PRIVACY POLICY


1. Introduction

Fifty Technology is committed to your privacy. This policy aims to explain how Fifty collects and processes, uses and protects personal data. All data we have access to will be collected, processed and protected according to existing data protection laws, including the General Data Protection Regulation. We may change this privacy policy from time to time, in order to conform with evolving laws and regulations, or interpretations. We recommend that you consult this page from time to time in order to be aware of any updates we might conduct to the privacy policy.

2. Who we are

We are Fifty Technology Limited (trading as Fifty & Fifty Media). Our registered office address is 24 Hanover Square, London, W1S 1JD, United Kingdom. Our company number is 09476244 and our VAT number is GB 216562221.

Fifty Technology is a company operating in the field of analytics and advertising technology. We have two main activities: we conduct bespoke studies of user audiences for our clients by processing data from several online platforms such as Twitter. We use the understanding of the user audiences and apply those insights to run more accurate targeted social and programmatic advertising, by using cookie segments and URL white lists.

We can be contacted at [email protected].

In accordance with GDPR, we have appointed a Data Protection Officer, whose contact details are the following:

Vincent Potier c/o Fifty Technology Ltd
144a Clerkenwell Road
2nd Floor, White Bear Yard
London EC1R 5DF

Email: [email protected]

3. Data collection

The data we collect about you depends on the Services that you use and how you use them. For example, if you are a client of Fifty and use its insights platform, the data we collect about you would be different from the data we collect from a user who has view-only access to Fifty. With our Fifty Intelligence product, we will collect data from the public API of Twitter along with data from other social platforms. With our Fifty Media product, we will collect IP addresses and user IDs as we run targeting campaigns on specific audience segments.

3.1. Fifty Intelligence: end-user data

Fifty Intelligence is a leading company specialising in insights and analytics derived from the collection and processing of data from the Twitter platform, as well as other online platforms. We currently use or have used in the past data from platforms such as Klout, Instagram, and Facebook. We rely on the terms and conditions binding users and those social media platforms along with our own relationship with those platforms. For example, with Twitter, we have access to the public API, which allows us to access different data points which Twitter users have chosen to make public. We recommend that you also visit from time to time the privacy policies of the social media platforms you currently use. At Fifty Intelligence, we are interested in the connections that users have between themselves (the “follows”), as we are mainly trying to build insights about audience segments and not about individuals.

These insights help clients understand their segments, analyse trends, shed light on new products, services, emerging categories, etc. Thanks to this intelligence, clients then have a better understanding of their users and customers’ needs and respond through market improvements of their products and services, more relevant advertising, leading to more competition, fostering a free and prosperous market place.

3.2. Fifty Media: end-user data

Fifty Technology insights are used by Fifty Media to build out custom cookie-based segments and run digital advertising campaigns. Segments and data products are used by our teams and clients to run targeted social and programmatic advertising. Thanks to URL white lists and our targeting cookies placed on users’ computers, we are in a position to build audiences that we will serve ads to. We will then refine the targeting based on the response to those ads, and prioritise ads to those user segments who seemingly respond better and engage with them. This is how we always enhance the relevance of the advertising we serve. In order for us to process your data, you will have consented to data processing and accepted cookies or similar technologies from publishers which we obtain data from. Remember you can change your preferences at any time and you can also exercise your rights by writing to [email protected].

Although the legal base that Fifty Media and Fifty Technology rely upon is consent, we also believe we have a legitimate interest to collect and process personal data for the following purposes:

· Frequency measurement / capping (counting the number of times ads have been seen): this is necessary if we want to make sure ads are not shown more than a certain number of times to the same user

· Viewability measurement (understanding if ads are seen by users, often related to their placement on a publisher page); this is needed to optimise advertising investment and therefore protect publisher revenue which the publisher needs to produce the content seen by the user

· Click count (counting the number of times ads seen have been clicked on); this is necessary to understand which creative formats generate interest and engagement and which ones don’t

· Understanding browsing behaviours of aggregated users

· Testing ads

· Conversion tracking (counting the number of times users who have seen ads have proceeded to buy a product or service); this is necessary to understand the overall return on investment of that ad and therefore whether the investment on that campaign is worthwhile and whether publishers will receive more or less investment

3.3. Platform users

If you register as a user of any of our Services, we may ask you to provide your name, email address, contact telephone number (landline and/or mobile), the company you work for, your address, a username and password, and other data relevant to the Services we provide. If you are not an administrative user for your account, the same data about you may be provided by a colleague or other third party. We may also collect other data directly from you, from time to time.

We collect data about you when you use any part of our Services. For example, if you are logged in to your Fifty account, we will collect data as to how often you use Analytics, what queries you created or amended, and other data about how you interact with the product. We may also collect data about how you interact with messages we send to you, for example whether you opened an email or read an in-app message.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.

3.4. Business contacts data

We may also hold your personal data if you have been having business relations with Fifty or if you or we have been considering entering some form of business relationship. You could be a client (agency, advertiser…) and we will need that data in order to communicate, invoice, manage contracts and products and services we offer to you. You could be a publisher, a data provider or a social media platform and we would need your personal data in order to communicate, invoice, manage the relationship. You could be a supplier, a partner with whom we have a regular business relationship or with whom we are considering having one. Or you could be any prospects, industry partners, former colleagues or business acquaintances with whom we have regular relationships.

The personal data we hold about you refers to your professional life (name, email address, billing address, office address, phone numbers, title, employer, etc.). We would have obtained that information from exchanging emails or business cards, meeting at industry events or at client meetings, etc.

Current law would not require us to obtain new consent in order to hold and carry on processing this data. Still, you can always exercise your data subjects’ rights and ask for removal, erasure, portability, etc. of that personal data by writing at [email protected].

