Privacy policy - UK
This is the story of our agency.
- INTRODUCTION TO THIS PRIVACY POLICY
- Last updated on 20 February 2024
- This privacy statement applies to you if are a UK resident and you publish information on publicly available websites (Twitter, Instagram, Facebook, Reddit etc.) that we collect data from.
- This statement sets out the basis upon which we process your Personal Data (being data that identifies you) and meets the requirements of articles 5 and 14 GDPR.
- All the Personal Data we process is publicly available being information you have chosen to publish online.
- WHO ARE WE?
- We are DataEQ Limited, and we trade as Brandseye (“we” or “us”). Our company number is 08736583. If you have any questions about this privacy policy or our privacy practices, please contact: privacy@dataeq.com.
- The DataEQ Group is made up of different legal entities, including DataEQ (Pty) Ltd and DataEQ Consulting (Pty) Ltd (both of which are incorporated in South Africa).
- In addition to whatever rights you have via your relationship with any publishing platform, you also have certain rights relating to your data that we collect, process, store and retain, as set out in this policy. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- WHY WE COLLECT PERSONAL DATA AND FROM WHAT SOURCES
- We collect information, content and communications that you as an “author” provide or share via a social media platform, blog, forum and/or news site. We get data via search crawling or by contracting directly with content providers and data resellers to gain access to data from them. This information is then redacted, collected, indexed, and stored in our database.
- The data that you as an author share will be Personal Data if it identifies you – for example your name in connection with the user name of your Facebook or Twitter profile along with the profile picture is set to public on your user profile privacy settings.
- We offer access to our database, as well as analytics of the data within that database, to customers (our “Services”). This allows our customers to learn more about their brand, their consumers, their competitors, and act with more certainty in their marketing decisions.
- Through rendering Services to our customers we may also gain access to “Direct Messages” – any message you send to our customers whether via social media platforms, bots or artificial intelligence, email or SMS.
- We may collect, use, store and transfer different kinds of information which you post or make publicly available online and/or via Direct Messages, including but not limited to the following platforms and sources:
- Meta (Facebook, Instagram);
- X (formerly Twitter);
- Google;
- Linkedin;
- Youtube;
- Vkontakte;
- Blogs & Blog comments;
- Mainstream news sources;
- DataEQ website; and
- Forums
- We work with third parties such as Webhose who collect data from the platforms listed in paragraph 3.5.
- We process data using a proprietary mix of algorithms and crowd sourcing to determine relevance, sentiment, topics and themes.
- THE INFORMATION WE COLLECT
- The data that we collect (see paragraph 4.4) as set out above will be referred to as “Social Data” throughout this policy.
- From the Social Data, we can sometimes infer sensitive information such as sexual orientation, race, gender or health. We do not look at multiple posts in combination, and our algorithms analyse each of your posts individually. Any content you publish may include references to your age, gender or other personal characteristics or circumstances.
- We also collect, use and share Data such as: (i) statistical data; (ii) demographic data; and (iii) data which, if it were not anonymised, would constitute special categories of personal data, including data relating to health, political opinions and religious or philosophical beliefs, but which is anonymised and aggregated and will be referred to as “Aggregated Data” throughout this policy. Aggregated Data may be derived from your Social Data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your data to calculate a political opinion, sentiment towards a specific brand or customer experience values in a specific industry or sector. However, if we combine or connect Aggregated Data with your Social Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be processed in accordance with this privacy policy and all applicable Data Protection Laws.
- Social Data we process may include:
- your name, username, handle, or other identifier;
- the content of the information you have published via that name, username, handle, or other identifier, including comments, expressions, opinions, posts, preferences, beliefs etc;
- your profile picture or other images or videos that you post or interact with;
- your approximate location;
- the content of your posts on social media platforms, including your opinions, preferences and beliefs;
- your non-private communications with other users of social media platforms on such social media platforms;
- audio/visual information: your profile picture or other images or videos that you post or interact with;
- employment information: your job title or profession (including category of profession, for example “journalist”);
- demographic information: your interests and gender; and
- geolocation information: your location
- We do not knowingly collect or share:
- except in the form of Aggregated Data (please see reference to data that we infer – paragraph 4.2), any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data);
- any information about criminal convictions and offences; or
- any information relating to children under the age of 13.
- We are committed to respecting the privacy of children online. If we learn that our systems have inadvertently collected information relating to children under the age of 13, we will promptly delete the information, notify the necessary customer representatives to facilitate a consultation on how this data was collected and put measures in place for it not to happen again.
- HOW WE USE YOUR PERSONAL DATA
- We principally use each of the categories of your Personal Data referenced above to offer our Services to our customers.
- We do not use algorithms to make automated decisions about you in violation of applicable law or in a way that produces a significant legal effect. In other words, we only make data (inferred or not) and analytics available to our customers. Our legal basis for this type of data processing is that we have a legitimate interest in running our business and providing our Services to our customers.
- Whenever we process data that has special category Personal Data in it, we do so only because you have voluntarily made that information public by disclosing publicly the information in question. In addition to our uses of your Personal Data, our customers also have a legitimate interest in accessing this data in order to understand their customer base and engagement with their brands.
