Permeateq Privacy Policy
Permeateq Digital Labz Ltd. and its affiliates (collectively, “Permeateq”) are committed to
protecting your privacy and complying with applicable data protection laws. This Privacy Policy
outlines how Permeateq collects, uses, discloses, and safeguards information about you in
connection with our Services, website, and other interactions with you. We also describe the
choices you have about your information.
1. Our Services
Permeateq offers a suite of social media management tools (available in Team, Professional,
Enterprise, and other plans) that are accessible via our websites and mobile applications. These
tools allow you to bring together all of your social media accounts for easy access and
management through a single online platform. Through this platform, you can manage your
social media, marketing, and advertising campaigns; engage with your audiences; schedule and
publish messages; and analyze the results of these activities. Collectively, we refer to these tools
as our “Services”. We are acting as a service provider to you when we provide the Services.
Any collection, use, and management of personal information by the social networks, including
Facebook, Instagram, Twitter, and LinkedIn (collectively, the “Social Networks”) are governed
by their respective privacy policies and terms. When using Social Networks, you are required to
comply with their privacy policies and terms. We recommend you carefully review their privacy
policies and terms, as Permeateq is not responsible for the Social Networks.
Our Services also enable you to customize and connect your Permeateq account to third-party
services (“Third-Party Services”), including through apps you can access in the App Directory or
which may be available to you via our platform. The collection of your information by these
third parties is governed by the Third-Party Services’ privacy policies and terms. We recommend
you carefully review their privacy policies and terms, as Permeateq is not responsible for Third-
Party Services.
We rely on you to comply with applicable privacy laws when collecting, using, or disclosing
information about individuals through the Services, including obtaining any necessary consents
and providing any necessary notices. If we receive any questions or complaints regarding your
use of the Services, we will direct the request to you for further assistance.
Our Services are not intended for use by children and should only be accessed by individuals
who are at least 18 years old and are using the Services for business purposes.
2. What information do we collect?
We collect information about you as reasonably necessary for the following activities:
Using our Services
We collect the following information when you use our Services:
Account information:
Your contact and profile information including your name, email address, organization
name, and address; your preferences such as language, time zone, and the types of
communications you would like to receive from us; and image (if you choose to provide
this). We may also obtain this information if you choose to use a social login service,
such as Facebook Login, to create or access your account.
Billing and other payment information (if you sign up for a paid service or purchase a
Third-Party Service), including payment method details, such as credit card number.
The Services you have acquired from us, including the type of plan, number of team
members, and transaction information related to the Services.
Content:
Your social profile information for Social Networks you choose to connect to the
Services. For example, your Facebook profile information may include your Facebook
username and profile image.
A specific location such as an address, a city, or a place (for example, a restaurant) if you
choose to share this information.
Your messages, posts, comments, images, advertising, and other material you curate on
and upload to the Services; and information that is collected from the Social Networks
that you choose to connect to and which is displayed on our Services.
Content that you may send and receive through Social Networks may contain personal
information of third parties. This may include information such as: names, photos, age,
gender, geographic location, opinions, preferences, and phone numbers that are provided
or posted by social media users.
Logs, usage, and support data:
Log data, which may include your IP address, the address of the web page you visited
before using the Services, your browser type and settings, your device information (such
as make, model, and OS), the date and time when you used the Services, information
about your browser configuration, language preferences, unique identifiers, and cookies.
Usage data and analytics, which may include the frequency of login, and the different
types of activity undertaken by users such as frequently accessed areas of the Services.
General Location information, such as IP address and the region in which you are located
when you are logging in and using the Services, in accordance with the settings on your
device.
Customer support questions, issues, and general feedback that you choose to provide.
Surveys, events, marketing and other activities
Surveys, contests, events (such as webinars and in-person events) for those we host or are
affiliated with:
Contact information, such as your name, email address, telephone number, organization
name and address.
Participation, attendance, feedback and opinions.
