PRIVACY POLICY
1. Introduction
right2Socials (“we”, “our” or “us”) is a brand of Social Media Consulting Limited and we are committed to protecting and respecting the privacy of individuals who access our site and/or services (“you” or “your”). This policy explains how we collect, use, disclose and safeguard your personal data.
When you access our site and/or services to provide us with your personal data, we are the data controller of that personal data. This means that we are responsible for deciding how we hold and use personal information about you.
We recommend you read this policy carefully to understand our practices regarding your personal data and how we will treat it.
2. The core services we provide to you
2.1 Social Media Check reports
We offer a Social Media Online Check in the education sector, healthcare sector or covering all industries. This is a comprehensive review, covering 5 years of public online activity and a broad range of publicly available online open-source intelligence information.
Your results will be compiled into a report that you can access and download. You’ll also be provided your Social Digital Record Number to track your checks, once a check has been completed.
You may choose to display our headers and banners after your check is completed. This shows that you’ve taken steps to manage your online presence. These headers and banners are valid for 6 months (or longer if you chose to subscribe to our ongoing updates and services) and may be used on partnered professional networks. Please note that the selection of partnered networks may change from time to time.
2.2 Dashboard access
You’ll get access to a secure online Dashboard, where you can:
· Update your PII in your account
· Submit check requests
· View and download your reports
· Secure your Social Digital Record Number
· Track your screening history
· Access our Digital Lab
· Manage your subscription services with us
2.3 Results verification
A core part of our service is the results verification. This means you can share your check result with third parties, such as an employer or company for verification. Third parties must be registered with us and can only see your valid in-date results, not the full report. In these circumstances, third parties will act as a separate data controller and will be responsible for informing you and ensuring legal use of this data. We recommend you review any third party’s privacy policy before sharing your results.
2.4 Ongoing Services for Subscribers
If you have an active subscription with us, you’ll also get:
· An automatic screening every 6 months based on your personal data in your account
· Notifications when a third-party, such as an employer or company, requests a check about you
· Ongoing access to tools and insights in our Digital Identity Lab, designed to help navigate your online presence and privacy
· Access to exclusive offers from our professional partnered networks (if applicable), only available for annual subscription plans.
· Early bird tickets to our events, shows, talks and webinars, only available for annual subscription plans.
3. Automated decision making, profiling and AI
As part of our screening service, we use automated and artificial intelligence (AI) tools to help search and assess publicly available online content linked to your online presence. This process involves the use of smart search technology and may also involve data profiling for the purpose of identifying risk indicators relevant to your online presence, in order to generate an accurate and meaningful screening report. This means considering certain aspects of your online activity to indicators that are relevant to your screening report.
3.1 Examples of data we use
We may analyse:
· Public posts, comments, likes, shared content and interactions that may reveal adverse implications
· The use of language or tone in public content (such as hate speech, explicit language, breach of confidentiality).
· Public affiliations or activities that may relate to safety, reputation, or professionalism in an adverse context.
This data is collected from publicly accessible online sources, such as social media platforms, blogs, forums, or media articles. In providing our screening services, we may also access and collect publicly available information that is located behind paywalls or login restricted platforms, where such access is lawful and in accordance with the terms of those platforms.
We do not collect data from private (locked) accounts, private messages or closed groups.
3.2 How this supports our services
Automated tools may help us locate social media, media and/or links relevant to your screening request, through smart search technologies. These processes do not result in automatic decisions. All results are reviewed and assessed by highly trained social intelligence human researchers who ensure that:
· Context is considered.
· The information is relevant, fair, and proportionate
· You are not misrepresented by automated analysis alone.
We do not make any decisions about you that have legal or similarly significant effects based solely on automated processing. Our quality assurance processes ensure your report is always checked before it is finalised.
3.3 Artificial Intelligence
To make your screening process faster, more accurate, and more affordable, we use a combination of smart AI tools alongside our social intelligence human researchers.
These tools help us quickly and thoroughly explore public online content (like social media and websites) that may be relevant to your screening request.
Here’s how AI helps us:
· Faster results: AI helps us quickly find and open relevant public web pages, apps, and online profiles.
· Smarter image matching: We use tools that can recognise and match images to reduce the chances of mistaken identity.
