The Entertainment Identifier Registry Association (“EIDR”, “we”, “us” or “our”) is a not-for-profit organization serving the Media & Entertainment community.
EIDR is committed to ensuring the security and protection of the personal information that it processes and provides a compliant and consistent approach to data protection. The European Union’s GDPR sets out regulations that expand privacy rights beyond the borders of the EU, applying to organizations, such as ours, that act as Controllers of Personal Data of EU residents on behalf of our customers. We certified our services, for which we act as a Data Controller, under the EU-U.S. Privacy Shield Framework (“Privacy Shield”) on April 1st, 2019. EIDR adheres to the GDPR principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. For purposes of enforcing compliance with the Privacy Shield, EIDR is subject to investigation and enforcement authority of the U.S. Trade Commission. For more information on Privacy Shield and/or to verify our participation please visit the U.S. Department of Commerce’s Privacy Shield website:
- The information we collect
- How we use that information
- Under what circumstances we disclose that information
- Your rights regarding your information
- How you can contact us if you have questions about our policies
For the purposes of this Policy:
“Consumer” means any visitor to our website, including: Users, Other Users, and Members, who disclose Personal Data.
“Controller” means a person or organization which alone, or jointly with others, determines the purposes and means of the processing of Personal Data.
“EU” means the European Union and Iceland, Liechtenstein, and Norway.
“GDPR” means General Data Protection Regulation. The GDPR is the legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union.
“Personal Data” means any information that is (i) about an identified or identifiable individual, (ii) received by EIDR in the US from the EU, and (iii) recorded in any form.
“Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.
“Processor” means any natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Sites” means the EIDR website and certain subsidiaries sites.
The Information We Collect
We may collect Personal Data provided by (i) individuals who visit our website and voluntarily provide their information, and (ii) from our Members, vendors, contractors, and agents. As EIDR is generally a conduit for information controlled and being shared by others, it is our Members, Users and Other Users, and their users who control the content transmitted across our platform. To the extent that we merely transmit, route, switch, or cache information on behalf of our members, we may rely upon and require such Consumers to comply with underlying legal requirements with respect to such processing
We may collect and process the following information about you:
- Personally identifying information required by our “Contact Us” form including your name and email address or any other personal information you may provide in your correspondence with us. We will use this information to communicate with you, to inform you about new EIDR developments, to invite you to industry events, and to provide technical or operational support, etc.
- Any other Personal Data you provide when you communicate with us that you share via social media, or that you provide when using our Sites.
- When troubleshooting issues with the EIDR Sites, or in any customer service capacity, we may ask for additional personal or technical information.
How We Use That Information
We may use your Personal Data in several ways, including the following:
- To provide information about or while providing services to you.
- To communicate with customers, business partners, vendors, agents, and contractors about business matters.
- To conduct related tasks for legitimate business purposes.
- To compile aggregate data regarding the use or operation of our Sites or other EIDR services.
- To add your email address to the various mailing lists used for EIDR communications.
- To contact you regarding your use of our Sites or other EIDR services.
- To ensure that our Sites operate in an optimal fashion.
- To research instances of abuse or violations of our TOU.
- For other purposes disclosed at the time of collection.
- To comply with legal requirements.
EIDR will only process Personal Data in ways that are compatible with the purpose for which EIDR collected the Personal Data, or for purposes that the individual or Consumer providing the Personal Data authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you authorized, we will provide you with the opportunity to opt out. To the extent required by GDPR and Privacy Shield Principles, EIDR obtains explicit consent for use and disclosure of Sensitive Data. EIDR maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.
We may use a limited number of third-party service providers to assist us in providing services to our customers or to meet internal business needs. These providers may provide services such as billing systems, contract and account management, customer support, relationship management and support and other technical operations. These third-parties may access, process, or store Personal Data while providing their services. We maintain contracts with these third-parties to restrict their access, use, and disclosure of Personal Data in compliance with our GDPR and Privacy Shield obligations, and we may be liable for such parties if they fail to meet these obligations.
