SocialSignin Ltd, trading as Orlo, is a private company limited by shares incorporated and registered in England and Wales with company number 08237170 and whose registered office is located at 7c, Centre City House, 5-7 Hill Street, Birmingham. B5 4UA, England, United Kingdom. Wherever used in these terms and conditions of business (“T&Cs”), “SocialSignIn”, “we”, “our” or “us” refer to SocialSignin Ltd (and our permitted successors and/or assigns). Wherever used in these T&Cs, “you”, “your” or similar terms mean the person utilising and/or accessing the Services (as stated in the order form), including persons for which you are responsible such as your employees and other permitted third parties (as applicable).

These T&Cs, together with the Data Protection Addendum and the order form (produced by us), constitute a binding legal agreement between SocialSignIn and you (the “Contract”). Any purported order by you for the Services shall not form a legally binding contract unless and until we countersign the order form (which has been signed by you) or commence providing the Services (whichever is the later). This Contract governs your access to and use of our products, software, services, and website (collectively “Services”), and any and all information, text, graphics, photos or other materials uploaded, downloaded, or appearing on the Services (collectively “Content”). By accessing and using the Services, you agree to be exclusively bound by the Contract to the exclusion of any other terms and conditions which seek to have effect, and you warrant that you have read, understood and accepted the terms of the Contract. If you do not agree to be bound by the Contract, you are not permitted to use the Services and/or Content under any circumstances.

By accessing and using the Services you are consenting to (or promising that you have obtained appropriate consent for) the collection and use of personal data by SocialSignIn in accordance with SocialSignIn’s privacy policy (currently available at https://socialsignin.net/privacy-policy).

A – The Services

  1. You are solely and exclusively responsible for the use of the Services and for any Content accessed or made available to others through your account (even if that Content is accessed or made available by others). You assume all risks associated with the Services and any Content accessed or made available to others through your account. SocialSignIn will not be held responsible under any circumstances for your use of the Services or for any such Content.
  2. To access or use the Services, you must be able to form a binding contract with SocialSignIn and you must not be prohibited from receiving the Services under any applicable laws. You warrant that you have the ability and continuing authority to form a legally binding contract with us.
  3. You acknowledge that the Services allow you to access and use content and services offered by third party service providers (e.g., Twitter, Facebook) (“Third Party Service Providers”). It is a condition precedent of this Contract that you agree to comply with the relevant terms and conditions of any such Third Party Service Provider.
  4. Your access to and use of the Services must be in accordance with these T&Cs at all times. If you commit a breach of these T&Cs, we may without notice suspend or terminate your use and/or access to the Services in accordance with the remaining provisions of these T&Cs.
  5. You agree that any of your group companies who use the Services (listed in the order form or for which we have given our express written consent) shall be bound by these T&Cs at all times and you shall procure that they adhere to these T&Cs, and you shall be wholly responsible for all of their actions and/or omissions.
  6. You agree that the Data Protection Addendum incorporates all data protection requirements relating to the Services and the Contract and you and we will comply with its provisions.

B – Your Account

  1. You must provide your legal full name (i.e. company name and number), address for service of any notices, a valid email address and contact details of an authorised representative, and any other information requested by us in order to complete the account sign-up process.
  2. You are responsible for maintaining the security of your account login information and for any activities or actions occurring under your account. SocialSignIn encourages you to use a “strong” password (passwords that use a combination of upper and lower case letters, numbers and symbols) for your account. SocialSignIn will not be responsible for any loss or damages whatsoever resulting from your failure to comply with this obligation.
  3. Each account login may only be used by one person – a single login shared by multiple people is not permitted. Any users over and above the number specified in the order form will trigger an immediate proportional fee increase (as compared with the current pricing in place from time to time and the number of users) payable immediately. One person or legal entity may not maintain more than one free account if they are connected or associated in any way.
  4. A user is only permitted to have a reasonable number of social accounts (e.g. twitter, Facebook, google+), in the opinion of SocialSignIn (in our sole discretion).
  5. You must be a human. Accounts registered by “bots” or other automated methods are not permitted.

C – Term, Use and Restrictions

  1. We agree to supply the Services, and you agree to accept the Services for the period as set out in the order form (the “Initial Term”). Unless we receive written notice from you to cancel the Contract before the 60 day period prior to the natural expiry of the Initial Term (and/or each anniversary thereafter) then the Contract shall continue for a further term equal to the Initial Term (the “Additional Term”), and continue on a rolling basis thereafter upon the expiry of each Additional Term unless the aforementioned notice is received by us from you. Should you cancel the Contract then the provisions of clause G4 shall apply.
  2. Any renewal of the Contract in accordance with clause C1 shall be at the current price being charged to you unless notice is sent by us to you prior to 60 days of the anniversary of the renewal that there will be a price increase (notwithstanding clause F3). Upon any automatic renewal of the Contract or otherwise the provisions of the Contract shall continue to apply in all respects.
  3. You may only use the Services to: (a) access Content on SocialSignIn’s website; and (b) access, manage and obtain information about your accounts with Third Party Service Providers in accordance with these T&Cs and any terms specified by the Third Party Service Providers. You may only use the Services in relation to your own genuine and legitimate social media management requirements.
  4. You may not access or search or attempt to access or search the Services by any means (automated or otherwise) except through SocialSignIn’s currently available interfaces.
  5. You may not use the Services for any illegal or unauthorised purpose, including in any way that violates copyright, privacy or other laws applicable in England and Wales or which are applicable to you.
  6. You may not use the Services in a way that is detrimental to the operation of the Services or the access or use of the Services by anyone else. This restriction applies to any use that interferes or attempts to interfere with the normal operations of the Services, including by hacking, deleting, augmenting or altering the Services or any Content.
  7. You may not, without SocialSignIn’s prior written permission (including the permissions granted by these T&Cs): (a) copy, distribute (including by framing any of the Services on any website), modify, enhance, translate, reproduce, sell, resell, sublicense, rent, lease, or otherwise attempt to exploit the Services; (b) decompile, disassemble, reverse engineer, or otherwise attempt to discover the source code (except to the extent that this restriction is expressly prohibited by law); (c) make derivative works of the Services; or (d) modify another website so as to falsely imply that it is associated with the Services, SocialSignIn or any other SocialSignIn products or services.

