1. Introduction

Fifty Technology is committed to your privacy. This policy aims to explain how Fifty collects and processes, uses and protects personal data. All data we have access to will be collected, processed and protected according to existing data protection laws, including the General Data Protection Regulation. We may change this privacy policy from time to time, due to changes in our business, technology or evolving laws, regulations or interpretations. We recommend that you consult this page from time to time in order to be aware of any updates we might make to the privacy policy.

2. Who we are

We are Fifty Technology Limited (trading as Fifty & Fifty Media). Our registered office address is 24 Hanover Square, London, W1S 1JD, United Kingdom. Our company number is 09476244 and our VAT number is GB 216562221.

Fifty Technology is a company operating in the field of analytics and advertising technology. We have three main activities:

· Fifty Intelligence and insights conducts bespoke studies of user audiences for our clients by processing data from several online platforms such as Twitter, and helps clients understand their segments, analyse trends, shed light on new products, services, emerging categories etc.

· Fifty Data collects data from various data partners through the Fifty data network, and segments, models, processes and packages such data into unbranded and branded segments before making them available onto DMPs (data management platforms) and DSPs for targeted advertising purposes.

· Fifty Media will use understanding of the user audiences and the various data sets to build out custom cookie-based segments and run digital advertising campaigns.

We can be contacted at [email protected].

In accordance with GDPR, we have appointed a Data Protection Officer, whose contact details are the following:

Vincent Potier c/o Fifty Technology Ltd
2 John Street

Email: [email protected]

3. Industry involvement

Fifty Technology is involved in the following organisations:

  • It is a member of IAB UK
  • It is part of Your Online Choices
  • It is part of the IAB Europe global vendor list
  • It is a signatory to the IAB Europe transparency and consent framework.

4. Data collection

The data we collect about you depends on whether you are a social media end user or a Fifty client and the Services that you use and how you use them.

4.1. Fifty Intelligence: end-user data

Fifty Intelligence is a specialist in insights and analytics derived from the collection and processing of data from the Twitter platform, as well as other online platforms. We currently use or have used in the past data from platforms such as Klout, Instagram, and Facebook. We rely on the terms and conditions between users and the social media platforms along with our own relationship with those platforms. For example, with Twitter, we have access to the public API, which allows us to access different data points which Twitter users have chosen to make public. We recommend that you also visit from time to time the privacy policies of the social media platforms you currently use. At Fifty Intelligence, we are interested in the connections that users have between themselves (the “follows”), as we are mainly trying to build insights about audience segments and not about individuals.

These insights help clients understand their segments, analyse trends, shed light on new products, services, emerging categories, etc. Thanks to this intelligence, clients then have a better understanding of their users and customers’ needs and respond through market improvements of their products and services, and more relevant advertising.

4.2. Fifty Media: end-user data

Fifty Technology insights are used by Fifty Media to build out custom cookie-based segments and run digital advertising campaigns. Segments and data products are used by our teams and clients to run targeted social and programmatic advertising. Thanks to URL white lists and our targeting cookies placed on users’ computers, we are in a position to build audiences that we will serve ads to. We will then refine the targeting based on the response to those ads, and prioritise ads to those user segments who seemingly respond better and engage with them. This is how we always enhance the relevance of the advertising we serve. In order for us to process your data, you will have consented to data processing and accepted cookies or similar technologies from publishers which we obtain data from. Remember you can change your preferences at any time and you can also exercise your rights by writing to [email protected].

Although the legal basis that Fifty Media and Fifty Technology rely upon for targeted advertising is consent, we have also determined that we have a legitimate interest to collect and process personal data for the following purposes which have minimal effects on your privacy:

· Frequency measurement / capping (counting the number of times ads have been seen): this is necessary if we want to make sure ads are not shown more than a certain number of times to the same user

· Viewability measurement (understanding if ads are seen by users, often related to their placement on a publisher page); this is needed to optimise advertising investment and therefore protect publisher revenue which the publisher needs to produce the content seen by the user

· Click count (counting the number of times ads seen have been clicked on); this is necessary to understand which creative formats generate interest and engagement and which ones don’t

· Understanding browsing behaviours of aggregated users

· Testing ads

· Conversion tracking (counting the number of times users who have seen ads have proceeded to buy a product or service); this is necessary to understand the overall return on investment of that ad and therefore whether the investment on that campaign is worthwhile and whether publishers will receive more or less investment

4.3. Platform users

If you register as a user of any of our Services, we may ask you to provide your name, email address, contact telephone number (landline and/or mobile), the company you work for, your address, a username and password, and other data relevant to the Services we provide. If you are not an administrative user for your account, the same data about you may be provided by a colleague or other third party. We may also collect other data directly from you, from time to time.

We collect data about you when you use any part of our Services. For example, if you are logged in to your Fifty account, we will collect data as to how often you use Analytics, what queries you created or amended, and other data about how you interact with the product. We may also collect data about how you interact with messages we send to you, for example whether you opened an email or read an in-app message.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.