- We also use each of the categories of Personal Data referenced above in ways related, but ancillary, to the Services that we offer. For example, we may use the data to:
- improve our Services;
- comply with our legal obligations; and
- enforce our rights, including the legal obligations or enforcement of rights of third parties.
- The legal basis for processing the Personal Data in paragraph 5.4 is legal obligation or legitimate interests.
- Please note that we will promptly delete all your Social Data that we have received from a particular social media platform if we stop collecting data from such social media platform.
- HOW LONG WE WILL KEEP YOUR INFORMATION
- We review our data retention periods regularly and will only hold your Social Data for as long as is necessary for the relevant activity, or as required by law (we may be legally required by third parties such as our insurers to hold some types of information for minimum time periods). Any request you make to delete cannot override these obligations
- If you request that we delete your Personal Data:
- we will delete your data from our system, provided it is not in contravention of any laws, or current legislation;
- please be aware that if your data is still published on the public sources we pull data from so you will need to remove it from there also.
- Details of retention periods for different categories of your Personal Data are set out in our retention policy which is available on request. When we decide the appropriate retention period for Personal Data, we consider our legal and compliance obligations, the nature and sensitivity of the Personal Data including the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means.
- SHARING OF YOUR DATA
- In addition to sharing your Personal Data with our customers, we may share your Personal Data with any member of our company group (i.e. our subsidiaries, parent companies, and affiliates). We will inform you before we do this and give you information regarding this.
- We may share your Personal Data with selected third parties, including our business partners, suppliers, contributors/crowd and sub-contractors, for the performance of any contract we enter into with them. We may also share your data with analytics and search engine providers that assist us in the improvement of our website and systems.
- We may also disclose your Personal Data to other third parties. For example, if we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets. Alternatively, if we or substantially all of our assets are acquired by a third party, your data may be part of the transferred assets.
- If any third party processes any of your data, we ensure there are sufficient contractual and operational safeguards protecting your data.
- In respect of your Social Data, we will not:
- sell, licence or purchase any data obtained from social media platforms;
- proxy, request or collect your usernames or passwords for social media platforms;
- share your user IDs for social media platforms with service providers who build or run any of our apps. Your user IDs for social media platforms will be kept secure and confidential; and/or
- use friends or connections data from social media platforms to establish social connections in our apps, unless you have granted you access to that information.
- DATA SECURITY
- We have put in place appropriate security measures to prevent your Social Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes:
- The servers that hold your data have administrative, technical, and physical controls to safeguard your data, including industry-standard encryption technology.
- We have put in place appropriate security measures to prevent your Social Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes:
- TRANSFERS OUTSIDE THE EEA
- Other companies in the DataEQ group of companies which are based in South Africa and Dubai process data inside the DataEQ system and platform with the data remains at all times in our data centre which is based in Germany (within the EEA).
- Many of our external third parties, such as customers and crowd members are based outside the European Economic Area (EEA). The data remains on our system, and is only accessible through our platform or app. The data is anonymised and aggregated so no data subject can be identified. Therefore as this is not Personal Data this is not a restricted transfer. That said we monitor the processes and systems used so we are satisfied that the data will not be compromised.
- If we transfer your information outside of the European Economic Area or the United Kingdom, we will take steps to ensure that adequate safeguards are in place to protect your Personal Data and to make sure it is treated securely. You may contact us for a summary of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances.
- YOUR PRIVACY CHOICES
- You are always in control of your Personal Data Paragraph 11 sets out how you can exercise control over the Personal Data we process but please always note that as an author you:
- are the source of the data and have control under the user profile privacy settings of each platform you interact with and can at any time restrict any of this information appearing in the public domain in accordance with the terms of the relevant platform;
- create the Social Data and have direct control over what you decide to post publicly online;
- can always review the privacy settings available on all platforms you use to publish content online, including making your profile private; and
- should read the privacy statements provided by the platforms you publish content on.
- You are always in control of your Personal Data Paragraph 11 sets out how you can exercise control over the Personal Data we process but please always note that as an author you:
- YOUR RIGHTS
- Under Data Protection Laws, you have the following rights in connection with your Social Data, which can be exercised in certain circumstances:
- Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check we are lawfully processing it;
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below);
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your Personal Data for direct marketing purposes;
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your Personal Data to another party. We will provide to you, or a third party you have chosen, your Social Data in a structured, commonly used, machine-readable format; and
- Withdraw your consent where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
- If you would like to exercise any of your rights above, please contact us at privacy@dataeq.com and provide us with your full details (including name, telephone number, address and email and the precise nature of your request and/or grievance.)
- Only you, or a person you have authorized to act on your behalf, may make a request related to your Personal Data. You may also make a verifiable request on behalf of your minor child or ward. If you submit a request through an authorized agent, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us.
- In order to protect your Personal Data, we may ask you or your authorized agent to provide additional Personal Data so that we can verify your identity. Any information that you provide will only ever be used as part of the process to confirm your identity and complete your request. In order to protect your Personal Data, if we cannot verify your identity, we will not be able to comply with your request.
- Under Data Protection Laws, you have the following rights in connection with your Social Data, which can be exercised in certain circumstances:
- CHANGES TO OUR PRIVACY POLICY
- Any changes we make to our privacy policy in the future will be posted on our website and, where appropriate, displayed on our premises notified to you by e-mail.