D – Content

  1. You understand that by using the Services you may be exposed to Content that might be unlawful, offensive, harmful, inaccurate, or otherwise inappropriate or deceptive. SocialSignIn does not pre-screen Content and cannot be responsible for the Content accessed or made available to others through the Services.
  2. SocialSignIn and its designees have the right (but not the obligation) in their sole discretion to refuse or remove any Content that is available via the Services. SocialSignIn may (but has no obligation to) remove Content and accounts containing Content that SocialSignIn determines in its sole discretion to be unlawful, offensive, harmful, inaccurate, or otherwise inappropriate or deceptive (including Content that SocialSignIn determines in its sole discretion to: (a) be libellous, defamatory, pornographic, obscene, or otherwise objectionable; or (b) violate any party’s intellectual property).
  3. SocialSignIn does not permit verbal, physical, written or other abuse (including threats of abuse or retribution) of any SocialSignIn customer, employee, member, or officer. Engaging in any such behaviour may at SocialSignIn’s sole discretion result in the immediate termination or your account.
  4. You must not upload, post, host, transmit or otherwise make available to others unlawful unsolicited email, SMSs, or “spam” messages through the Services.
  5. You must not transmit or otherwise make available to others any worms or viruses or any code of a destructive nature (“Viruses”) through the Services.

E – Payment Matters

  1. Payment shall be made by bank transfer to an account specified by SocialSignIn. Such account will be detailed on the order form and may be changed at SocialSignIn’s discretion upon notifying you in writing. SocialSignIn may alter the method of payment at its sole discretion and will notify you of the same in writing if required.
  2. You shall pay for the Services at such times and at such amounts as specified in the order form, and in the absence of the aforementioned you shall pay for each 12 month period in full within 14 days of the date when SocialSignIn commence providing the Services.
  3. Purchased Services are non-refundable under any circumstances. This means that there will be no refunds for partial months of service, or for months where the Services were unused.
  4. All fees are exclusive of taxes, levies, withholdings or duties imposed by taxing authorities, and you shall be responsible for payment of all such taxes, levies, withholdings or duties in addition to the fees (as specified in the order form or otherwise).
  5. You must specify the country of your business so that SocialSignIn can understand its obligations to any applicable taxation authorities that may be relevant.
  6. All fees and other sums paid to SocialSignIn shall be paid in full and cleared funds in pounds sterling by telegraphic transfer without any right of set off, counterclaim or delay.
  7. SocialSignIn may charge interest on all late payments (and any other costs and/or expenses) at the rate of 4% above the Bank of England base rate from time to time.

F – Modifications to the Services and Prices

  1. SocialSignIn may change the Services or the format or delivery of the Services from time to time and without notice. Any changes to the Services, including releases of new features, tools or resources, shall be subject to these T&Cs.
  2. Subject to the below clause F3, the price for all Services are as set out in the order form (or as subsequently agreed in writing from time to time).
  3. Prices of all Services are subject to change upon 30 days’ notice from SocialSignIn. Such notice may be provided at any time by posting the changes on SocialSignIn’s website (currently located at www.socialsignin.co.uk).

G – Suspension, Cancellation and Termination

  1. SocialSignIn shall endeavour to provide you with uninterrupted access to the Services however from time to time the Services may be suspended without notice or even withdrawn due to essential maintenance and/or any other extenuating circumstances (in our sole discretion).
  2. SocialSignIn may suspend or restrict your access to the Services for any good and/or valid reason (in our sole discretion) at any time and without any liability whatsoever.
  3. If you cancel or attempt to cancel the Contract before the anticipated expiration of the term as stated in the order form (including any agreed extension thereof), you shall remain fully responsible for all fees and expenses for the duration of the aforementioned term.
  4. Your Contract will automatically renew in accordance with clause C1 subject to 60 days’ written notice of cancellation being provided by either side.
  5. Your cancellation will take effect immediately and SocialSignIn will delete all of your Content from the Services after cancellation. Once you cancel your account, your Content cannot be recovered.
  6. Should your Contract be terminated for any reason SocialSignIn will delete all of your Content from the Services after termination. Once you cancel your account, your Content cannot be recovered.
  7. SocialSignIn does not accept any responsibility for loss of Content due to account cancellation or termination.
  8. SocialSignin are permitted to terminate the Contract immediately without any liability whatsoever in the event of you
    (a)committing a material breach of contract; or
    (b)failing to pay any monies due and owing to us; or
    (c)ceasing or threatening to cease a material part of your business; or
    (d)entering into insolvency proceedings or scheme of arrangement or fail to pay any of your creditors when due in your relevant place of jurisdiction.
  9. The provisions regarding “Use and Restrictions”, “Payment Matters”, “Suspension, Cancellation and Termination”, “Ownership and Licenses”, “Disclaimer and Limitation of Liability” and “General” and any provisions which by their nature survive, shall survive the termination of these the Contract.