General information about your organization that you choose to provide, such as annual
company revenue, number of employees, and industry. We may also use service
providers to obtain additional business-related information about your organization such
as the legal name, size, and publicly available revenue, to assist us in offering services
that are appropriate to your organization’s needs.
Other interactions:
Social media: Your messages, posts and other interactions with our brand and social
media accounts.
Email interactions and analytics: Information on how you engage with our emails such as
email open and click rates, whether a link is clicked, which web pages are visited after
opening the email, the type of browser and email clients you use, and general location
(i.e. country and region) information.
Teleconference, videoconference, and other meetings: Your preferences, feedback,
opinions and business needs.
Accessing resources (e.g. videos, whitepapers or case studies) on our website: Your name
and contact information, and engagement analytics such as the type and frequency of
resources accessed, viewed and downloaded.
Permeateq Academy training
If you choose to enroll in training offered via Permeateq Academy, we collect the same
information that is required to sign up for the Services (see “Account information” above), as
you will need a Permeateq account to enroll. Where you undertake training courses with fees or
apply for any of our certifications, we also collect billing and payment information.
Applying for employment
Our careers site collects information you choose to provide to us when applying for employment,
which may include contact information, education and employment history, credentials, and
LinkedIn profile information.
Browsing our websites
When you browse our websites, we collect information about you as described below, some of
which is collected automatically:
When you use automated chat functionality (chatbots) to make an inquiry, provide
feedback, or make another request, we may collect information about you such as your
name and email address, your specific feedback or request, and information related to
your use of our Services.
Permeateq and our authorized service providers use cookies and other similar tracking
technologies on our websites and Services including web beacons, pixels, and software
tokens. These are described in our Cookie Notice.
Aggregated website usage data including form analysis data (such as time taken to
complete the form), engagement rate, session replay, and mouse movements.
3. How do we use your information?
We use your information for the purposes described below:
Providing and securing our Services
We need to identify and authenticate our users to ensure, for example, that only those
authorized users are able to use the Services for their organization, and to make changes
to their accounts.
We use information that you provide when signing up to set up your account, process
payments, contact you regarding the Services, and manage your account.
We use your contact information and information related to your request to respond to
your inquiries, manage our contract with you, respond to your questions and requests, and
send you updates and information about the Services.
We use logging and other data such as general location information—for example, the IP
address of your browser or device, to help us manage the performance, security and
compliance of the Services.
Where you have chosen to share your specific location information, we use this
information to provide location based features, such as enabling you to share your
location on your posts for Social Networks that support this functionality, and to use any
functionality that relies on location information.
We analyze usage information, your feedback, support queries, and survey responses to
identify issues and help us understand how you use the Services so that we can make
improvements to our Services.
We use Content, information that you send and receive through Social Networks, and
other information from these Social Networks (such as your messages, posts, comments,
images, advertising, and other material you curate on and upload to the Services) in order
to provide the Services.
Communicating with you
We use your contact information where appropriate to send you information about our Services,
events, marketing communications (consistent with your preferences—see “Marketing emails,
advertising and website browsing” below), and job opportunities.
We use email statistics, such as open rates, to assess the effectiveness of, and to make
improvements to our communications. We also use engagement analytics to better understand
your needs so that we can provide the information and services that would be more suitable for
you.
Improving our websites and applications
We use information about you to help us understand usage patterns and other activities on our
websites and applications so that we can diagnose problems and make improvements, including
enhancing usability and security. We also use website personalization software to help us present
information on our websites that may be more relevant to you, such as displaying resources
applicable to your industry or organization size.
If you choose to provide information about you, your usage of social media services and other
feedback during telephone calls and other interactions to our customer support and sales teams,
we may use, monitor, and record this information for training purposes, to make improvements
to our internal sales and marketing processes, and to improve our Services.
4. What are your rights regarding the information about you?
Services information
When using our Services, you may access, update, or correct most of your Account information
by logging in to your account to edit your profile or organization record.
