Terms of Privacy

February 8, 2019

1. Introduction and our details

The Site and Services, as described in our Terms of Service, are provided to you by Social Objects Incorporated with registered office at 36 rue diderot, 92300, Asnières-sur-Seine, France (the “Data Controller” of your personal data). Consequently, “We”, “Us” and “Ours” refers to the Data Controller. Feel free to send any of your data protection queries to us at contact@socialobjects.ai

This Privacy Policy describes the way that We deal with certain personal and other data of customers of our Services (the “Customers”) and users of the social network service Twitter (the “Influencers”).

We are based in the European Economic Area and have nominated the following representative to promptly respond to any requests by our customers and relevant authorities:
Name: Mr. C. SCHMITT(Social Objects)
Address: 36 rue Diderot, 92 300, Asnières sur Seine, France
Email: contact@socialobjects.ai

2. What personal data is processed and the legal basis for processing

2.1 Customers

There are different types of information we obtain, whether directly from you at sign up or automatically via your device (for instance, personal computer, laptop, mobile phone) when you use our Sites. Essentially, we only obtain what is strictly necessary to provide you with our Services, no more, no less.The rest is the technical stuff that must be processed in order to provide you with our services.

Information you provide us with:

1. Full name, company address, company name

  • Legal basis for processing: Performance of the contract with you. We will store just enough information to honor your opt-out preference.
  • Reasons for collecting: You know our name, We require yours for the contractual relationship between the parties

2. Email and social network profile

  • Legal basis for processing: Performance of contract with you and our legitimate interests, if related to marketing.
  • Reasons for collecting: We require your email and/or social network information to log you into the system and to provide you with the Service, reports, Service related updates, communications and other important information. If We do use your email to contact you for marketing purposes, it will be in Our legitimate interests to do so, but you will always have a chance to opt out of such marketing communications for similar products and/or services prior to first (and any subsequent) communication.
    You may opt out at any time by emailing info@socialobjects.ai

The rest is the technical stuff that must be processed in order to provide you with our services.

Information collected/accessed automatically

1. Internet Protocol (IP) address

  • Legal basis for processing: Performance of the contract and you need this to connect to the Internet..

2. We set and access various cookies on your device

  • Legal basis for processing: Contract performance for the “strictly necessary” cookies. Legitimate interest for the first-party analytics cookies.
    Your consent prior to the placement of all the other types of cookies.

2.2 Influencers

We obtain relevant data from Twitter via its API, which is subject to Twitter Platform Policy (https://developer.twitter.com/en/developer-terms/agreement-and-policy.html). We ensure We have a legal basis for processing your personal data. We treat it in accordance with relevant legislation and respect Your Rights (see section below).

Information Influencers provides Twitter with:

  • A link to Influencer profile, full name. avatar, language, biography, gender, country/city/state, brand and common interests, notable engaged users, sponsored posts.
  • Email and social network profile.
  • Images, graphics, photos, profiles, audio and video clips, sounds, musical works, works of authorship, applications, links and other content or materials “Content”, as defined by s.8 of Twitter terms of service.

Legal basis for processing

  • Influencers provide their personal data to Twitter as part of performance of contract by Twitter (there is no other way to provide such a photo sharing service) and Influencer’s affirmative consent by uploading Content (as defined in Twitter).
  • We have a legitimate interest in using the data made available by Influencers via Twitter for commercial purposes without affecting Influencer’s fundamental rights and freedoms.

Reason for collection

  • To allow Customers to choose an Influencer for their business purposes and assess the effectiveness of each Influencer’s reach.

2.3. Audience data and statistics

We analyse a vast amount of information in order to provide Customers with statistics. In relation to Influencer audience (the “Audience”), this includes, in particular: gender, age group and affinity. While these items may represent a somewhat sensitive issue, we have undertaken a review of our legitimate interests and the risks to the rights and freedoms of individuals. We concluded that our processing for statistical purposes is in line with legislation and does not affect the rights and freedoms of individuals.

3. What we do with personal data

3.1. Customers

We do not sell, share or disclose Customer data except as provided herein. We never treat your personal data in any way that would surprise you (unless We told you about it and you provided us with an informed and unambiguous consent to such usage).

We use Customer contact details and payment information to establish, support and conduct customer relationships as necessary for the performance of Services. Should the Customer fail to provide the personal data we need, we may be unable to complete the transaction. We only contact Customers with service related information. Where marketing is involved, Customers have an option to opt out at any time before first (and any subsequent) contact.

3.2. Influencers

We provide a statistical service and so, the data about Influencers identified above is shared with Customers whether on a trial basis or upon payment of fees.

3.3. Audience Data

Audience data for each Influencer is aggregated for statistical purposes and shared with Customers whether on a trial basis or upon payment of fees.

4. How long personal data is stored for


4.1. Customers

We store your data while your account is active. When your annual or monthly subscription expires, we will delete your personal data from our systems 1 month from expiration of your annual & monthly subscription or when you exercise your rights (as listed below).

4.2. Influencers

As stated above, We process information that Twitter provides us with. The updates may take up to 1 day. If an Influencer deletes their account, We would also delete such information from our systems and make it unavailable to Customers. This synchronisation may take up to a month from when the deletion happens on Twitter.

4.3. Audience data

Audience data is only relevant to the Influencer and is kept in an aggregated form together with information about Influencer. Once Influencer data is deleted, Audience data of the Influencer is also removed.

5. Security measures used by Us

All personal data is kept with our third-party processors on secure servers, in full compliance with international information security requirements. OVH and Amazon are all in possession of the ISO 27001 Information Security Management System certificates. We use the recommended industry practices to keep access to such data secure (mixture of common sense and best practices). We use appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. Those include the following:

(1) Protective measures for physical access control:

We secure access to the premises via ID readers, so that only authorized persons have access. The ID cards can be blocked individually; access is also logged.

