The purpose of this FAQ is to set out for customers of Affable Technologies Pte. Ltd., (“Affable”), how Affable approaches data privacy compliance.
A: Yes.
A: The GDPR applies to the processing of personal data. Personal data means any information relating to an identified or identifiable natural person. Affable offers a variety of services, each of which require a different analysis under the GDPR. Affable's Influencer Discovery, Insights, Content Discovery and other services (“Analytics Services”) Analytics Services are personal data agnostic. These Analytics Services are based on analyzing large sets of unstructured text data/images. This means that, while processing personal data is not the core point of the Analytics Services, it is likely that there is personal data in data that forms part of the Analytics Services. For example, some users on Twitter verify their account. Where a user’s account is verified, that user’s username and accompanying Tweets are personal data. Because of the difficulty in analyzing on a post-by-post basis whether information is personal data, Affable chooses to treat its entire database for its Analytics Services as if it contained all personal data.
A: Affable acts as a data controller and/or a data processor, depending on the services that it provides: Analytics Services For its Analytics Services, Affable makes decisions about which what social APIs it uses, what data it collects, and how and why this data is used in connection with its services. This decision is based on the fact that these services and any related processing are not specific to any particular customer and could not therefore be said to be only “on the instructions” of any such customer. Therefore, for the Analytics Services that contain personal data, Affable is a data controller under the GDPR. When customers sign up on Affable or create custom reports based on the data Affable processes, Affable is a data processor. This is because Affable is only processing this personal data on the customer’s behalf.
A: For the Analytics Services, Affable’s customers are also data controllers in respect of the personal data which customers process through the use of the Analytics Services. The reason is that, under the GDPR, a person must be a data processor or a data controller. A data processor processes data on behalf of the data controller. Since Affable’s customers do not process personal data on Affable’s behalf, and Affable does not process personal data on the customer’s behalf, Affable’s customers must be data controllers under the GDPR for the Analytics Services.
A: The primary legal basis on which Affable processes personal data when performing the Analytics Services is the legitimate interests of the data controller. This legal basis requires a balancing of the legitimate interests of the data controller with the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The data that Affable processes from the Analytics Services is all publicly available – and made available – by the particular social media author him or herself. Affable therefore believes that the interests, fundamental rights and freedoms of data subjects are not prejudiced or overridden in the context of its processing of social media data that is (1) publicly available and (2) can be made private at anytime by the social media author him or herself. The social media authors have significant levels of control over the availability of their personal data on the underlying websites, including (e.g.) setting their Instagram account to private.
A: For Affable Analytics, the personal data is stored on servers hosted by third party cloud providers like AWS and GCP, in Singapore.
A: Yes. Affable has technical and organisational measures in place to protect against the unauthorised or unlawful processing of data and against accidental loss, destruction or damage of that data. Where the Affable uses third party cloud providers, those providers are industry-leading, including AWS and Google Cloud. In addition, Affable applies its own security policies and processes to the management and provision of any third party systems and services.
A: We've appointed privacy specialists on our engineering and product teams, who are tasked with incorporating privacy by design principles when developing our services. These individuals are tasked with incorporating privacy by design principles when developing services for Affable. Affable also implements Privacy Impact Assessments, where required, in accordance with the GDPR.
If you have any questions that are not answered by this FAQ, please get in touch with your sales representative or customer success manager. You can also write to us at hello@affable.ai