fbpx
Last updated: 22/09/2023

Brandwatch Group Data Privacy FAQs

Print
Sections
Q1: Who are we? Q2: Questions regarding the Brandwatch services Q3: Is there a Customer Data Processing Addendum?  Q4: Who are Brandwatch’s sub-processors? Q5: How will Brandwatch inform customers of any intended changes concerning the addition to or replacement of any permitted Sub-Processor with a new Sub-Processor? Q6: Does Brandwatch comply with the General Data Protection Regulation (“GDPR”) and other relevant data privacy laws? Q7: Do the GDPR and other privacy laws apply to any of the Brandwatch Group’s services? Q8: Can customers upload special category or sensitive personal data to Brandwatch? Q9: Is the Brandwatch Group a data controller or a data processor? Q10: Can you explain more about the Independent Data Controller relationship between Brandwatch and its customers? Q11: What is the legal basis on which the Brandwatch Group processes personal data for online content authors? Q12: Where does the Brandwatch Group store or export the personal data that it processes? Q13: Are Brandwatch’s systems that process personal data secure? Q14: How does Brandwatch ensure its services comply with the GDPR and CCPA? Q15: What are SCCs? Q16: How does the Schrems II ruling impact Brandwatch? Q17: Does the Brandwatch Group also comply with the California Consumer Protection Act (CCPA)? Q18: How do you provide notice to CA consumers as required by the CCPA? Q19: Does the Brandwatch Group also comply with the General Personal Data Protection Law in Bazil (LGPD)?

Human readable summary

The purpose of this FAQ is to set out for customers of the Brandwatch group of companies (“Brandwatch Group”) how the Brandwatch Group approaches data privacy compliance. If you have any questions that are not answered by this FAQ, please get in touch with your sales representative or customer success manager.

Q1: Who are we?

For reference, we are Runtime Collective Limited, and we trade as Brandwatch (“we”, “us” or “Brandwatch”). Our registered office address is at Sovereign House, Church Street, 1st Floor, Brighton, BN1 1UJ, United Kingdom. Our company number is 03898053 and our VAT number is 754 7507 10. Our subsidiaries, such as Crimson Hexagon, Inc. and Paladin Software, LLC, and our affiliates such as Falcon.io ApS and Falcon.io US Inc may also act as a data controller from time to time. We act as the data controller of the Personal Data that we process about you.

Q2: Questions regarding the Brandwatch services

We have combined our three best-in-class companies (Brandwatch, Falcon.io, and Paladin) to create a superior offering that maintains the same privacy standards that customers have come to expect from us. 

The new suite of Brandwatch services includes two main product sets – Consumer Intelligence and Social Media Management. Here is a description of each of our products. 

Consumer Intelligence

Brandwatch Consumer Research (BCR)

BCR gathers millions of conversations from the public web relevant to our customers’ businesses, industries or products.   Using BCR helps customers to discover trends and sense their customers’ sentiment. Read more here: https://www.brandwatch.com/products/consumer-research/

Vizia

Vizia is a tool which lets customers  produce marketing reporting by integrating key marketing data sources (e.g. Google or Salesforce) and creating  visualizations  which best represents their data.

Social Media Management

Publish

In this module, customers can plan and schedule content on all available networks – Facebook, Instagram, LinkedIn, Twitter. Customers can also connect ad accounts and create promoted posts for Facebook and Instagram.

Engage

This is a customer’s social media inbox – any messages and comments that are sent to a customer’s social channels will be displayed here. Customers can comment, reply, assign, create automation rules etc.

Measure

This is where we gather all the data and show customers how their social channels and posts are performing. Customers can create custom dashboards to better fit their needs on how they would like the data to be displayed. Customers can export the data.

Listen 

Listen allows customers to search and see all public instances in which their brand (or products or competitors) have been mentioned so that they can see what is said about them, how often it is said and what the general sentiment around their brand is. It provides customers with real-time and actionable data so they can plan and execute their social media strategies.

Audience

Audience is our small CRM system within Brandwatch. Customers can see the historical conversations they have had with people on their social channels.

Advertise

Advertise simplifies advertisement management and reporting for all our customers’ channels and audiences.

Benchmark

Customers can compare their brands to competitors and industry leaders’ social media activity and can also look at their own social media results and find out what works.

Influence 

Brandwatch Influence is a comprehensive influencer marketing platform with three core components:

‘Discover’ allows our customers to search for new influencers and generate influencer reports. 

‘Influencers’ allows users to manage their influencer contacts in a dedicated CRM. 

‘Campaigns’ allows users to manage their campaign workflow, track influencer posts, and aggregate performance data.

Q3: Is there a Customer Data Processing Addendum? 