H – Ownership and Licenses

  1. SocialSignIn retains all rights, title and interest of any and all nature whatsoever in the intellectual property rights (including but not limited to copyright, trade-mark, patent, trade secret and all other intellectual property rights) in the Services and SocialSignIn’s Content. You acquire no rights whatsoever to all or any part of the Services except for the limited right to use the Services granted by these T&Cs. All rights not expressly granted to you are reserved by SocialSignIn absolutely.
  2. You agree not to assert or attempt to assert any intellectual property rights in or over the Services and/or the Content. You further agree not to publish or reproduce any part of the Services and/or our Content.
  3. If you become aware of anyone infringing, about to infringe or attempting to infringe our intellectual property rights belonging to us then you shall inform us immediately and agree to abide by our reasonable instructions in relation to assisting us in protecting our intellectual property rights.
  4. We claim no intellectual property rights over the Content made available to others through your account. Additionally, your profile and other Content you provide to SocialSignIn in connection with the Services remain yours. However, by making that Content available to others through the Services, or providing it to SocialSignIn through the Services, you grant SocialSignIn a worldwide, non-exclusive, royalty-free, fully paid up license (with a right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content through any or all media or distribution methods (whether now known or hereafter developed). You also acknowledge that the purpose of the Services is to access the services of Third Party Service Providers, and that as a result you are agreeing to grant to SocialSignIn any and all other rights you grant to applicable Third Party Service Providers.
  5. By posting an socsi.n link using the Service, you agree that you are following the relevant terms and conditions of the Third Party Service Provider you are linking to.
  6. By posting an socsi.n link, you agree that SocialSignIn may present the target site within a frame, and that the frame may contain advertising and tools related to the Services.

I – Disclaimer and Limitation of Liability

  1. This section I sets out the entire financial liability of SocialSignIn (including any liability for the acts or omissions of our employees, agents and subcontractors) in respect of:
  2. (a)any breach of the Contract however arising;
    (b)any use made by you of the Service and/or the Content; and
    (c)any representation, statement or tortious act or omission (including negligence) arising under or in connection with the Contract.
  3. Nothing in these T&Cs shall limit or exclude the liability of SocialSignIn for:
  4. (a)death or personal injury resulting from negligence; or
    (b)fraud or fraudulent misrepresentation; or
    (c)breach of the terms implied by section 12 of the Sale of Goods Act 1979; or
    (d)breach of section 2 of the Consumer Protection Act 1987.
  5. Without prejudice to clause I2, SocialSignIn shall not under any circumstances whatsoever be liable to you, whether in contract, tort (including negligence) or restitution, or for breach of statutory duty or misrepresentation, or otherwise for any:
  6. (a)loss of profit; or
    (b)loss of goodwill; or
    (c)loss of business; or
    (d)loss of business opportunity; or
    (e)loss of anticipated saving; or
    (f)loss or corruption of data or information; or
    (g)special, indirect or consequential damage suffered by you that arises under or in connection with the Contract.
  7. Without prejudice to clause I2, SocialSignIn’s total liability arising under or in connection with this Contract, whether arising in contract, tort (including negligence) or restitution, or for breach of statutory duty or misrepresentation, or otherwise, shall in all circumstances be limited to the amount having been paid by you to SocialSignIn in the previous 12 months (or such lesser period) under the Contract in relation to the Services.
  8. Nothing in this clause I shall restrict or limit your general obligation at law to mitigate a loss you may suffer or incur as a result of an event that may give rise to a claim.
  9. SocialSignIn shall not be liable to you or any third party in the event of any piece of social media (e.g. a tweet) not being released by us for any reason and you are solely responsible to ensure that any such social media has been properly released from time to time.
  10. For the avoidance of doubt, SocialSignIn shall not be liable to you or to any third party for any change to the Services including reasonable price changes, suspension, restriction and/or discontinuance of the Services.

J – General

  1. Technical support is only provided to paying account holders and is available via live chat, telephone and email during office hours.
  2. You understand that SocialSignIn uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Services.
  3. You understand that the technical processing and transmission of the Services, including your Content, may be transferred unencrypted and involve: (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.
  4. If your bandwidth usage exceeds 300 MB/month, or significantly exceeds the average bandwidth usage of other SocialSignIn customers (as determined by SocialSignIn in its sole discretion), SocialSignIn reserves the right to immediately disable or impose restrictions upon your account until you reduce your bandwidth consumption.
  5. If SocialSignIn is prevented, hindered or delayed in or from performing any of its obligations under this Contract by a force majeure event (i.e. an event beyond our reasonable control), we shall not be in breach of the Contract or otherwise liable for any such failure or delay in the performance of such obligations. The time for performance of such obligations shall be extended accordingly.
  6. The failure of SocialSignIn to exercise or enforce any right or provision of the T&Cs shall not constitute a waiver of such right or provision. A printed version of these T&Cs and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to these T&Cs to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form. Subject to SocialSignIn’s ability to amend these T&Cs, they cannot be changed.
  7. If any of the provisions contained in these T&Cs are determined to be void, invalid or otherwise unenforceable by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permissible so as to effect the intent of these T&Cs and such determination shall not affect the remaining provisions contained herein.
  8. You may not assign these T&Cs or any of your rights or obligations under the Contract. Subject to the foregoing, these T&Cs shall enure to the benefit of and be binding upon you and SocialSignIn and our respective successors (including any successor by reason of amalgamation) and assigns.
  9. Any notice given to a party under or in connection with the Contract shall be in writing and shall be:(a)delivered by hand or pre-paid first-class post or other next working day business service at its registered office (if a company) or its principal place of business (in any other case); or
    (b)(if notice is to be served by post outside the country from which it is sent) sent by registered airmail; or
    (c)Sent by e-mail to:
    (i)SocialSignIn: [email protected]
    (ii) You: as listed in the order form.
  10. Any notice shall be deemed to have been received:
    (a)if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address; or
    (b)if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second business day after posting or at the time recorded by the delivery service; or
    (c)if sent by registered airmail, five days from the date of posting; or
    (d)if sent by e-mail, at the time of transmission unless a delivery failure report is received.
  11. This section J does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
  12. The order form and these T&Cs constitute the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relation to its subject matter. You acknowledge and agree that in agreeing to purchase the Services and be bound by these T&Cs you have not relied on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in the order form and these T&Cs.
  13. A person who is not a party to these T&Cs shall not have any rights in or under or in connection with it.
  14. Nothing in these T&Cs is intended to, or shall be deemed to, constitute a partnership or joint venture of any kind between any of the parties, nor constitute any party the agent of another for any purpose. No party shall have authority to act as agent for, or to bind, the other party in any way.
  15. You agree to adhere to our reasonable instructions from time to time in relation to the Services and you further agree to deal with us in good faith at all times in respect of any aspect of the Services including but not limited to these T&Cs.
  16. You agree to indemnify and hold us harmless in respect of any breach of these T&Cs including our professional fees in relation to enforcing the terms of the Contract.
  17. These T&Cs and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes and claims) shall be governed by and construed in accordance with the laws of England and Wales. You irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these T&Cs or its subject matter or formation (including non-contractual disputes and claims).
  18. The laws of England and Wales apply to your access to or use of the Services, notwithstanding your domicile, residency or physical location. The Services are intended for use only in jurisdictions where they may lawfully be offered for use.

