(collectively the "circussocial.com websites" or the "Company websites").
20/Twenty ( https://20twenty.circussocial.com ) and Radar (https://radar.circussocial.com) are social/news intelligence listening, monitoring and analytics platform that blends powerful listening and analytics with a uniquely designed interface to help users easily assimilate and analyse mentions about their brand and topics of interest in the online and offline space. We crawl and index publicly available information (including data) from the Internet. We also contract directly with third party providers to gain access to their information (including data). In each case, the information that we have access to is published or made available by Authors. This information is then collated and stored in our database. We offer access to our database, as well as analytics of the data within that database, to third parties (our “Services”) through our platform(s).
20/Twenty partners with 1st and 3rd party data providers listed as Twitter, Facebook, Instagram and LexisNexis which are compliant with GDPR (as at 1st of May 2020). LexisNexis group of companies have certified their services to EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce. Please view these entities’ Privacy Shield Notice here. To learn more about the Privacy Shield program, and to view these entities’ certification, please visit www.privacyshield.gov. All data accessible via 20/Twenty is provided from publicly accessible and shared domains.
YouTube data includes information on videos and channels either belonging to the user or to another user if it is publicly available and could include the following:
Account profile name and picture
Account followers volume number
Post likes, comments and views data
Post video content link and description
This data is securely stored in our servers based in Singapore, and encrypted. This data is used primarily to inform 20/Twenty's clients on content trends, and content performance including their own content. As per YouTube's policy, all such data is removed from our servers after 30 days.
Data that is shown on 20/Twenty is based on YouTube channels and other platform tracked based on client provided specifications. If that content happens to be an advertisement, it is shown anyway since video content is not screened and is simply configured based on channel. Advertisements as such are not displayed on our platform anywhere.
Since all of the information that we access is publicly available, the raw information we have about you could be found by anybody with access to the Internet. Some of this information is personal data. For example your name or username in connection with your Twitter or Facebook profile would be personal data. Other information we process may not be personal data (for example if you publish an anonymous review on a website).
2. Information collected
When you want more information about the Services, subscribe to the use of the websites or other Services, register for a demo or our newsletter, Circus Social asks you to provide your personal details such as your name, your company name, your email address, your job title, your contact number and your location and other data relevant to the Services we provide. If you are not an administrative user for your account, the same data about you may be provided by a colleague or other third party. We may also collect other data directly from you, from time to time.
If you choose to purchase our Services or register for a demo or our newsletter, your contact details will be stored in our encrypted servers, anonymous to server operators as well. Newsletters and further communication based on contact details shared with Circus Social are made completely voluntarily and subscribers can easily unsubscribe.
When candidates apply for a position with the Company, we may also ask them to provide additional information, such as a resume. Contact Information, Application Information, and any other information you provide to Circus Social through the Services are collectively referred to as "Data".
When you browse the Company's websites, Circus Social may also collect information through commonly used dedicated tools, such as cookies and web beacons (the "website Browsing Information"). Website browsing information includes the standard information of your web browser (for example, the type and language of your browser), your IP address and the actions performed on the Company's websites (for example, the web pages you visited and the links you clicked on). To learn more about how Circus Social and third-party information is collected by Circus Social, please continue to read below.
We do not collect any payment information on any of our products. We redirect you to a 3rd party payment processor which in turn informs our servers of the success or failure of your transaction so we can take appropriate action in relation to your subscription.
If you contact our support services through chat or email, we will collect the data we need to categorize your question and respond to it. We also use this data to track potential issues with our Services and customize our support responses to better serve you.
We collect data about you when you use any part of our Services. For example, if you are logged in to your 20/Twenty account, we will collect data as to how often you use 20/Twenty, what queries you created or amended, and other data about how you interact with 20/Twenty. We may also collect data about how you interact with messages we send to you, for example whether you opened an email or read an in-app message. We do this by using Analytics services provided by Google.
