Privacy Policy

Last updated November 2024

1. Introduction

Fifty Technology is committed to your privacy. This policy aims to explain how Fifty collects and processes, uses and protects personal data. All data we have access to will be collected, processed and protected according to existing data protection laws, including the General Data Protection Regulation. We may change this privacy policy from time to time, due to changes in our business, technology or evolving laws, regulations or interpretations. We recommend that you consult this page from time to time to be aware of any updates we might make to the privacy policy.

2. Who we are

The organisation that defines how and for what purposes data is processed (the  "data controller" or “business”) is Fifty Technology Limited (trading as Fifty & Fifty Media). Our registered office address is 24 Hanover Square, London, W1S 1JD, United Kingdom. Our company number is 09476244 and our VAT number is GB 216562221.

Fifty Technology is a company operating in the field of analytics and advertising technology. We have two main activities:

  • Fifty Intelligence and insights conducts bespoke studies of user audiences for our clients by processing publicly available data from social media platforms such as X/Twitter. This helps clients understand audience segments, analyse trends, and shed light on new products, services, and emerging categories.
  • Fifty Media, as a full-service media agency, leverages these audience insights to run targeted digital advertising campaigns for our clients.

Fifty Technology is a member of IAB UK.

In accordance with applicable data protection legislation, we have appointed a Data Protection Officer, whose contact details are the following:

Vincent Potier c/o Fifty Technology Ltd
31A Great Sutton Street 
London 
EC1V 0NA
Email: [email protected]

3. Data Collection

The data we collect about you depends on whether you are an internet or social media end user or a Fifty client and the Services that you use and how you use them.

3.1 Fifty Intelligence: end-user data

Our data collection focuses on publicly available social media information. This includes the information users choose to make public on their profiles, such as their names, handles, profile descriptions, locations, and public posts. We also collect public social connections and engagement data, such as following relationships and public interactions. This information helps us understand how communities form and interact on social platforms. From this public data, we create aggregated audience insights and analyse trends across different communities and interests. All our analysis is based solely on information that users have chosen to make public on social media platforms.

We also provide a tool to help our clients discover professional influencers on social media.This is a way of accessing social media profile data that is already publically available.

To be explicit about what we don't collect: we do not process any email addresses (in any form), private messages, protected account information, cookie data, browsing history, or personal device information. We only collect data that users have actively chosen to make public through their social media platforms.

These insights help clients understand their segments, analyse trends, shed light on new products, services, emerging categories, etc. Thanks to this intelligence, clients then have a better understanding of their users and customers’ needs and respond through market improvements of their products and services, and more relevant advertising.

We rely on these legitimate interests of our clients and ourselves in order to process this data. Our processing is non-intrusive, secure, and within the expectations of internet and social media users. We rely on our data partners also to provide relevant information on these data uses to the relevant end users – for example, if you are an X/Twitter user, then X/Twitter would need to explain in its privacy notices and terms which data may be shared with partners like Fifty and for what purposes.

3.2. Fifty Media: end-user data

Fifty Technology leverages insights derived from our intelligence datasets described above to run targeted digital advertising campaigns. Our teams use aggregated audience understanding to deliver relevant advertising through programmatic and social channels. For this purpose we do not rely on individual end-user matching or individual user identifiers from our social media data, but we may use data collected by third parties, which may include cookie IDs or mobile ad IDs that are made available in advertising technology platforms and data marketplaces.We do not collect or handle any of that data ourselves but configure the relevant technology platform to use the third party data to target users in that audience.

We use strategies such as retargeting of visitors who have already interacted with a client’s ads or websites, leveraging data collected e.g. by Meta or Google in their respective platforms. We have also developed a cookieless targeting solution for programmatic web advertising, which uses contextual analysis of web pages to target audiences based on our aggregated insights, without relying on individual identifiers.

Fifty Technology relies on legitimate interests as the legal basis for processing publicly available social media data. Our primary purpose is to provide valuable audience insights and support market research through the analysis of public social media information.

We process publicly available profile information such as usernames, bios, profile images, location information (when shared publicly), and social data including public posts and following relationships. This data is only collected from public profiles.

The processing is necessary for our legitimate business purposes of providing audience insights, enabling relevant advertising, and supporting market research and trend analysis. We ensure minimal privacy impact by only processing publicly available information and not combining it with any other data sources. We do not collect private messages, protected account information, email addresses, or use any tracking technologies.

