The organisation that defines how and for what purposes data are processed (the "data controller") is Fifty Technology Limited (trading as Fifty & Fifty Media). Our registered office address is 24 Hanover Square, London, W1S 1JD, United Kingdom. Our company number is 09476244 and our VAT number is GB 216562221.
Fifty Technology is a company operating in the field of analytics and advertising technology. We have three main activities:
· Fifty Intelligence and insights conducts bespoke studies of user audiences for our clients by processing data from several online platforms such as Twitter, and helps clients understand their segments, analyse trends, shed light on new products, services, emerging categories etc.
· Fifty Data collects data from various data partners through the Fifty data network, and segments, models, processes and packages such data into unbranded and branded segments before making them available onto DMPs (data management platforms) and DSPs (demand side providers, which provide platforms for purchasing of ad placements) for targeted advertising purposes.
· Fifty Media will use understanding of the user audiences and the various data sets to build out custom cookie-based segments and run digital advertising campaigns.
We can be contacted at [email protected].
In accordance with applicable data protection legislation, we have appointed a Data Protection Officer, whose contact details are the following:
Vincent Potier c/o Fifty Technology Ltd
31A Great Sutton Street
Email: [email protected]
Fifty Technology is involved in the following organisations:
The data we collect about you depends on whether you are an internet or social media end user or a Fifty client and the Services that you use and how you use them.
4.1. Fifty Intelligence: end-user data
Fifty Intelligence is a specialist in insights and analytics derived from the collection and processing of data from the Twitter platform, as well as other online platforms. We currently use or have used in the past data from platforms such as Klout, Instagram, and Facebook. We rely on the terms and conditions between users and the social media platforms along with our own relationship with those platforms. For example, with Twitter, we have access to the public API, which allows us to access different data points which Twitter users have chosen to make public. We recommend that you also visit from time to time the privacy policies of the social media platforms you currently use. At Fifty Intelligence, we are interested in the connections that users have between themselves (the “follows”), as we are mainly trying to build insights about audience segments and not about individuals.
We may also receive data from other partners to assist us in completing our understanding of the behaviour and interests of our segments, which may include email addresses and other data. Normally email addresses are provided to and processed by us in hashed or encrypted form, so they are unusable for sending emails, but still help us recognise similar users in order to generate insights.
These insights help clients understand their segments, analyse trends, shed light on new products, services, emerging categories, etc. Thanks to this intelligence, clients then have a better understanding of their users and customers’ needs and respond through market improvements of their products and services, and more relevant advertising.
We rely on these legitimate interests of our clients and ourselves in order to process this data. Our processing is non-intrusive, secure, and within the expectations of internet and social media users. We rely on our data partners also to provide relevant information on these data uses to the relevant end users – for example, if you are a Twitter user, then Twitter would need to explain in its privacy notices and terms which data may be shared with partners like Fifty.
4.2. Fifty Media: end-user data
Fifty Technology insights are used by Fifty Media to build out custom cookie-based segments and run digital advertising campaigns. Segments and data products are used by our teams and clients to run targeted social and programmatic advertising. Thanks to URL white lists and our targeting cookies placed on users’ computers, we are in a position to build audiences that we will serve ads to. We will then refine the targeting based on the response to those ads, and prioritise ads to those user segments who seemingly respond better and engage with them. This is how we always enhance the relevance of the advertising we serve. In order for us to process your data, you will have consented to data processing and accepted cookies or similar technologies from publishers which we obtain data from. Remember you can change your preferences at any time and you can also exercise your rights by writing to [email protected] with your specific request and any relevant details.
Although the legal basis that Fifty Media and Fifty Technology rely upon for targeted advertising is consent, we have also determined that we have a legitimate interest to collect and process personal data for the following purposes which have minimal effects on your privacy:
· Frequency measurement / capping (counting the number of times ads have been seen): this is necessary if we want to make sure ads are not shown more than a certain number of times to the same user
· Viewability measurement (understanding if ads are seen by users, often related to their placement on a publisher page); this is needed to optimise advertising investment and therefore protect publisher revenue which the publisher needs to produce the content seen by the user
· Click count (counting the number of times ads seen have been clicked on); this is necessary to understand which creative formats generate interest and engagement and which ones don’t
· Understanding browsing behaviours of aggregated users
· Testing ads
· Conversion tracking (counting the number of times users who have seen ads have proceeded to buy a product or service); this is necessary to understand the overall return on investment of that ad and therefore whether the investment on that campaign is worthwhile and whether publishers will receive more or less investment
4.3. Platform users
If you register as a user of any of our Services, we may ask you to provide your name, email address, contact telephone number (landline and/or mobile), the company you work for, job title, professional address, a username and password, and other data relevant to the Services we provide. If you are not an administrative user for your account, the same data about you may be provided by a colleague or other third party. We may also collect other data directly from you, from time to time.