We collect data about the device you use to use our Services, including operating system details, web browser type, your mobile device identifier and mobile operating system, and the name of your ISP or mobile carrier. We may also collect your location data if your device permits this.
We also infer data about you based on the data you have provided or made available to us. This may include personalizing your experience of using our Services, suggesting different Services you may be interested in trying, or other inferences about you.
We are constantly trying to improve our Services to you. This means that we are introducing new features of our Services regularly, some of which may result in the collection of new data from you.
We will indicate where any personal information we have requested is mandatory or optional. We will also explain the consequences should you decide not to provide information which we have indicated is mandatory. In some circumstances this may mean we are unable to provide you with a certain service or product.
The data we collect varies depending on the source of the data, what the source or platform chooses to make available to us, plus what you choose to make available. It could include the following:
your name, username, handle, or other identifier;
the content of the information you have published via that name, username, handle, or other identifier, including comments, expressions, opinions, posts, etc.
your profile picture or other images or videos that you post or interact with
your job title or profession (including category of profession, for example “journalist”
any other information you publish on an Internet website we crawl or on a third party platform that provides us with data
In addition to the data you make available about yourself, we may also use that information to infer other data about you. For example, based on your name, we may infer your gender. Equally, based on the content of one of your posts, we may infer some of your interests, your profession, your location, etc.
We may also analyse the content of the data you publish and provide our analysis to our customers. For example, if you publish a Tweet stating that you like a certain brand’s sneakers, we may mark that Tweet as having a positive sentiment toward that brand.
3. Use of collected information
The legal basis for our processing of data about you is generally pursuant to our “legitimate interests”. Our legitimate interests are in providing our Services to our customers, which includes providing technology that empowers our customers to act with more certainty in a way that is easy-to-access and use. However, the legal basis for our processing of data may also be where we have your consent (for example where consent is required to send certain marketing communications) or where the processing is necessary for compliance with our legal obligations (for example where we receive requests from regulatory authorities).
We combine data about you across our different Services. We use data and content that you and other users provide or make available to us to provide the Services to you and our other customers. We also use data to conduct research and development for the improvement of our Services so that we can provide all of our users with a better experience.
We communicate with you in writing, via email, or other means available on or through the Services (for example, our Support buttons on the platform). We may communicate transactional or service messages to you, such as welcoming you to our Services or informing you of scheduled downtime.
The Company may also use Circus Social Data for business purposes. For example, the Company may use the information you provide to contact you in order to inquire about your interest in the Services and subsequently send you information about the Company, and it’s partners, for example about promotions, or events. In respect of marketing communications, you can opt out of receiving future communications in the footer of each email we send to you. You cannot opt out of receiving transaction or service messages from us.
The Company also uses Circus Social Data to perform the requested services. For example, if you complete a "Book A Demo" web form, the Company will use the information provided to contact you regarding your interest in the Services.
The Company uses your Circus Social Data to further the utility of our services to and in the development and improvement of Circus Social as an organization. The Company understands the importance of the privacy of your information and does not lease, share or sell or in any way provide personal information to third parties. The Company will not disclose details of your personal information to any third party unless:
It has been stated otherwise in this policy.
It is required by law to comply with a legal process, including but not limited to court orders or criminal/civil subpoenas.
To enforce the terms and conditions of usage of Circus Social’s products.
To detect, prevent and address fraud or any sort of other illegal activity.
Circus Social has the right to post and use any testimonials or recommendations that you provide to Circus Social on Circus Social’s blog or any other platform deemed fit by Circus Social. We may use your testimonials or recommendations as part of marketing, advertising or promotion related content, which may include personal information such as your name and general location that you have provided to Circus Social.
Circus Social used 3rd party payment processors to verify financial qualifications and collect payment from potential Clients and Participants.
