We recently updated our Terms of Service and privacy notice and these will come in effect for all existing users on May 20, 2019.
Thank you for using Social.So. This privacy notice explains how Social.So collects, uses, processes, discloses, retains, and protects personal information i) when we provide Services to you; and ii) when we process personal information at your instruction that may be included as part of the Content which you view, upload, download or otherwise appears on our Services.
When this privacy notice refers to “Social.So”, “us”, “we” or “our”, it refers to Social.So Inc. (a Canadian corporation).
Social.So is committed to protecting the privacy of all individuals who:
We call the Website, the Applications, the Platforms together the "Services".
To make this notice easier to read, any applicable Social.So terms of service are referred to as the “Terms”. If you see an undefined term in this Privacy Notice, it has the same definition as in our Terms.
Social.So offers a suite of social media management tools. Our Services enable you to bring together your social media accounts for easy access and management through a single online portal. Social.So helps its users manage social media campaigns, marketing and advertising; engaging audiences; scheduling and publishing messages; and analyzing their results. When you link your existing social media accounts to your Social.So account, you can choose to instantly collect, process, share and access Social Network content via your Social.So account. Our Services also enable an ecosystem where you can choose to purchase or connect your Social.So Account to a series of third-party services (a “Third-Party App”).
Personal information we collect
Personal information is information relating to an identified or identifiable natural person. An identifiable natural person is an individual that can be identified, directly or indirectly, be referenced to an identifier such as: a name, an identification number, specific location data, an online identifier, or other attributes specific to that natural person.
Personal information does not include information that has been anonymized or aggregated in such a way that it can no longer be used to identify a specific natural person, whether on its own or in combination with other information.
The personal information that we collect falls into two broad categories: Account Data and Content.
Account data (“Account Data”) is personal information you provide us, or that we collect from you and your devices in connection with your access to and use of our Services (such as when you provide us information to register for an account, or information we collect about your browser when you connect to one of our Services, etc.). In legal terms, we collect and use this Account Data as a data controller.
There are two general categories of Account Data we collect in order to provide you with the Services.
1. Information you give us
2. Information we automatically collect from your use of the Services
The content which you upload, download, or view on our Services (defined as “Content” in our Terms) may, but does not necessarily, contain personal information. When we refer to “Content” in this notice, we mean the personal information in Content that we process. We only process Content at your direction. In legal terms, we act as data processors for the personal information included in the Content. Our obligations and commitments as it relates to our processing of Content on behalf of our users is outlined in the section below called Content - Social.So as a Data Processor
Account Data - How we use it
We use, store, and process Account Data as a data controller to provide, understand, improve and develop our Services, keep our Services safe and to comply with our legal obligations. More particularly, we use it to:
Identify our users
We use Account Data to identify you when you login to your account.
We use Account Data to enable us to operate the Services and provide them to you, including to:
Improve and optimize our Services
We use Account Data to:
Keep our Services safe.
We use Account Data to verify accounts and activity, maintain the integrity of our Services, and to keep the Services safe and secure.
Account Data - Legal basis for use
Our legal basis for collecting and using Account Data as a data controller will depend on the the specific context in which we collect it. However, as a data controller, we will collect personal information from you where:
In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process Account Data, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
If we ask you to provide Account Data to comply with a legal requirement we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interest which are not already described in this notice, we will make clear to you at the relevant time what those legitimate interests are.
Account Data - Access, control and correction of personal information and certain other important rights
As a user, you may update or correct most of your Account Data by logging in to your account to edit your profile or organization record. To make a request to have Account Data returned to you, removed, or to make additional corrections, please email our privacy team. Requests to access, correct, or remove your information will be handled within thirty (30) days and may be subject to a fee as permitted by applicable law.
Depending on where you reside, you may have the right to exercise additional rights available to you under applicable laws with regards to the personal information Social.So holds about you as a data controller, including:
If you would like to exercise such rights, please contact us. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Content - Social.So as a Data Processor
You, as a Social.So user, control how Content is generated, requested, submitted or published and processed on our Services. When you use our Services, you may view, create, and analyze Content which will ultimately be published on the various Social Networks. You can also choose to access and/or link your Social.So account to a wide range of Third-Party Apps including to apps that are available in our App Directory. If you are an Enterprise user, we may also sell some of these Third-Party Apps to you in our capacity as an authorized reseller (these are called “Partner Services” in our Enterprise Terms). When you link these Third-Party Apps to your Social.So account, you allow those Third-Party apps to access and process Content. The Content that flows through our Services may include personal information of all types, including but not limited to the following categories:
As the user, you are the data controller of your Content and we are the data processor for such Content. Where we process Content, we do so at your direction and on your behalf in accordance with the instructions you give us through the Services. When you connect your social media accounts through our Services, we only access, process, and use the Content to provide our Services subject to the Terms and the various terms and conditions imposed by the Social Networks. We may, in limited circumstances process Content for the purposes of improving the Services and functionalities users ask for as part of their Social.So experience.
If you are using the Services by invitation of a Social.So customer, whether that customer is your employer, another organization, or an individual, that customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Content, which may apply to your use of the Services. Please check with the customer about the policies and settings it has in place.
Third-Party Apps and Social Networks
Access, correction, and deletion of Content
You should be aware that Social.So acts as a conduit between you and the various Social Networks and Third-Party Apps. In several instances, the Content published via Social.So will not be in Social.So’s custody, and any Content that has been shared by you through any Social Networks or Third-Party Apps via the Services may continue to be available to third parties and the public at large, as this Content is now under the control of the operators of the Social Networks and/or the Third-Party Apps.