· Wider, deeper searches: Our technology can learn about a person’s online behaviour from the way our social intelligence researcher team handle a check e.g. a person’s Facebook ‘likes’ may indicate which social topics, sites, vlogs, blogs they may be engaging with online.
· Understanding language: We use AI to read and translate and, to some degree, interpret online content in its original form.
· Continuous learning: Our systems improve over time by learning from every search/check completed – from both the handling behaviour of our social intelligence team researchers as well as the results of the searches.
We do not use AI to predict anyone’s future behaviour. We only report what is publicly available online at the time the check is carried out, and every piece of information we include is reviewed and validated by our human research team.
3.4 Why we do this
The above tools helps us provide you with:
· Consistent and efficient insights of your public online digital footprint.
· A personalised report you can use for professional or personal purposes.
· Benchmarkings and averages that lets you compare your results with others in your area, the right2socials community or by age group (see our anonymised data use at section 5).
4. Data Protection principles
We comply with applicable data protection law which means the personal information we hold about you must be:
· Used lawfully, fairly and in a transparent way;
· Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
Relevant to the purposes we have told you about and limited to those purposes only;
· Accurate and kept up to date;
· Kept only for such time as is necessary for the purposes we have told you about; and
· Kept securely.
5. What information do we collect and process, for what purpose, and on which legal basis?
When you register and place an order for a check, we act as the data controller. This means that we control your personal data and decide the purposes for which your personal data is processed.
We collect your personal data in a variety of ways. For example, data is collected through:
· your direct dealings with us including, but not limited to, during the registration process, submitting an enquiry to us and submitting a request for our services using our website or systems.
· your publicly available personal data, known as OSINT data (see table below), from your identified social media accounts and other relevant information from online public sources within the scope of your requested check.
· system driven data collection during your interaction with our website and/or systems, including but not limited to, browsing activities and usage patterns. This data is gathered through cookies, server logs, and similar technologies. For more information, refer to our cookies policy available on our website.
We may collect, use, store or transfer the following personal data:
| Information collected | Purpose | Legal Basis | Retention period |
|---|---|---|---|
| Your full name and contact details. Technical data; refer to our cookies policy for further information. |
To allow you through the registration process. | UK GDPR Article 6 Necessary for the performance of a contract with you; this is the contract we enter into upon registering your account to access our services. |
For the duration of our contract with you and until deletion of your registered account. |
| Your identification and liveness details are processed by our trusted provider. Please refer to their documentation provided during the identity check process. | To verify your identity and liveness for the purpose of account creation and use of our services. | UK GDPR Article 6 Necessary for the performance of a contract with you; this is the contract we enter into upon registering your account to access our services. UK GDPR Article 9 Explicit consent; as this involves your biometric data, we also rely on your explicit consent to initiate the identity verification process. |
For the duration of our contract with you until deletion of your registered account with us or withdrawal of your consent. We are unable to provide any part of the social media screening or results verification service without this consent. Additionally, our trusted provider retains your personal data for 30 days after which it is deleted from their systems. |
| Name, date of birth, nationality, gender obtained from the identity verification process. | To verify your identity for account creation and to pre-populate these details as evidence of the identification check required to access our services. | UK GDPR Article 6 Necessary for the performance of a contract with you; this is the contract we enter into with you when you register your account or request our services. |
For the duration of our contract with you and until deletion of your registered account. |
| Your selfie photograph obtained from the identity verification process. Your image(s) associated with your details, such as your phone number or the social media URL you provide to us. |
To verify your identity for account creation and to pre-populate your account registration photograph as evidence of the identification check required to access our services. To match you to online profiles and media. |
UK GDPR Article 6 Necessary for the performance of a contract with you and; UK GDPR Article 9 Your explicit consent. |
For the duration of our contract with you until deletion of your registered account with us or withdrawal of your consent. We are unable to provide any part of the social media screening or results verification service without this consent. |
| Personal information and contact details. Employment information. Technical data; refer to our cookies policy for further information. |
To provide you with an online screening service, the findings of your request(s), ongoing customer service and service improvement. | UK GDPR Article 6 Necessary for the performance of a contract with you; this is the contract we enter into with you when you request a check. Elements of your personal information are a necessary requirement to enter into the contract with us, as this is an integral element we utilise to provide our services to you. Failure to provide the information marked as ‘required’ in your account prevents you from completing your request for a check. |
For the duration of our contract with you and until deletion of your registered account. If you delete your account, all historic records are permanently removed or anonymised, including your reports, details of payments and personally identifiable information, except where retention is required by law or in connection with legal claims. Your Social Digital Record number, any previous check results and analytical data will be anonymised and retained by us. |