Our approach aligns with reasonable user expectations, as we only process content users have chosen to make public, and we use this data primarily to generate aggregate-level insights. Users maintain control over what information we can access by managing their public profile settings on their social media platforms.

3.3 Platform Users

If you register as a user of any of our Services, we may ask you to provide your name, email address, contact telephone number (landline and/or mobile), the company you work for, job title, professional address, a username and password, and other data relevant to the Services we provide. If you are not an administrative user for your account, the same data about you may be provided by a colleague or other third party. We may also collect other data directly from you, from time to time.

We collect data about you when you use any part of our Services. For example, if you are logged in to your Fifty account, we will collect data as to how often you use Analytics, what queries you created or amended, and other data about how you interact with the product. We may also collect data about how you interact with messages we send to you, for example whether you opened an email or read an in-app message.

For the same reason, we may obtain information about you by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to measure site use, improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.

We rely on the legal basis that processing this data is necessary for the performance of our contracts with our users, or for our legitimate interests in operating our Services and site. This type of processing is typical for providers of services similar to ours, and within the expectations of professional users of our Services or visitors to our site.

3.4 Business Contact Data

We may also hold your personal data if you have a business relationship with Fifty or if you or we have been considering entering into some form of business relationship. You could be a client (agency, advertiser…) and we will need that data in order to communicate, invoice, manage contracts and products and services we offer to you. You could be a publisher, an advertising technology provider or a social media platform and we would need your personal data in order to communicate, invoice, manage the relationship. You could be a supplier, a partner with whom we have a regular business relationship or with whom we are considering having one. Or you could be a prospect, industry partner, former colleague, journalist or influencer, or business acquaintance with whom we have regular relationships.

The personal data we hold about you refers to your professional life (name, email address, billing address, office address, phone numbers, title, employer, etc.). We would have obtained that information from exchanging emails or business cards, meeting at industry events or at client meetings, etc.

We rely on our legitimate interests in managing and developing our business in order to hold and carry on processing this data. Still, you can always exercise your data subjects’ rights and ask for removal, erasure, portability, etc. of that personal data by writing to us at [email protected] with your specific request and any relevant details.

Finally, our retention policy for this data is as follows, i.e. we will delete your data:

  • Two years after the last contact
  • Six years after the end of the contractual relationship

3.5. Employee Data

If you are an employee at Fifty Technology, please refer to our HR policy and any clauses regarding data protection on your employment contract. It is available with our HR department.

4. Types of data collected and processed

Fifty collects multiple data sets from social media platforms:

X/Twitter

  • Data points about X/Twitter users from the public X/Twitter API used for displaying information; some of the fields may contain data such as demographic, location and interest
  • Follow connection data (X/Twitter) IDs that a user is following via the public X/Twitter API used for connection data as the basis of our intelligence network analysis and visualisations
  • Tweet data

Other social media platforms

We also collect data from other social media platforms (e.g. Facebook and Instagram) in order to enrich our reporting and services.

Data we collect

  • Public social media profile information
  • Public follow/connection data from social platforms
  • Public post data from social platforms
  • Aggregated audience insights derived from this public data

We explicitly do not collect:

  • Email addresses (in any form including hashed)
  • Personal identifiers beyond public social media profiles
  • Cookie data
  • Browsing history
  • Personal device information

5. Managing your cookies

Like most websites, we use cookies to make our website easier to navigate, recognise returning users and improve its performance and quality.The types of cookies set for website visitors and Fifty platform users fall broadly into three categories:

  • Cookies to make the site work technically (user sessions from logging into our platform, setting a language preference on our website, etc.);
  • Analytics cookies (from services such as Google Analytics);
  • Retargeting cookies from ads platforms (e.g. a Meta pixel or a Floodlight tag) which are used for advertising our own services.

Non-essential cookies are placed with your consent, and you can remove them by changing your browser settings or clearing the relevant cookies.You can find out about different types of cookies and how to manage them here: https://www.cloudflare.com/learning/privacy/what-are-cookies/

6. Data retention

We hold your personal data according to the highest security and encryption standards within our UK-based Google Cloud Platform infrastructure (europe-west2 region). We only retain data for the minimal period necessary to run our business, refreshing our social media data every 6 months. For our core advertising-related business, we do not store any personal identifiers beyond public social media data.

7. Data transfers

Fifty Technology is based in the UK. We work with a limited number of essential service providers. These include Google Cloud Platform for our hosting infrastructure. All our partners adhere to the highest industry standards in security, encryption, and data protection. We do not share data with any third-party data providers or data management platforms. 