Circus Social uses the Navigation Information on the website for the purpose of operating and enhancing the Company's websites. In addition, the Company may use the Web Browsing Information in isolation or combine it with the Circus Social Data to obtain personalized information about the Company. To learn more about using the Information about your website navigation, please read Section 4 below.
We do not use your personal data to engage in automated decision making about you.
4. Information about the navigation on the website
Cookies, Web Beacons and IP Addresses
Circus Social uses commonly used dedicated tools, such as cookies and web beacons, to collect information when you browse the Company's Web Sites). This section describes the types of website Navigation Information used on the Company's websites and how they are used.
Circus Social uses session cookies and persistent cookies. The first only last the time of an online session. They disappear from your computer when you close your browser or shut down your computer. The second remain on your computer even when you close your browser or shut down your computer. Note: If you disable cookies in your web browser settings, you will be able to explore the Company's websites, but you may not be able to use our Services properly.
The section below shows how Circus Social uses the different categories of cookies, and what are the setting options available in this area:
Type of cookies
Mandatory cookies allow you to browse and use the Company's websites (for example, accessing secure websites and using Circus Social’s Services).
To the extent that mandatory cookies are essential to the operation of the Company's websites and Services, it is not possible to eliminate them.
2. Performance cookies
These cookies collect information about visitors' use of our website, including the pages they visit most often and any error messages that appear on certain pages. These cookies do not collect information that individually identifies Visitors. All collected information is grouped and made anonymous. They only serve to improve the functioning and performance of the Company's website.
Circus Social may occasionally request the services of third-party companies to track and analyze the statistical information of Visitors to the Company's Web Sites in terms of volume and usage.
To learn how to eliminate performance cookies using your browser settings, click here.
Functionality cookies allow the Company's websites to store the information you enter or the choices you make (for example, your user name, language, or geographic location) and to offer enhanced and customized features. These cookies also allow you to optimize your use of Circus Social Services once you are logged in. In addition, they can store changes you make to text size, fonts, and other web page elements that you can customize.
Circus Social may also use local storage to store your preferences or display content based on what you view on our websites, in order to personalize your experience or to make the performance better.
To learn how to eliminate feature cookies using your browser settings, click here. Eliminating these cookies can affect the features available when you visit the Circus Social websites.
Targeting or advertising cookies
Circus Social uses the web beacons in isolation or in combination with cookies to collect information about how Customers and Visitors use the Company's websites, as well as e-mails exchanged with the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you visit a particular website linked to the tag, and a description of a website linked to the tag. For example, Circus Social may place web beacons in marketing emails intended to inform the Company when you click on one of the links that directs you to one of the Company's websites.
Social Media Functions
The Company's websites may use social media features, such as Facebook's "Like" button ("Social Media Features"). These features may collect your IP address and rate the page you are visiting on the Company's website, as well as set a cookie for the function to work properly. Social Media Features may give you the ability to post information about your activities on the Company's website to a profile page owned by you and provided by a third-party social media network so that you can share data with others. other users on your network. Social Media Features are hosted by a third party or directly on the Company's website.
When you visit the Circus Social Web Sites, the Company retrieves your Internet Protocol ("IP") addresses to track and consolidate non-personal information. For example, Circus Social uses IP addresses to identify the regions from which Clients and Visitors access the Company's websites.
5. Public forums, recommendations and customer testimonials
Circussocial.com can contain dashboards, blogs, or discussion boards. Any personal information you choose to submit in a forum of this type may be read, collected or used by other people visiting these forums. It may be used to send you unsolicited messages. Circus Social can not be held responsible for the personal information you disclose on these forums.
Circus Social publishes a list of its Customers and their various testimonials on the Company's websites, which include information such as the function and the name of the Customer concerned. Prior to the posting of these lists and testimonials, Circus Social will seek the consent of each Client.
6. Sharing information collected
We share data with our affiliates (meaning legal entities controlled by, controlling, or under common control with us) as reasonably necessary to provide the Services.
