Production companies, their staff and their agents or service providers have access to the personal data and information you provide to them. Certain SetKeeper employees may also access some of your personal information for strictly administrative purposes and/or to perform the services we provide.
You have the right to access your personal data at any time. This is commonly referred to as “subject access”. You can make a subject access request, for free, in writing to [email protected].
Servers that run the SetKeeper application are based in Ireland.
In the absence of a retrieval request, we may keep personal data up to 12 months after the end of the subscription for technical or statistical purposes. You have the right to request a retrieval of your personal data according to the conditions mentioned in our Privacy Policy. Once a request is received, we will delete all personal data associated with their account within five business days. We may keep anonymized data for statistical or technical purposes.
Our website has a section dedicated to GDPR and a Practical Guide to GDPR Compliance.
We offer our users a simple way to request data removal: you can email us at [email protected]. All SetKeeper employees receive GDPR training using IAPP Privacy Core® resources. Training sessions are conducted upon hire for all new employees and reviewed annually thereafter.
All our current sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements required for GDPR.
SetKeeper has been designed to fully meet regulatory requirements. We undergo routine information security audits by studios and independent experts (such as the Digital Production Partnership) to ensure your data is always protected. Please read our Security page for more information about User Management, Security, and Data Collection and Processing.
SetKeeper shares data with a list of selected sub-processors for the purposes of running the service. All our sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements.
ProHire databases are automatically backed up in real time and stored in a secure and remote data center not directly linked with our production servers to ensure redundancy of your data. Our server architecture is redundant, meaning even if one server fails, the system stays active and accessible.
We maintain more than 99% uptime, which guarantees you service continuity and quality assurance.
Our support team is trained to resolve any incident and is available during business hours 7 days a week by email and phone.
Server-to-client communications are encrypted with TLS (HTTPS). The system is designed to prevent any plain communication through the Internet.
ProHire only stores and processes data in Tier 3 data centers, with biometric access control, onsite energy production systems and all IT equipment being dual-powered and provided with two redundancies.
We use compliance best practices to manage vulnerabilities and track our dependencies for known CVEs. We closely monitor security mailing lists to be aware of the latest threats. To further limit potential risks, we configure our services with tight firewall rules.
Our code is scanned for known CVEs in the dependencies we're using.
ProHire encrypts at rest using AES 256. All connections from your browser to ProHire enforce TLS encryption. We only store passwords as salted hashes, not plain passwords.
All data and the database are backed up in real-time, and documents are backed up periodically throughout the day, 7 days a week. Our backups are in a different availability zone than live data.
Any connection to our systems is logged.
We monitor external services and open source libraries for security issues. We use automated tools to continuously scan for service interruptions, performance degradation, and security vulnerabilities and alert our engineers as incidents are detected.
To ensure system availability and provide the best experience, we review and test all updates to ProHire. For each change, we perform unit and end-to-end tests. Our quality assurance team evaluates and manually tests functions expected to be impacted by a change to ensure they're not negatively impacted by a regression.
After we release a change, we continue to monitor and log exceptions and schedule them for resolution. We use several monitoring services to monitor any impact to performance from changes.
