type of information Socialbakers may collect, hold and process in connection with provision
of any Socialbakers’ products, services, content, applications, or websites (referred to
collectively as the “Services”), and how that information is used and protected. It also sets
out how you can contact us if you have any queries or concerns regarding your personal
you via email of any changes that, in our sole discretion, materially impact your use of the
Services or the way we process your personal data. Your continued use of our Services
svatými 427/17, Severní Předměstí, 301 00 Plzeň, Czech Republic, company ID No. 290 98
271, registered in the Companies Register maintained by the Regional Court in Pilsen, file B
1627 (“Socialbakers” or “we).
1. About Socialbakers
Socialbakers is a provider of Software as a Service (SaaS) solution for social media
marketing. For more information about Socialbakers, please see the “Company” section of
our site at https://www.socialbakers.com/company/.
2. Data we collect or receive
We collect personal data from our customers and users of the Services (which includes
employees of our corporate or institutional customers) for our own purposes, such as to
provide and administer the Services. We are the data controller in respect of this personal
In order to provide our services, we analyse user profiles and other information that we
receive directly from the social media platforms such as Facebook, Twitter, LinkedIn and
other, via these platforms’ APIs. Such data include both non-personal data such as various
statistics and metrics and personal data of the platforms’ users. Where we source the data
directly from the relevant platforms, via these platforms’ public APIs, we determine the
purpose of processing, which is developing and constantly enhancing our Services and
offering them to our customers on a world-wide basis, via our web platform. In such cases,
we would be the data controller with respect to this information.
We also process personal data on behalf of our customers as their data processor; this is
when the provision of certain Service or Service feature requires that our customers give us
a permission (such as, for example, a token or other administrative permission) within the
Service to access and manage any information that our customers monitor or collect from
social media sites; this may include information that is not publicly available. When we
access such customer’s data within their social media pages and properties with respect to
which the customers are the data controllers, we act in accordance with the instructions of
our customers (which they give us through the Services) as their data processor. This will be,
for example, when we access Facebook insights or manage the communication (Facebook
messages) between the customer and its end users within our customer care feature of the
2.1 Data of customers and users of our Services
We collect your personal data when:
- You register or use registration for our Services, by completing a web registration
- You log to our Service, either by entering your username (email) and password, or
using a social login such as Connect with Facebook or Sign In with Twitter, or by any
other similar authentication means that we may make available to you;
- You otherwise interact with Socialbakers, for example when you publish any images,
content or other files or data via our Services;
- You otherwise voluntarily provide such data, e.g. by filling out and submitting any
forms made available to you through Socialbakers’ website or the Services or through
websites or services of our business partners.
When you create an account with Socialbakers, we will ask you to complete a registration
form indicating your first name, surname, email, company, and job title. You can also choose
to add a phone number to your account.
You can log in to the Services with your user name. In such case, you provide to us your
user name (email) and password. The password is hashed and Socialbakers does not see
If you log in to our Services using your social network account, we receive basic personal
details from your social network profile. The scope of details we receive depends on your
social network account privacy settings and on your settings when logging into our Services;
they might include your social network ID, public profile information (such as name, profile
picture, gender, age range, or country) and e-mail address. We may also receive additional
information from your profile if you give us permission to access it. If you wish to change the
scope of your social network profile information that we receive upon your registration, you
and change your privacy settings.
For purposes of analysis and improvement of our Services, our servers may automatically
record information when you visit our website or use some of our Services, including:
- IP address;
- Browser type and language; and
- Date and time of your request or action, including your actions within the Services
such as history of how you use our Services.
If our Services are purchased by an entity, it is the individual users within such entity’s
organization who log into our platform through which the Services are provided and whose
personal data are collected, as described above. Where such entity provides us directly with
any personal data of its employees or other individual users that it authorized to access the
Services, it must have all necessary consents, permissions or registrations to process and to
provide to us its employees’ or users’ personal data.
2.2 Social network user data
The type and scope of personal data obtained from social media platforms depends on the
type of the APIs and permissions granted by the respective platforms, and on the
administrative permissions granted to us by our customers, where applicable.
