Work+ServicesAbout+CultureNews+Insights
Enquire

Canberra - Sydney

Privacy Policy

Mude Pty Ltd (Mude, we, us) is a brand and creative studio with offices in Sydney and Canberra. We collect personal information through this website and in the ordinary running of the studio: enquiries, client projects, productions, recruitment and marketing. This policy explains what we collect, how we collect and hold it, why, who we share it with, and the rights you have over it.

We’re bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where we handle information about people in the EU or UK, the General Data Protection Regulation (GDPR) also applies, and the section for EU and UK visitors below sets out what that means.

What we mean by personal information

Personal information is information or an opinion about an identified individual, or one who is reasonably identifiable, whether or not it’s true and whether or not it’s written down. A name in an email is personal information. So is an IP address tied to your visit, and so is footage of your face in something we’ve filmed.

What we collect

The kinds of personal information we collect and hold depend on how you deal with us:

  • Enquiries and clients. Name, email address, phone number, organisation and role, the content of your messages, and the records that build up over a project: briefs, approvals, correspondence and billing details.
  • People who appear in our work. We make films, photography and campaigns, so we collect images, footage and voice recordings of the people who appear in them, along with the releases and contact details that go with a production.
  • Suppliers, contractors and collaborators. Contact and payment details and the records needed to engage you on a project.
  • Job applicants. Your CV, portfolio, contact details, work rights and referee information.
  • Prospects. The professional contact details we hold for business development, covered under direct marketing below.
  • Website visitors. Technical information your browser sends: IP address, browser and device type, the pages you view and when, and the site that referred you here. Plus the cookie and tag data described below.

We don’t ask for sensitive information (health, religion, political views and the like) and would rather you didn’t send it. If a project requires it, we’ll collect it only with your consent. If you send us personal information we didn’t ask for, we’ll keep it only if we could lawfully have collected it ourselves; otherwise we’ll destroy or de-identify it.

How we collect and hold it

Most personal information comes from you directly: forms on this site, email, phone, meetings, events and the ordinary back-and-forth of working together. Some comes from third parties, such as a colleague who loops us in on a project, a referee you’ve nominated, the social platforms where you interact with us, or public sources like company websites and professional networks. Technical information is collected automatically when you visit the site.

You can browse this site without telling us who you are. If you want a reply or a project, we’ll need real contact details.

We hold personal information in cloud services run by established providers and on the studio’s own systems. How we secure it is covered below.

Why we collect it and how we use it

We collect, hold, use and disclose personal information to:

  • respond to enquiries and scope, deliver and bill creative projects
  • make the work itself, including productions featuring people who have agreed to appear
  • manage relationships with clients, suppliers and collaborators
  • find and approach prospective clients
  • run, secure and improve this website
  • measure our campaigns and publish case studies of our work, with permission
  • assess job applications
  • meet legal, accounting and insurance obligations.

We also use aggregated, de-identified data (which pages get read, where visitors come from) to make decisions about the site and the studio. We don’t sell, rent or trade personal information to anyone.

Direct marketing

We don’t run a newsletter or mailing list. The marketing we do is direct: for business development we sometimes hold the work contact details of people at organisations we’d like to work with, compiled from public sources and business databases. Any marketing email we send identifies us and gives you a working way to opt out, as the Spam Act 2003 (Cth) requires. If we approach you and you’d rather we didn’t, say so and we’ll remove you.

Who we share it with

We share personal information with the providers that run parts of the studio: website hosting, email, analytics and advertising platforms, accounting software and project tools. Each gets only what it needs to do its job. On productions, personal information may also be shared with the freelancers and production partners working on that specific project.

Beyond that, we’d disclose personal information only to our professional advisers (lawyers, accountants, insurers) when needed, to a buyer or successor if the studio were ever sold or restructured, or where the law requires it.

Overseas disclosure

Some of our providers, including Google, Meta and LinkedIn, store data on servers outside Australia, mainly in the United States. When personal information leaves Australia, we take reasonable steps to ensure it’s handled to the standard the Australian Privacy Principles expect, including choosing providers that commit to recognised transfer safeguards.

Cookies, analytics and advertising tags

A cookie is a small text file a website stores on your device so it can recognise you when you come back. This site uses three kinds:

  • Necessary cookies, which make the site work.
  • Analytics: Google Analytics, loaded through Google Tag Manager, which shows us how people use the site.
  • Advertising tags: the Meta Pixel and LinkedIn Insight Tag, which measure our campaigns and let us reach people who have visited the site.

None of this identifies you to us by name. To opt out, block or clear cookies in your browser settings, install Google’s Analytics opt-out add-on, and manage your ad preferences inside your Meta and LinkedIn accounts. The site will still work without cookies, though a few features may misbehave.

Security

The site runs over HTTPS, so information travels encrypted. Access to systems holding personal information is limited to the people at Mude who need it for their work, accounts are individually secured, and files containing sensitive material are password protected. Personal information lives with established cloud providers with their own security controls.

No security is perfect. If a data breach were likely to result in serious harm, we would notify you and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme.

Retention

We keep personal information for as long as we need it for the purpose we collected it, then delete or de-identify it. In practice: enquiry records are kept while a conversation or relationship is live, business development contacts until you ask to be removed, applicant records for a reasonable period after a role closes unless you ask us to delete them sooner, and client and financial records for at least five years because Australian tax law requires it. Production footage and assets are kept for the life of the engagement and our archive of the work.

Access and correction

You can ask what personal information we hold about you, ask us to correct it, or ask us to delete it. Email info@mude.com.au with “Privacy” in the subject line. We may need to verify your identity first, and we’ll respond within 30 days at no cost. If the law required us to refuse part of a request, we’d tell you why in writing and how to challenge that decision.

Complaints

If you think we’ve mishandled your personal information, email us with the details. We’ll acknowledge the complaint, investigate, and reply in writing with what we found and what we’ll do about it. If you’re not satisfied with our answer, you can take it to the Office of the Australian Information Commissioner at oaic.gov.au or on 1300 363 992.

For visitors in the EU and UK

If the GDPR applies to you, our legal bases for processing are: performance of a contract (responding to enquiries and delivering services), legitimate interests (running and securing the site, analytics, and business-to-business marketing), consent where we ask for it (appearing in one of our productions, for instance), and legal obligation (tax and accounting records). You have the rights of access, rectification, erasure, restriction, portability and objection, and you can withdraw consent at any time without affecting earlier processing. We don’t make automated decisions about you. Transfers out of the EU and UK rely on safeguards such as the standard contractual clauses built into our providers’ terms. You can also lodge a complaint with your local data protection authority.

Children

This site is for grown-ups with projects. It isn’t directed at children and we don’t knowingly collect personal information from anyone under 16. If you believe we have, contact us and we’ll delete it.

Other websites

This site links to other websites, including our social channels. Once you leave, their privacy practices are their own, so check their policies before handing over personal information.

Changes to this policy

We’ll update this page and the date below whenever our practices change, and flag significant changes on the page itself.

Contact

Privacy questions and requests go to info@mude.com.au with “Privacy” in the subject line, or by post to either studio: 21 Queen St, Glebe NSW 2037, or 5/1 Moore St, Canberra City ACT 2600.

Copyright and use of this site

The work, writing and images on this site belong to Mude or our clients, or are used under licence, and are protected by the Copyright Act 1968 (Cth). You may not republish, reproduce, sell or sub-license material from this site without our written permission.

Last updated 10 June 2026.