If you have requests that cannot be carried out by logging in to your account, such as accessing
additional information or deleting information about you, please email our privacy team. Please
note that we may need to retain certain information about you for as long as you maintain an
account for our Services, to provide you with our Services, for record keeping purposes, for
payment processing, to comply with our legal and regulatory obligations, to resolve disputes, or
to enforce the applicable terms of service or other agreement in place between you (or your
organization) and Permeateq (the “Terms of Service”).
Requests to access, correct, update, or delete your information can be made in writing to our
privacy team and will be handled within thirty (30) days unless they are unusually extensive or
complex, in which case we will advise you of the expected timeline for handling your request.
If you have authorized us to access your Social Network account to provide the Services, you
may revoke this access at any time. For example, if you have authorized us to access your
information via the YouTube API services, in addition to our normal procedure for deleting
stored data, you may revoke our access to your data via the Google security settings page.
You can contact our Support team for other general requests about your account by your
preferred method.
Marketing emails, advertising and website browsing
For marketing communications, you may opt out of marketing communications sent by
Permeateq by accessing our Preferences Management page, by clicking on the unsubscribe link
in the marketing email you receive, or completing the unsubscribe form. Please note that if you
are a Permeateq user, unsubscribing from marketing communications will not affect product-
generated Permeateq emails sent in connection with your use of our Services.
Permeateq participates in interest-based advertising (where you may have visited our websites or
another website which allows us to display advertising relating to our Services). The Network
Advertising Initiative has developed a tool that may help you understand which third parties have
currently enabled cookies for your browser and how to opt out of those cookies.
5. Who has access to your information?
Permeateq does not rent or sell your information. We restrict access to your information to
authorized employees and we do not share your information with third parties except in the
circumstances explained below.
Employees and Authorized Contractors
Our employees and authorized contractors may need to access information about you when they
require this information to perform their job. For example, a customer support representative
would need access to your account to validate your identity and respond to your question or
request; our email communications team would need access to your contact information to
ensure this information is sent correctly and any unsubscribe requests are properly managed; and
our security staff would need to review information to investigate attempted denial of service
attacks, fraudulent account activity, or other attempts to compromise the Services.
All our employees and contractors are required to agree to maintain the confidentiality and
protect the privacy of your information.
Service Providers, Authorized Resellers, and Partners
We will share limited information about you to authorized service providers we use for
marketing services, communicating with you, managing our customer database, the provision of
professional services, and providing and managing the Services (including hosting data centers,
securing our Services, and payment processing).
We limit the number of service providers who are permitted to process your Content for the
purpose of assisting us in delivering the Services. We refer to these service providers as
"subprocessors" and they are listed on the Permeateq website.
Where you have purchased a service from an authorized reseller or partner, we may provide
information about you to (and may receive information about you from) the reseller or partner as
necessary to support your use of the service you purchased.
When sharing your information with any of the above service providers, resellers and partners,
we ensure they agree to obligations consistent with this Privacy Policy and any other appropriate
confidentiality and security measures, and only use your information to carry out the Services
and your requests.
We may also participate in and run marketing events (e.g. virtual conferences, webinars, and
provide resources) with sponsors and other organizations. Where the sponsors or other
organizations wish to collect your information for their marketing purposes, while we may
facilitate this (e.g. information may be collected on the same registration form), they will be
doing so independently under their own policies. We will advise you and provide you an
opportunity for you to share your information with the sponsors or other organizations for such
purposes, either upon registration or during the event.
Social Networks and Third-Party Services
Where you are using our Services and have chosen to connect your Social Networks to the
Services, or if you authorize a Third-Party Service to access your account, you are agreeing to
provide information about you to the Social Networks and the Third-Party Services under their
respective terms and privacy policies. For example, if you choose to connect your YouTube
account to the Services, this connection uses YouTube’s API services, and the Google Privacy
Policy will apply to you.