All our data storage is contained within the United Kingdom, specifically in Google Cloud Platform's europe-west2 (London) region. This ensures that all data remains within UK territory and is subject to UK data protection standards.

To the extent any of our service providers are located outside of the EEA or UK, to a jurisdiction that is not the object of an EU or UK “adequacy” decision, then we will rely on legal safeguards for data transfers such as the standard contractual clauses issued by the relevant UK or European authorities. If we receive a valid request we may make available a copy of such safeguards.

8. Personal sensitive data

Under the GDPR, personal sensitive data (also known as “special categories of data”) is any personal data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.

Fifty Technology does not collect any personal sensitive data, except when it has manifestly been made public by the data subject (e.g. in their social media bios, photos or posts), as per article 9(2)(e) of the GDPR.

9. Children’s data

Fifty Technology does not knowingly collect any children’s data. It does not want to collect any and applies all precautions and filters not to collect any. If you are a parent/guardian and you believe that Fifty may be processing data from someone that you have parental responsibility for, please contact us at [email protected] with your specific request and any relevant details.

10. Data subjects’ rights

The GDPR lists the following rights:

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object to certain processing
  • The right not to be subject to automated decision-making

Fifty Technology has a process in order to deal with requests for exercise of your rights which can be made by writing to us at [email protected] with your specific request and any relevant details.

You can always withdraw your consent at any time. You can do so by contacting the individual publishers or social media platforms you have been using or contacting us directly in order to exercise your right to erase for example.

On the right to erasure, the main means of fulfilling that right is for us to delete personal data so that the data is permanently anonymised and cannot be de-anonymised, i.e. cannot be re-identified.

As, for web and social media users within our core business, we do not generally know your names, full email addresses, addresses, postcodes, we don’t know who you are, where you live, what you do, it might be hard to identify your personal data, or we might not be in a position where we can technically locate it. As we apply techniques such as data minimisation (not processing more data than what is needed), we consider it would be against the spirit of the law to hold data allowing us to identify you in case you want to exercise your right to erasure. Where we do not have the ability to identify individuals, we will be unable to address individual requests for erasure. Under the GDPR we would not be obligated to collect more data about the data subject for the sole purpose of responding to a request for erasure in order to comply with the law.

We are always happy to help with any inquiries regarding protection of your data and privacy. If you are still not satisfied for any reason, you have a right to ask the data protection supervisory authority in your country (in the UK, the Information Commissioner’s Office, www.ico.org.uk) for a decision.

11. US State Privacy Laws

Consumers who are resident in US states such as California, Colorado, Virginia, Connecticut, Utah, Florida, Nevada, Oregon, Texas, Washington, or Montana may have additional rights under state privacy legislation which defines personal information more broadly, ensures greater transparency and accountability and provides consumers with extended rights as to the collection and use of their personal information.

Your rights under US State Privacy Laws:

If you are resident in one of the states where specific privacy legislation is in effect then, depending on the particular provisions of applicable local laws, you may have some or all of the following rights:

  • Right to correction: Consumers have the right to request a business that possesses inaccurate personal information about the consumer to correct such inaccurate personal information, taking into the account the nature of the personal information and the purposes of the processing of the personal information.
  • Right to notice: Businesses must inform consumers at or before the point of collection what categories of personal information will be collected and the purposes for which these categories will be used.
  • Right to access: Consumers have the right to request that a business disclose the categories of personal information collected; the categories of sources from which personal information is collected; the business or commercial purpose; the categories of third parties with which the business shares personal information; and the specific pieces of personal information the business holds about a consumer. If a business sells personal information or discloses it for business purposes, consumers have the right to request the categories of information so sold or disclosed.
  • Right to opt out: Consumers have the right—at any time—to direct businesses that sell or share personal information about the consumer to third parties to stop such sales or sharing, known as the right to opt out. If a consumer is a minor, this becomes a right to opt in to the sale or sharing of data (exercised by the minor if the consumer is between 13 and 16 years of age, or by the minor’s parent or guardian if the consumer is under 13 years old). Businesses must wait at least 12 months before asking consumers to opt back in.
  • Right to request deletion: Consumers also have the right to request deletion of personal information, but only where that information was collected from the consumer. Like the right to erasure under the GDPR, this right is subject to exceptions. For instance, businesses need not delete personal information necessary for detecting security incidents, exercising free speech, protecting or defending against legal claims, or—in what is potentially a broad and likely contentious category—for internal uses reasonably aligned with the consumer’s expectations.
  • Right to limit use of sensitive information; Consumers have the right to restrict a business’s use of sensitive personal information e.g. to use that is necessary to provide goods or services requested, to certain business purposes, or other legally permitted purposes.
  • Right to equal services and prices: Businesses must not discriminate against consumers by denying goods or services, charging a different price or rate for goods or services, providing a different level or quality of goods or services, or suggesting that they will do any of these things based upon a consumer’s exercise of any of their legal rights relating to their personal information. Put differently, consumers have a right to equal services and prices.