You can find our  Customer Data Processing Addendum, which covers any service you may obtain from Brandwatch here: https://www.brandwatch.com/legal/data-processing-addendum/

Q4: Who are Brandwatch’s sub-processors?

Please see here for information on our sub-processors. 

Q5: How will Brandwatch inform customers of any intended changes concerning the addition to or replacement of any permitted Sub-Processor with a new Sub-Processor?

Customers can sign up to be notified using the email submission box at the bottom of https://www.brandwatch.com/legal/sub-processors/.

Q6: Does Brandwatch comply with the General Data Protection Regulation (“GDPR”) and other relevant data privacy laws?

Yes.

Q7: Do the GDPR and other privacy laws apply to any of the Brandwatch Group’s services?

Yes. Privacy laws apply to the processing of personal data. Personal data means any information relating to an identified or identifiable natural person. Brandwatch offers a variety of products, each of which require a different analysis under the GDPR and other privacy laws.

Many of our products are personal data agnostic. These include Consumer Research, Measure, Listen, Audience, Advertise, Influence, and Benchmark. These products are based on analyzing large sets of unstructured text data and images. However, while processing personal data is not the core point of these products, it is likely that there is personal data within the data that we collect. For example, some users on Twitter verify their accounts. Where a user’s account is verified, that user’s username and accompanying Tweets are personal data. Because of the difficulty in analyzing whether information is personal data on a post-by-post basis, the Brandwatch Group chooses to treat its entire database as if it contains personal data.

Several of our products require or allow customers to provide data to us for processing that Brandwatch would not otherwise have access to. These products include Publish, Engage, Vizia, Influence, Consumer Research and our Content Upload API. Some of these products allow customers to authenticate their owned accounts to measure or manage their activities. Others allow the customer to directly upload their own data set for analysis or visualization. If the data provided to us by customers includes personally identifiable data, then the GDPR or other privacy laws will apply.

Q8: Can customers upload special category or sensitive personal data to Brandwatch?

The customer must ensure that its use of Brandwatch services and its instructions regarding the Processing of any Personal Data comply with all Applicable Privacy Laws, and that Brandwatch’s Processing in accordance with the Customer’s instructions will not cause Brandwatch to be in breach of any Applicable Privacy Laws. Brandwatch will inform the Customer if, in Brandwatch’s opinion, the Customer’s instructions infringe Applicable Laws.

Customer will notify Brandwatch if they intend to upload any special categories of data as part of using Brandwatch services. Brandwatch may refuse to process such data or impose any restrictions as are necessary, at the Customer’s expense, to enable Brandwatch to comply with its legal and contractual obligations.

Q9: Is the Brandwatch Group a data controller or a data processor?

The Brandwatch Group acts as a data controller and/or a data processor, depending on the services that it provides:

For many of its products, including Consumer Research, Measure, Listen, Audience, Benchmark, Influence, and Vizia, Brandwatch makes decisions about which websites it crawls, what data it collects, and how and why this data is used in connection with its services. This decision is based on the fact that these services and any related processing are not specific to any particular customer and could not therefore be said to be only “on the instructions” of any such customer. Therefore, for the above products, Brandwatch considers itself an Independent Data Controller under the GDPR. 

Our customers then decide how to use this personal data independently, making them also Independent Data Controllers. 

When customers upload or grant access to their own personal data to Brandwatch, Brandwatch is a Data Processor because Brandwatch is only processing this personal data on the customer’s behalf. The customer is only using Brandwatch’s technology to create, access, or analyze their own data. Products that involve this Controller to Processor relationship include Consumer Research, Publish, Engage, Measure, Audience, Advertise, Benchmark, Influence, Vizia and the Content Upload API.

Q10: Can you explain more about the Independent Data Controller relationship between Brandwatch and its customers?

Brandwatch’s customers are Independent Data Controllers in respect of the personal data which they process through the use of Brandwatch services. The reason is that, under the GDPR, a person must be a Data Processor or a Data Controller. A data processor processes data on behalf of the data controller. Since Brandwatch’s customers decide what to do with the personal data and do not process personal data on Brandwatch’s behalf, Brandwatch’s customers must be Independent Data Controllers under the GDPR for the Analytics Services.

Q12: Where does the Brandwatch Group store or export the personal data that it processes?

Brandwatch sources much of its personal data from public sources which are hosted in the USA.  

The different components of the Brandwatch product suite are hosted in the USA, Belgium and the UK.

We use Amazon Web Services (AWS) in North Virginia USA for BCR (Brandwatch Consumer Research) – Amazon’s compliance and security standards can be viewed here.

We use Google Cloud Platform (GCP) in Belgium for other BCR parts and Vizia  – Google’s compliance and security standards can be viewed here.

We use data centres in the UK to store some analysis results and customer metadata.  