K – Interpretation provisions of these T&Cs

In these T&Cs, the following rules apply:

(a)words in the singular include the plural and vice versa;
(b)
reference to a person includes a natural person, corporate or unincorporated body (whether or not having a separate legal personality);
(c)reference to a party includes its personal representatives, successors or permitted assigns;
(d)an obligation to do something includes an obligation not to do something;
(e)these T&Cs are jointly and severally liable as amongst the obligors (someone who legally agrees to do something);
(f)reference to writing or written includes post and emails but not faxes; and

L – License Obligations

If you are subscribing to an Advanced Monitoring Stream, please note that you will also need to acquire a Web End-User License (WEUL) from the Newspaper Licensing Agency (NLA). This license will have to be purchased by yourselves and obtained directly from the NLA. It is a legal requirement that provides the permission needed to receive and access copyrighted online content, such as the results provided by our Advanced Monitoring service (news alerts and links to online newspaper articles). Please visit the NLA’s website for more information.

Forming part of and incorporated into the Contract between you and SocialSignIn.

This Addendum sets out the provisions that will govern the processing of personal data by the parties to the Contract and its provisions take precedence over every other term of the Contract unless expressly stated otherwise.

Definitions

The following definitions have the meanings shown:

Controller, Processor, data subject, personal data and Processing each have the meaning given to them in the Data Protection Laws and Process and Processed will be construed accordingly.

Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Protection Laws means all applicable privacy and data protection laws including the Data Protection Act 1998 (as replaced by the GDPR with effect from 25 May 2018) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) and all subordinate and ancillary legislation, directions of any competent privacy regulator, common law and other relevant court decisions that relate to privacy and/or data protection in each case as may be amended or replaced from time to time.

Data Security Measures means the technical and organisational security measures described in Annex 2 (as may be improved upon from time to time by SocialSignIn or which have been agreed by the parties in accordance with Annex 2) as being those required to be used by SocialSignIn and which have been approved by you as complying with the Data Protection Laws when Processing Your Data.

Deliverables means the goods, services, software, licences and any other deliverables to be provided by or on behalf of SocialSignIn under the Contract.

GDPR means the General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data which came into force on 24 May 2016 (together with any associated derogations and amendments imposed by the United Kingdom) and which will apply from 25 May 2018.

Personnel means any employee, officer, agent, consultant, auditor, subcontractor, Subprocessor or other third party acting on behalf of SocialSignIn in connection with the provision of the Deliverables.

Processing Requirements means your requirements for the Processing of Your Data by or on behalf of SocialSignIn under the Contract as described in Annex 1.

SocialSignIn Approved Subcontractor List means the internal list of subcontractors that have been approved by SocialSignIn to provide services that involve the subcontractor Processing Your Data.

Subprocessor means any third party engaged by SocialSignIn including any of its affiliates, subsidiaries and/or subcontractors or agents that may Process Your Data.

Your Data means all personal data relating to data subjects that are Processed in the course of using or providing the Deliverables and includes any copies included in back-ups made by or on behalf of SocialSignIn.

Your Instructions means your instructions for the Processing of Your Data as described in this Addendum and the Processing Requirements or otherwise agreed by you and SocialSignIn.

Obligations and rights

1. Intellectual property rights. All intellectual property rights in and to Your Data will be and will remain vested in you.

2. Compliance with Data Protection Laws. Each of the parties will ensure that it complies with the Data Protection Laws when Processing Your Data under the Contract.

3. Causing breach. Each of the parties will not (and will ensure that none of the Personnel may) do anything that would cause itself or the other or any or any other person to be in breach of the Data Protection Laws.

4. Compliance with Your Instructions. When Processing Your Data on behalf your behalf, SocialSignIn will comply with Your Instructions. If SocialSignIn is unable, for any reason, to comply with Your Instructions, we will notify you promptly. If we believe any of Your Instructions infringes Data Protection Law, we will notify you as soon reasonably practicable.

5. Specific requirements and permitted Processing. SocialSignIn will ensure that, when it Processes Your Data, it will use the Data Security Measures. You have determined that compliance with the Data Security Measures when Processing Your Data by or on behalf of SocialSignIn is satisfactory to comply with the Data Protection Laws. If you require a change to our standard Data Security Measures, we reserve the right to charge for implementing, maintaining and operating as you require.

