The Site and Services, as described in our Terms of Service, are provided to you by Infloso (the “Data Controller” of your personal data). Consequently, “We”, “Us” and “Ours” refers to the Data Controller. Feel free to send any of your data protection queries to us at [email protected]
There are different types of information we obtain, whether directly from you at sign up or automatically via your device (for instance, personal computer, laptop, mobile phone) when you use our Sites. Essentially, we only obtain what is strictly necessary to provide you with our Services, no more, no less.
Information you provide Us with:
Legal basis for processing
Reason for collection
1. Full name, company address, company name
Performance of the contract with you.
We will store just enough information to honour your opt-out preference.
You know our name, We require yours for the contractual relationship between the parties
2. Email and social network profile
1) Performance of contract with you and
2) Our legitimate interests, if related to marketing.
1) We require your email and/or social network information to log you into the system and to provide you with the Service, reports, Service related updates, communicationscommuni-cations and other important information.
2) If We do use your email to contact you for marketing purposes, it will be in Our legitimate interests to do so, but you will always have a chance to opt out of such marketing communicationscommuni-cations for similar products and/or services prior to first (and any subsequent) communicationcommuni-cation. You may opt out at any time by emailing [email protected][email protected]
The rest is the technical stuff that must be processed in order to provide you with our services.
Information collected/accessed automatically
Legal basis for processing
1. Internet Protocol (IP) address
Performance of the contract.
You need this to connect to the Internet.
2. We set and access various cookies on your device
Contract performance for the “strictly necessary” cookies.
Legitimate interest for the first-party analytics cookies.
Your consent prior to the placement of all the other types of cookies.
We only process information which you already shared with the world via Instagram. We ensure We have a legal basis for processing your personal data. We treat it in accordance with relevant legislation and respect Your Rights (see section below).
Information Influencer provides Social Medias with:Legal basis for processing Reason for collection
1. A link to Influencer profile, full name, avatar, language, biography, gender, country/city/state, brand and common interests, notable engaged users, sponsored posts.
2. Email and social network profile.
3. Images, graphics, photos, profiles, audio and video clips, sounds, musical works, works of authorship, applications, links and other content or materials
Influencers provide their personal data to Social Medias as part of performance of contract by them and Influencer’s affirmative consent by uploading Content (as defined in
We have a legitimate interest in using the data made available by Influencers via Social Medias for commercial purposes without affecting Influencer’s fundamental rights and freedoms.
To allow Customers to Choose an Influencer for their business purposes and assess the effectiveness of each Influencer’s reach.
We analyse a vast amount of information in order to provide Customers with statistics. In relation to Influencer audience (the “Audience”), this includes, in particular: gender, age group and ethnicity. While these items may represent a somewhat sensitive issue, We have undertaken a review of our legitimate interests and the risks to the rights and freedoms of individuals. We concluded that our processing for statistical purposes is in line with legislation and does not affect the rights and freedoms of individuals.
In order to legally process data on the ethnic origin of the Audience, We require relevant legal basis. One of the bases is processing for statistical purposes (while safeguarding fundamental rights and interests of the Audience). Such processing does not have discriminatory effects on natural persons involved nor results in measures having such effect. Finally, there is no automated decision-making and profiling based on ethnic origin of the Audience.
We do not sell, share or disclose Customer data except as provided herein. We never treat your personal data in any way that would surprise you (unless We told you about it and you provided us with an informed and unambiguous consent to such usage).
We use Customer contact details and payment information to establish, support and conduct customer relationships as necessary for the performance of Services. Should the Customer fail to provide the personal data we need, we may be unable to complete the transaction. We only contact Customers with service related information. Where marketing is involved, Customers have an option to opt out at any time before first (and any subsequent) contact.
We provide a statistical service and so, the data about Influencers identified above is shared with Customers whether on a trial basis or upon payment of fees.
Audience data for each Influencer is aggregated for statistical purposes and shared with Customers whether on a trial basis or upon payment of fees.
We store your data while your account is active. When you delete your account, we will delete your personal data from our systems 1 month from such deletion request successfully processed or when you exercise your rights (as listed below).
As stated above, We process information that social medias provide us with. The updates may take up to 20 days. If an Influencer deletes their account, We would also delete such information from our systems and make it unavailable to Customers. This synchronisation may take up to a month from when the deletion happens.