Individuals located in the EU, if applicable, have rights to access Personal Data about themselves, and to limit the use and disclosure of such data. We take our privacy obligations extremely seriously and have committed to respect these rights. Because our personnel have very limited ability to access data submitted to us by our Consumers, if you wish to request access to, or to limit use or disclosure of data, please provide the name of the party who submitted your data to our services, and state whether it was yourself or a third-party. We will refer your request to that third-party, if appropriate, and reasonably support them in responding to your request.
Under What Circumstances We Disclose That Information
- Your information will only be used by EIDR for its related activities or by third-parties acting on EIDR’s behalf, including for data analytics.
- We will not release your information to unrelated third-parties without your consent.
- We will not sell your information to third-parties.
- We will keep your information confidential, except as permitted or required by law.
Your Rights Regarding Your Information
You can request a copy of your Personal Data that we maintain to verify its accuracy and our compliance with any legal requirements.
You can request that we correct any errors or omissions in your Personal Data that we maintain, subject to verification.
You can request that we delete your Personal Data if we do not have a legitimate reason for keeping it, if we have obtained or processed it unlawfully, or if we are required to do so by law. This is subject to legal requirements for data retention, which we will notify you of, if applicable.
You may have other rights regarding your Personal Data granted you by local law. EIDR will respect those upon request unless we can demonstrate a compelling legitimate reason to limit those rights.
If you would like to request access to correction, amendment, or deletion of your Personal Data, you can submit a request to the contact information provided below. If your Personal Data was provided to us by a third-party, we may facilitate your access to such data by directing you to the party that provided your data to us.
Data Retention Policies
EIDR takes reasonable steps to ensure that the Personal Data the organization controls is (i) reliable for its intended use, and (ii) accurate, complete, and current. In this regard, EIDR relies on its Members, Users and Other Users, to update and correct the relevant Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized.
Subject to applicable law, EIDR controls and retains Personal Data in a form that identifies or renders identifiable the relevant Consumer only for and as long as it serves a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by the Consumer.
EIDR also complies with GDPR’s obligations of only collecting cookies under lawful grounds of collecting and processing that data. The applicable Consumers will be given an opt-in box to give explicit consent or reject collection of cookies. Under this law, the ability to withdraw consent previously given is also an option available.
We collect information when you use our Sites, including how, when, and where you accessed our Sites and which services you used. These are collected as statistical data and we do not use them to identify individuals except when investigating instances of abuse. This data may include information about your computer and how you connected to our Sites, such as your IP address, internet service provider, browser type and version, operating system type and version, physical location, time zone, and other technical or identifying data.
We may collect information about you from third-parties, including social media companies, and it may be used to also connect with you through social media.
Recourse, Enforcement and Liability
EIDR has mechanisms in place designed to help ensure compliance with the Privacy Shield Principles. EIDR will conduct an annual self-assessment of its Consumer Personal Data practices to verify that the attestations and assertions EIDR makes about its Privacy Shield practices are true and that EIDR’s privacy practices have been implemented in accordance with GDPR and Privacy Shield Principles.
Consumers may file a complaint concerning EIDR’s processing of their Personal Data. EIDR will take steps to remedy issues arising out of its alleged failure to comply with Privacy Shield Principles. Consumers may contact EIDR as specified below about complaints regarding EIDR’s Consumer Personal Data practices.
If a Consumer’s complaint cannot be resolved through EIDR’s internal processes, EIDR will cooperate with JAMS pursuant to JAMS Privacy Shield Program, which is described on the JAMS website at https://www.jamsadr.com/eu-us-privacy-shield. JAMS mediation may be commenced as provided for in the JAMS rules. Following the dispute resolution process, the mediator or the Consumer may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over EIDR. Under certain circumstances, Consumers also may be able to invoke binding arbitration to address complaints about EIDR’s compliance with the Privacy Shield Principles.
Questions, comments, complaints, and all other inquiries are welcome. Please contact us by email at: [email protected]