We may also disclose your data to other third parties. For example, if we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets. Alternatively, if we or substantially all of our assets are acquired by a third party, your data may be part of the transferred assets.
If any third party processes any of your data, we ensure there are sufficient contractual and operational safeguards protecting your data.
From time to time, Circus Social may partner with other companies to offer joint products or services, such as our Data partners. If you purchase a Circus Social product or service that is the subject of a joint offer, or if you expressly express an interest, the Company may share with the relevant partner or partners the Circus Social Customer Data collected in connection with your purchase or your request. Circus Social is not responsible for how our business partners use the Circus Social Customer Data we collected; this use is subject to their own privacy policies. If you do not want your information to be shared in this way, please write to email@example.com.
Circus Social uses a third-party service provider to manage credit card processing. The Service Provider is not authorized to host, retain, or use the billing information provided, except for the purpose of credit card processing on behalf of the Company.
Circus Social reserves the right to use or disclose the information provided if required by law or if the Company reasonably believes that the use or disclosure is necessary to protect its rights and / or to comply with a court proceeding or an order of a judge.
7. International transfer of collected information
8. Communication Preferences
Circus Social offers Visitors, Customers, and Participants who communicate their contact information the opportunity to choose how the Company will use this information. You can manage the receipt of your marketing and non-transactional communications by clicking on the unsubscribe link at the bottom of the Company's marketing emails. You can also send a request to firstname.lastname@example.org.
9. Correcting and updating your information
Our Customers may update or modify their subscription information by writing to us at email@example.com or contacting their Account Managers. To disable your account and retrieve managed information as part of our use of our Services, email firstname.lastname@example.org. Requests for access to your information, modification or deletion will be processed within 30 days.
10. Customer data
Circus Social Customers may electronically submit their data or information to the Company's Services for hosting and processing purposes (the "Customer Data"). Except as otherwise required by law or under the Master Subscription Agreement, Circus Social will not review, share, distribute, or refer Customer Data. Under the Master Subscription Agreement, Circus Social may access Customer Data for the sole purpose of performing the Services, preventing or resolving technical or service issues, or where required by law.
Circus Social uses powerful security measures and encryption to protect Circus Social Customer and Circus Social data. The Company uses the Services to manage Customer and Participant Data
Circus Social follows the following to protect user’s login and password information –
Users will be automatically logged out / timed-out after 30 mins of inactivity on 20twenty.circussocial.com
User passwords have to be at least 8 alphanumeric characters and include one special character
Users when changing password cannot use the same password as their last 2 passwords
When users first get their account they will be required to change their password immediately
All users are required to change passwords every 90 days
Max failed logins are capped at 6, post which user accounts will be suspended and only an authorized company admin or super admin needs to reactivate the account
asswords are protected against dictionary and brute force attack
User accounts unused for 90 days will be automatically suspended. You can write to us at email@example.com to have your account reactivated
Passwords are not displayed anywhere on the system. i.e all passwords are masked (*****) to users.
Passwords are encrypted in the database and not stored as plain text. We use industry standard encryption technologies.
System rules ensure passwords do not contain any common strings to the user’s names, email address, birthday’s or other data.
13. Contact us
14. Circus Social Data Privacy FAQs
The European Commission adopted the General Data Protection Regulation (“GDPR”). The GDPR applies from 25 May 2018. The GDPR replaces the 1995 Data Protection Directive (“Directive”). The GDPR is, essentially, an upgrade from the Directive. The purpose of this FAQ is to set out for our customers how Circus Social is approaching the GDPR and data privacy generally. If you have any questions that are not answered by this FAQ, please get in touch with your sales representative, customer success or account manager.
Q: Does Circus Social comply with the GDPR?
Q: Does the GDPR apply to Circus Social’s services?