Audience data is only relevant to the Influencer and is kept in an aggregated form together with information about Influencer. Once Influencer data is deleted, Audience data of the Influencer is also removed.
All personal data is kept with our third-party processors on secure servers, in full compliance with international information security requirements. Our server & hosting providers are all in possession of the ISO 27001 Information Security Management System certificates. We use the recommended industry practices to keep access to such data secure (mixture of common sense and best practices).
We use appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. Those include the following:
(1) Protective measures for physical access control:
We secure access to the premises via ID readers, so that only authorised persons have access. The ID cards can be blocked individually; access is also logged.
Furthermore, an alarm system is installed in the premises, preventing infiltration by unauthorised persons. The alarm system is linked to a locking mechanism for the doors.
(2) Protective measures for system access control:
Each employee has access to the systems/services only via his/her own employee access. The access rights involved are limited to the responsibilities of the respective employee and/or team.
We regulate access to our own systems via password procedures and the use of SSH keys of at least 1024 bits in length. The SSH keys strengthen the productive systems against attacks that target weak passwords, as the password-based access to the relevant systems is disabled.
We have, in addition, a regulation for the creation of passwords. This guarantees higher security also for systems that offer password-based access.
Passwords must meet the following requirements:
Our systems are protected by firewalls that reject all incoming connections by default. Only connection types defined by exception are accepted.
(3) Protective measures for data access control:
All servers and services are subject to continuous monitoring. This includes the logging of personal access in the user interface.
Due to the close proximity of the employees, a visual inspection is possible at any time.
Locking and/or logging off when leaving work is prescribed in writing and is practised.
(4) Protective measures for transfer control:
The handling of local data storage devices, e.g. USB sticks, is regulated via agreements.
Access to the systems from outside the company network is possible only via secure VPN access.
(5) Protective measures for input control:
Our employees do not work directly at database level, but instead use applications to access the data.
IT employees access the system via individual access and use a common login, as there are very few employees and these sit in close proximity of each other and monitor each other by agreements and visual inspections.
(6) Protective measures for availability control:
We ensure the availability of data in several ways. On the one hand, there is regular backup of the entire system. This steps in if the other availability measures fail.
Critical services are operated redundantly in multiple data centres and controlled by a highavailability system.
Our workstations are also protected with the usual measures. For example, virus scanners are installed, laptops are encrypted.
(7) Protective measures for separation control:
To separate data, We use logically separate databases so that no accidental reading of data by unauthorised persons can occur.
Access to the data itself is also restricted by the fact that employees use services (applications) which control access.
We do not rent, sell or share Customer personal data with any third parties, except where We have to comply with Our legal obligation.
We do provide a fee-based statistical service in relation to Influencer and Audience data. The recipients of such data are Customers of Our Service.
In relation to Customer data, We do not blindly follow disclosure orders. We will check each request to ensure it satisfies the relevant safeguards, contains a court order or is issued under a legislative measure for the prevention, investigation, detection or prosecution of criminal offences.
If We employ a processor to act on our behalf, We ensure that there are adequate contractual measures to ensure responsibility, security and liability to the same level as expected of Us.
In any case where a third party accesses your data on Our behalf or upon Our instructions (be it inside or outside the EEA), We use the relevant legal basis to comply with the data protection legislation. In cases where there is no finding of an adequacy decision by the European Commission, we use model contracts approved by the European Commission to safeguard your rights and data.
You are entitled to the full spectrum of the rights under the General Data Protection Regulation and We will go out of our way to accommodate any valid request. You can exercise your rights by emailing us at [email protected]
You have a wide array of rights that we respect. Among those, the right to:
We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation.
We use aggregated, non-identifying, electronic data collected from use of our Sites and Services to operate, analyze, improve, and develop our Sites and Services. This information is not used to inform decisions about specific individuals; rather, it is processed to understand how different categories of users interact with our Sites and Services so that we can consistently improve the same for Customers.
We never knowingly collect or solicit any information from anyone of 13 years and younger. The Sites and Services are not directed at nor made look to appeal to such persons. Parents or guardians that believe that We hold information about their children aged 13 and under may contact Usat [email protected]