Below are the most typical examples of data collected about social media platform users:
User generated content (such as posts, comments, pages, profiles, images or feeds)
including its metadata (such as time and location of post or comment);
- Contact details (such as name, email address, telephone number) if made public by
- Additional individual information (such as age, gender, employer, profession,
geographic location, education information, financial status, habits and preferences)
published by the user.
We only process data that the social network users made available to general public,
pursuant to the relevant platforms’ terms, and that are generally accessible via the social
network APIs, or data that our customers grant us permission to access.
3. How we use the data
We use your personal data for the following purposes:
3.1 To provide the Services
We may process your personal data in the scope specified in Section 2.1 of this Privacy
Policy to identify you when you login to your account and use our Services, to enable us to
operate the Services and provide them to you. This may include verification of your
payments, purchase orders and billing information. It may also include verification to
determine free trial eligibility.
Analysis of data from social networks, which may include personal data in the scope
data to provide our Services to our customers in the scope and manner allowed by the social
platform terms for developers.
3.2 To communicate with you
We may process data of our customers or their individual users in the scope specified in
with our customers and users, for example, when we assist them with setting up or
administering their account, when we provide customer care and support, send technical
notices, updates of upcoming changes or improvements to the Services, reminders, security
alerts and other support and administrative messages.
3.3 To provide a better user experience
We may process your personal data in the scope specified in Section 2.1 to learn how you
use our Services to be able to continuously enhance user experience as well as provide our
customers seamless customer support. We may process such personal data also to improve
and enhance our existing Services and develop new offerings. This includes product and
market statistics, research and analytics, benchmarks and other analyses to better
understand your needs and the needs of users in the aggregate, diagnose problems and
analyse trends. See Section 7 below for more details.
3.4 To protect our Services and secure our or third party rights
We process your personal data in the scope specified in Section 2.1 to keep the Service
safe, secure and reliable. This includes detecting, preventing, and responding to fraud,
abuse, security risks, and technical issues that could harm Socialbakers, our customers and
We may process some of data specified in Section 2.1 when required by law or to establish,
exercise or defend our legal claims or, where necessary, protect rights of Socialbakers. For
example, we may store data about how you use our Services, including payments for
Services, to prove or otherwise support our rights.
3.5 For marketing and sales purposes
We may process your contact personal data, in particular email, name, company and job title
to offer you our new Services. For more details please see Section 8 below.
4. Lawful basis
For the purposes specified in Sections 3.1 and 3.2, we process your personal data based on
our contract with you (if you are our direct customer and a natural person) or based on our
legitimate interest to provide our Services to our customers (where our customer is your
company or organisation and you are an authorized user designated by your company or
organization, or if you are social network user whose data are analysed as descried in
Section 2.2 above).
For the purposes specified in Section 3.3, we process your personal data based on our
legitimate interest to develop and improve our Services.
For the purposes specified in Section 3.4, we process your personal data based on our
legitimate interest to protect and secure our rights or claims or the rights of our customers or
For the purpose specified in Section 3.5, we process your personal data based on your
voluntary consent where you have given us such consent. In a limited scope permissible
under applicable law, we may also use your electronic contact details to inform you about our
Services without your explicit consent, based on our legitimate interest, as described in more
detail in Section 8 below.
Where we use your personal data for our legitimate interests, we make sure that we take into
account any potential impact that such use may have on you. Our legitimate interests don’t
automatically override yours and we won’t use your information if we believe your interests
should override ours unless we have other grounds to do so (such as performance of
contract, your consent or a legal obligation). If you have any concerns about our processing,
please refer to details of “Your rights and your duty to inform us of changes” in Section 11
5. Retention periods
We retain your personal data for the period necessary to fulfil the purposes outlined in this
(e.g. for tax or accounting purposes or due to other legal requirements) or storing of the data
is needed for the establishment, exercise or defence of Socialbakers legal claims; in such
case, we will store only the data necessary for the enforcement of our claims or our defence
for the period necessary in the given case and not exceeding the statutory limitation periods.
