Affable Data Privacy FAQs
The purpose of this FAQ is to set out for customers of Affable Technologies Pte. Ltd., (“Affable”), how Affable
approaches data privacy compliance. If you have any questions that are not answered by this FAQ, please
get in touch with your sales representative or customer success manager.
Q: Does Affable comply with the General Data Protection Regulation (“GDPR”)?
Q: Does the GDPR apply to any of Affable’s services?
A: The GDPR applies to the processing of personal data. Personal data means any information relating to an identified or
identifiable natural person. Affable offers a variety of services, each of which require a different analysis
under the GDPR.
Affable's Influencer Discovery, Insights, Content Discovery and other services (“Analytics Services”)
Analytics Services are personal data agnostic. These Analytics Services are based on analyzing large sets of
unstructured text data/images. This means that, while processing personal data is not the core point of the Analytics
Services, it is likely that there is personal data in data that forms part of the Analytics Services. For example, some
users on Twitter verify their account. Where a user’s account is verified, that user’s username and accompanying Tweets
are personal data. Because of the difficulty in analyzing on a post-by-post basis whether information is personal data,
Affable chooses to treat its entire database for its Analytics Services as if it contained all personal data.
Q: Is Affable a data controller or a data processor?
A: Affable acts as a data controller and/or a data processor, depending on the services that it provides:
For its Analytics Services, Affable makes decisions about which what social APIs it uses, what data it collects, and
how and why this data is used in connection with its services. This decision is based on the fact that these services
and any related processing are not specific to any particular customer and could not therefore be said to be only “on
the instructions” of any such customer. Therefore, for the Analytics Services that contain personal data, Affable is a
data controller under the GDPR.
When customers sign up on Affable or create custom reports based on the data Affable processes, Affable is a data
processor. This is
because Affable is only processing this personal data on the customer’s behalf.
Q: If Affable is a data controller for the Analytics Services, what are customers?
A: For the Analytics Services, Affable’s customers are also data controllers in respect of the personal data which
customers process through the use of the Analytics Services. The reason is that, under the GDPR, a person must be a data
processor or a data controller. A data processor processes data on behalf of the data controller. Since Affable’s
customers do not process personal data on Affable’s behalf, and Affable does not process personal data on the customer’s
behalf, Affable’s customers must be data controllers under the GDPR for the Analytics Services.
Q: What is the legal basis on which Affable processes personal data for its Analytics Services?
A: The primary legal basis on which Affable processes personal data when performing the Analytics Services is
the legitimate interests of the data controller. This legal basis requires a balancing of the legitimate interests of
the data controller with the interests or fundamental rights and freedoms of the data subject which require protection
of personal data. The data that Affable processes from the Analytics Services is all publicly available – and
made available – by the particular social media author him or herself. Affable therefore believes that the
interests, fundamental rights and freedoms of data subjects are not prejudiced or overridden in the context of its
processing of social media data that is (1) publicly available and (2) can be made private at anytime by the social
media author him or herself. The social media authors have significant levels of control over the availability of their
personal data on the underlying websites, including (e.g.) setting their Instagram account to private.
Q: Where does Affable store the personal data that it processes?
A: For Affable Analytics, the personal data is stored on servers hosted by third party cloud providers like AWS and GCP,
Q: Are Affable’s systems that process personal data secure?
A: Yes. Affable has technical and organisational measures in place to protect against the
unauthorised or unlawful processing of data and against accidental loss, destruction or damage of that data. Where the
Affable uses third party cloud providers, those providers are industry-leading, including AWS and Google Cloud. In
addition, Affable applies its own security policies and processes to the management and provision of any third
party systems and services.
Q: How does Affable ensure its services comply with the GDPR?
A: We've appointed privacy specialists on our engineering and product teams, who are tasked with incorporating privacy
by design principles when developing our services.
These individuals are tasked with incorporating privacy by design principles
when developing services for Affable. Affable also implements Privacy Impact Assessments, where
required, in accordance with the GDPR.