Privacy Policy

Xeio Ltd, trading as Hashtag’d ("We") are committed to protecting and respecting your privacy.

This policy (together with our Terms of Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting hashtagd.net you are accepting and consenting to the practices described in this policy.

---

If you are a social media user who has been contacted by one of our customers using the Hashtag’d service, please see the Social Media User Data section below. If you are a visitor to a site with an ad that features dynamic content feed we power, please see the Dynamic Feed Viewer section below.

Social Media User Data

If you are a person who is contacted by, or whose content is gathered as part of a campaign initiated by a brand or a marketing agency using the Hashtag’d service, the following applies to our use of your personal data. You are referred to as a “social user” in this section.

• We have no direct relationship with any social user whose personal data we process for our brand or marketing agency customers. If you are a social user who has been contacted by a Hashtag’d customer, and would like to make any requests or queries regarding your personal data - please contact the Hashtag’d customer directly. For example, if you wish to access, correct, amend, or delete inaccurate information processed by us on behalf of our customers.
• In the language of European data protection laws, we are a ‘data processor’ of your data, which processes personal data on behalf of its brand or marketing agency customers, who are the ‘data controllers’ who decide generally how and why the data is processed. Unless otherwise instructed by the data controller (our customer), we will retain the personal data of social users for at least as long as the relevant customer’s Hashtag’d account is active (this is to assist in circumstances where a question or dispute arises over a contest, or other social media activity the customer engages in using Hashtag’d).
• Our primary servers are physically located in the United Kingdom. However due to the global nature of the Internet, the data that we collect may be transferred to or through, and temporarily stored at, destinations outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or group companies. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. One of our service providers, Cloudflare Inc, is based in the United States. Cloudflare has certified under the EU – U.S. Privacy Shield framework set forth by the U.S. Department of Commerce and the European Union. A detailed description can be found on Cloudflare’s website.
• We take great care to ensure that our processing of personal data is secure and work hard to try to keep unauthorised access to an absolute minimum. But it’s a fact of online life that, regardless of the measures and efforts taken by us, we cannot and do not guarantee the absolute protection and security of your any personal data.
• We may include your social media activity in aggregated data sets we produce for ourselves and our customers. To be clear, this will just be the content of your social media message or post, not any social media account information.
• If you visit the site of one of customers which contains a Hashtag’d widget to enable you to interact with Hashtag’d-powered campaigns run by the customer, those widgets involve the use of cookies. Details of the cookies are set out in our Widget Cookies Policy.

Dynamic Feed Viewer

If you are a visitor to a site with an ad that features dynamic content feed we power, the following applies to our use of your personal data. You are referred to as a “dynamic feed viewer” in this section.

• We do not gather information about individual dynamic feed viewers, or track individual dynamic feed viewers, or set cookies beyond those essential to provision of our services, when we provision feeds of content which power our clients' campaigns.
• All content we serve will originate only from the following two subdomains which are under our control:
  • api.hashtagd.net - this is text content, interpreted by the destination ad
  • cdn.hashtagd.net - this provides picture and video content for the destination ad

---

The remainder of this policy does not address social media users or dynamic feed viewers. It deals only with information in respect of which we are the ‘data controller’ – that is, information obtained from users or potential users of our service, and visitors to our website. For the purpose of the data protection laws applicable to us, the data controller is Xeio Ltd of 25b Lloyd Baker Street, London, WC1X 9AT.

We are registered as a data controller with the UK Information Commissioner's Office (registration number PZ3404574).

Information we collect from you

We will collect and process the following data about you:

• Information you give us.
  This is information about you that you give us by filling in forms on hashtagd.net (our site) or by corresponding with us by phone, e-mail, live chat or otherwise. It includes information you provide when you register to request a demo, subscribe to our service, and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number.
• Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, device/operating system/browser type and version, time zone setting, screen resolution, etc;
  • information about your visit, including clickstream to, through and from our site (including date and time), any phone number used to call our customer service number, URLs from which you have visited our site or that you visit immediately after our site, products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), and methods used to browse away from the page.