6. Processing limitations. SocialSignIn will not Process Your Data for any purpose beyond providing the Deliverables and the scope of Your Instructions or, to the extent otherwise necessary, to comply with the Data Protection Laws.

7. International transfers. SocialSignIn will not transfer or allow any other person to transfer Your Data outside the European Economic without your prior written approval.

8. Acknowledgement. You acknowledge and accept that access and use of the Deliverables by your authorised users may occur outside the European Economic Area and, in such circumstances, Your Data may be viewed outside the European Economic Area by the relevant user. SocialSignIn will not be in breach of paragraph 7 in such circumstances.

9. Personnel. SocialSignIn will: (i) take reasonable steps to ensure the reliability of Personnel that may have access to Your Data; (ii) carry out appropriate checks of its Personnel before allowing them to Process Your Data; (iii) ensure the Personnel are appropriately trained in the handling and secure Processing of Your Data.

10. Subcontracting. SocialSignIn will only appoint Subprocessors in connection with the Processing of Your Data where: (i) the Subprocessor has provided sufficient guarantees to ensure the Data Security Measures are met or exceeded; (ii) the Subprocessor is on the SocialSignIn Approved Subcontractor List; and (iii) the Subprocessor is appointed under a written agreement that complies with the Data Protection Laws. SocialSignIn will remain liable for the defaults of its Subprocessors as if it carried out the actions of the Subprocessors itself.

11. Confidentiality. SocialSignIn will ensure that: (i) any persons authorised by or on behalf of SocialSignIn to Process Your Data are bound by obligations to maintain the confidentiality of Your Data; and (ii) its disclosure of Your Data will be limited to the extent necessary to provide the Deliverables or as otherwise permitted under the Contract, by you or by applicable Data Protection Law.

12. Data subject rights. You and your users have full access to Your Data through the Deliverables and, as such, it is your responsibility to comply with the rights of data subjects under the Data Protection Laws. If, for any reason you need the help of SocialSignIn to comply, we will assist you but reserve the right to charge for the assistance at our then prevailing rate.

13. Regulator and other third-party correspondence. If we receive a communication from a regulator, other competent authority or any other person (each a Competent Person) in respect of Your Data we will, unless we are prohibited by the Competent Person or applicable laws, forward it to you for you to address and reserve the right to notify the Competent Person that we have done so. If SocialSignIn is required to respond to the communication directly, we will do so.

14. Data breach. SocialSignIn will maintain a Data Breach incident response plan that documents the procedures to be followed and contacts to be notified in the event of a Data Breach. In the event SocialSignIn suffers a Data Breach as a result of or in connection with the performance of its rights or obligations under the Contract, SocialSignIn will notify you of all material facts without undue delay after becoming aware of the Data Breach.

15. Data breach management. SocialSignIn will cooperate and assist you in handling the Data Breach referred to in paragraph 14, by investigating the Data Breach, facilitating meetings with those involved in the data breach and making available all relevant records, logs, files and data, reports including those regarding the facts relating to the Data Breach, its effects and the remedial action taken or to be taken. If the Data Breach is not attributable to SocialSignIn or any of its Subprocessors, we reserve the right to charge for the assistance at our then prevailing rate.

16. Confidentiality in respect of Data Breaches. Except as required by Data Protection Laws, neither party will do, say or report anything to any person that may affect the other’s reputation without the approval of such other party (such approval not to be unreasonably withheld or delayed).

17. Data protection impact assessments. SocialSignIn will cooperate, and provide reasonable assistance to you with, any data protection impact assessment that you are required by the Data Protection Laws to carry out in connection SocialSignIn’s Processing of Your Data. If such co-operation or assistance requires SocialSignIn or any Subprocessor to provide any additional professional services, SocialSignIn will notify you of the proposed charges and no work will be commenced until the parties have agreed the charges and the scope of work in writing.

18. Returning Your Data on termination or expiry. You are able to export Your Data at any time during the term of our contract. After expiry (or termination if that is earlier) we will delete Your Data (normally within one month) but will retain the shortened links you have created using our code so that your users are redirected to the correct location.

19. Demonstration of compliance. SocialSignIn will appoint an independent third party to carry out an annual assessment to verify SocialSignIn’s compliance with the terms of this Addendum. SocialSignIn will provide you with a copy of the latest report produced on request.

20. Audit. If a court or regulatory body requires us to give you access to our premises or systems, we will do so but will require you comply with our prevailing security and health and safety requirements.

Annex 1 – Processing requirements

Subject matter

You have appointed SocialSignIn to provide certain Deliverables (as specified in Contract. To facilitate the provision of these, SocialSignIn will need to Process Your Data in respect of which you are the Controller.

Duration of Processing

The Processing will continue for the term of the Contract (as the same may be terminated and/or extended in accordance with the terms of the Contract).

Nature and purpose of Processing

Your Data will be Processed for the purpose of providing the Deliverables to you in accordance with the terms of the Agreement.

Type of personal data

The nature of our application is a mere repository for messages from your followers and users with the functionality for your users to manage those messages. As such, our provision of the Deliverables may require the Processing of any type of personal data.

Data subjects

The provision of the Deliverables may involve the Processing of personal data about any or all of the following data subjects:
– your users
– your customers and followers
– any other person that your users, customers or followers refer to in their messages or in our application

Annex 2 – Data Security Measures

1. Knowledge and resources. SocialSignIn will ensure that it has the appropriate knowledge to Process Your Data and has the necessary resources to implement the technical and organisational measures required under this Addendum.