4.4. Business contacts data

We may also hold your personal data if you have a business relationship with Fifty or if you or we have been considering entering into some form of business relationship. You could be a client (agency, advertiser…) and we will need that data in order to communicate, invoice, manage contracts and products and services we offer to you. You could be a publisher, a data provider or a social media platform and we would need your personal data in order to communicate, invoice, manage the relationship. You could be a supplier, a partner with whom we have a regular business relationship or with whom we are considering having one. Or you could be a prospect, industry partner, former colleague or business acquaintance with whom we have regular relationships.

The personal data we hold about you refers to your professional life (name, email address, billing address, office address, phone numbers, title, employer, etc.). We would have obtained that information from exchanging emails or business cards, meeting at industry events or at client meetings, etc.

We rely on our legitimate interests in managing and developing our business in order to hold and carry on processing this data. Still, you can always exercise your data subjects’ rights and ask for removal, erasure, portability, etc. of that personal data by writing to us at [email protected].

Finally, our retention policy for this data is as follows, i.e. we will delete your data:

· Two years after the last contact

· Six years after the end of the contractual relationship

4.5. Employee data

If you are an employee at Fifty Technology, we suggest you refer to our HR policy and the clauses regarding data protection on your employment contract. It is available with our HR department.

5. Types of data collected and processed

Fifty collects multiple data sets from social media platforms and from our partners (or Fifty) placing cookies on users’ computers when those browse or navigate the Internet:


· Data points about Twitter users from the public Twitter API used for displaying information; some of the fields may contain data such as demographic, location and interest

· Follow connection data (Twitter) IDs that a user is following via the public Twitter API used for connection data as the basis of our intelligence network analysis and visualisations

· Tweet data

Other social media platforms

We also collect data from other social media platforms (Facebook and Instagram) in order to enrich our reporting and services.

Other sources

· Cookies and IP addresses collected throughout your browsing activity on our publisher partners

· Campaign data (ads seen by each individual user, engagement with those ads, clicks etc.)

· Domain whitelists indirectly derived in part from analysis of the personal data obtained from the social media networks (URLs targeting)

We do not collect nor hold any information such as email, address, phone number, credit card information etc. The cookie data we hold about you is not data which allows us to know you are. From the public Twitter API, we only collect name, handle, and follows data which you have chosen to make public through social media platforms. We do not collect anything private.

We do not process any data which could be used, with the help of a third party, to determine the identity of users. We do not know who you are and we do not wish to know. We do not need to know who you are in order to run our business effectively.

6. Cookies

A cookie is a small text file composed of alpha-numeric characters which is created on your computer when your browser accesses a web site that uses cookies. These files are used to help your browser navigate the website and make full use of all its functionalities, such as identifiers, preferences, linguistic parameters, themes, among other common functionalities. In no case will the Fifty Technology cookie give us access to other information contained on a device or to identify you by name.

There are numerous types of cookies:

- Session cookies which make it easier for you to navigate on websites; they expire when you close your browser

- Persistent cookies which enable us to track and target interests of users to improve the user experience on publishers’ websites; persistent cookies do not expire when you close your browser; they stay for a certain period of time in order to recognise user identifiers and serve relevant ads to them.

7. Managing your cookies

If you no longer wish to receive ads ran by Fifty Media, you can manage your choices by using Your Online Choices

Important: when you choose to opt out from receiving cookies, a cookie will still be set in your browser. This is only by maintaining a cookie in your browser that we will be able to recognise you have made the choice of opting out of cookies.

8. Data retention

We hold your personal data according to the highest security and encryption standards, and we only do so for a minimal period of time, the time necessary to run our business. We delete cookie data after 13 months and refresh the data obtained from social media platforms every 6 months.

9. Data transfers

Like all companies operating in the complex landscape of advertising technology and insights and analytics, we work with multiple partners. Whether it be social media platforms (such as Twitter), server providers (Google), data providers, demand-side platforms (AppNexus, TubeMogul…) etc. — they are reputable partners adhering to the highest industry standards in security, encryption, data protection. Our most important data partners are listed in Section 13 below.

In order to operate our business efficiently, we have to transfer data to our key partners, some of which happen to have servers located in the United States. When we do, we operate under the European Commission Standard Contractual Clauses which commit them to similar data protection standards as in the EU/UK.

We do not transfer any data outside of the European Union or the United States.

10. Personal sensitive data

Under the GDPR, personal sensitive data (also known as “special categories of data”) is any personal data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.

Fifty Technology does not collect any personal sensitive data, except when it has manifestly been made public by the data subject, as per article 9(2)(e) of the GDPR.

11. Children’s data

Fifty Technology does not collect any children’s data. It does not want to collect any and applies all precautions and filters not to collect any. If you are a parent/guardian and you believe that Fifty may be processing data from someone that you have parental responsibility for, please contact us at [email protected].