If you decide to upload your own personal data to Brandwatch it will be exported to the USA.

 For more information on how Brandwatch has assessed the transfer data to the USA, please see our International Data Transfer page.

Q13: Are Brandwatch’s systems that process personal data secure?

Yes. The Brandwatch Group has the ISO27001 and SOC 2 certifications that cover the hosting, development and support for some of its applications and data. The information security management systems and servers that host the personal data within Consumer Research, Vizia, and Reviews are covered by an ISO27001 certification that is audited annually. The Brandwatch Group has technical and organizational measures in place to protect against the unauthorized or unlawful processing of data and against accidental loss, destruction or damage of that data. Where the Brandwatch Group uses third party cloud providers, those providers are industry-leading, including AWS and Google Cloud. In addition, the Brandwatch Group applies its own security policies and processes to the management and provision of any third party systems and services. Customers can find further information about the Brandwatch Group’s information security standards at https://www.brandwatch.com/legal/information-security/.

Q14: How does Brandwatch ensure its services comply with the GDPR and CCPA?

The Brandwatch Group has a data protection officer responsible for privacy and compliance. The Brandwatch Group has also distributed privacy compliance throughout the company, appointing privacy champions on its engineering, product, and people teams. These individuals are tasked with incorporating data protection by design and by default when developing services for the Brandwatch Group. The Brandwatch Group also implements Privacy Impact Assessments, where required, in accordance with the GDPR. For the purposes of data transfers, we are members of the Data Privacy Framework (listed as Brandwatch).

Q15: What are SCCs?

Standard Contractual Clauses (SCCs) are terms and conditions that organisations sending EU personal data from within the EU must have in place with organisations outside the EU that they are sending it to. These  are published by the European Commission and are therefore the same for all organisations.

Brandwatch has these SCCs in place with its customers and vendors.

On 4th June 2021, a new set of SCCs was published by the European Commission. These new SCCs require organizations to consider if and what additional technical safeguards will be necessary for the continued safe transfer of their various personal data sets. Please see our International Data Transfer page.

Q16: How does the Schrems II ruling impact Brandwatch?

When the CJEU struck down the validity of the Privacy Shield (the Schrems II ruling) in July of 2020, many companies became concerned about data transfers between the EU and the US. However, for Brandwatch, not much has changed. We have always incorporated Standard Contractual Clauses (SCCs) into our contracts. SCCs or “model clauses” have been determined by the European Commission to be a sufficient safeguard for cross-border transfers of personal data. The Schrems II ruling has also called into question the strength of SCCs and while they are still legal, the European Data Protection Board (EDPB) has given some additional guidance recommending that organizations undertake a risk assessment to determine if any supplemental measures need to be put in place to further protect transfers that rely on SCCs. 

For more information on how Brandwatch has assessed the transfer of data to the USA, please see our International Data Transfer page.

On July 10, 2023, the European Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework, which Brandwatch participates in.

Q17: Does the Brandwatch Group also comply with the California Consumer Protection Act (CCPA)?

Yes, the Brandwatch Group is compliant with the CCPA. The Brandwatch Group is headquartered in England and has centralized its global privacy compliance with the GDPR. Given that the GDPR is a more comprehensive privacy framework than the CCPA, the Brandwatch Group is already compliant with much of the CCPA by nature of its GDPR compliance. For ease of review, this FAQ has maintained the terminology for GDPR. However, for clarity, whenever you see a reference in these FAQs to “Data Controller”, that is equivalent to “Business” under CCPA; and whenever you see a reference to “Data Processor”, that is equivalent to “Service Provider” under CCPA.

Q18: How do you provide notice to CA consumers as required by the CCPA?

Brandwatch does not have a direct relationship with the authors of the public online content that makes up our database. As such, the CCPA requires that CA consumers be given notice that we sell their personal information. We provide this notice directly to CA consumers via our Author Privacy Statement on our website. We have also registered as a data broker with the California State Attorney General’s office. All of our contact information and relevant details are available in that listing.

Q19: Does the Brandwatch Group also comply with the General Personal Data Protection Law in Bazil (LGPD)?

For information on the LGPD, please see Cision’s stance (which Brandwatch aligns with) at https://gdpr.cision.com/Brasil-LGPD.

Falcon.io is now part of Brandwatch.
You're in the right place!

Existing customer?Log in to access your existing Falcon products and data via the login menu on the top right of the page.New customer?You'll find the former Falcon products under 'Social Media Management' if you go to 'Our Suite' in the navigation.

Paladin is now Influence.
You're in the right place!

Brandwatch acquired Paladin in March 2022. It's now called Influence, which is part of Brandwatch's Social Media Management solution.Want to access your Paladin account?Use the login menu at the top right corner.