2. Security of Your Data. SocialSignIn will implement and maintain the following technical and organisational measures when Processing Your Data and you have determined and are satisfied that:

(a) these are sufficient to ensure compliance with the Data Protection Laws and the protection of the rights of data subjects; and

(b) they take into account the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Your Data when it is transmitted, stored or otherwise Processed. Security measure and Details of the measure

Compliance framework

We have internal policies and procedures that are kept under review, a designated privacy officer and external specialist data protection advisers to support our compliance.

Training

All relevant personnel are trained to understand data protection and to apply its principles within their roles.

Firewalls

Network devices are managed within a secure management network and servers are secured by firewalls. In both instances SSL/TLS secure encryption protocols are used.

Anti virus

All of the servers we manage have antivirus and malware scanners installed and have updates applied frequently.

Encryption

Data in transit is always encrypted to a minimum standard of 256 bit

Access controls

We offer various options for you to choose from including:
– email / password
– strong passwords
– two-factor authentication
– SAML (Okta and OneLogin or any other agreed by us)
– Google Account Login

Data partitioning

Each client’s data is logically separated from that of other clients in our databases. Our code automatically tests to ensure each client’s data is not mixed with that of another client.

Access limitations

Your Data is only accessible by a small number of personnel in our development team on a ‘need to know’ basis.

Resilience

Our infrastructure is designed to be resilient. Our main database is ‘highly available’ such that, if one server goes offline, the other servers will pick up the work and contains replica data to ensure there is no downtime. All servers that serve our application are load balanced and can distribute load/requests to at least 3 servers.

Monitoring

We perform daily port scanning on public IP addresses to ensure there are no unexpected changes. Configuration management is dealt with by scripts with are kept and managed in our private version control system.

Security testing

Our entire application is scanned by external technically skilled individuals to try to break, gain unsolicited access to, and “hack” our systems in a safe way in order to find flaws or potential weaknesses in our platform.
We have some continual end-to-end testing of our server cluster to ensure specific key indicators are working correctly and use software to log and track these with a combination of active checks and, for back-ups, passive checks. Team members are alerted if an expected behaviour has not executed as expected.

Critical events

Our code is written to log any critical events for our developers to address.

Back-ups

Our databases are backed-up continuously. Whilst our main datastore holds replicas of data at all times, we also run our other databases with duplicate data in them ready to swap over should the need arise. Multiple snapshots of the entire database are taken daily and they are stored on a separate server from the one that holds live data. From these various back-ups, we are able to restore the entire database in the event of a physical or technical incident in a timely manner.

Disaster recovery

We maintain a disaster recovery plan to test our disaster recovery which is tested at least annually.

Secure hosting

We currently use leading third parties to provide hosting services. They have all been vetted and authorised by a designated approver within SocialSignIn as part of our supplier on-boarding process and we have written contracts with each of them incorporating appropriate data protection provisions to protect your personal data.

Audit trails

Our software normally maintains a record of many of your users’ activities when using our application such as which user creates or edits a post, or created any free text notes on your followers messages. You can view these audit logs through the application.

Other Measures

If we agree any alternative or additional measures in writing specifically referring to this Annex 2 of the Addendum, we will implement and maintain these accordingly.

This privacy policy sets out how we use and protect any information that you give SocialSignIn when you use this website. SocialSignIn is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. SocialSignIn may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from the 18th Dec 2017.

What we Collect

When you register for SocialSignIn we ask for information such as;

Platform Related

  • Your name and email address and other contact details.
  • The geographic area where you use your computer and mobile devices using your IP address.
  • Other optional information as part of your account profile.
  • Other information submitted by you or your organizational representatives via various methods (phone, email, online forms, surveys, in-person meetings, etc.).

In Supporting You

  • Your billing address and any necessary other information to complete any financial transaction, and when making purchases through the Services.
  • Information we may receive relating to communications you send us, such as queries or comments concerning our Services
  • In Using our Platform-User-generated content (such as messages, posts, comments, pages, profiles, images, feeds or communications exchanged on the Supported Platforms)
  • Images or other files that you may publish via our Services (including the socsi.in services)

How we use the Data

  • To identify you when you login to your SocialSignIn account.
  • To enable us to operate SocialSignIn Services and provide them to you.
  • To verify security, and authentication (including security tokens for communication with installed Third-Party Apps).
  • To contact you about your account and provide customer service support, including responding to your comments and questions.
  • To keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us.
  • To sell or market SocialSignIn products and services to you.
  • To better understand your needs and the needs of users in the aggregate, diagnose problems, analyze trends, improve the features and usability of the Services, and better understand and market to our customers and users.
  • To keep the Services safe and secure.

Information Sharing

The information we collect is used to improve the content of our Web pages and the quality of our service, and is not shared with or sold to other organizations for commercial purposes, except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:

It is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law.

We transfer information about you if SocialSignIn is acquired by or merged with another company. In this event, SocialSignIn will notify you before information about you is transferred and becomes subject to a different privacy policy.

Tracking Services

Socsi.in Metrics and Analytics:

SocialSignIn collects information about accesses (such as clicks) of every socsi.in Link created through the Services. This information includes, but is not limited to: (i) the IP address and physical location of the devices accessing the socsi.in Link; (ii) the referring websites or services; (iii) the time and date of each access; and (iv) information about sharing of the socsi.in Link on Third Party Services such as Twitter and Facebook. This information is used by SocialSignIn to improve their websites and services by, for example, providing value-added features, and to analyze clicks on socsi.in Links, for example to understand how, when and where socsi.in Links are clicked.