Exercising your rights under US state laws:

If you want to make a request for exercise of any of the above rights, you (or your authorised agent) can write to [email protected] or call us toll free at +1-833-335-0880 and we will respond within the period set down in applicable law.

If you make such a request, including through an authorised agent, we reserve the right to verify your identity and the agent’s authorization.

However, we may not be able to respond to your request if it is not permitted or foreseen under applicable law.

(Please note that we do transfer personal information collected from social networks to third parties and as such are considered as having disclosed or sold personal information over the past twelve months. Please see Section 16 below for more information).

Statistics of data subject requests for the year 2023 (CCPA)

  • The number of requests to know that the business received, complied with in whole or in part, and denied: 5
  • The number of requests to delete that the business received, complied with in whole or in part, and denied: ~372,940
  • The number of requests to opt-out that the business received, complied with in whole or in part, and denied: ~372,940
  • The median or mean number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.
    ~14 days

Statistics of data subject requests for the year 2022 (CCPA)

  • The number of requests to know that the business received, complied with in whole or in part, and denied: 22
  • The number of requests to delete that the business received, complied with in whole or in part, and denied: ~37,370
  • The number of requests to opt-out that the business received, complied with in whole or in part, and denied: ~37,370
  • The median or mean number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.
    ~17 days

12. Lei Geral de Proteção de Dados Pessoais (LGPD)

The Lei Geral de Proteção de Dados Pessoais (LGPD) applies to any resident or any company collecting or/and processing data in Brazil. Fifty Technology collects data based on a valid legal basis such as consent (consentimento) or legitimate interests (interesses legítimos) as per article 7.1 of LGPD.

Data subjects have the following rights under the LGPD (as per article 18):

  • confirmation of processing: ask Fifty to confirm your data is being processed
  • access: you can request Fifty to provide the personal data it has about you
  • correction: you can ask for correction or supplementation of your personal data
  • anonymisation or deletion: you can request Fifty to delete, block, anonymise your personal data
  • portability: you can request Fifty to port your personal data to another service provider. In addition, with the constitution of the National Data Protection Authority (ANPD), you will also have the right to petition in relation to your data before the national authority
  • elimination: you can request the deletion of your personal data
  • request information: information about public and private entities with which the controller has shared data
  • request information: information about the possibility of denying consent and the consequences of such denial
  • revocation of consent: if consent you gave was the legal basis we used in order to process your personal data, this means we will have to stop the processing

13. Additional Information for California Consumers

 

13.1 Personal information collected in the past 12 months:

CategoryExamplesSourceBusiness or Commercial PurposeCategories of third parties disclosed to
Internet or other electronic network activity information

Public social media content

 

Public social media platformsProviding and improving our advertising insights and services 

- Our clients (in aggregated interest form only)

- Our cloud hosting provider (Google Cloud Platform UK)

InferencesInferences drawn from any of the information aboveAs aboveAs aboveAs above
* “Personal Information” does not include publicly available information, including information that we have a reasonable basis to believe is lawfully made available to the general public by you; from widely distributed media; or by a person to whom you have disclosed it and not restricted the information to a specific audience.

13.2 Personal Information Sold or Shared in the past 12 months

 

We have sold the following categories of Personal information in the past 12 months: Internet or other electronic network activity information; Geolocation Data; and Inferences.

Such information is contained in audiences or profiles that we provide to our clients. 

We do not share personal information for the purposes of cross-context behavioural advertising.

13.3 Personal Information disclosed for a business purpose in the past 12 months

 

We have disclosed the following categories of Personal Information for a business purpose in the past 12 months: Internet or other electronic network activity information;  Geolocation Data; and Inferences.

These business purposes comprise:

  • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf.
  • Undertaking internal research for technological development and demonstration.

14. Anti Piracy Policy

Fifty uses a variety of measures to prevent appearing across illegitimate and pirated content. Fifty utilise several prebid and platform specific third party tools via our brand safety partners IAS and Doubleverify to ensure advertiser ads are not appearing against live and potentially copyrighted material.