We collect data about you when you use any part of our Services. For example, if you are logged in to your Fifty account, we will collect data as to how often you use Analytics, what queries you created or amended, and other data about how you interact with the product. We may also collect data about how you interact with messages we send to you, for example whether you opened an email or read an in-app message.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to measure site use, improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.
We rely on the legal bases that processing this data is necessary for the performance of our contracts with our users, or for our legitimate interests in operating our Services and site. This type of processing is typical for providers of services similar to ours, and within the expectations of professional users of our Services or visitors to our site.
4.4. Business contacts data
We may also hold your personal data if you have a business relationship with Fifty or if you or we have been considering entering into some form of business relationship. You could be a client (agency, advertiser…) and we will need that data in order to communicate, invoice, manage contracts and products and services we offer to you. You could be a publisher, a data provider or a social media platform and we would need your personal data in order to communicate, invoice, manage the relationship. You could be a supplier, a partner with whom we have a regular business relationship or with whom we are considering having one. Or you could be a prospect, industry partner, former colleague, journalist or influencer, or business acquaintance with whom we have regular relationships.
The personal data we hold about you refers to your professional life (name, email address, billing address, office address, phone numbers, title, employer, etc.). We would have obtained that information from exchanging emails or business cards, meeting at industry events or at client meetings, etc.
We rely on our legitimate interests in managing and developing our business in order to hold and carry on processing this data. Still, you can always exercise your data subjects’ rights and ask for removal, erasure, portability, etc. of that personal data by writing to us at [email protected] with your specific request and any relevant details.
Finally, our retention policy for this data is as follows, i.e. we will delete your data:
· Two years after the last contact
· Six years after the end of the contractual relationship
4.5. Employee data
If you are an employee at Fifty Technology, please refer to our HR policy and any clauses regarding data protection on your employment contract. It is available with our HR department.
Fifty collects multiple data sets from social media platforms and from our partners (or Fifty) including by placing cookies on users’ computers when those browse or navigate the Internet:
· Data points about Twitter users from the public Twitter API used for displaying information; some of the fields may contain data such as demographic, location and interest
· Follow connection data (Twitter) IDs that a user is following via the public Twitter API used for connection data as the basis of our intelligence network analysis and visualisations
· Tweet data
Other social media platforms
We also collect data from other social media platforms (Facebook and Instagram) in order to enrich our reporting and services.
· Cookies and IP addresses collected throughout your browsing activity on our publisher partners
· Campaign data (ads seen by each individual user, engagement with those ads, clicks etc.)
· Domain whitelists indirectly derived in part from analysis of the personal data obtained from the social media networks (URLs targeting)
· hashed email addresses provided by other data partners
We do not collect nor hold any information such as full email address, address, phone number, credit card information etc. The cookie data we hold about you is not data which allows us to know you are. From the public Twitter API, we only collect name, handle, and follows data which you have chosen to make public through social media platforms. We do not collect anything private.
We do not process any data which could be used, with the help of a third party, to determine the real-life identity of users. We do not know who you are and we do not wish to know. We do not need to know who you are in order to run our business effectively.
There are numerous types of cookies:
- Session cookies which make it easier for you to navigate on websites; they expire when you close your browser
- Persistent cookies which enable us to track and target interests of users to improve the user experience on publishers’ websites; persistent cookies do not expire when you close your browser; they stay for a certain period of time in order to recognise user identifiers and serve relevant ads to them.
If you no longer wish to receive personalised ads run by Fifty Media, you can manage your choices by using Your Online Choices
Important: when you choose to opt out from receiving cookies, a cookie will still be set in your browser. This is only by maintaining a cookie in your browser that we will be able to recognise you have made the choice of opting out of cookies.
We hold your personal data according to the highest security and encryption standards, and we only do so for a minimal period of time, the time necessary to run our business. We delete cookie data after 13 months and refresh the data obtained from social media platforms every 6 months.
Fifty Technology is based in the UK. With the United Kingdom having left the European Union, we will still transfer personal data from the UK to the European Union and the EEA. For any transfers from the European Union or the EEA to the United Kingdom that are not automatically permitted by law, we will rely on the standard contractual clauses. When our services involve the storage and/or processing of Personal Data involving transfers of personal Data out of the European Economic Area or the UK to a jurisdiction that is not the object of an EU “adequacy” decision, then we will also rely on the standard contractual clauses.
Like all companies operating in the complex landscape of advertising technology and insights and analytics, we work with multiple partners. Whether it be social media platforms (such as Twitter), server providers (Google), data providers, demand-side platforms (AppNexus, TubeMogul…), data management platforms, etc. — they are reputable partners adhering to the highest industry standards in security, encryption, data protection. Our most important data partners are listed in Section 13 below.