Socsi.in Information Collected Automatically:

  • SocialSignIn automatically receives and records information from your web browser when you interact with the Services
  • SocialSignIn also automatically receives and records information that your mobile device transmits when you access the Services, like a device identifier, device settings, and operating system.
  • Generally, the Services automatically collect Site usage information, such as the number and frequency of visitors to the Site. SocialSignIn may use this data in aggregate form, that is, as a statistical measure. This type of aggregate data enables us to figure out how often individuals use parts of the Site so that we can analyze and improve them.
  • We will collect information about your general location (such as your city and state, which is derived from your IP address) when you visit a socsi.in Link

Socsi.in Cookies:

SocialSignIn socsi.in Links use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole.

  • Cookies are pieces of text that may be provided to your computer through your web browser when you access a website. Your browser stores cookies in a manner associated with each website you visit. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit our Site and use the Services through the web.
  • socsi.in cookies also allow SocialSignIn to track when you have clicked on a socsi.in Link. Each click of a socsi.in Link is tracked using a unique identifier assigned to you in one or more cookies stored by your web browser and associated with socsi.in. We may associate the unique identifier in our cookies with the other information we automatically collect when you use the Services, as described above, including your IP address, socsi.in Links you click and information with your Account if you have one.
  • Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. If you disable cookies, you will not be able to use some features of the Services.
  • You may also ask SocialSignIn not to place cookies on your web browser by navigating your browser to http://socsi.in/tracking/disableCookies.
  • When cookies are disabled in this manner, clicks on socsi.in Links are not tied back to or associated with your web browser. However, we will still automatically collect the IP addresses of computers or mobile devices that click on Links.

Cookies

A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site’s computers and stored on your computer’s hard drive.

Cookies are required to use the SocialSignIn service.

We use cookies to record current session information, but do not use permanent cookies. You are required to log-in to your SocialSignIn Site after a certain period of time has elapsed to protect you against others accidentally accessing your account contents.

Data Storage

SocialSignIn uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run SocialSignIn. Although SocialSignIn owns the code, databases, and all rights to the SocialSignIn application, you retain all rights to your data. We’re serious about our privacy policy and never disclose or sell any personally identifiable information. We do use cookies only in the same, widely-accepted way that Twitter, Facebook and Google use them: to improve our analytics and the tools we can offer our users. For example, we need to distinguish between total clicks links and total unique users – a distinction we can’t make without cookie data.

Disclosure

SocialSignIn may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or when your actions violate the Terms of Service.

Email Preferences

You can manage your email preferences, such as opt-out or unsubscribe from emails sent by SocialSignIn, by adjusting your preferences in your account settings. You can also opt-out or unsubscribe from any future email communications from within each email correspondence that we send you.

Policy Changes

SocialSignIn may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your SocialSignIn primary account holder account or by placing a prominent notice on our site.

General Data Protection Regulation (GDPR) Readiness

The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. In line with the GDPR and to continue the provision of secure, reliable and compliant services, we have created these FAQs which set out our privacy obligations – both legal and contractual.

1. How is SocialSignIn structured to ensure data protection compliance?

The protection of our clients’ data is at the heart of our business.  We have a strong culture of compliance, which is embedded within our software, systems and processes.

We have worked hard to establish a GDPR compliance framework with internal policies and procedures that are kept under review.  Our personnel are trained to understand the importance of data protection and to apply its principles within their roles.

We have a designated privacy officer to guide our business on compliance and have specialist external advisers that we can call on for additional support.

Compliance is monitored through various activities, including internal auditing and analysis of incidents.  We maintain records of our processing activities in compliance with Article 30 of the GDPR.

2. What is SocialSignIn’s role in respect of our data?

You are the data controller of all personal data held in our application under your account and SocialSignIn is merely your data processor in respect of all the services provided to you.  Our processing of your personal data is only on your documented instructions as set out in the contract between us. We do not use any of your personal data for anything that is not in the contract.

3. What personal data is stored within the SocialSignIn application?

Our application only holds basic information about your authorised users, this being name, email address, password, last login, IP address, browser and device details.  If you opt for two-factor authentication, we will also store the user’s mobile phone number.

Your social media followers may include any type of information (including personal data, images and videos) in their messages to you and your users can add free text to social contacts and messages. We don’t use any of this information for any of our own purposes other than to create aggregated statistics, which do not identify any individuals.  Our system is merely a place to store their messages to you and to enable you to manage and retrieve them. You are the data controller of your followers’ messages and your users’ free- text additions. As such, it is your responsibility to ensure you use these in compliance with data protection and other laws.

4. Is our data held separately from that of other SocialSignIn clients?

Data is not physically separated within the SocialSignIn application but it is logically separated.  We have security policies and code that is automatically tested with every deployment to ensure that your data is not mixed with other clients’ data.

5. Are the systems used by SocialSignIn GDPR compliant?

We carried out a Privacy Impact Assessment of our software, systems and services and have made changes to ensure we meet and, in some cases, exceed GDPR requirements.

Our system architecture was developed with data protection and data security in mind. The databases in which your personal data is stored are only accessible by a small division of the internal development team who are internally vetted and have worked for us for a substantial amount of time. We do not use live data for testing and it is never stored on local machines.

6 What does SocialSignIn do to protect login credentials?

We offer a number of log-in options:

  • SAML (Security Assertion Markup Language) – this allows you to use SAML authentication single log in services such as OKTA and One Login. On request we can add other providers
  • Two Factor Authentication (2FA) – this requires users to enter a code sent to them by SMS when logging into the system
  • Google Account Login (Single Sign On / SSO) – this allows users to log in via Google Accounts if your organisation is using Google Business apps to manage its email accounts. Using this option allows your users to utilise Google’s own security around the log-in procedure.

Ultimately, you are responsible for ensuring your users keep your account log-in credentials secure and for any activities or actions occurring under your account.  Our application offers the ability to require “strong” passwords (passwords that use a combination of upper and lower case letters, numbers and symbols) for your account. Administrators can disable email/password as a means of logging into the application and force one of the above options instead.