| Your full name and contact details. Technical data: your privacy choices for your interaction with our website. Also refer to our cookies policy for further information. |
To respond to you if enquiries are made about our services and to request from you a review or feedback. | UK GDPR Article 6 Necessary for performance of contract; handling enquiries is an integral part of our obligations to help you assess whether our services are suitable for your needs. We also process elements of this based on our legitimate interests to improve our services considering customer satisfaction. |
For the duration of our contract with you and until deletion of your registered account. |
| Payment status and transaction history with us. | To document your payments and to keep a record of your transaction history for tracking and order fulfilment purposes. | UK GDPR Article 6 Necessary for the contract we enter into with you to provide our services. We also have a legal obligation to retain records for tax and/or accounting purposes. |
For the duration of our contract with you and for a maximum of 6 years following the termination of the contract, except where retention is required by law or in connection with legal claims. |
| Your full name, contact details and marketing preferences. Technical data: your privacy choices for your interaction with our website. Also refer to our cookies policy for further information. |
To send you promotional offers, updates, and marketing materials about our services that may be of interest to you. | UK GDPR Article 6 Necessary for our legitimate interests to promote our services for existing customers. Alternatively, this will be based on consent, when new customers opt in to receive marketing communications. |
Until you opt out or withdraw consent. |
| Technical and usage data relating to access to and use of our systems and facilities, namely our website and Dashboard. This involves data generated through logging of your use of our website and/or Dashboard, products and services. | Product and service improvement and for information security. This includes data analysis, troubleshooting and hosting of your data. | UK GDPR Article 6 Necessary for our legitimate interests to ensure the security, integrity, and effective operation of our website, Dashboard, and IT systems, and to monitor usage for system performance and improvement. |
For the duration of our contract with you until deletion of your registered account with us. |
| Open-Source Intelligence (OSINT) information in the course of providing our services to you. This includes publicly available data from your social media platforms that we identify as well as any other relevant information relating to you from publicly available sources, within the scope of your requested check. In the course of providing our services, some special categories of personal data, such as information about your health, political opinions, racial, may be inferred from the information that you have manifestly made public. |
To provide you with an online screening service, as explicitly requested by you and to provide the findings of your check request(s). | UK GDPR Article 6 Necessary for the performance of a contract with you; this is the contract we enter into with you when you request a check. UK GDPR Article 9 For the sensitive data, the legal basis is processing relates to personal data which are manifestly made public by you. |
For the duration of our contract with you until deletion of your registered account with us. |
| OSINT information relating to criminal personal data obtained in the course of providing our services to you. | To provide you with an online screening service, as explicitly requested by you and to provide the findings of your check request(s). As part of the service we provide to you, we will share your check result with third-parties such as your employer for the purpose of instant verification of your results. | UK GDPR Article 10 and Schedule 1, Part 3(29) of the Data Protection Act 2018 Consent. |
For the duration of our contract with you until deletion of your registered account with us or withdrawal of your consent. We are unable to provide any part of the social media screening or results verification service without this consent. |
| As part of the service we provide to you, we will share your check result with third-parties such as your employer for the purpose of instant verification of your results. | To provide you with the service where we verify your results (not your full report) to third parties who are registered for this service. | UK GDPR Article 6 Necessary for the performance of a contract with you. |
For the duration of our contract with you until deletion of your registered account with us or you opt out of this feature. |
| Details associated with any queries or complaints you might raise (descriptions and/or documents) along with your personal details and contact details. We may anonymise elements of your Complaint for internal training and quality improvement purposes. |
UK GDPR Article 6 Necessary for the performance of a contract as handling queries and complaints is an integral part of fulfilling our contractual obligations to you. We also process elements of this based on our legitimate interests to improve our services and avoid repeated issues to ensure customer satisfaction. |
Kept for as long as we deem necessary for record keeping. Anonymised data is not subject to UK GDPR. | |
| Anonymisation of the results of your check, elements of your personal data and OSINT information. | To help you better understand your results, we may anonymise and retain certain aspects of your check and personal data. This enables us to update existing benchmarks and averages, as well as provide you with regional statistical comparisons. We may also use this for research and development (including of AI), analytics and performance monitoring in order to improve our services. This information we hold will never personally identify you, as it will be fully anonymised before being used for such purposes. Once data is anonymised, it is no longer within the scope of UK GDPR. |
UK GDPR Article 6 For statistical insights: Necessary for the performance of a contract with you; this is the contract we enter into with you when you request a check and to provide you with relevant insights as part of our services. For research and development (including of AI), analytics and performance monitoring in order to improve our services: Necessary for our legitimate interests to improve our services as well as the Dashboard benchmarks and averages which are implicit features of our services. |
Anonymised data may be retained indefinitely or for a period as we deem necessary for the purposes mentioned. |
Where we rely on our legitimate interests, we have conducted a Legitimate Interests Assessment (LIA) to ensure your interests and rights are not overridden.
