Privacy Policy
- INTRODUCTION TO THIS PRIVACY POLICY
- Last updated on 16 November 2023.
- This privacy notice applies to you if you are a South African resident and you publish information on publicly available websites (X (formerly Twitter), Meta (Instagram, Facebook), Reddit etc.) that we collect data from.
- This notice sets out the basis upon which we process your Personal Information (being data/information that identifies you) and meets the requirements of the Protection of Personal Information Act 4 of 2003, including any regulations or codes of conduct promulgated under it (“POPI”). In this policy “Personal Information” (and is used interchangeably with “Personal Data”), and “process” bears the meaning as set out in POPI.
- In this policy, reference to “Data Protection Laws” means any statutes, laws, legislation, regulations or binding policy, code of any government authority that relates to the security and protection of personally identifiable information, data privacy, trans-border data flow or data protection in force from time to time in the Republic of South Africa, including but not limited to POPIA, Electronic Communications and Transactions Act 25 of 2002, Promotion of Access to Information Act 2 of 2002, and/or any equivalent legislation of other jurisdiction(s) where Personal Information is being processed or where a party is obliged to comply with, including, where applicable, EU Data Protection Laws [General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, as amended, replaced or superseded from time to time.
- All the Personal Information we process is publicly available being information you have chosen to publish online, or information which you have sent via “Direct Message” – namely any message you send to our customers whether via social media platforms, bots or artificial intelligence, email or SMS.
- WHO ARE WE?
- We are DataEQ Consulting (Pty) Limited, and we trade as DataEQ (“we” or“us”). Our company registration number is 2015/239183/07. If you have any questions about this privacy policy or our privacy practices, please contact: privacy@dataeq.com.
- The DataEQ Group is made up of different legal entities, including DataEQ Limited, (a company incorporated in the United Kingdom), DataEQ (Pty) Limited and DataEQ Consulting (Pty) Ltd (both of which are incorporated in South Africa).
- In addition to whatever rights you have via your relationship with any publishing platform, you also have certain rights relating to your data that we collect, process, store and retain, as set out in this policy. You have the right to make a complaint at any time to the Information Regulator. The contact details of the Information Regulator are available on its website at https://justice.gov.za/inforeg/. We would, however, appreciate the chance to deal with your concerns before you approach the Information Regulator so please contact us in the first instance.
- WHY WE COLLECT PERSONAL INFORMATION AND FROM WHAT SOURCES
- We collect information, content, and communications that you, as an "author," provide or share via a social media platform, blog, forum, our website, and/or news site. We get data via search crawling or by contracting directly with content providers and data resellers to gain access to data from them. This data is then redacted, collected, indexed, and stored in our database.
- The data that you, as an author, share will be Personal Information if it identifies you, including but not limited to, for example, your name in connection with the username of your Meta or X (Twitter) profile along with the profile picture is set to public on your user profile privacy settings.
- We offer access to our database, as well as analytics of the data within that database, to customers (our “Services”). This allows our customers to learn more about their brand, their consumers, their competitors, and act with more certainty in their marketing decisions.
- Through rendering Services to our customers, we may also gain access to “Direct Messages”.
- We may collect, use, store, and transfer different kinds of information which you post or make publicly available online, through your social networks, via our website, and/or via Direct Messages, including but not limited to the following platforms and sources:
- Meta (Facebook, Instagram);
- X (formerly Twitter);
- Google;
- Linkedin;
- Youtube;
- Vkontakte;
- Blogs & Blog comments;
- Mainstream news sources;
- DataEQ website; and
- Forums
- The data referred to in paragraph 3.5 above that we collect or that is collected by our customers through us will be referred to as “Social Data” throughout this policy.
- Where you have chosen to connect your social networks to a third-party service such as Google (https://policies/google.com/terms), you are agreeing to provide Social Data under their respective terms and privacy policies to which you would be bound.
- We work with third parties, such as Webhose who collect data from the platforms listed in paragraph 3.5.
- We process data using a proprietary mix of algorithms, human crowd sourcing and artificial intelligence to determine relevance, sentiment, topics, themes and trends.
- We are engaged by our customers as a service provider and processor to provide the Services. If our customers access any third-party services via our platform which includes the processing of data through our products, our customers are responsible for ensuring that they do so in compliance with the law, and such use shall be governed by the terms of our customer agreements and the terms of use and privacy policies of such third-party services (including but not limited to X (Twitter) terms of services).