In order to operate our business efficiently, we have to store and process transferred Personal Data in the United States of America, the United Kingdom, the European Union and/or any other country where our partners, processors or subprocessors maintain facilities. We will only do so as long as those partners, processors and subprocessors transfer data via a valid legal mechanism such as the European Commission Standard Contractual Clauses which commit them to similar data protection standards as in the EU/UK.
Under the GDPR, personal sensitive data (also known as “special categories of data”) is any personal data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
Fifty Technology does not collect any personal sensitive data, except when it has manifestly been made public by the data subject (e.g. in their social media bios, photos or posts), as per article 9(2)(e) of the GDPR.
Fifty Technology does not collect any children’s data. It does not want to collect any and applies all precautions and filters not to collect any. If you are a parent/guardian and you believe that Fifty may be processing data from someone that you have parental responsibility for, please contact us at [email protected] with your specific request and any relevant details.
The GDPR lists the following rights:
· The right to be informed
· The right of access
· The right of rectification
· The right to erasure
· The right to restrict processing
· The right to data portability
· The right to object to certain processing
· The right not to be subject to automated decision-making
Fifty Technology has a process in order to deal with requests for exercise of your rights which can be made by writing to us at [email protected] with your specific request and any relevant details.
You can always withdraw your consent at any time. You can do so by either using Your Online Choices (for cookies), contacting the individual publishers or social media platforms you have been using or contacting us directly in order to exercise your right to erasure for example.
On the right to erasure, the main means of fulfilling that right is for us to delete personal data so that the data is permanently anonymised and cannot be de-anonymised, i.e. cannot be re-identified.
As we do not know your names, full email addresses, addresses, postcodes, we don’t know who you are, where you live, what you do, it might be hard to identify your personal data, or we might not be in a position where we can technically locate it. As we apply techniques such as data minimisation (not processing more data than what is needed), we consider it would be against the spirit of the law to hold data allowing us to identify you in case you want to exercise your right to erasure. Where we do not have the ability to identify individuals, we will be unable to address individual requests for erasure. Under the GDPR we would not be obligated to collect more data about the data subject for the sole purpose of responding to a request for erasure in order to comply with the law.
We are always happy to help with any inquiries regarding protection of your data and privacy. If you are still not satisfied for any reason, you have a right to ask the data protection supervisory authority in your country (in the UK, the Information Commissioner’s Office, www.ico.org.uk) for a decision.
The CCPA (California Consumer Privacy Act) is a privacy law implemented in the State of California which defines personal information more broadly, ensures greater transparency, accountability and provides consumers with extended rights as to the collection and use of their personal information.
Your rights under the CCPA:
Your rights under the CCPA can broadly be divided into the following categories: (1) right to notice, (2) right to access, (3) right to opt out (or right to opt in), (4) right to request deletion, and (5) right to equal services and prices.
Exercising your rights under the CCPA:
If you do not want to receive ads based on your usage data, you can opt out from our services by clicking on the opt out button on our Do Not Sell page.
According the law (see paragraph above), you are entitled to request specific pieces of personal information (as defined under the CCPA) that we have about you, the business purpose for which the personal information was collected, categories of personal information, categories of sources from which the personal information was collected, categories of personal information that we either shared, transferred, sold with a business purpose, categories of those third parties to which the personal information was sold for a business purpose.
California data subjects who would like to make a CCPA access or deletion request may write to us by email to [email protected] with your specific request and any relevant details to exercise those rights or they may also call us on our toll free CCPA privacy hotline at 1-833-335-0880 and we will respond within 45 days as per the law.
We reserve the right to verify your identity if you make such a request.
However, we may not be able to respond to your request if it goes against applicable law.
(Please note that we do transfer personal information collected through our network of partners to third parties and as such are considered as having disclosed or sold data (as defined under the CCPA) over the past twelve months.)
The Lei Geral de Proteção de Dados Pessoais (LGPD) applies to any resident or any company collecting or/and processing data in Brazil. Fifty Technology collects data based on a valid legal basis such as consent (consentimento) or legitimate interests (interesses legítimos) as per article 7.1 of LGPD. Fifty is in the process of appointing a Data Protection Officer ("Encarregado"). It will follow the guidance of the ANPD as soon as it is provided.
Data subjects have the following rights under the LGPD (as per article 18):
AWS: Amazon Web Services, Inc. 410 Terry Ave North, Seattle, WA 98109-5210 , US
Google: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland
AppNexus Inc: 28W 23rd street, 4th floor, New York, NY, 10010, USA
Avocet: Avocet Systems Limited, 100 Clifton St., London, EC2A 4TP
The Trade Desk Inc: 42 N. Chestnut St, Ventura, CA 93001, USA