A: The GDPR applies to the processing of personal data. Personal data means any information relating to an identified or identifiable natural person. Circus Social offers a variety of services, each of which require a different analysis under the GDPR. 20/Twenty, i2, and Radar (“Analytics Services”) Analytics services are personal data agnostic. These Analytics Services are based on analyzing large sets of free text data/images. This means that, while processing personal data is not the core point of the Analytics Services, it is likely that there is personal data in the Circus Social database. For example, some users on Twitter verify their account. Where a user’s account is verified, that user’s username and accompanying Tweets are personal data. Circus Command Center For Circus Command Center, Circus Social acts as a data processor and the GDPR applies where the data within Circus Command Center is personal data.
Q: Is Circus Social a data controller or a data processor with respect to its Analytics Services?
A: For its Analytics Services, Circus Social makes decisions about which websites it crawls, what data it collects, and how and why this data is used in connection with its services. This decision is based on the fact that these services and any related processing are not specific to any particular customer and could not therefore be said to be only “on the instructions” of any such customer. Therefore, for the Analytics Services that contain personal data, Circus Social considers itself a data controller under the GDPR.
Q: Is Circus Social a data controller or data processor with respect to Circus Command Center?
A: Yes, as Circus Command Center only displays data from 20/Twenty (another Circus Social service). Where only data from 20/Twenty is displayed, Circus Social is still a data controller. This is because the data that Circus Command Center is processing is Circus Social’s own data source (for which Circus Social is a data controller).
Q: If Circus Social is a data controller for its 20/Twenty Services, what are its customers?
A: For all 20/Twenty Services, Circus Social’s customers are also data controllers in respect of the personal data which customers process through the use of the Analytics Services. The reason is that, under the GDPR, a person must be a data processor or a data controller. A data processor processes data on behalf of the data controller. Since Circus Social’s customers do not process personal data on Circus Social’s behalf, Circus Social’s customers must be data controllers under the GDPR for the Analytics Services.
Q: What is the legal basis on which Circus Social processes personal data for its 20/Twenty Services?
A: The primary legal basis on which Circus Social processes personal data when performing the 20/Twenty Services is the legitimate interests of the data controller. This legal basis requires a balancing of the legitimate interests of the data controller with the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The data that Circus Social processes from the 20/Twenty Services is all publicly available – and made available – by the particular social media author him or herself. Circus Social therefore believes that the interests, fundamental rights and freedoms of data subjects are not prejudiced or overridden in the context of its processing of social media data that is (1) publicly available and (2) can be made private at anytime by the social media author him or herself. The social media authors have significant levels of control over the availability of their personal data on the underlying websites, including (e.g.) setting their Twitter account to private.
Q: Where does Circus Social store the personal data that it processes?
A: The personal data that forms part of the 20/Twenty database is stored on servers that Circus Social owns and manages, hosted with cloud service providers in Singapore. Circus Social policy requires the use of Tier 3 rated data centres with suitable physical and environment security. Circus Social’s data centre providers maintain their own ISO27001 accreditation, along with other relevant physical security, environmental and quality certification.
Q: Does Circus Social export any personal data outside of the European Economic Area?
A: None of Circus Social’s services currently export any personal data outside of the European Economic Area. However, via the API or the export functionality of Analytics and Audiences, customers can technically export data from Circus Social’s servers to non-EEA countries. This export will depend on the ultimate location of the customer device that exports the data.
Q: Are Circus Social’s systems that process personal data secure?
A: Yes. Circus Social has technical and organisational measures in place to protect against unauthorised or unlawful processing of data and against accidental loss, destruction or damage. Where Circus Social uses third party cloud providers, those providers are industry-leading, including Amazon Web Services and Google. In addition, Circus Social applies its own security policy and process to the management and provision of any third party systems and services.
Q: How does Circus Social ensure its services comply with the GDPR?
A: Circus Social has appointed privacy champions on its engineering, account and product teams. These individuals are tasked with incorporating privacy by design principles when developing services for Circus Social. Finally, Circus Social has legal counsel that oversee privacy-related matters.