Updated: September 15, 2020
If you are a consumer, you would typically interact with SocialFlow by clicking on a social post published by one of our Customers. See Sections 3b and 3c for an explanation of those interactions. And see Section 1 for a summary of the choices available to you regarding the information we collect and how it gets processed by us.
- Choice Mechanisms
- Different Types of users (“Users”)
- Users Who Visit SocialFlow Sites
- Users Who Click on Trib.al Links
- Users Who Interact With Social Posts
- Personnel of SocialFlow Customers
- 4. Additional Uses of Information
- 5. Technology
- 6. Third-Party Service Provider
- 7. Security
- 8. Note Regarding Children
- 9. Accessing and Updating Personal Data
- 10. EU and Cross-Border Data Transfers
- 11. California
- 12. Changes
- 13. Contact
1. Choice Mechanisms
SocialFlow owns and operates the SocialFlow and Trib.al websites (the “Sites”). The Sites, together with the content and tools available there, are collectively referred to as the Services. Our Services enable our Customers to post content such as a news story, a picture and/or a video (“SocialFlow Customer Posts”) onto social media platforms such as Twitter and Facebook, and to better understand how such SocialFlow Customer Posts are interacted with by Users (defined below). Individuals, who visit one or both of these Sites or use the Services, by clicking on or otherwise interacting with a link operated by Trib.al, are referred to as Users.
SocialFlow has identified four primary types of Users, based on how they use the Sites and Services. Note that an individual may fall into more than one category.
- Users Who Visit SocialFlow. These individuals typically visit our Sites to learn more about SocialFlow’s products or services.
- Users Who Click on Trib.al Links. These individuals click on a Trib.al, or Trib.al-managed link to SocialFlow Customer Posts they see in their social feed on a social networking platform like Twitter or Facebook or elsewhere on the internet.
- Users Who Interact With Social Posts.These individuals like, comment, share, or take another social action on SocialFlow Customer Posts they see inside a social networking platform like Twitter or Facebook.
- Employees of SocialFlow Customers.These individuals use SocialFlow’s Services as part of their job function.
The Collection, Use, and Sharing of information for each of these types of Users are covered in the sections below.
3. Different Types of Users
a. Users Who Visit SocialFlow Sites
- Collection of Information: SocialFlow collects general information about a User’s visit to a website where our Services are enabled (such as, time, date and the URL of the website). SocialFlow may also collect more specific information about the User and use of the Service, such as demographic data, profile data and frequency or duration of use. Collecting such data (Traffic Data) may entail the use of software programs, cookies, IP addresses or other numeric codes used to identify a computer.
Use of Information: SocialFlow uses this data to help diagnose problems with its web servers, to administer the Site and Services and to analyze User trends and behaviors. User IP addresses are logged for identity verification and automated anti-fraud purposes. SocialFlow may use email addresses gathered from the Sites to communicate pertinent offering updates and announcements to people who have expressed interest in the products via the Sites.
Sharing of Information: We may enable companies to pixel our Sites for advertising and retargeting purposes which may be deemed a sale. The third party partners operating on the site include Google, Facebook and LinkedIn and you may find out more about how to opt-out from their placement of cookies on the Sites by clicking the links provided. Other than that, SocialFlow does not share information with any third party for these Users except for our third-party agents who are contractually required to only use data as directed by SocialFlow.
EU Countries: The legal basis for placing non-necessary cookies and processing pseudonymous cookie IDs is consent upon first visit to the Sites.
Data Retention: Any contact information shared on an opt-in basis will be retained as long as our business purposes require. Personal data collected from User clicks to our Sites will be retained for two years.
b. Users Who Click on Trib.al Links
Collection of Information: SocialFlow collects data from these User clicks onto SocialFlow Customer Posts links including, but not limited to: (i) the full URL of the link, (ii) the User’s IP address (not saved for clicks from the EU) (iii) device settings (browser type, mobile device type, language setting), (iv) the referring website or services (v) the time and date of the click and (vi) a unique identifier placed into our cookies, as described below.
Use of Information: SocialFlow uses Click Data to: (i)monitor and analyze usage and trends of the Sites and Services, (ii)provide the Services to our social publishing Customers to allow them to analyze usage and trends of their content published to social media platforms, and (iii) provide the Services to our data analytics and advertising Customers to allow them to tailor advertising and analyze usage and trends of content published to social media platforms on websites, mobile applications and other interactive properties.
