, or
obtained from third parties

The kind of information we may hold includes, where applicable:

Category	Summary
Information you provide	Details you share directly with us through our websites, applications, or when attending our events.
Contact details	Includes your name, postal address, phone numbers, email addresses, social media handles, date of birth, job title, location, and marketing preferences.
Interaction information	Records of your communications and interactions with us.
Enquiry information	Details about our content, products, or Services that you have asked about.
Photographs and videos	Images or recordings captured at our events, studios, or in connection with our services.
Online identifiers	IP and MAC addresses, unique identifiers, device IDs, advertising IDs, browser details, location data, network addresses, and similar identifiers required for your devices to connect online.
Technical device data	Diagnostic and technical data from the devices you use to access our content and services, such as error reports, system status, traffic, or location information.
Special category data	Sensitive data, including health information, where provided and permitted by law.

How we use your information

Your Personal Data will primarily be used for the purposes it was originally collected. If we identify a need to use your Personal Data for a new or an unrelated purpose, we will notify you and clearly explain the legal basis that authorizes such use. Updates to this Notice may reflect these changes.

Your Personal Data is used by DNEG for the following purposes and legal bases:

Lawful Basis	Purpose of Processing	Example Activities
Legitimate Interests	• Communicating with the public, media, investors, and business contacts. • Coordinating and administering events. • Marketing, advertising, business development, public relations, and market research. • Monitoring and improving customer service. • Promoting people, services, and work. • Protecting/enforcing rights, preventing fraud, blocking unauthorised use. • Supporting legal and compliance activities.	• Responding to queries and complaints. • Event planning and attendee management. • Email campaigns, newsletters, social media, market surveys. • Recording service calls, staff training. • Publishing credits, nominating staff for awards. • Network monitoring, fraud detection. • Litigation defence and compliance reporting.
Legal/Regulatory Obligation	• Responding to lawful requests from courts, law enforcement, or regulators. • Conducting internal investigations and handling regulatory complaints. • Demonstrating compliance with data protection obligations.	• Sharing data with law enforcement under court order. • Investigating regulatory complaints. • Maintaining compliance logs and handling data subject access requests.
Consent	• Marketing, advertising, business development, and PR (where required by law). • Processing special category data to provide assistance/support.	• Opt-in marketing emails or SMS. • Using health data to provide accessibility support at events/offices.
Vital Interests	• Safeguarding individuals, supporting crime prevention, and protecting safety.	• Notifying authorities in case of threats. • Emergency response for staff/public safety.

How we share your information

We work with a number of suppliers and partners to process your personal data for the purposes described above. Where these suppliers and partners act on our behalf they must only process your personal data in accordance with our instructions. The categories of suppliers and partners that we use include:

IT and information technology and services companies
Other DNEG Group companies (DNEG company details can be found here, and ReDefine company details can be found here)
Marketing and PR companies that deliver our communications
Companies that manage and maintain website content
Survey partners
Freelancers
Delivery and courier companies
Travel and booking management providers

We may share your Personal Data with our trusted suppliers, service providers, professional advisers, business partners, and, where required, regulators or public authorities. These third parties process Personal Data on our behalf only where necessary, and only with appropriate contractual, technical, and organizational safeguards in place to protect your Personal Data in line with applicable data protection laws and regulatory guidance.

Since we operate globally, your personal data may be transferred to and processed in countries outside your country of residence. We respect the global jurisdictional requirements for transfer of Personal Data.

Cross-border data transfers under the EU GDPR are allowed to countries with an adequacy decision (e.g., UK, Japan, Canada, and the US under the Data Privacy Framework).
The UK GDPR similarly recognizes EU adequate countries under its own adequacy regulations.
India’s DPDP Act permits transfers to countries notified by the Central Government, though no such list has been issued yet, and allows cross-border transfers with safeguards.
Australia’s Privacy Act allows transfers if the recipient provides comparable privacy protections or with individual consent.
The California CPRA does not restrict transfers by geography but requires contractual safeguards with overseas service providers or third parties.

Where we transfer personal data internationally, we ensure that adequate protection measures are in place, including:

Region	Transfer Mechanism
UK and EU	Transfers rely on approved mechanisms such as the UK or EU Standard Contractual Clauses, adequacy decisions issued by the European Commission or UK Government (country details here), or other lawful safeguards.
Other Regions (US, Canada, Australia, India, etc.)	Transfers are carried out in accordance with applicable local privacy laws and regulatory requirements, including contractual obligations, consent, or other appropriate measures.

Access is limited to what is necessary; service providers may only use data for agreed purposes; security and confidentiality measures are applied consistently.

We may also share personal data with the courts, enforcement agencies (e.g. the police) and with regulatory authorities (e.g. Data Protection Regulators) where this is required, in order for us to comply with our legal and regulatory obligations.

In the event the structure of our business changes so that another DNEG Group company provides our services, we may share your Personal Data to our group or other company. This includes, for example, a merger between us and another company, where another company acquires us or some or all of our assets, where we acquire another company or where our holding company restructures our corporate group.

