CASTING CRANE PRIVACY POLICY

Effective: July 27, 2018


Welcome to Casting Crane! CASTING CRANE, LLC (“Casting Crane”) and its affiliates operate a customizable form-builder system designed to allow customers - typically casting companies, studios, networks, and production houses — to build casting forms to collect form submissions completed by applicants.

This Privacy Policy (“Policy”) applies to your access and use of castingcrane.com (the “Site”) and the software and services available on the Site or offered by us or our subsidiaries (the “Company Services” or the “Services”). We will sometimes refer to you throughout this Policy as “You,” or the “User.” This Policy expressly discloses: (i) the types of personal or non-personal information collected as a result of your use of the Site and the Services; (ii) how such data is used and stored; and (iii) your choices and options regarding sharing and use of your data.

We take your privacy seriously. If you have any questions about this Policy or about privacy at Company, please contact us at privacy@castingcrane.com.


What Data Do We Collect?

There are three types of users who may access our Site or Services:


Personal Data

When you a visitor and are interested in our Services and register for an online demo or sales call, we collect the following information: first and last name, email address, phone number, your company name, the number people working for your company, your role in the company, your biggest challenge, when you are available for a demo, and a general query as to how you heard about us. All of this information is collected via our web form, and transmitted to our app database, as well as to our search database (e.g., ElasticSearch, Searchly 3rd Party SaaS).

When you contact us using our contact form, we redirect the contact to our General Sales and Support, and we collect the following information: your first and last name, your email address, phone number, the contact type (whether this is a general, sales, or support contact), and your message. This data is collected via our web form and is transmitted to our app database as well as our search database.

When you register for a User Account to become a Customer with Casting Crane, we collect the following personal data: your email, first and last name, the time zone you are in, password, and password confirmation. We also collect your avatar pic via image upload provided by you, and your IP address, to track abuse. All of this data is collected through our web form for Users and transmitted to our app database.

After you set up a User account, you will have the option to create a Company Account, which, if created, will serve as the master account holder for your company’s account with us. Some Users will also join other existing companies When you create a Company Account, we collect the following data: company name, address, city, state, ZIP code, and country, the company’s telephone number, URL, and the company’s logo. This data is collected using a web form, and all data is transmitted to our app database. Individual Customer account data can be connected to a Customer Company Account in the same database. A Customer designee can serve as the master account holder for that company as its main registered user, A Customer account holder can also be invited to collaborate with other company accounts. We do connect user data to company user data in our database; however, we do not connect data with outside sources.

When you subscribe for Casting Crane Services, we collect the following data: the name appearing on Your credit or bank card, address, city, state, ZIP/Postal code, country, the card number, expiration month, expiration year, CVC/CVV code. This data is collected via our web form and is not stored on our system, but, rather, is sent securely to our payment processor, Stripe. Stripe tokens are connected to the customer’s Casting Crane account.

When you create your casting call forms on our Site, you will select any questions you need to create your form. While we do not create the forms on your behalf, we do store the data you submit in creating your forms. Because casting call forms are customized by the User, they can have many different field questions, but typically questions include (and we thereby collect data for) the following: your email address, your first and last name, phone number, city, state or province, and image upload. This data is collect using a web form build by our Users for their casting needs. All data fields are transmitted to our app database, as well as to our search database. Applicant data is also connected to customer company accounts, which are scoped to the company and Us. Users cannot view other companies’ data.

We may collect your personal data from third parties if you give permission to those third parties to share your information with us.


Tracking Data

When a User visits our Site, we use certain tracking data (“Tracking Information”). We use Google Analytics for Tracking Information.

Usage data.  We collect usage data about Visitors, Customers or End Users whenever you interact with our services. This may include which webpages you visit, what you click on, when you performed those actions, and so on. Additionally, like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, but we only connect such information with Personal Data for Customers.

Device data.  We collect data from the device and application you use to access our Services, such as your IP address and browser type. We may also infer your geographic location based on your IP address. but we only connect such information with Personal Data for Customers.

Referral data. If you arrive at a Casting Crane website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us. We do not connect this with other Personal Data

Information from page tags.  We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics.