Sharing of Information: SocialFlow shares data, including but not limited to, the following with our Customers to understand trends and usage patterns on the Internet: (i) the full URL of the link, (ii) the User’s geolocation data (latitude/longitude, city, state, region and time zone), (iii) device settings (browser type, mobile device type, language setting), (iv) the referring website or services (v) the time and date of the click and (vi) cookies, as described above. We may also associate the unique identifier of our cookie with cookie identifiers of third-party partners for the purpose of enabling targeted advertising for our advertising Customers. As such, the sharing of these unique identifiers may be considered a sale of data. This practice, called cookie ID synching, enables those partner’s systems to communicate with SocialFlow’s systems using pseudonymous cookie IDs.
EU Countries: SocialFlow uses IP addresses to ascertain geo-location of User clicks. When those clicks come from Users we believe to be located in the European Economic Area (EEA), we do not set a cookie and we do not share click data with data partners. Only aggregate click counts and non-identifiable location data are shared with publisher clients for Users located in the EEA.
Data Retention: This type of information will be retained for up to two years at which time it may be aggregated and stored indefinitely.
c. Users Who Interact With Social Posts
Collection of Information: Our Services may collect publicly available information about Users that engage with SocialFlow Customer Posts on social networking platforms. For some Customers, we store the visible names or User IDs of Users of social media platforms to display ‘Top Engagers’ of a particular social media post created via the Services. We also store Retweets and @mentions of Twitter handles for reporting purposes. This information is available to SocialFlow only to the degree allowed by a User’s individual privacy settings with the applicable social media site. If you don’t want your interactions on social media platforms to be public, we encourage you to check the privacy settings of those social media platforms you use.
Use of Information: SocialFlow uses data from Users that interact with SocialFlow Customer Posts on social media platforms to: (i) allow our publisher Customers to see “Top Engagers” of their Facebook and Twitter handles’ content, and (ii)allow our publisher Customers to see retweets and mentions from Twitter Users
Sharing of Information: For data associated with Users that engage with SocialFlow Customer Posts on social networking platforms, SocialFlow only shares data applicable to each Publisher Customer with that Publisher Customer as a service provider.
EU Countries: We remove IP addresses and similar digital identifiers from data sets associated with these Users where our systems ascertain that such Users are located in the EEA.
Data Retention: SocialFlow will keep data on these Users who interact with SocialFlow Customer Posts for up to one year. Posts that “@mention” a User will be kept for the lifetime of the post as dictated by each social media platform.
d. Personnel of SocialFlow Customers
Collection of Information: SocialFlow will collect and store email address, a password, name, phone number, [company name], and certain additional information (such as, for example, preferred contact method) from employees and other personnel of SocialFlow Customers. SocialFlow may also gain access to user access tokens, to give these Users access to their social media platform accounts. These Users may also be required to provide a mobile phone number when they register and login to use the Services for identity verification purposes.
Use of Information: SocialFlow uses this data to deliver the Service, to contact Users when necessary to respond to inquiries for additional information, to provide additional information according to User preferences, and facilitate or process transactions related to the Service. Sometimes this data may be used to send information about products, services, forums and other information and services that are available at the Site. These Users may choose to stop receiving future communications from SocialFlow. SocialFlow will only use a User’s social networking account information for the purpose of providing the Service to a User and will not otherwise attempt to obtain information from (or post information using) such accounts. This information is also necessary to keep the Services secure.
Sharing of Information: SocialFlow may share information with our Customers regarding how each Customers’ personnel utilize and interactive with our Services but does not sell this information.
Data Retention: SocialFlow will deactivate accounts after 180 days of non-use, at which time such information may be held in cold storage.
EU Countries: The legal basis for the processing of personal data about personnel of SocialFlow Customers that are located in the EEA is “contractual necessity.” We process this data in order to provide the Services as specified by contract between that Customer and SocialFlow.
4. Additional Uses of Information
SocialFlow transfers information to third-party agents (our “Service Providers) who are contractually required to safeguard such information and to use that information only as directed by us.
SocialFlow may use the pseudonymous information collected via the Service to enable targeted advertising in a way that does not identify our Customers. This type of data use may be considered a sale in California as it may help advertisers, ad networks and market research firms better understand their customers and/or help deliver targeted ads.