Finally, our retention policy for this data is as follows, i.e. we will delete your data:

· Two years after the last contact

· Four years after the end of the contractual relationship

3.5. Employee data

If you are an employee at Fifty Technology, we suggest you refer to our HR policy and the clauses regarding data protection on your employment contract. It is available with our HR department.

4. Types of data collected and processed

Fifty collects multiple data sets from social media platforms and from our partners (or Fifty) placing cookies on users’ computers when those browse or navigate the Internet:

Twitter

· Data points about Twitter users from the public Twitter API used for displaying information; some of the fields may contain data such as demographic, location and interest

· Follow connection data (Twitter) IDs that a user is following via the public Twitter API used for connection data as the basis of our intelligence network analysis and visualisations

· Tweet data

Other social media platforms

We also collect data from other social media platforms (Facebook and Instagram) in order to enrich our reporting and services.

Other sources

· Cookies and IP addresses collected throughout your browsing activity on our publisher partners

· Campaign data (ads seen by each individual user, engagement with those ads, clicks etc.)

· Domain whitelists derived in part from analysis of the personal data obtained from the social media networks (URLs targeting)

We do not collect nor hold any information such as email, address, phone number, credit card information etc. The cookie data we hold about you is not data which allows us to know you are. From the public Twitter API, we only collect name, handle, and follows data which you have chosen to make public through social media platforms. We do not collect anything private.

We do not process any data which could be used, with the help of a third party, to determine the identity of users. We do not know who you are and we do not wish to know. We do not need to know who you are in order to run our business effectively.

5. Cookies

A cookie is a small text file composed of alpha-numeric characters which is created on your computer when your browser accesses a web site that uses cookies. These files are used to help your browser navigate the website and make full use of all its functionalities, such as identifiers, preferences, linguistic parameters, themes, among other common functionalities. In no case will the Fifty Technology cookie allow access to the information contained on a computer hard drive or to identify it by name.

There are numerous types of cookies:

- Session cookies which make it easier for you to navigate on websites; they expire when you close your browser

- Persistent cookies which enable us to track and target interests of users to improve the user experience on publishers’ websites; persistent cookies do not expire when you close your browser; they stay for a certain period of time in order to recognise user identifiers and serve relevant ads to them.

6. Industry involvement

Fifty Technology is involved with the following organisations:

- It is a member of IAB UK

- It is part of Your Online Choices

- It is part of the IAB Europe global vendor list

- It is a signatory to the IAB Europe transparency and consent framework

7. Data retention

We hold your personal data according to the highest security and encryption standards, and we only do so for a minimal period of time, the time necessary to run our business. We delete cookie data after 13 months and refresh the data obtained from social media platforms every 6 months.

8. Data transfers

Like all companies operating in the complex landscape of advertising technology and insights and analytics, we work with multiple partners. Whether it be social media platforms (such as Twitter), server providers (Google), data providers, demand-side platforms (AppNexus, TubeMogul…) etc. — they are reputable partners adhering to the highest industry standards in security, encryption, data protection.

In order to operate our business efficiently, we have to transfer data to our key partners, some of which happen to have servers located in the United States. When we do, we operate under the “Privacy Shield”, the data protection agreement between the European Union and the United States.

We do not transfer any data outside of the European Union or the United States.

9. Managing your cookies

If you no longer wish to receive ads ran by Fifty Media, you can manage your choices by using Your Online Choices

Important: when you choose to opt out from receiving cookies, a cookie will still be set in your browser. This is only by maintaining a cookie in your browser that we will be able to recognise you have made the choice of opting out of cookies.

10. Personal sensitive data

Under the GDPR, personal sensitive data is any personal data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.

Fifty Technology does not collect any personal sensitive data, except when it has manifestly been made public by the data subject, as per article 9(2)(e) of the GDPR.

11. Children’s data

Fifty Technology does not collect any children’s data. It does not want to collect any and applies all precautions and filters not to collect any. If you are a parent/guardian and you believe that Fifty may be processing data from someone that you have parental responsibility for, please contact us at [email protected].

12. Data subjects’ rights

The GDPR lists the following rights:

· The right to be informed

· The right of access

· The right of rectification

· The right to erasure

· The right to restrict processing

· The right to data portability

· The right to object

· The right not to be subject to automated decision-making

Fifty Technology does have a process in order to deal with users wishing to exercise their rights by writing at [email protected].

You can always withdraw your consent at any time. You can do so by either using Your Online Choices, contacting the individual publishers or social media platforms you have been using or contacting us directly in order to exercise your right to erasure for example.

On the right to erasure, the main means of fulfilling that right is for us to delete personal data so that the data is permanently anonymised and cannot be de-anonymised, i.e. cannot be re-identified.

As we do not know your names, email addresses, addresses, postcodes, we don’t know who you are, where you live, what you do, it might be hard to identify your personal data, or we might not be in a position where we can technically locate it. As we apply techniques such as data minimisation (not processing more data than what is needed), we consider it would be against the spirit of the law to hold data allowing us to identify you in case you want to exercise your right to erasure. Where we do not have the ability to identify individuals, we will be unable to address individual requests for erasure. Under GDPR we would not be obligated to collect more data about the data subject for the sole purpose of responding to a request for erasure in order to comply with the law.

13. List of our key data partners

AWS: Amazon Web Services, Inc. 410 Terry Ave North, Seattle, WA 98109-5210 , US

Google: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

AppNexus Inc: 28W 23rd street, 4th floor, New York, NY, 10010, USA

Avocet: Avocet Systems Limited, 100 Clifton St., London, EC2A 4TP