How we protect your information

DNEG implements a range of robust technical, organizational, and administrative safeguards to protect your Personal Data against unauthorized access, use, disclosure, alteration, or destruction. Access to Personal Data is strictly limited to authorized personnel who have a legitimate business need and are trained in secure data handling practices.

While we are committed to ensuring the security of your Personal Data, please note that no method of transmission over the internet is completely secure. Information transmitted electronically and outside our controlled systems may carry inherent risks. As such, any transmission of Personal Data via online means is undertaken at your own discretion and risk.

Keeping your data up to date and your rights

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if there is any change in your Personal Data.

You can make the following requests in relation to your personal data:

Right to Access: You have the right to request a copy of the personal information we hold about you and to confirm that we are processing it lawfully (commonly known as a "subject across request").
Right to Rectification: You have the right to ask us to correct any incomplete or inaccurate Personal Data we hold about you.
Right to Erasure (Right to be Forgotten): You have the right to ask us to delete or remove your Personal Data. This right also applies if you have successfully exercised your right to object to processing (see below).
Right to Object: Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Right to Restrict Processing: You have the right to ask us to suspend the processing of your Personal Data, for example, if you want us to establish its accuracy or the reason for processing it.
Right to Data Portability: You have the right to request the transfer of your Personal Data to another party, where technically feasible.

Please note that some of these rights are not absolute. In some cases, for example, we may refuse a request to exercise particular rights if complying with it means that we are no longer able to meet our contractual obligations to you, or if we had a legal obligation or right not to comply with the request. However, we will keep you informed as to the actions that we can take when you make your request.

You may update, correct or modify any information held by DNEG, or withdraw your consent where your data is processed on the basis of consent, at any time by contacting us using the details below.

You can contact us using the details below if you wish to find out more about how to exercise your subject rights.

For individuals who are resident in California, please be aware that DNEG does not sell your personal information.

Jurisdiction-specific privacy rights

Since we have global operations, this section ensures compliance with local privacy regulations and helps you understand your rights clearly based on your jurisdiction, in addition to the rights mentioned above.

Jurisdiction	Rights
EU	Right to data portability applies specifically and in structured, machine-readable format. Right to lodge a complaint with your national data protection authority.
UK	Right to contact the Information Commissioner’s Office (ICO) to lodge a complaint.
Australia	Right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Cross-border disclosures must comply with APP 8, ensuring comparable data protections unless an exception applies.
California (US)	Right to know the categories and specific pieces of personal information collected, and the purposes for collection. Right to limit use of sensitive personal information. No retaliation for exercising rights (CPRA). We do not sell or share your personal information.
India	Right to contact a designated Grievance Officer for complaints or concerns. Under the DPDP Act, 2023, certain processing activities for employment-related purposes may be based on "deemed consent". This means that in specific, defined situations (e.g., for employment, or for the provision of a service requested by you), your consent is considered to be given without requiring a separate explicit action from you, provided the processing is necessary for a legitimate purpose and you have been provided with clear information about it.
Canada (Federal Law, PIPEDA)	Right to withdraw consent, subject to legal or contractual restrictions. Right to complain to the Office of the Privacy Commissioner of Canada (OPC).
Canada (Québec)	Enhanced transparency obligations under Law 25, including rights related to automated decision-making and profiling. Right to be informed of data use by third parties. Right to withdraw consent, unless processing is legally required.
Canada (British Columbia)	Under PIPA, individuals may file complaints with the British Columbia Information and Privacy Commissioner.

Your duties or obligations as data principals under India’s DPDP Act

While this Notice outlines your rights concerning your Personal Data and our obligations in handling it, it is equally important to understand your responsibilities as a data principal (data subject). This section is applicable to our data subjects in India per applicability of India’s Digital Personal Data Protection (DPDP) Act which specifically enumerates duties of data subjects.

Refrain from impersonating another person while providing Personal Data;
Not suppress material information or provide false or misleading information when requested lawfully;
Comply with applicable provisions of the DPDP Act and any rules made under it.

Failure to observe these duties may attract penalties under the DPDP Act. We encourage you to ensure the accuracy and honesty of the Personal Data you provide.

Artistic purposes

There may be circumstances where our processing of personal data is necessary for artistic purposes in the public interest but that such processing is incompatible with data protection laws (for instance, as part of the exploitation of a production and in publishing lists of cast and crew on our website). In these circumstances there are exemptions that apply to certain data protection requirements and on which we may rely. However, we will always use our best efforts to comply with data protection laws and this notice where possible.

How long we may keep your information

We will usually only keep your information for as long as we need it for the purposes it was collected, and we apply the following retention periods to your information:

General enquiries and correspondence are retained for 2 years.
Information captured as part of the organisation and administration of events are retained for a maximum of 1 year after the events.
Photographs and videos will be retained for a maximum of 5 years after the events.
Contact details for advertising, marketing, business development and public relations purposes will be retained for a maximum of 3 years after we last contact you.

We keep the data for this length of time for business reasons because the information is helpful if we receive any enquiries or complaints, and so that we are able to verify your identity when you contact DNEG.