7. What does SocialSignIn do to keep customer data secure?

We have a suite of security measures in place.  These are kept under review and, wherever we consider it appropriate, they are enhanced.  These are:

  • Encryption.  Network devices are managed within a secure management network and servers are secured by firewalls. In both instances SSL/TLS secure encryption protocols are used.  Data in transit is always encrypted to a minimum standard of 256 bit.

We use Cloud KMS (a cloud-hosted key management service), which lets us manage encryption keys for our services. This allows us to generate, use, rotate and destroy AES256 encryption keys.

For all administration based services, 2FA is enabled.

  • Resilence.  SocialSignIn’s infrastructure is designed to be as resilient as possible. Our main database is ‘highly available’ which means that, if for some reason one server was to go offline the other servers would not only be able to pick up the work but would also contain replica data to ensure there is no downtime. We also run other databases that are built and configured so that, if one was to go down, there is already another ready to ‘hot swap’ and step in.   All servers that serve our application are load balanced and so can distribute load/requests to a at least 3 servers.
  • Monitoring.  All of the servers we manage have antivirus and malware scanners installed and have updates applied frequently. We perform daily port scanning on public IP addresses to ensure there are no unexpected changes. Configuration management is dealt with by scripts with are kept and managed in our private version control system.
  • Security testing.  SocialSignIn has its entire application scanned by external technically skilled individuals. Their remit is to try to break, gain unsolicited access and “hack” our systems in a safe way in order to find flaws or potential weaknesses in our platform.   If you would like to see the raw and unedited report with you, please speak to your account manager.

We have some continual end-to-end testing of our server cluster to ensure specific key indicators are working correctly and use software to log and track with a combination of active checks and, for some things, such as back-ups, passive checks.  Our set up allows use to detect unexpected behaviour early and team members are alerted if an expected behaviour has not executed as expected.

Our code is written to log any critical events for our developers to address.

8. What back-ups does SocialSignIn take?

SocialSignIn carries out backup continuously.  Whilst our main datastore holds replicas of data at all times, we also run our other databases with duplicate data in ready to swap over should the need arise.

Multiple snapshots of the entire database are taken every day and we store them on a separate server from the one that holds live data.

From these various back-ups, we are able to restore the entire database in the event of a major incident.  We test our disaster recovery at least annually.

9. Will you need access to our systems?

We do not need access to your systems to provide our services to you.

10. Does SocialSignIn rely on third parties to provide its services?

To date SocialSignIn has not used external developers and intends to use only in-house developers moving forward. This may change in the future but, if so, external developers would be given only limited access to code bases, no access to live data and all code/contributions would be vetted before been deployed.

We use Cloud KMS to manage encryption keys for our services. We currently use leading providers, Rackspace, Amazon Web Services, Google Cloud Services, SendGrid, Loggly and Twilio to provide hosting services.  They have all been vetted and authorised by a designated approver within SocialSignIn as part of our supplier on-boarding process and we have written contracts with each of them incorporating appropriate data protection provisions to protect your personal data.

11. What audit trails are maintained to protect our data?

Our software normally maintains a record of your users’ activities in our application such as which of your users created a post to send out, who edited the post, and who created any free text notes on your followers’ messages. You can view these audit logs through the application.

12. What procedures does SocialSignIn have in place to deal with data breaches?

We are proud of our record of having no reportable data breaches to date.  However, we know the importance of being prepared for an incident.

All security incidents and platform wide issues will be recorded in a Major Incident Report which will cover: the nature of the incident, the impact on your business and data subjects the resolution and any preventative action planned to avoid recurrence.  We will also make an assessment as to whether the breach must be reported to the Information Commissioner and/ or affected individuals.

In the event of a data breach affecting your personal data, we will report this to you without undue delay through our normal support process.

13. Where will our personal data be processed by SocialSignIn?

We use three of the leading providers to host our data and applications, Rackspace, Amazon Web Services and Google Cloud Services. All of the live data is stored within the UK and a limited number of back-ups are stored within the EU.

Where our designated staff are permitted access to your data to fulfil their roles, they do so only from our premises.

14. What happens to our data at the end of the contract?

You are able to export your social inbox whenever you wish during your contract term.  Our reports are printable and downloadable.

Once our contract with you has ended, we expunge all of your data (other than your shortened links) which then propagates through our backups. The deletion process can take up to a month to be completely removed from backups.

We retain your shortened links after our contract so that any social posts created from within our application using our link shortening service continue to redirect users to the correct location.  No other information is retained or stored.

15. Will SocialSignIn help us comply with data subject rights?

You have full control over your user data and data from followers so you should be able to manage all data subject rights yourself just by using the application.  If you need any specific guidance on how to do this, you can use our ‘help’ feature in the application or consult our user guide or use our online chat facility.

16. Will we be able to audit SocialSignIn premises and systems for compliance?

You will appreciate how important it is that our systems and premises ensure confidentiality for all of our clients and we do not normally allow clients to have access.  We do, however, engage an external specialist to check our systems and provide a report on compliance each year and we are happy to make that available to you for your peace of mind.

Of course, if a court or regulatory body requires us to give you access, we will honour that requirement but will require you comply with our security and health and safety requirements in doing so.

17. What changes can we expect to see in our contract and services?

Your services will continue unchanged although you may see some new features within our application and we may make additional security checks when you seek our support.

The GDPR requires you, as a data controller, to include additional things in your contracts with data processors.  We have, therefore, prepared new data protection provisions, which will replace those in our current contract with you.  We will be in touch with each of our clients to provide details of the changes so that we can all be satisfied that we are meeting our legal obligations.

Questions

Any questions about this Privacy Policy should be addressed to one of our contact details listed here or in the footer of our website.