If you have any questions regarding the security of our services, please get in touch with us at help@hashtagd.net.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Uses made of the information

We use information held about you in the following ways:

• Information you give to us. We will use this information:
  • to provide you with the Hashtag’d service, and any information, products and services that you request from us;
  • to provide you with information about other goods and services we offer that are similar to those that you or the business you work for have already enquired about;
  • to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
  • to notify you about changes to our service;
  • to ensure that content from our site is presented in the most effective manner for you and for your computer.
• Information we collect about you. We will use this information:
  • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our site safe and secure;
  • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
• Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Disclosure of your information

You agree that we have the right to share your personal information with:

• Any member of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
• Selected third parties including:
  • Google for email, analytics and data storage and processing
  • Amazon Web Services for data storage and processing
  • Cloudflare for transmission of data which may include personal information
  • Calendly for scheduling meetings with current and prospective customers
  • Streak for processing and organising email and other customer data
  • Olark for live chat services and on-site help
  • Salesforce/Desk.com for customer service
  • other business partners, suppliers and sub-contractors for the performance of any contract we enter into with you or the business you work for

We will disclose your personal information to third parties:

• In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
• If Xeio Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use, or our customer terms of service and other agreements; or to protect the rights, property, or safety of Xeio Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

Storing your personal data

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Our primary servers are physically located in the United Kingdom. However due to the global nature of the Internet, the data that we collect may be transferred to or through, and temporarily stored at, destinations outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or group companies. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Such countries do not have the same data protection laws as the United Kingdom and EEA. Where the European Commission has not given a formal decision that the destination country provides an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to other permitted mechanisms under the EU General Data Protection Regulation. These are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information, and include ‘model clauses’ incorporated into our contract with the relevant provider, or the provider certifying itself under the EU-US Privacy Shield scheme. For more details about the ‘model clauses’, please see here. For more details about the EU-US Privacy Shield, please see here.

To obtain further details of those safeguards in the context of our operations, please contact us at help@hashtagd.net

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

If your business becomes a customer of the Hashtag’d service, we will retain your personal data for the duration of your account and up to 6 years afterwards. If your business does not become a customer of the Hashtag’d service, we will retain your personal data for a period of up to 1 year. We may retain your personal data for longer than that where such retention is necessary for compliance with a legal obligation to which we are subject.

Other Businesses’ Websites

Our site may, from time to time, contain links to and from the websites of our partner networks, customers and business partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

The Legal Basis on which we Process your Information

On some occasions, we may process personal information with consent (for example, when you agree to receive promotional email updates about the service). You have the right to withdraw your consent at any time by contacting us on the email address below.

We may also process personal information when we need to do this to fulfil a contract (for example, to provide the Hashtagd service to clients) or where we are required to do this by law.

We also process your personal information when it is in our (or someone else’s) legitimate interests to do this and when we consider these interests are not overridden by your data protection rights. Those legitimate interests include using your information for the purposes of operating and improving our service, which we aim to do in a way that works to your benefit and those of other users. If you work for a business that is a user of the Hashtag’d service, this will also include the legitimate interests of your business in receiving the service.

Your rights

We have summarised what we think are the main rights that you have under data protection law. Some of the rights are complicated, and not all of the detail has been included in his summary. Please visit www.ico.gov.uk (the website of the Information Commissioner’s Office, the UK data protection regulator) for more detailed information.

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at help@hashtagd.net.

If you are in the European Union, data protection legislation gives you the following rights:

• to access information held about you. Providing the rights and freedoms of others are not affected, we will supply to you a copy of the personal data we hold about you in our capacity as data controller. The first time you ask we will provide it free of charge, but repeated or complex requests may be subject to a reasonable fee.
• to require rectification or erasure of your information. Be aware that there are certain lawful exclusions of the right to erasure - such as, where processing is necessary for our compliance with a legal obligation; or in connection with legal claims;
• to object to as well as the right to our use of your data to carry out automated profiling in respect of you.
• To the extent that the legal basis for our processing of your personal data as data controller is consent, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

These rights can be exercised in accordance with applicable data protection laws. To exercise your rights, please use the contact details at the top of this policy.

If you make a complaint to us and think we have not dealt with it to your satisfaction, you may send your complaint to the Information Commissioner for investigation. For more information on the Information Commissioner, and how to make a complaint, please visit their website at www.ico.gov.uk.

Changes to our privacy policy

August 2, 2017: policy clarity improved throughout, with clearer explanation of usage of data.

May 18, 2018: better delineation for 'Social Media User Data' and addition of 'Dynamic Feed Viewer' as a seperate audience; updates on third parties with whom we work; various other adjustments to terminology in line with forthcoming GDPR legislation.

June 4, 2018: updated list of specific third party providers to help ensure this is meaningful for data subjects.

July 13, 2018: updated live chat provider to Olark from Userlike.

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to help@hashtagd.net.