In some cases, information such as contact information and correspondence with notes and complaints will need to be retained for longer periods for regulatory purposes so that DNEG can demonstrate compliance with Data Protection legislation, for example, where we need to evidence that we have responded to and dealt with subject rights requests made by individuals; or to enable us to defend potential legal claims under the statutory periods set out in applicable legislation.

Contact Us

If you have any queries or comments about this Privacy and Cookies Notice, or any grievances, please contact us at dataprivacy@dneg.com or the Data Protection Officer by email on dpo@dneg.com.

In addition, you can contact the Data Protection Officer by mail at the addresses available on dneg.com and redefine.co.

Complaints

If you wish to make a complaint about how we use your information, please contact DNEG’s Data Protection Officer via email at dpo@dneg.com and we will do our best to help. Depending on where you are based, if you're still unhappy, you may also be able to contact your Data Protection Authority as follows:

Region/Country	Data Protection Authority (DPA)	Contact Guidance and Link to their website
UK	Information Commissioner’s Office (ICO)	ico.org.uk
EU (General)	Your national DPA (via European Data Protection Board)	Contact the DPA in your EU Member State of habitual residence, place of work, or where the alleged infringement occurred. See full list on the EDPB website.
Bulgaria	Commission for Personal Data Protection	cpdp.bg
Spain	Agencia Española de Protección de Datos (AEPD)	aepd.es
Hungary	Hungarian National Authority for Data Protection and Freedom of Information	naih.hu
Australia	Office of the Australian Information Commissioner (OAIC)	oaic.gov.au
California (US)	California Privacy Protection Agency (CPPA)	cppa.ca.gov This agency handles enforcement of CPRA.
India	Data Protection Board	Official website pending rollout under DPDP Act. Contact DPO for assistance.
Canada (Federal)	Office of the Privacy Commissioner of Canada (OPC)	priv.gc.ca
Canada (British Columbia)	Office of the Information and Privacy Commissioner for BC	oipc.bc.ca

Cookies Notice

Cookies are created when you visit a website. They are small files that are stored on your device and used to customise your experience.

When you access dneg.com, redefine.co or other DNEG websites for the first time, you will be asked to set your cookie preferences for the site.

To help you make your choices this notice explains how we use cookies and similar technologies to collect information when you access our services and how we use that information. We also explain when and how you can manage your cookie preferences.

We use cookies to make your use of our sites quicker, easier and more relevant to you. If you don’t turn these cookies on it may affect your browsing experience. To avoid impacting your browsing experience cookies need to be enabled in your browser settings.

What do we use cookies for?

Required Cookies:

These cookies are needed to provide the content, product or service you have asked for. We use required cookies for the following purposes:

Enabling you to stream content properly
Making sure our website is working properly and displayed correctly
Remembering if you've been to the site before
Enabling features of our service.

Functional Cookies:

We use cookies to help improve our websites. For example:

To keep track of what pages, content and links are popular and which ones don't get used.
To see how users navigate through our sites, when error messages appear and what caused them.

The information collected using these cookies is grouped with the information from everyone else so we can see overall patterns rather than individual activity. When given the option, we recommend you turn on cookies used for these purposes.

Advertising Cookies:

These cookies are used to show you ads that are more relevant to you. We may share this information with advertisers or use it to better understand your interests. For example, Advertising Cookies may be used to share data with advertisers so that the ads you see are more relevant to you, allow you to share certain pages with social networks, or allow you to post comments on our site.

How long do cookies stay on your device?

When you set your cookie preferences on one of our sites, we will remember those preferences. We will ask you again to confirm your preferences after 180 days, unless we add new cookies or use non-essential cookies for different purposes in the meantime, in which case we will ask you to confirm your preferences again when we make those changes. Please note that if you change your preferences to reject cookies which you had previously accepted, DNEG will stop collecting data from these cookies but some of them may remain on your device until you clear them. To find out how to do this, please see “Other ways to manage your cookie preferences” below.

Managing your cookie preferences

We don’t give you the option to turn off Required cookies when you manage your cookie preferences because these cookies are required and necessary to make our sites function properly. For the other categories of cookies referred to above, you can control how they are used on that DNEG site. For a comprehensive overview of the specific cookies we use and to manage your preferences, please visit the ‘Cookie Preferences’ link in the footer of the site.

Other ways to manage your cookie preferences

Most modern browsers allow you to see what cookies you have on your device and to clear them all or individually.

To find out how to do this, go to aboutcookies.org, which contains comprehensive information on how to do this on a variety of browsers.

Please remember that any settings you change will not just affect the cookies we use. The changes will apply to all websites you visit unless you choose to block cookies only from specific sites.

Deleting cookies means that settings you have made on a site or app will be lost. If you’ve set your preferences to opt out of cookies, this setting will be lost too if that information is stored in a cookie. Blocking all cookies means functionality on our sites and apps may be lost. Therefore, we don’t recommend turning all cookies off when using our sites and apps.

Changes to this Notice

We will occasionally update our Privacy and Cookies Notice. We will post a notice of any material changes on our website prior to implementing the changes, and, where appropriate, notify you using any of the contact details we hold for you for this purpose. We encourage you to periodically review this Notice to be informed of how we use your information.

This Privacy and Cookies Notice was last updated on 1 September 2025.