6. Sharing your personal data for legal and business purposes
We may use and/or disclose to third parties (including government bodies and law
enforcement authorities, our affiliates, professional advisors and our vendors or
subcontractors) information about you when:
- Complying with legal process;
- Enforcing or defending the legal rights of Socialbakers, and in connection with a
corporate restructuring such as a merger, business acquisition or insolvency
- Preventing fraud or imminent harm; and
- Ensuring the security and operability of our network and services.
This information will be shared provided that, in all such circumstances, we will only share
the limited personal information that is required to be shared in the unique situation.
We share your data with our trusted business partners or individual who process your data
as our data processors on our behalf and pursuant to our instructions, in accordance with
adequate data protection and security safeguards. To this effect, we have bound our data
processors with data processing agreements concluded pursuant to Article 28 of the GDPR
and, where such processor reside outside of the EEA, we have concluded Standard
Contractual Clauses (model clauses) approved by the European Commission (2010/87/EU)
with such processors, or (with respect to US-based companies) verified that these
processors have an active Privacy Shield certification.
- Aircall SAS, 42, rue du Faubourg Poissonnière, 75010 Paris, France; supplier of a
virtual call center)
- Amazon Web Services, Inc., 410 Terry Avenue, Seattle, WA 98109 (“AWS”); AWS
cloud is used to host our platform and Services;
- Comparex CZ, s.r.o., Evropská 2588/33a, 160 00 Praha, Czech Republic (internal
- Databricks, Inc., 160 Spear St., Ste 1300, San Francisco, CA 94105, United States;
used for data processing optimization;
- Full Story Inc., headquartered at 818 Marietta St, Atlanta, GA 30318, United States;
used for monitoring and Service diagnostics;
- Google Inc., headquartered at 1600 Amphitheatre Parkway Mountain View CA
94043, United States; used in particular as e-mail client and as document storage;
- Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's
Green, Dublin 2, Republic of Ireland; used for outbound messaging and messages
measurement, optimization and integrations;
- Marketo, Inc., headquartered at 901 Mariners Island Blvd, San Mateo, CA 94404,
United States; used to manage e-mail campaigns;
- Microsoft Corporation Inc., One Microsoft Way, Redmond, WA 98052-6399, United
States; used in particular as e-mail client and as document storage;
- Mixpanel, Inc., 405 Howard Street, Floor 2, San Francisco, CA 94105, United States;
used for Services monitoring and diagnostics;
- Recurly, Inc., headquartered at 400 Alabama St #202, San Francisco, CA 94110,
United States, card payment processing;
- Salesforce.com, Inc., The Landmark at One Market, Suite 300, San Francisco, CA
94105, United States; used for management of the customer and project database;
- Targetprocess Inc., 1325 Millersport Hwy, Suite 201, Amherst, NY 14221, United
States; used for management of internal processes and monitoring of employee tasks
(internal ticketing system);
- We are Cloud SAS, 266 place Ernest Granier, Ark, Jacques Coeur 34000,
Montpellier, France; used for data visualization and dash boarding services;
- Zendesk, Inc., 1019 Market St, San Francisco, CA 94103, United States; used for
client requests tracking (client ticketing system).
Apart from third-party vendors, Socialbakers may share data with its following affiliates:
- Socialbakers, Inc., 12657 Alcosta Blvd, STE 500, San Ramon, CA 94583, United
- Socialbakers UK Limited, 100 New Bridge Street, London EC4V 6JA, United
- Socialbakers France, 3, rue de la Bourse, 75002 Paris, France;
- Socialbakers Germany GmbH, De-Saint-Exupéry-Straße 8, 60549 Frankfurt am Main,
- Socialbakers Singapore PTE. LTD., 491B River Valley Road, #15-01 Valley Point,
Your data may be shared with Socialbakers affiliates in particular to provide marketing
and pre-sales activities.
7. Anonymous statistics
We may use aggregated anonymised data derived from the personal data provided by you or
collected by the program analytics such as user behaviour and activities for our own
statistics, for auditing, for the purposes of product and market research, for analytics (which
helps us to optimise and improve our Services and their usability, the range of Services and
to develop new technologies, products, and services), and for benchmarks and other
analyses. Additionally, we may choose to publish such anonymised data and to share it with
third parties outside of Socialbakers. We will not directly or indirectly transfer any data
received from you to (or use such data in connection with) any ad network, ad exchange,
data broker, or other advertising or monetization related toolset.