Furthermore, an alarm system is installed in the premises, preventing infiltration by unauthorized persons. The alarm system is linked to a locking mechanism for the doors.

(2) Protective measures for system access control:

Each employee has access to the systems/services only via his/her own employee access. The access rights involved are limited to the responsibilities of the respective employee and/or team.
We regulate access to our own systems via password procedures and the use of SSH keys of at least 1024 bits in length. The SSH keys strengthen the productive systems against attacks that target weak passwords, as the password-based access to the relevant systems is disabled.
We have, in addition, a regulation for the creation of passwords. This guarantees higher security also for systems that offer password-based access.

Passwords must meet the following requirements:

  • At least 8 characters long
  • At least 1 letter in upper-case
  • At least 1 letter in lower-case
  • At least 1 number
  • At least 1 non-alphanumeric character

Our systems are protected by firewalls that reject all incoming connections by default. Only connection types defined by exception are accepted.

(3) Protective measures for data access control:

All servers and services are subject to continuous monitoring. This includes the logging of personal access in the user interface.
Due to the close proximity of the employees, a visual inspection is possible at any time. Locking and/or logging off when leaving work is prescribed in writing and is practiced.

(4) Protective measures for transfer control:

The handling of local data storage devices, e.g. USB sticks, is regulated via agreements.

Access to the systems from outside the company network is possible only via secure VPN access.

(5) Protective measures for input control:

Our employees do not work directly at database level, but instead use applications to access the data.

IT employees access the system via individual access and use a common login, as there are very few employees and these sit in close proximity of each other and monitor each other by agreements and visual inspections.

(6) Protective measures for availability control:

We ensure the availability of data in several ways. On the one hand, there is regular backup of the entire system. This steps in if the other availability measures fail.

Critical services are operated redundantly in multiple data centres and controlled by a high- availability system.

Our workstations are also protected with the usual measures. For example, virus scanners are installed, laptops are encrypted.

(7) Protective measures for separation control:

We secure access to the premises via ID readers, so that only authorized persons have access. The ID cards can be blocked individually; access is also logged.

Furthermore, an alarm system is installed in the premises, preventing infiltration by unauthorized persons. The alarm system is linked to a locking mechanism for the doors.

6. Categories of recipients of personal data

We do not rent, sell or share Customer personal data with any third parties, except where We have to comply with Our legal obligation.

We do provide a fee-based statistical service in relation to Influencer and Audience data. The recipients of such data are Customers of Our Service.

In relation to Customer data, We do not blindly follow disclosure orders. We will check each request to ensure it satisfies the relevant safeguards, contains a court order or is issued under a legislative measure for the prevention, investigation, detection or prosecution of criminal offenses.

If We employ a processor to act on our behalf, We ensure that there are adequate contractual measures to ensure responsibility, security and liability to the same level as expected of Us.

In any case where a third party accesses your data on Our behalf or upon Our instructions (be it inside or outside the EEA), We use the relevant legal basis to comply with the data protection legislation. In cases where there is no finding of an adequacy decision by the European Commission, we use model contracts approved by the European Commission to safeguard your rights and data.

7. Your rights

You are entitled to the full spectrum of the rights under the General Data Protection Regulation and We will go out of our way to accommodate any valid request. You can exercise your rights by emailing us at info@socialobjects.ai
You have a wide array of rights that we respect. Among those, the right to:

  • Require access to your personal data;
  • Require rectification of your personal data;
  • Require erasure of your personal data;
  • Withdraw consent to processing of your personal data, where applicable;
  • Lodge a complaint with your national supervisory authority (in the EEA) if you believe that your privacy rights have been breached.

We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation.

8. Security measures used by Us

We use aggregated, non-identifying, electronic data collected from use of our Sites and Services to operate, analyze, improve, and develop our Sites and Services. This information is not used to inform decisions about specific individuals; rather, it is processed to understand how different categories of users interact with our Sites and Services so that we can consistently improve the same for Customers.

Click HERE to see our Cookie Policy for details on which cookies We use and why.

9. Children’s privacy

We never knowingly collect or solicit any information from anyone of 13 years and younger. The Sites and Services are not directed at nor made look to appeal to such persons. Parents or guardians that believe that We hold information about their children aged 13 and under may contact Us at info@socialobjects.ai

10. Our commitment

All personal data is kept with our third-party processors on secure servers, in full compliance with international information security requirements. OVH and Amazon are all in possession of the ISO 27001 Information Security Management System certificates. We use the recommended industry practices to keep access to such data secure (mixture of common sense and best practices).We use appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. Those include the following:

  • We will only collect and use your data where We have a legal basis to do so;
  • We will always be transparent and tell you about how we use your information;
  • When We collect your data for a particular purpose, We will not use it for anything else without your consent, unless other legal basis applies;
  • We will not ask for more data than needed for the purposes of providing our services;
  • We will adhere to the data retention policies and ensure that your information is securely disposed of at the end of such retention period;
  • We will observe and respect Your rights by ensuring that queries relating to privacy issues are dealt with promptly and transparently;
  • We will keep our staff trained in privacy and security obligations;
  • We will ensure to have appropriate technological and organizational measures in place to protect your data regardless of where it is held;
  • We will also ensure that all of our data processors have appropriate security measures in place with contractual provisions requiring them to comply with Our commitment;

11. Changes to the privacy policy

To keep you up to date, We will always notify you via email should we update this privacy policy.

Social Objects SAS, 36 rue Diderot, 92300, Asnières-sur-Seine, France