This privacy statement addresses the personally identifiable information (“data”) that we collect and process about individual authors of online content (“Author”, “you” or “your”) through the services that we offer to our customers. Basically, if you publish information on publicly available websites (Twitter, Instagram, Sermo, etc.), you’re an Author for purposes of this privacy statement.
We are Convosphere Limited (trading as Convosphere or previously The Conversationalist Agency) (“we”, “us” or “Convosphere”). Our registered office address is at 7 St. John’s Road, Harrow Middlesex HA1 2EY, United Kingdom. Our company number is 9289425 and our VAT number GB215264334.
We are a social listening and digital insight agency specialising in local language processing. We use the data you provide to deliver business insight or brand tracking to agencies or enterprises.
We are a data processor of the data that we process about you.
We contract directly with third parties to gain access to their information (including data) and sometimes we may crawl and index publicly available information (including data) from the Internet. We do not scrape for data.
We use a number of data sources, but all sources are licensed, and data collected is done so within the terms and conditions of the source. Sources include aggregators such as GNIP, Boardreader, Crimson Hexagon, Sysomos, Synthesio, Audiense, Brandwatch, WeChat, Weibo and many other niche local and industry data providers.
In each case, the information that we have access to is published or made available directly by Authors, giving their consent to third parties as data controllers (websites) to share it with Convosphere and/or to make it publicly available. This information is then collated and analysed on behalf of our clients looking to answer a business question, acting Convosphere as a data processor. We offer access to our services to third parties (our “Services”) as data sub-processors, always according to the data controller guidelines.
Since all of the information that we access is publicly available, the raw information we have about you could be found by anybody with access to the Internet. Some of this information is personal data. For example, your name or username in connection with your Twitter profile would be personal data. Other information we process may not be personal data (for example if you publish an anonymous review on a website).
As an Author, you are the source of the data. You have control over that data within the platform you choose to publish it on (e.g. Twitter or Facebook), including through using the privacy settings made available to you by that platform. In addition to whatever rights you have via your relationship with any publishing platform, you also have certain rights relating to your data that we process, as set out in this Privacy Statement.
Information we collect about you
The data we collect varies depending on the source of the data, what the source or platform chooses to make available to us, plus what you choose to make available. It could include the following:
- your name, username, handle, or other identifier;
- the content of the information you have published via that name, username, handle, or other identifier, including comments, expressions, opinions, posts, etc.;
- your profile picture or other images or videos that you post or interact with;
- your job title or profession (including category of profession, for example “journalist”;
- your interests;
- your location;
- your gender; and
- any other information you decide to make publicly available publishing on an Internet public website or on a third party platform that provides us with data, including special categories of personal data, like personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We encourage you to protect your data according to its importance.
In addition to the data you make available about yourself, the data providers we use may also use that information to infer other data about you. For example, based on your name, we may infer your gender. Equally, based on the content of one of your posts, we may infer some of your interests, your profession, your location, etc.
We also analyse the content of the data you publish and provide our analysis to our customers. For example, if you publish a Tweet stating that you like a certain brand’s ice cream, we may mark that Tweet as having a positive sentiment toward that brand.
Using your data
The legal basis for the data that we process is pursuant to the consent Authors give to third parties (data controllers), acting Convosphere as data processor, sometimes it may be based on our legitimate interests and sometimes on a third party legitimate interest. Our legitimate interests are in providing our Services to our customers, which allows our customers to learn more about their brand, their customers, their competitors, and other information available on the social web that is relevant to our customers.
We also use the data in ways related to, but ancillary, to the Services that we offer. For example, we may use the data to comply with our legal obligations or enforce our rights, including the legal obligations or enforcement of rights of third parties, such as adverse event reporting by our pharmaceutical clients. We may also use the data to improve our Services.
We comply with applicable law, including data privacy law, when providing our Services. We also use and analyse your data, in a way that is within your reasonable expectations.
When data is inferred about you by our data providers, it is done so automatically. The inferences are based on algorithms that analyse the data that you have posted. We do not make any decisions about you based on the data that we process about you (inferred or not). In other words, we only make the data available to our customers. It is up to our customers what (if anything) to do with the data and any inferences about the data.
Sharing your data
In addition to sharing your data with our customers, we may share your data with any member of our company group (i.e. our subsidiaries, parent companies, and affiliates).
We may share your data with selected third parties, including our business partners, suppliers, and sub-contractors, for the performance of any contract we enter into with them.
We may also disclose your data to other third parties. For example, if we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets. Alternatively, if we or substantially all of our assets are acquired by a third party, your data may be part of the transferred assets.
If any third-party processes any of your data, we ensure there are sufficient contractual and operational safeguards protecting your data.
We may share your data with customers or third parties that are outside the territory of the European Economic Area. In case any of these countries isn’t covered by a decision of adequacy of the European Commission, we will ensure there are sufficient contractual and operational safeguards protecting your data.
Accuracy and retention
Most of the data we have about you comes directly from you. If it is inaccurate, we advise you to fix it on the original platform in which you published that data.
We will retain any data about you for as long as it takes to provide our insight report to our clients. Typically, our projects would last up to 6 months. However, if you request that we delete your data, or if you delete your data from the platform in which it was originally published, we will also delete your data from our Services.
Storage, security and your rights
We may transfer your data to a country other than your own. That country may not provide the same level of data protection as your own country. Whenever we transfer your information outside of Europe, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal information and to make sure it is treated securely. If you are located in Europe, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.
The servers in which we hold your data have appropriate administrative, technical, and physical controls that are designed to safeguard your data, including industry-standard encryption technology.
You have a number of legal rights in your data under applicable data privacy law. Under applicable law you may:
- request access to the data that we have about you and request that it be updated, rectified, deleted, or blocked; ported, erased or
- request that we refrain from further use of any data we hold about you.
When the treatment is based on consent, you can withdraw the consent at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.
To exercise any rights listed above, please email us at firstname.lastname@example.org or write to us at the address listed at the top of this document.
If you do not agree with any decision regarding the processing of your personal data and the exercise of your rights, you can contact our Data Protection Officer:
Mrs. Louise Jones whose contact email is email@example.com
If it is not resolved, you may lodge a complaint with the supervisory authority about our processing of your data under this Privacy Statement. The appropriate supervisory authority is the data privacy regulator in which you live. If you live in the United Kingdom it is the Information Commissioner’s Office and you can report a concern at ico.org.uk/concerns
Privacy practices of third parties
This privacy statement only addresses our collection, processing, and use (including disclosure) of your data. Our customers and other third parties that may have access to your data can use it in other ways in accordance with their own privacy practices and applicable law. We encourage you to familiarize yourself with the privacy statements provided by any platform you use to publish any information.
Governing law and jurisdiction
English law governs this privacy statement.