8. Marketing communications
We may contact you about our news, events, Services and their features or special offers
that we believe may interest you, provided that we have the requisite permission to do so,
either on the basis of your consent (where we have requested it and you have provided it to
us), or our legitimate interests to provide you with marketing communications where we may
lawfully do so, within the limits provided by law. In the latter case, we will only send you
marketing communication if you are using or have recently used any of our Services and
have not objected to receiving such information.
For these purposes, we may share your contact details with our vendors or business
partners who provide the relevant services or functions on our behalf, including event
organization, marketing, distribution of surveys customer service, or public relations. These
third-party vendors have access to and may collect information only as needed to perform
their functions on our behalf and are not permitted to share or use the information for any
Your marketing communication preferences may be changed at any time by following the
If you would like to unsubscribe from an email sent to you, follow the ‘unsubscribe’
link and/or instructions placed at the bottom of the email.
- Alternatively, you can contact us using the details in the “Contact Us” section below to
change your marketing communication preferences, including the withdrawal of your
If you have received unwanted, unsolicited emails sent via our system or purporting to be
sent via our system, please forward a copy of that email with your comments to
Please note that we may occasionally send you important information (including via email)
about our Services that you are using or have used including changes to applicable terms
and conditions and/or other communications or notifications as may be required to fulfil our
legal and contractual obligations, as described in Section 3.2 above. These important
Service communications are not affected by your marketing communication preferences.
9. Security and location of your data
We have implemented and will maintain appropriate technical and organizational measures,
internal controls, and information security routines in accordance with good industry practice
while keeping in mind the state of technological development in order to protect your data
against accidental loss, destruction, alteration, unauthorized disclosure or access or unlawful
destruction. Such measures may include, without limitation, taking reasonable steps to
ensure the reliability of employees having access to your data and providing for limited
access rights and access controls; authentication; personnel training; regular back up; data
recovery and incident management procedures; restrictions on storing, printing and disposal
of personal data; software protection of devices on which personal data are stored; etc.
We have also implemented Information Security Management in accordance with the
requirements of information security standard - ISO 27001, including penetration tests,
vulnerability scans, secure development frameworks access management, supplier
management and compliance processes.
Data collected from you may be transferred to, and stored and processed in, the United
States (US) or any other country in which Socialbakers, its affiliates, subcontractors,
suppliers or other third party vendors maintain facilities. While we reserve the right to change
our business partners and /or data locations, when we transfer any personal data to the USA
or any other country outside the EU or EEA in which Socialbakers, its affiliates,
subcontractors, suppliers or vendors maintain facilities, we will implement such appropriate
legal mechanism as are required by EU law to ensure an adequate level of personal data
protection by such third parties receiving your personal data (for example, European
Commission’s Standard Contractual Clauses).
Our platform and Services (including any personal data contained therein) are hosted in the
AWS cloud. Legally, this means that data are transferred to and stored and processed by
Amazon Web Services, Inc., 410 Terry Avenue, Seattle, WA 98109 (“AWS”). Socialbakers
and AWS have signed the controller-to-processor Standard Contractual Clauses approved
by the European Commission (2010/87/EU) to ensure regulatory compliance for data
transfers from Europe to the USA. The specific AWS Data Processing Addendum
incorporating these model clauses has been approved and validated on EU level by Article
29 Working Party in 2015 as ensuring an adequate level of protection. See
https://d0.awsstatic.com/whitepapers/compliance/AWS_EU_Data_Protection_Whitepaper_EN.pdf and http://www.cnpd.public.lu/en/actualites/international/2015/03/AWS/index.html
system; turning off cookies would result in the user being unable to login to the system.
user experience software) to enhance your online experience and learn about how you use
our services in order to improve the quality of the Services. We may combine data gained
through cookies with other data you provide to us.
11. Your rights and your duty to inform us of changes
If you exercise any of your rights pursuant to this Section or pursuant to applicable laws, we
will communicate any rectification or erasure of your personal data or restriction of
processing carried out in accordance with your request to each recipient to whom the
communication proves impossible or involves disproportionate effort.