Cookies

When you visit our Site we use cookies, or similar technologies like single-pixel gifs and web beacons, to record log data. We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics and customization, among other similar things. If you access our Site through your browser, you can manage your cookie settings.

We log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to the Services.

We use cookies on our websites. Cookies are small bits of data we store on the device you use to access our services so we can recognize repeat users. Each cookie expires after a certain period of time, depending on what we use it for. We use cookies for several reasons:

We don't believe cookies are sinister, but you can still choose to remove or disable cookies via your browser. Refer to your web browser's configuration documentation to learn how to do this. Please note that doing this may adversely impact your ability to use our services. Enabling cookies ensures a smoother experience when using our websites. By using our websites and agreeing to this privacy policy, you expressly consent to the use of cookies as described in this policy.

We also use cookies to validate your identity and track your use of the services when you log on. Disabling these cookies may affect your ability to use the Services.

Google Analytics collects information such as how often users visit the Site, what pages they visit when they do so, and what other sites they used prior to coming to this Site. We use the information we get from Google Analytics only to improve this Site, but in anonymous form. Google Analytics collects only the IP address assigned to you on the date you visit this site and assigns a user ID code, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google uses this information to analyze your use of the website, to generate reports about website activities for website operators and to provide further services related to website and internet use. Google may also share such information with third parties to the extent it is legally required to do so and/or to the extent third parties process data on behalf of Google. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy as well as the Google Analytics Data Processing Agreement. Site usage is tracked using Google Analytics in accordance with their  Privacy Policy. However, if you do not want your data to be used by Google Analytics, you may opt-out by installing  Google Analytics Opt-out Browser Add-on. Data processing takes place in the United States and Google is self-certified under the EU-U.S. and Swiss-US Privacy Shield. You may deactivate Google Analytics with the help of a browser add-on if you do not want this website analysis.


How Do We User Your Data?

We use your Personal Data to provide the services to you including:


End User Data

Our Services allow our customers to collect Personal Data (name, address, phone number, email address, photos) of people who submit the information to them to be considered to be cast in or work for television shows, web shows, movies and theatrical productions).

It also allows Customers to collect special categories of data that are directly related to casting and employment decisions such as race/ethnic background demographic information, some of which also needs to be retained for legal reasons connected to employment decisions.

Except as described below, we do not share such information to any other parties than the Customer that is requesting the information in connection with the administration and provision of their services.


Sharing your Data

We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:

Law Enforcement and Internal Operations

Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Casting Crane or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or (iv) to protect the rights, property or safety of Casting Crane, its users or members of the general public. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third-party request to compel disclosure of your information.

Business Transfer

Casting Crane may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, Casting Crane will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.

Third-Parties

We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third-parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have EU-U.S. and Swiss-US Privacy Shield certification.

Third Party Service Providers

The following third-party processors collect personal data on our behalf and transmit it to us.

Heroku (Salesforce Company)
Information Collected: name, address, phone number, employer, purchase history
Location of the Processing: United States
Privacy Policy: https://www.salesforce.com/company/privacy/
Basis for Processing: US-EU Privacy Shield, EU Standard Contractual Clauses, Binding Corporate Rules

Mailgun
Information Collected: Collect End User and Customer contact information for transactional emails to customers; applicant submission notification; one-time notification
Location of the Processing: United States
Privacy Policy: https://www.mailgun.com/privacy-policy
Basis for Processing: US-EU Privacy Shield, Data Processing Addendum

Papertrail
Information Collected: IP Addresses and Log Information to assist Company with log management and troubleshooting
Location of the Processing: United States
Privacy Policy: https://www.solarwinds.com/legal/privacy
Basis for Processing: US-EU Privacy Shield Certified and Data Processing Addendum

Stripe
Collects: Payment information (credit card, bank information), name, address and contact information to process payments.
Privacy Policy: https://stripe.com/us/privacy
Location of the Processing: United States
Basis for Processing: US-EU Privacy Shield Certified and Data Processing Addendum


How is My Data Protected?

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:

For more information on how we protect information, please go to our security statement https://www.castingcrane.com/security-overview.

However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.