- THE INFORMATION WE COLLECT
- From the Social Data, it can sometimes infer sensitive information such as sexual orientation, race, gender or health. We do not look at multiple posts in combination, and our algorithms analyze each of your posts individually. Any content you publish may include references to your age, gender, or other personal characteristics or circumstances.
- We also collect, use and share Aggregated Data such as: (i) statistical data; (ii) demographic data; and (iii) data which, if it were not anonymized, would constitute Special Personal Information (as defined in POPI), including data relating to health, political opinions and religious or philosophical beliefs, but which is anonymized and aggregated. Aggregated Data may be derived from your Social Data but is not considered Personal Information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your data to calculate a political opinion, sentiment towards a specific brand or customer experience values in a specific industry or sector. However, if we combine or connect Aggregated Data with your Social Data so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be processed in accordance with this privacy policy and all applicable Data Protection Laws.
- Social Data we process may include:
- your name, username, handle, or other identifier;
- the content of the information you have published via that name, username, handle, or other identifier, including comments, expressions, opinions, posts, preferences, beliefs etc.
- your profile picture or other images or videos that you post or interact with;
- your approximate location;
- the content of your posts on Social Media Platforms, including your opinions, preferences and beliefs;
- your non-private communications with other users of Social Media Platforms on such Social Media Platforms;
- audio/Visual Information: your profile picture or other images or videos that you post or interact with;
- employment Information: your job title or profession (including category of profession, for example “journalist”);
- demographic Information: your interests and gender; and
- geolocation Information: your location.
- We do not knowingly collect or share:
- except in the form of Aggregated Data (please see reference to data that we infer – paragraph 4.2), any Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data);
- any information about criminal convictions and offenses.; or
- any information relating to children under the age of 13.
- We are committed to respecting the privacy of children online. If we learn that our systems have inadvertently collected information relating to children under the age of 13, we will promptly delete the information, notify the necessary customer representatives to facilitate a consultation on how this data was collected and put measures in place for it not to happen again.
- HOW WE USE YOUR PERSONAL INFORMATION
- We principally use each of the categories of your Personal Information referenced above and other information to offer our Services to our customers.
- We may also use Personal Information for the following purposes:
- to better understand user’s behavior to further improve our offerings to our customers;
- in respect of our customer relationship management (“CRM”) and marketing of our Services to users;
- direct communications from us to you in respect of our offerings;
- to understand your interests and preferences in relation to our platforms;
- in the course of sharing job ads on our platforms;
- in the course of responding to job ads on third party platforms, such as LinkedIn etc;
- We do not use algorithms to make automated decisions about you in violation of applicable law or in a way that produces a significant legal effect. In other words, we only make data (inferred or not) and analytics available to our customers. Our legal basis for this type of data processing is that we have a legitimate interest in running our business and providing our Services to our customers.
- Whenever we process data that has special category Personal Information in it, we do so only because you have voluntarily made that information public by disclosing publicly the information in question. In addition to our uses of your Personal Information, our customers also have a legitimate interest in accessing this data in order to understand their customer base and engagement with their brands.
- We also use each of the categories of Personal Information referenced above in ways related, but ancillary, to the Services that we offer. For example, we may use data to:
- improve our Services;
- provide product and operational improvements and introduce new features, including the marketing of products and features;
- communicate with you;
- comply with our legal obligations;
- enforce our rights, including the legal obligations or enforcement of rights of third parties.
- The legal basis for processing the Personal Information in paragraph 5.4 is legal obligation or legitimate interests.
- Please note that we will promptly delete all your Social Data that we have received from a particular Social Media Platform if we stop collecting data from such Social Media Platform
- HOW LONG WE WILL KEEP YOUR INFORMATION
- We review our data retention periods regularly and will only hold your Social Data for as long as is necessary for the relevant activity, or as required by law (we may be legally required by third parties such as our insurers to hold some types of information for minimum time periods). Any request you make to delete cannot override these obligations
- If you request that we delete your Personal Information,
- we will delete your data from our system, provided it is not in contravention of any laws, or current legislation;
- please be aware that if your data is still published on the public sources we pull data from so you will need to remove it from there also.
- Details of retention periods for different categories of your Personal Information are set out in our retention policy which is available on request. When we decide the appropriate retention period for Personal Information, we consider our legal and compliance obligations, the nature and sensitivity of the Personal Information including the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means.
