Who can access my personal data?
Production companies, their staff and their agents or service providers have access to the personal data and information you provide to them. Certain SetKeeper employees may also access some of your personal information for strictly administrative purposes and/or to perform the services we provide.
You have the right to access your personal data at any time. This is commonly referred to as “subject access”. You can make a subject access request, for free, in writing to support@setkeeper.com.
Where is my personal data stored?
Servers that run the SetKeeper application are based in Ireland.
Does Setkeeper share data with third-party entities?
SetKeeper shares data with a list of selected sub-processors for the purposes of running the service. All our sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements.
How long does SetKeeper keep personal data and what happens to my personal data at the end of a project?
In the absence of a retrieval request, we may keep personal data up to 12 months after the end of the subscription for technical or statistical purposes. You have the right to request a retrieval of your personal data according to the conditions mentioned in our Privacy Policy. Once a request is received, we will delete all personal data associated with their account within five business days. We may keep anonymized data for statistical or technical purposes.
Our website has a section dedicated to GDPR and a Practical Guide to GDPR Compliance.
We offer our users a simple way to request data removal: you can email us at support@setkeeper.com.
All SetKeeper employees receive GDPR training using IAPP Privacy Core® resources. Training sessions are conducted upon hire for all new employees and reviewed annually thereafter.
All our current sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements required for GDPR.
How does SetKeeper secure personal data and sensitive files?
SetKeeper has been designed to fully meet regulatory requirements. We undergo routine information security audits by studios and independent experts (such as the Digital Production Partnership) to ensure your data is always protected. Please read our Security page for more information about User Management, Security, and Data Collection and Processing.
Compliance Programs
Our servers are hosted on AWS. Here are AWS IT standards we comply, broken out by Certifications and Attestations; Laws, Regulations and Privacy; and Alignments and Frameworks. Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance. AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.