Any personal data we maintain about you is kept on our secure servers or on secure servers managed by trusted third parties within the UK, EU or EEA.
If you do not provide certain information when requested, we may not be able to perform the contract we have entered into with you, such as providing our services. You may also have to provide us with data in order to exercise statutory rights, for example in relation to statutory entitlements, detailed further below in this policy.
We will only use your personal information for the reasons we collected it. If we ever need to use it for something different, we will make sure the new use is compatible with the original purpose. If we need to use your information for a completely different reason, we’ll let you know and explain why we’re allowed to do so under applicable law.
You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.
6. For how long do we keep your personal data?
We will only hold your personal data for as long as is necessary to fulfil the purposes we collected it for, including any legal, accounting, regulatory, tax or reporting requirements.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
7. Who has access to your personal data?
Your information will be shared internally with our employees on a strict need to know basis for the purposes of fulfilling our contract with you.
Social Media Consulting Limited operate under several brand names. To deliver your requested services, we may share your data securely with our internal brand systems. This is done strictly for the purposes of processing your screening request, delivering results to you and enables the results verification services.
External third parties
We may need to share your data with external third-party service providers whom we engage as processors. This includes:
· Service providers that provide IT infrastructure and security services
· Payment providers that process your payment details for payment of our services
· Service providers who verify your identity whilst you access our services
We may also share your data with other third parties, for example, in the context of a sale of some or all of our business. In those circumstances, your personal data will be treated as set out in this privacy policy.
If you require further information, you can access the privacy policies on the sites of the third-party services used.
Results verification (a core part of our services)
When you choose to share your results with a third-party (e.g. employer), we remain the controller for processing involved in generating and transmitting your check result. However, the receiving third-party acts as an independent data controller for any further use of your data.
International transfers
In respect of the third-party services, your personal data may be transferred to countries outside the UK in order to receive such services. If this is the case, where the UK government has determined there is an adequacy decision in respect of the intended recipient country, no further safeguards are necessary given the existing adequate level of data protection. In the absence of an adequacy decision, we may use a variety of legal mechanisms to safeguard the transfer which include:
· UK International Data Transfer Agreement (IDTA)
· UK Addendum to the EU Standard Contractual Clauses
· UK Extension to the EU-U.S. Data Privacy Framework
These third-party providers also ensure data is adequately protected by implementing appropriate safeguards.
Details of the relevant safeguards can be requested by contacting us as helpme@right2socials.co.uk.
8. How do we protect your personal data?
We take the security of your data seriously. We have internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed. Your personal data is not accessed except by our employees in the performance of their duties. Our employees will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have established processes to address any suspected personal data breaches and will inform you and any relevant regulator of a breach when we are legally obligated to do so.
We implement suitable methods for collecting, storing, and processing data, along with security measures designed to prevent unauthorised access, alteration, disclosure, or destruction of your personal information, transaction details, and other data stored on our website. All pages are protected with strong encryption, and personal data is encrypted while at rest. We also conduct regular backups of our systems.
When we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, subject to a duty of confidentiality, an obligation to implement appropriate technical and organisational measures to ensure the security of your personal data and respect data subject rights.