12. Data subjects’ rights

The GDPR lists the following rights:

· The right to be informed

· The right of access

· The right of rectification

· The right to erasure

· The right to restrict processing

· The right to data portability

· The right to object

· The right not to be subject to automated decision-making

Fifty Technology has a process in order to deal with requests for exercise of your rights which can be made by writing to us at [email protected].

You can always withdraw your consent at any time. You can do so by either using Your Online Choices (for cookies), contacting the individual publishers or social media platforms you have been using or contacting us directly in order to exercise your right to erasure for example.

On the right to erasure, the main means of fulfilling that right is for us to delete personal data so that the data is permanently anonymised and cannot be de-anonymised, i.e. cannot be re-identified.

As we do not know your names, email addresses, addresses, postcodes, we don’t know who you are, where you live, what you do, it might be hard to identify your personal data, or we might not be in a position where we can technically locate it. As we apply techniques such as data minimisation (not processing more data than what is needed), we consider it would be against the spirit of the law to hold data allowing us to identify you in case you want to exercise your right to erasure. Where we do not have the ability to identify individuals, we will be unable to address individual requests for erasure. Under the GDPR we would not be obligated to collect more data about the data subject for the sole purpose of responding to a request for erasure in order to comply with the law.

We are always happy to help with any inquiries regarding protection of your data and privacy. If you are still not satisfied for any reason, you have a right to ask the data protection supervisory authority in your country (in the UK, the Information Commissioner’s Office, for a decision.

13. CCPA

The CCPA (California Consumer Privacy Act) voted on June 28, 2018, is a privacy law implemented on January 1 2020 in the State of California which defines personal information more broadly, ensures greater transparency, accountability and provides consumers with extended rights as to the collection and use of their personal information.

Your rights under the CCPA:

Your rights under the CCPA can broadly be divided into the following categories: (1) right to notice, (2) right to access, (3) right to opt out (or right to opt in), (4) right to request deletion, and (5) right to equal services and prices.

  • Right to notice: Under the CCPA, businesses must inform consumers at or before the point of collection what categories of personal information will be collected and the purposes for which these categories will be used.
  • Right to access: Consumers have the right to request that a business disclose the categories of personal information collected; the categories of sources from which personal information is collected; the business or commercial purpose; the categories of third parties with which the business shares personal information; and the specific pieces of personal information the business holds about a consumer. If a business sells personal information or discloses it for business purposes, consumers have the right to request the categories of information so sold or disclosed.
  • Right to opt out: Consumers have the right—at any time—to direct businesses that sell personal information about the consumer to third parties to stop this sale, known as the right to opt out. If a consumer is a minor, the CCPA provides for a right to opt in to the sale of data (exercised by the minor if the consumer is between 13 and 16 years of age, or by the minor’s parent or guardian if the consumer is under 13 years old). Businesses must wait at least 12 months before asking consumers to opt back in.
  • Right to request deletion: Consumers also have the right to request deletion of personal information, but only where that information was collected from the consumer. Like the right to erasure under the GDPR, this right is subject to exceptions. For instance, businesses need not delete personal information necessary for detecting security incidents, exercising free speech, protecting or defending against legal claims, or—in what is potentially a broad and likely contentious category—for internal uses reasonably aligned with the consumer’s expectations.
  • Right to equal services and prices: The CCPA prohibits businesses from discriminating against consumers by denying goods or services, charging a different price or rate for goods or services, providing a different level or quality of goods or services, or suggesting that they will do any of these things based upon a consumer’s exercise of any CCPA rights. Put differently, consumers have a right to equal services and prices.

Exercising your rights under the CCPA:

If you do not want to receive ads based on your usage data, you can opt out from our services by clicking on the opt out button on our Do Not Sell page.

According the law (see paragraph above), you are entitled to request specific pieces of personal information (as defined under the CCPA) that we have about you, the business purpose for which the personal information was collected, categories of personal information, categories of sources from which the personal information was collected, categories of personal information that we either shared, transferred, sold with a business purpose, categories of those third parties to which the personal information was sold for a business purpose.

California data subjects who would like to make a CCPA access or deletion request may write to us by email to [email protected] to exercise those rights or they may also call us on our toll free CCPA privacy hotline at 1-833-335-0880 and we will respond within 45 days as per the law.

We reserve the right to verify your identity if you make such a request.

However, we may not be able to respond to your request if it goes against applicable law.

(Please note that we do transfer personal information collected through our network of partners to third parties and as such are considered as having disclosed or sold data (as defined under the CCPA) over the past twelve months.)

14. List of our key data partners

AWS: Amazon Web Services, Inc. 410 Terry Ave North, Seattle, WA 98109-5210 , US

Google: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

AppNexus Inc: 28W 23rd street, 4th floor, New York, NY, 10010, USA

Avocet: Avocet Systems Limited, 100 Clifton St., London, EC2A 4TP

The Trade Desk Inc: 42 N. Chestnut St, Ventura, CA 93001, USA