Payments Encryption: Casting Crane utilizes only PCI-DSS compliant third-party payment processors to ensure the security of your personal information using Stripe.


Your Choices and Data Subject Rights

Right to Review and Rectify Your Personal Data

You can update most of your Personal Data by logging on to your account. However, if additional assistance is required to change or delete inaccuracies within your Personal Data or would like to know what information about you was collected, please contact us at  privacy@castingcrane.com. We reserve the right to charge for copies of data requested.

Right to Remove or Withdraw Consent

If you are located in the European Economic Area or Switzerland, you have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data. If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email.

If you are located in the European Economic Area or Switzerland and you object to the processing of your Personal Data by us or our subprocessors, please notify us at privacy@castingcrane.com and we will review your request. We will comply with such requests to the extent required by law or if required by law but it i not possible, we will provide you with a means to delete your data and cancel your account.

You can delete your Personal Data by logging into your account and deleting your account. However, since your Personal Data is required for us to provide the Services to you, deleting it will also terminate your access to the services. Deleting your Personal Data does not mean that all of it will be removed. We take steps to delete Personal Data that is no longer necessary in relation to provide the Services by deleting it within 60 days of you terminating your account or if the account remains unused for more than one (1) year. Data may be retained for up to one year, but we may be required to retain it longer by law, to retain it to exercise or defend legal claims. We may de-identify and anonymize some data for purposes of retaining it for analysis purposes to track trends and improve our Services.

Data Portability

If you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.

Right to Redress

If you are located in the European Economic Area (EEA) and you believe we have violated any data protection laws you may file a complaint with the Data Protection Authority in your country.


Processing End User Data for Customers

Our Services may involve the processing of Personal Data on behalf of our customers. When we do so, we are acting as processors for the controllers of such data. As such, we take steps to ensure that Personal Data subject to GDPR is processed in accordance with controller instructions and GDPR; such as entering into a Data Processing Addendum incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such End User Personal Data. The customers control the privacy settings and determine how the information you provide is to be used according to their own privacy policies or practices. If you wish to exercise your data subject rights to review, rectify, delete or port your End User Personal Data, please contact the controller to make such request. If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.

If you are located in or serve people located in the European Union, you may be a data controller and be required to execute a Data Processing Addendum with processors like Casting Crane. If you require a DPA from us, you can download our DPA here. Download the document, fill in the required details, sign it, and send the copy back to us at support@castingcrane.com.


Transnational Transfer of Data

If you are providing your Personal Data to us directly to use our Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.


Your California Privacy Rights

California residents who have an established business relationship with Casting Crane may make a written request to Casting Crane about whether Casting Crane has disclosed any Personal Data to any third-parties for the third-parties' direct marketing purposes during the prior calendar year. To make such a request, please send an email or write us:

Attention: Privacy
Casting Crane
Address: 10632 N. Scottsdale Rd., #B-535, Scottsdale, AZ 85254-6199
Phone: (480) 500-8038
Email: privacy@castingcrane.com


Third Party Websites

We may link to other websites. When you click on one of these links, you are ‘clicking’ to another website or using social media promotion functions you select. Casting Crane does not control the data collection or privacy practices of such third-party sites. We encourage you to read the privacy policies of any third-party sites, as their collection, use and storage practices, and policies may differ from ours. 


Minors Under 16 Years of Age

Casting Crane does not knowingly collect or store any personal information from or about children under the age of 16.

If you believe a child under the age of 16 has under any circumstances provided us with personal information and data, a parent or legal guardian can email us at  privacy@castingcrane.com. to request that their children’s information be deleted from our records.


Do Not Track

Do Not Track” or DNT is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking. At present, our Site does not respond to or alter its practices when a DNT signal is received.


Changes to Privacy Policy

Casting Crane reserves the right to amend this Privacy Policy at any time. If Casting Crane makes material changes to its Privacy Policy, we will notify you by changing the Effective Date on our Privacy Policy and providing additional notification either via email or other means as we may deem commercially reasonable.


Questions?

If you ever have any questions about our online Privacy Policy, please contact us. We respect your rights and privacy and will be happy to answer any questions or concerns you might have. You may direct any such questions to us via email at privacy@castingcrane.com.