SocialFlow may be required to disclose your information to third parties when obligated to do so by law and in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including transfer reasonably intended to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is necessary to protect our rights, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
Finally, SocialFlow may transfer information, including any PII, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If SocialFlow is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Sites of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
SocialFlow and our third-party partners use technologies such as cookies, beacon tags and scripts. “Cookies” are pieces of information that a website transfers to a User’s computer’s hard disk for record-keeping purposes. Cookies and other tags track User movement on our site and gather behavioral data about our User base for the following purposes: to analyze trends, to administer the Services, and to track Users’ movements around the Services. For information about cookies, please visit https://www.allaboutcookies.org/.
SocialFlow also uses IP addresses to help diagnose problems with its web servers and administer the Site. IP addresses are also used to provide an audit trail regarding use of the Services.
6. Third-Party Service Providers
We may employ and contract with third parties to perform certain tasks on our behalf and under our direction (our “Service Providers”). Our agreements with these Service Providers require that they appropriate safeguard this information and authorize them to use your information only as necessary to provide services to us.
For example, we use Service Providers to host and store data on cloud systems. We also receive IP-based location information from a third-party Service Provider to enable us to infer the location from the IP addresses of computers or devices that visit our Sites or use our Services. Other Service Providers used by SocialFlow include: a) email marketing providers, b) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, c) customer billing systems partners, d) login authentication providers to ensure that the logins to our systems are working efficiently, e) website and b2b sales analytics providers, f) social media platforms for advertising and marketing purposes, g) outsourced computer programmers helping ensure our systems are operating properly, and h) auditing, debugging and security vendors
SocialFlow has implemented reasonable security measures to protect the information, both during transmission and once it is received. This includes but is not limited to the use of firewalls and encryption. Information collected by SocialFlow is stored in secure operating environments that are not made generally available to the public. Unfortunately, no data transmission over the Internet or storage device can be guaranteed to be 100% secure. As a result, while the company strives to use commercially acceptable means to protect your information, it cannot guarantee absolute security.
8. Note Regarding Children
We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data of a child under 16 (or older as required by applicable law), we will take steps to delete such information from our files as soon as possible.
9. Accessing and Updating Personal Data
Upon request, SocialFlow will provide you with information about whether we hold any of your information. If you’d like to update, correct, delete, port or deactivate any information provided to us via the Sites or Services, please, email firstname.lastname@example.org and identify yourself and the information requested to be accessed, corrected or removed. We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. We will respond to your request to access within a reasonable timeframe or as mandated by law. We retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. EU and California data subjects may receive additional access rights as described below
10. EU and Cross-Border Transfers
SocialFlow takes steps to remove IP addresses coming from the European Economic Area with respect to our Services. However, we do enable Customers in the EU to use our Services and login to our systems. Our legal basis for processing such data is contractual necessity and we take steps to safeguard this data.
SocialFlow processes data in the United States. To the extent that we need to transfer personal data from the EU or Switzerland into the U.S., we are certified under the EU and Swiss Privacy Shield programs. However, SocialFlow reserves the right to use alternative data transfer mechanisms such as the Standard Contractual Clauses when we deem appropriate.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, SocialFlow is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
In the context of an onward transfer, SocialFlow is responsible for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. SocialFlow shall remain liable under the Principles if its agent processes such information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Privacy Complaints by EU and Swiss Individuals
SocialFlow has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.
If you are a Customer or partner of SocialFlow and have questions about your ability to see the data used to login to our systems, we ask that you direct your question to the person that owns the business relationship. If you are a consumer and want to see what data we may have on behalf of one of our customers, kindly reach out to that individual customer.
You may access those rights with respect to SocialFlow by scrolling up and reading the section entitled “Accessing and Updating Personal Data” or by sending us an email to email@example.com. As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days.
The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.
We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.
You may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will attempt to verify your request. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response.
576 Fifth Ave
New York, NY 10036-4825
EXTERNAL DATA PROTECTION OFFICER (DPO) AND REPRESENTATIVE
To contact SocialFlow’s EU Data Protection Officer, please email firstname.lastname@example.org or send a letter to the above postal address to the attention of “DPO.”
SocialFlow’s EU Representative is:
Große Bleichen 21