Customer Organizations
Where your employer or an entity has purchased Services on your behalf, we may disclose
information about you such as your name and email address, and some usage information
including whether a user has logged in to the Service, frequency of login, time spent using the
Services, and enrollment and completion of Permeateq Academy courses to assist your employer
or the entity in managing its use and maximizing the value of the Services.
Successor and Affiliated Entities
We may share information about you among Permeateq-controlled affiliates and subsidiaries,
and they will protect your information in a manner that is consistent with this Privacy Policy and
where applicable, in accordance with the privacy policy specific to the entity.
We may also disclose your information as part of a corporate transaction such as a merger or sale
of assets. If we do, we will inform such entities of the requirement to handle your information in
accordance with this Privacy Policy, or inform you that you are covered by a new privacy policy.
Law Enforcement, Government Agencies, and Professional Advisors
We may need to disclose information about you where we believe that it is reasonably necessary
to comply with a law or regulation, or if we are otherwise legally required to do so, such as in
response to a court order or legal process, or to establish, protect, or exercise our legal rights or
to defend against legal claims or demands. For governmental data access requests concerning
you or your organization, we would first attempt to redirect the request to you and/or we would
first attempt to notify you unless we are legally prohibited from doing so.
In addition, we may disclose information about you if we believe it is necessary to investigate,
prevent, or take action: (a) against illegal activities, fraud, situations involving potential threats to
our rights or property (or to the rights or property of those who use our Services), or to protect
the personal safety of any person; or (b) regarding situations that involve the security of our
Services, abuse of the Services infrastructure, or the Internet in general (such as voluminous
spamming, or denial of service attacks).
We also use professional advisors, including lawyers and accountants, and may be required to
disclose information about you when engaging them for their services and as necessary for
audits, financial and other regulatory reviews.
6. What international data transfers occur at Permeateq?
Under the data protection laws, information about you may only be transferred from your region
to other regions if certain requirements are met. For instance, information about you may be
transferred if adequate data protections are in place. Our Services are managed by Permeateq’s
headquarters in Kenya.
Permeateq also uses third-party service providers, such as managed hosting providers, credit card
processors, and technology partners to provide the software, networking, infrastructure and other
services required to operate the Services. These third-party providers may process or store
personal data on servers outside of the Kenya. We rely on adequacy and standard contractual
clauses to ensure that information about you is lawfully transferred under Kenyan law. In this
case, we have implemented supplementary measures as outlined in the section “How do we
safeguard your information?”.
The third-party service providers we use to help us deliver the Services and which process your
Content are referred to as “sub-processors”.
By its nature, social media data can be shared with people around the globe. The Social
Networks and Third-Party Services that you choose to integrate with our Services may collect,
store, and process your information from various locations around the world according to their
own terms and privacy policies.
7. How do we safeguard your information?
Permeateq maintains industry standard security safeguards to protect your information. This
includes ensuring our employees receive appropriate security and privacy training and guidance
so they are aware of the measures they need to implement to protect your information.
Access controls are in place to limit access to your information to those who need it to perform
their jobs. For example, information about you may be provided to our customer support
specialists to help you with your requests. Individuals who are permitted to handle your
information must adhere to confidentiality obligations.
We encrypt data in transit and at rest, where appropriate, to ensure that your information is kept
private. We undertake service provider security and privacy reviews to ensure that service
providers follow our stringent requirements to safeguard your information, and we also enter into
data protection agreements with our service providers. All payment information is fully
encrypted and handled only by PCI certified organizations.
8. How long do we retain your information?
In general, Permeateq does not permanently store Content from Social Networks. Rather, when
you login to the Services, we retrieve data from Social Networks in real time so that it is
displayed in the platform for viewing during your session. We store other Content that you
produce (such as draft Content for publication on Social Networks) so that you can easily access
this material on the Services. Messages in Inbox are stored for 6 weeks to enable you to take any
action required, such as replying to messages. Permeateq Analytic products such as Analytics
and Insights will store mentions related to our customers from social media audiences for up to
25 months to allow our customers to conduct trending and analysis.
