Biometric Data Privacy and Retention Policy
Last Updated: March 30, 2026
Cast & Crew (“Company”, “we”, “us” or “our”) has instituted the following Biometric Data Privacy and Retention Policy (“Policy”) related to Biometric Data that may be collected and stored as described in this Policy.
Biometric Data Defined
“Biometric Data” includes, but is not limited to, “biometric identifiers” and “biometric information” as defined in all applicable laws or regulations governing the collection, possession or use of biometric data, biometric information, or biometric identifiers. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, that is based on an individual’s biometric identifier.
Collection of Biometric Data
Where required by law, Company will obtain your written consent for Company and/or its vendors, including any third-party authentication provider(s) that provide software or services used to collect Biometric Data if any (collectively, “Vendors”), to collect, retain, and use your Biometric Data prior to collection of such data.
Biometric Data may be collected via, among other things, means or systems, such as validating a picture of you against a picture on your government-issued ID (“Biometric Data Collection Technology”). Biometric Data will be used solely for identity verification, security, and/or fraud prevention. Company and its Vendors will not disclose, sell, lease, trade, or otherwise profit from your Biometric Data; provided, however, Company’s Vendors may be paid for products or services used by Company that collect and utilize such Biometric Data.
Based on current legal and privacy requirements, Company hereby informs you as follows:
- Biometric Data may be collected, stored, and used when you sign up for an account at https://my.castandcrew.com;
- the specific purpose for collecting the Biometric Data is to perform identity verification via Plaid, whose biometrics policy is available here: https://plaid.com/legal/#biometric-policy-and-release. The Biometric Data is collected, stored, and used for up to three (3) days after collection, unless such period is extended due to legal or security needs; and
- you have the option of not using Biometric Data Collection Technology, but that will result in an inability to verify your identify and you may be unable to sign up for an account.
Disclosures of Biometric Data
Company will not disclose or disseminate your Biometric Data to any person or entity other than the Company’s personnel and/or its Vendors with a need-to-know of such data without/unless:
- first having your written consent to such disclosures or dissemination;
- disclosure is required by a municipal ordinance or local, state, or federal law; or
- disclosure is required by a valid warrant or subpoena issued by a court of competent jurisdiction.
Biometric Data Storage
The Company and its Vendors shall use a reasonable standard of care to store, transmit and protect from disclosure any Biometric Data collected, and shall store, transmit, and protect from disclosure all Biometric Data in a manner that is the same as or more protective than the manner in which the Company stores, transmits, and protects other personal information that can be used to uniquely identify an individual or an individual’s account or property, such as account numbers, PINs, driver’s license numbers, and social security numbers.
Biometric Data Retention and Destruction
Company will destroy or cause the destruction of your Biometric Data (in possession of Company or Vendor) when the initial purpose for collecting or obtaining such data has been satisfied as set forth herein or within three (3) years of your last interaction with us, whichever occurs first; provided, however, that the foregoing may not apply if Company is required or permitted by law to retain your Biometric Data for a longer period of time.