If you wish to exercise these rights and/or obtain all relevant information, please contact us at
You will be asked to identify yourself; this is necessary to
verify that the request has been sent by you. We will respond within 1 month after receipt of
your request, but we retain the right to extend this period up to 2 months in exceptional
circumstances. We will in any event inform you within 1 month after receipt of your request if
we decide to extend the period for our response.
In accordance with applicable laws and as further described below, you have the right to
request access to, rectification, erasure or portability (e.g. transfer of your personal data to
another service provider) of your personal data we process, as well as to object to the
processing of your personal data and/or request restriction of such processing.
Please note that your objection to processing could mean that we are unable to provide you
with our Services or otherwise perform the actions necessary to achieve the purposes set out
above (see Section 3 ‘How we use the data’).
It is important that the personal data we hold about you is accurate and current. Please keep
us informed if your personal data changes during your relationship with us by contacting us
via the contact details in Section 12 ‘Contact Us’.
11.1 Rectification of your personal data
According to applicable laws, you have the right to rectify your personal data you have
shared with us. Through your settings of the Services, you can update your account
information, change your profile settings.
If you wish to limit or change access to or the sharing of your personal data with a social
network, please do this via your account settings on that social network.
11.2 Accuracy of your personal data
We take reasonable measures to ensure that you are able to keep your personal data
accurate and updated. You can always approach us in order to obtain confirmation whether
or not we still process your personal data.
If you find out that your personal data processed by us is inaccurate or incomplete and you
may request us to update such personal data. We will verify your identity and update your
personal data on your behalf.
11.3 Erasure of your personal data
You can ask us to erase your personal data at any time. If you approach us with such a
request, we will delete all your personal data we have without undue delay, provided that
your personal data is no longer necessary for the provision of the Services or other permitted
purposes, in particular in connection with exercising and defending our legal rights, or
meeting our legal obligations. We will also delete (and ensure deletion by the processors that
we engage) all your personal data in case you withdraw your consent or in the circumstances
that the law requires us to do so.
11.4 Restriction of processing
If you request us to restrict the processing of your personal data, e.g. in circumstances when
you contest the accuracy, lawfulness or our need to process your personal data, we will limit
processing of your personal data to the necessary minimum (storage) and, if applicable, will
process them only for the establishment, exercise or defence of legal claims or, where
necessary, for protection of rights of another natural or legal person, or other limited reasons
dictated by the applicable law. In case the restriction is lifted and we continue processing
your personal data, you will be informed accordingly without undue delay.
11.5 Portability of your personal data
You have the right to receive personal data relating to you and which you have provided to
us. If you approach us with such request, we will provide your personal data in commonly
used and machine-readable format to you without undue delay from receipt of your request.
If you request so, we will send your personal data to a third party (another data controller)
which you will identify in your request, unless such request would adversely affect rights or
freedoms of others and where technically feasible.
11.6 Objection to processing
You have the right to object to our using your personal data on the basis of our legitimate
interests (refer to Section 4 above to see when we are relying on our legitimate interests) (or
those of a third party) and there is something about your particular situation which makes
you want to object to processing on this ground. In such case, we will no longer process your
personal data unless we demonstrate compelling legitimate grounds for their further
processing which override your interests, rights and freedoms, or for the establishment,
exercise or defence of our legal claims. If you object to processing of your data for direct
marketing purposes, we will cease to process your data for these purposes.
11.7 Withdraw your consent
If you have provided us any consent with the processing of personal data, for example for
marketing communication, you can withdraw your given consent at any time without stating
any reason. We will block your personal data for any further processing. Please note that the
withdrawal of your consent does not affect the lawfulness of any processing based on
consent before its withdrawal.
11.8 Complaint to a data protection authority
You have the right to submit a complaint concerning our data processing activities to Úřad
pro ochranu osobních údajů, at Pplk. Sochora 2Z, 170 00 Praha 7, Czech Republic.
12. Contact Us
If you have any queries regarding our data collection and protection practices or your rights,
please do not hesitate to contact us at moc.srekablaicos@ycavirpatad.