9. Your responsibility to maintain accurate information in your account
To ensure you receive the best outcome for our services, it is important that your personal information maintained in your account is accurate and current. We recommend you keep this updated if your personal information changes during your use of our services.
10. Your rights under UK GDPR
As a data subject, you have several rights which you can exercise via our Dashboard and your account settings and/or preferences:
10.1 The right of access:
10.1.1 You can request access to obtain a copy of your data which is known as a “data subject access request”.
10.1.2 We may contact you for additional information to help us process your request.
10.1.3 Generally, there is no fee payable for such requests however we may charge you a reasonable fee if your request is clearly unfounded, repetitive or excessive. In such case, we may also decide not to fulfil your request.
10.1.4 We aim to respond to all valid requests within one month however, if your request is complex or you’ve made multiple requests, it may take longer. If this happens, we’ll notify you and keep you informed of the progress.
10.2 The right of rectification:
10.2.1 If any of your personal data is inaccurate or incomplete, you can log into your account at any time to update it. Alternatively, you may contact us if you are unable to make the change yourself.
10.2.2 Once the identity verification process is complete, proof of verification is displayed in your account but cannot be edited, as it serves as evidence of the completed check. If any of those details change, you will need to undergo a new verification process to update and ensure the accuracy of your information.
10.2.3 Once a check request has been submitted or if a check is being processed as part of our subscription services, it is not possible for us to correct any information in such circumstances. In these instances, a new check will need to be performed, for a fee where applicable.
10.3 The right to erasure:
10.3.1 If you’d like to exercise this right, you can do so at any time via your account settings. If you need assistance or are unable to access your account, you can also contact us directly by email at the email address below.
10.3.2 There may, however, be certain legal reasons preventing us from fulfilling your erasure request, and we will inform you of these reasons, if applicable, at the time of your request.
10.4 The right to object:
10.4.1 In your account, you can make changes to object to the processing of your data where we are relying on our legitimate interests, or those of a third-party, as the legal ground for processing if you feel this impacts on your fundamental rights and freedoms. You also have the right to object to your personal data being processed for direct marketing purposes.
10.4.2 We may show that we have strong legitimate grounds for processing your information that override over your rights and freedoms. This does not apply to direct marketing as you have an absolute right to object to such processing for direct marketing purposes.
10.5 The right to restrict processing:
10.5.1 You can make changes in your account to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.
10.6 The right to data portability:
10.6.1 Your account allows you to extract the requested data yourself if you wish to exercise this right.
10.6.2 This right applies where our lawful basis for processing your personal data is either consent or for the performance of a contract we have entered into with you, and we are carrying out the processing by automated means.
10.7 The right to withdraw your consent:
10.7.1 At section 5 of this policy, where consent is our lawful basis for processing, you can easily withdraw your consent in your account settings.
10.7.2 Withdrawing your consent will not affect the legitimacy of any processing we carried out before your consent was withdrawn. If you do withdraw consent, it may limit our ability to deliver certain products or services. We will inform you at the time if this applies.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects, or similar, concerning you. However, as set out in section 3 of this Privacy Policy, we do not make any decisions about you that have legal or similarly significant effects based solely on automated processing as there is genuine and significant human intervention in our process. On this basis, there is no feature in our Dashboard or your account pertaining to this right. Should you require any further information, you can contact us at any time at the email address below.
If you would like to exercise any of these rights set out from 10.1-10.7 of this policy, you can do so via your account settings and/or preferences. If you have any questions about the above or are unable to access your account, contact us at helpme@right2socials.co.uk.
If you would like further information on these rights, visit the Information Commissioner’s Office (ICO) website at www.ico.org.uk.
11. Changes to this Privacy Policy
We will review this privacy policy regularly and update it if necessary. Any updates to this privacy policy will be posted on our website and systems.
12. Complaints
You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO) which is the UK’s regulatory authority for data protection matters, at www.ico.org.uk. However, we would appreciate the opportunity to address your concerns before you contact the ICO and request that you first contact us in such circumstances at complaints@right2socials.co.uk.
13. Contact Us
If you have any questions about this privacy policy, contact us at : helpme@right2socials.co.uk.