Aggregated data is used by Permeateq for analysis, product improvement, and troubleshooting
purposes. In some cases, Content may continue to exist on the Social Networks even after you or
we delete it from our Services, and you will need to contact the relevant Social Network directly
if you want it to remove this Content.
We retain your information as long as required to provide the Services requested by you, for
record keeping purposes, to comply with our legal obligations, resolve disputes, and enforce the
terms for the Services. After it is no longer necessary for us to retain information about you, or
otherwise upon your request, we will dispose of it in a secure manner or anonymize the
information.
9. Permeateq’s roles under the Data Protection and Computer Misuse and
Cybercrimes Acts
Depending on the situation and the type of data involved, Permeateq may act as a data controller
or a data processor.
Permeateq as a data controller
Permeateq acts as a data controller when we are:
Collecting information from you to set up and administer your Permeateq account (for
example, Account information such as your name and email address);
Monitoring usage information on our website;
Managing your contact and other related information to send marketing, Services, and
other communications to you;
Responding to a support or general inquiry; and
Recruiting individuals for job opportunities.
Legal bases for processing when Permeateq is a data controller
The legal bases for processing information about you include:
Your consent (for example, when you have provided your information to sign up for an
account or for a webinar; or you have provided your employment history when applying
for a job). Where we rely on your consent to process personal data, you have the right to
withdraw your consent at any time.
It is necessary to perform a contract (for example, we may need your information to
fulfill our obligations of providing Services to you under the terms relevant to the
Services you have acquired).
Legitimate interest (for example, to provide, maintain and improve the Services for you,
to maintain the security of the Services, and to attract new customers to maintain demand
for the Services, all of which are described in the “How do we use your information?”
section above).
In some cases, we may have a legal obligation to process your personal data to comply
with relevant laws (for example, processing payroll and tax information to comply with
relevant employment and tax legislation); or processing is necessary to protect your vital
interests or those of another person (for example, obtaining health-related information
during a medical emergency).
Your rights when Permeateq is a data controller
Where Permeateq is acting as a data controller, we have outlined certain rights in the section
“What are your rights regarding the information about you?”.
In addition, you may have the following rights:
Right to object to processing: you may request that Permeateq stops processing
information about you (for example, to stop sending you marketing communications).
Right to restrict processing: you may request that we restrict processing information
about you (for example, where you believe that this information is inaccurate).
Right to data portability: you may request that we provide you with information
Permeateq has about you in a structured, machine-readable, and commonly used format,
and you may request that we transfer this information to another data controller.
Permeateq as a data processor
Where you are using our Services and making decisions about the personal data that is being
processed in the Services (including selecting the Social Network accounts you wish to connect
to the Services, or uploading and using Content), you are acting as a data controller and
Permeateq is acting as a data processor.
There are certain obligations under the Data Protection Act that you have as a data controller,
including being responsible for managing Content on the Services. As a data processor,
Permeateq will only access and process Content to provide you with the Services in accordance
with your instructions (which you provide through the Services), the Terms of Service, the Social
Networks’ terms, and applicable laws. As part of delivering the Services, we may process
Content to further improve the Services, such as enhancing usability and developing new
features.
If you, as a data controller, require Permeateq to agree to data protection requirements under the
Data Protection Act, or under Kenyan data protection laws, Permeateq makes available a data
processing addendum that meets these requirements. Please email your customer details
(organization name and plan information) with your request to our team.
If you are using the Services as an authorized user of a Permeateq customer (whether that
customer is your employer, another organization, or an individual), that customer determines its
own policies (if any) regarding storage, access, modification, deletion, sharing, and retention of
personal data and Content, which may apply to your use of the Services. Please check with that
customer about the policies and settings it has in place.
10. Changes to this Privacy Policy
We may make changes to this privacy policy at any time to reflect updates to our Services,
applicable laws, and other factors. We will include a prominent notice on this website and/or our
Services if we make any material changes, but we encourage you to stay informed by reviewing
this policy periodically.