Last Updated: November 23, 2025

This Privacy Policy outlines how the Entertainment Identifier Registry (EIDR) (“we,” “our,” or “us”), operating at *.eidr.org, collects and uses personal data as part of its mission to provide globally-unique, freely-resolvable identifiers for audiovisual works (the EIDR Registry). We adhere to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles, the UK Extension to the EU-U.S. DPF Principles, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles with regard to personal data transferred from the European Union, United Kingdom (and Gibraltar), and Switzerland, respectively.

To learn more about the DPF Program, please visit the official DPF website at https://www.dataprivacyframework.gov/. To verify our certification, please visit https://www.dataprivacyframework.gov/list.

What Data Do We Collect and Why?

EIDR’s purpose is to assign a unique, persistent identifier (EIDR ID) to each audiovisual work to facilitate automation and disambiguation in the digital supply chain and unique identification for other applications. To achieve this, we collect minimal, objective, and durable descriptive metadata about each work from published sources and our participants, who include global commercial, non-profit, educational, NGO, and governmental organizations with an interest in the Media & Entertainment (M&E) industry (see https://www.eidr.org/eidr-members/). The EIDR registry metadata includes the names of directors and actors. We do not collect any other identifying information (e.g., contact details, race, gender, etc.) for these individuals or any sensitive data as defined by the DPF Principles.

This data is collected and used solely to:

• Help differentiate audiovisual works to ensure each is assigned a unique EIDR ID.
• Enable ID search, discovery, and reference, allowing users to find an EIDR ID based on a work’s associated metadata.
• Clearly and unambiguously describe the work reference by an EIDR ID.

In keeping with the established principles of PIDs (Persistent Identifiers), LOD (Linked Open Data), and the requirements of the DOI (Digital Object Identifier) Foundation, EIDR IDs and their associated descriptive metadata records are publicly-resolvable and freely accessible to our participants and all other interested users (individuals and organizations). The personal data we collect is limited to what is necessary and relevant for these purposes. EIDR does not process human resources (HR) data under its DPF certification. Its participation is limited to non-HR personal data, including names of audiovisual contributors and contact information voluntarily provided to EIDR.

How We Protect Your Data

We are committed to protecting the data in the EIDR registry. We have implemented technical and organizational measures to safeguard this data against loss, misuse, unauthorized access, disclosure, alteration, and destruction. Our security measures include access controls for record creation and modification and regular security audits. Public access to the registry is read-only. Direct access to the raw registry data for record creation, modification, and retrieval is limited to participating organizations and is subject to our data usage agreement.

Your Rights and Choices

You have the right to access, correct, and delete your personal data held within the EIDR registry. To exercise these rights or to address any concerns regarding our handling of your data, please contact us at [email protected]. We will respond to all complaints and inquiries regarding personal data within 45 days of receipt. If your personal data held within the EIDR registry is used for a materially different purpose, or if we disclose it in a manner not specified in this policy, we will first provide you with the opportunity to limit the use and disclosure of your personal data.

As our service relies on the public, persistent, and immutable nature of the EIDR ID and its associated metadata to function, it is not possible to permanently delete an EIDR ID. However, we will work with you to address inaccuracies and, where appropriate, remove personal data from public display.

Onward Transfers

We do not transfer personal data to third parties in a way that is inconsistent with the purpose for which it was collected. The very nature of the EIDR system involves making the EIDR IDs and their associated metadata publicly and freely available to non-agent third parties (the general public). This is a core function of the service and constitutes an intended onward transfer to the public. (See “What Data Do We Collect and Why?”) Onward transfer to our participating organizations is governed by the EIDR Participation Agreement and Intellectual Property Rights (IPR) Policy. In accordance with the DPF Principles, EIDR remains responsible and liable for the processing of personal data it transfers to third parties acting as agents (our participating organizations) unless we prove we were not responsible for the event giving rise to the damage. We do not sell personal data to any third party.

Finally, in certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Enforcement, Recourse, and Liability

EIDR is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). We commit to resolving complaints about our collection or use of personal data in a manner that adheres to the DPF Principles.

If you have a complaint regarding this Privacy Policy, please contact us at [email protected].EIDR has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.

Swiss-U.S. DPF Commitments

For personal data received from Switzerland, we will adhere to the specific requirements of the Swiss-U.S. DPF. We acknowledge and will respect the rights of Swiss individuals to access their personal data and to pursue legal remedies for any breaches of our obligations.

Verification and Self-Certification

We will verify annually, through self-assessment, that this Privacy Policy is accurate, comprehensive, prominently displayed, fully implemented, and in conformity with the DPF Principles. Our annual certification of compliance will be submitted to the U.S. Department of Commerce as required.

California Privacy Notice

For residents of the State of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides additional rights regarding the collection, use, and disclosure of personal information.

EIDR does not collect, sell, or share personal information as defined under the CPRA. As noted earlier, the only personal data included in the EIDR Registry consists of names of audiovisual contributors (i.e., directors, actors) used to uniquely identify audiovisual works. This data is collected and published solely for the purpose of disambiguating works and assigning persistent identifiers as described above. No contact, demographic, financial, or sensitive information is collected or processed.

California residents may exercise their rights of access, correction, deletion, and non-discrimination under the CPRA by contacting us at [email protected]. We will respond within 45 days of receipt of a verifiable request.

Web Site User Data

For information regarding EIDR’s handling of Website user data, please see EIDR’s Website Privacy Policy.