An individual who seeks access to, or who seeks to correct or, amend inaccuracies in, or delete Content stored or processed by us on behalf of a user should direct his/her query to the Social.So user (the data controller) or to the Social Networks or Third-Party App developer. Upon receipt of a request from one of our users for us to remove the data, we will respond to their request within thirty (30) days. Please note however that we may need to retain certain information on our systems for as long as you maintain an account for our Services, for record keeping purposes, to comply with our legal obligations, to resolve disputes, enforce our Terms, orr as required or authorized by applicable law. Please refer How Long We Keep Personal Information section below for further detail.
For our users with a principal location in the EEA or otherwise subject to the General Data Protection Regulation (GDPR)
Under EU law, Social.So is a data processor of Content generated, requested or published via Social Networks. We process this Content in accordance with the instructions of our users. Because our users control how their Content is collected and used by them, our users are, in legal terms, the controllers of the Content that they process through our Services and are responsible for complying with applicable data protection laws, including the GDPR.
To facilitate the lawful processing of your Content through the Services, Social.So makes available to its users a data processing agreement as an addendum to their existing Social.So agreement (“Data Processing Addendum”). This Data Processing Addendum implements the GDPR’s Article 28 terms for processors and also incorporates the European Commission’s Standard Contractual Clauses (processors) of 2010 (also known as “model processor clauses” or "SCC 2010”) to facilitate the lawful transfer of Content that contains personal information from the EU to outside of the EU, where necessary and as required. More information regarding International Transfers is set out below.
The Data Processing Addendum is available for all of our users here. If you would like to incorporate the Data Processing Addendum into your existing agreement with Social.So, please sign Social.So’s Data Processing Addendum and return it to us via email. If you have any questions, please feel free to contact our privacy team.
Privacy Information that applies to both Account Data and Content
When we may share personal information
Except as provided in this privacy notice, Social.So does not share any personal information gathered via the Services with third parties. We may however share Account Data or Content under the following circumstances: with your consent or at your direction, such as when you connect a Social Network to our Services or authorize a Third-Party App to access your account with service providers (including payment processors) we engage to perform functions or provide services to us, where those service providers are subject to obligations that are consistent with this privacy notice and to appropriate confidentiality and security measures with Social.So’s authorized resellers if you purchase the Services from an authorized Social.So reseller who you authorize to access and process your personal information in order to support your use of the Services where we believe that it is reasonably necessary to comply with a law, regulation or if we are otherwise legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands if we believe it is necessary in order to investigate, prevent, or take action against illegal activities, fraud, situations involving potential threats to our rights or property (or to the rights or property of those who use our Services), or to protect the personal safety of any person
How long we keep personal information
We retain your Account Data for as long as necessary to provide the Services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, or enforcing our Terms.
We retain Content for as long as needed to provide the Services, or until you ask us to delete it pursuant to the Terms. We retain and use this Content as necessary to comply with our legal obligations, resolve disputes, and enforce the Terms.
Please note that certain personal information may need to be retained by Social.So for a period of time following the cancellation of your account where this is necessary for our legitimate business purposes or required or authorized by applicable law. Our specific retention periods for personal information are documented in our internal retention policies and any applicable retention schedules that we maintain as required by applicable law.
After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner, according to our data retention and deletion policies.
How we protect personal information
Social.So follows industry best practices to protect personal information from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Account Data and Content we collect, use, process and store, and the current state of technology.
To learn more about our current practices and policies regarding security and confidentiality of personal information please see our Security Practices page.
Social.So, the entity which provides the Services, is a UK company with its head-office located in London. For the purposes of EU data protection law.
The Services are mainly provided from our offices in London. Social.So uses third-party service providers (such as managed hosting providers, card processors, CRM systems, sub-processors of Content and technology partners) to provide the necessary software, networking, infrastructure and other services that we use to operate the Services. These third party providers may process, or store, personal information on servers outside of the EEA, including in EU, Canada or the US.
Also, by the very nature of the Services provided, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever you are located in the world, to where our Social Networks are storing the same data (i.e. in most cases, in the United States).
Whenever we transfer personal information from data subjects located in the EEA to a third-party service provider located in a country that has been deemed inadequate, whether that personal information is contained in Account Data or in Content, we do so with and approved legal adequacy mechanisms in place. For any transfers of personal information to the US, we rely on either the third-party’s registration in the EU-US Privacy Shield or on the implementation of the EU’s Standard Contractual Clauses.
By using any of the Services, or submitting or collecting any personal information via the Services, you authorize Social.So and its authorized service partners to use and process Content and Account Data (including any personal information) in these countries.
Cookies and similar technologies
Processing of Content
When we receive or access data from our various Social Networks, we do so at your request and within each Social Network’s terms and conditions. As our user, you ultimately decide which Social Networks or Third-Party Apps you want our Services to connect with and which Social Networks and/or Third-Party Apps you want to share your data with. We process your Content, at your instruction, acting as a conduit between you and the Social Networks that you connect to our Services.
You may opt out of marketing communications sent by Social.So by managing your email preferences on our Preferences Management page, or by following the unsubscribe instructions included in each marketing email.
We may use Account Data to customize advertising that we direct to you, utilizing third parties. The Network Advertising Initiative has developed a tool that may help you understand which third parties have currently enabled cookies for your browser and opt-out of those cookies. For more information and to opt-out of customized advertising, you can go to http://optout.networkadvertising.org/?c=1#!/
Our Services are not intended for use by children and should only be accessed by individuals of at least 18 years old.
Changes to this Privacy Notice
Social.So reserves the right to make changes to its privacy notice at any time. Innovation in software happens quickly and laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. If we do make changes to the privacy notice, we will post them to this page, so we encourage you to stay informed by checking back here periodically.