- SHARING OF YOUR DATA
- In addition to sharing your Personal Information with our customers, we may share your Personal Information with any member of our company group (i.e. our subsidiaries, parent companies, and affiliates).
- We may share your Personal Information with selected third parties, including our business partners, customers, suppliers, contributors/crowd and sub-contractors, for the performance of any contract we enter into with them. We may also share your data with analytics, search engine and artificial intelligence providers that assist us in the improvement of our website, systems and Services.
- We may also disclose your Personal Information to other third parties. For example, if we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets. Alternatively, if we or substantially all of our assets are acquired by a third party, your data may be part of the transferred assets.
- If any third party processes any of your data, we ensure there are sufficient contractual and operational safeguards protecting your data.
- In respect of your Social Data, we will not:
- sell, licence or purchase any Personal Information obtained from Social Media Platforms;
- proxy, request or collect your usernames or passwords for Social Media Platforms;
- share your user IDs for Social Media Platforms with service providers who build or run any of our apps. Your user IDs for Social Media Platforms will be kept secure and confidential; and/or
- use friends or connections data from Social Media Platforms to establish social connections in our apps, unless you have granted you access to that information
- DATA SECURITY
- We have put in place appropriate security measures to prevent your Social Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes:
- The servers that hold your data have administrative, technical, and physical controls to safeguard your data, including industry-standard encryption technology.
- TRANSFERS OUTSIDE OF SOUTH AFRICA AND THE EEA
- Other companies in the DataEQ group of companies which are based in South Africa, the United Kingdom and Dubai process data inside the DataEQ system and platform with the data remains at all times in our data centre which is based in Germany (within the EEA).
- Many of our external third parties, such as customers and crowd members are based outside the European Economic Area (EEA). The data remains on our system, and is only accessible through our platform or app. This is a restricted transfer and in this regard we follow the requirements of UK GDPR.
- If we transfer your Personal Information outside of South Africa, the European Economic Area or the United Kingdom, we will take steps to ensure that adequate safeguards are in place to protect your Personal Information and to make sure it is treated securely. You may contact us for a summary of the safeguards which we have put in place to protect your Personal Information and privacy rights in these circumstances.
- YOUR PRIVACY CHOICES
- You are always in control of your Personal Information. Paragraph 11 below sets out how you can exercise control over the Personal Information we process but please always note that as an author you:
- are the source of the data and have control under the user profile privacy settings of each platform you interact with and can at any time restrict any of this information appearing in the public domain in accordance with the terms of the relevant platform;
- create the Social Data and have direct control over what you decide to post publicly online;
- can always review the privacy settings available on all platforms you use to publish content online, including making your profile private;
- should read the privacy statements provided by the platforms you publish content on.
- You are always in control of your Personal Information. Paragraph 11 below sets out how you can exercise control over the Personal Information we process but please always note that as an author you:
- YOUR RIGHTS
- Under Data Protection Laws, you have the following rights in connection with your Social Data, which can be exercised in certain circumstances:
- Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check we are lawfully processing it;
- Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below);
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your Personal Information for direct marketing purposes;
- Request the restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of Personal Information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your Personal Information to another party. We will provide to you, or a third party you have chosen, your Social Data in a structured, commonly used, machine-readable format; and
- Withdraw your consent where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
- If you would like to exercise any of your rights above, please contact us at privacy@dataeq.com and provide us with your full details (including name, telephone number, address and email and the precise nature of your request and/or grievance.
- Only you, or a person you have authorized to act on your behalf, may make a request related to your Personal Information. You may also make a verifiable request on behalf of your minor child or ward. If you submit a request through an authorized agent, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us.
- In order to protect your Personal Information, we may ask you or your authorized agent to provide additional Personal Information so that we can verify your identity. Any information that you provide will only ever be used as part of the process to confirm your identity and complete your request. In order to protect your Personal Information, if we cannot verify your identity, we will not be able to comply with your request.
- Under Data Protection Laws, you have the following rights in connection with your Social Data, which can be exercised in certain circumstances:
- Any changes we make to our privacy policy in the future will be posted on our website and, where appropriate, displayed on our premises notified to you by e-mail.
- This privacy notice shall be governed and interpreted in accordance with the laws of the Republic of South Africa.
- We have appointed Nic Ray as our data protection representative who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact Nic Ray using the details set out below:
Data Protection Representative: Nic Ray
Email address: privacy@dataeq.com
Postal Address:
2nd Floor
97 Durham Avenue
Salt River
Cape Town
7700
South Africa