We highly value your privacy and make this policy easily available throughout our site to assist you in understanding the handling of information in the course of using this site and our services.
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Relative Insight is committed to address EU data protection requirements applicable to us as a data processor and we have processes in place to ensure our compliance.
Types of data we handle
Relative Insight processes and models language. As part of this we handle different types of data. Specifically:
- Client Organisation Data
- Language Data
How we handle Client Organisation Data
Relative Insight requires information to enable us to deliver our services to clients. In addition to client contact information, this can also include details of client employees who have access to our web-based analysis dashboard. Employee details are limited to their name, dashboard username (which is typically their work email address) and password. This information is solely used for enabling access and supporting the usage of our dashboard, and is not disseminated or used for any other purpose.
When an organisation ceases to be a client of Relative Insight, all their information (and employee information) is deleted. Likewise, we will delete an employee’s account upon receiving an official request from the respective client. Should a client wish to do this, they should contact the Relative Insight account manager they have been assigned.
How we handle Language Data
Relative Insight builds models that reflect how broad audiences/demographics use language, capturing characteristics such as the style of language and topics of interest. The data we process is collated together into a general model and, as part of this, no personal identifiable details of the author of the language is stored. The language models that are built are statistical in nature with the content broken down into individual tokens (words). This means that none of the original sentence structures are captured within the model – they are literally just collated lists of words, semantic themes and grammatical features.
The data for these models is collected in two ways – it is either provided to us by a client, or has been collected by ourselves as part of a client project.
- Data provided by the client – when a client uploads data we are unaware of its content. Due to the amount of data we analyse and the fact that it is not owned by us, it is infeasible for us to inspect it. As a consequence, it is the client’s responsibility to ensure that any data they upload is compliant with data protection regulations. This is reflected in the terms of their contract with us. As data files that clients upload may also contain personally identifiable information (for example, a Brandwatch CSV file) – the data file will be automatically deleted from our servers within 7 days.
- Data collected by us – in some projects the client will ask us to collect the data for a project. In these situations we ensure that data is collected only from sources where data collection is permitted (publicly accessible data) or an arrangement has been made. Again any data that is collected does not include author details (personal data), so there is no way to associate to the originator.
How we protect data
Relative Insight in in the process of securing ISO 27001 certification and will be audited annually to ensure its compliance. ISO 27001 covers all aspects of information security and ensures we have the correct policies and processes in place for dealing with it.
We have polices in place for:
- Access Control and Management: who has access to our platform operations and how this access is managed
- Data Redundancy and Backup: how data is kept safe and stored in the event of adversity
- Change Management: how we make sure changes are tracked and properly reviewed from a security perspective
- Software Architecture and Development: we make sure security is considered at all stages of the development process
Relative Insight has a dedicated Security Officer, who oversees certification, compliance and data protection issues.
Internal information security forums are held at least once a year where the companies security processes and compliance is reviewed and updated where necessary.
All of our services run in the cloud, and we only use established providers with the highest security certifications (ISO 27001, SOC, etc.). Relative Insight does not run it’s own routers, load balancers, DNS servers, or physical servers – for the purpose of delivering our services to clients.
- Training and Review – Code is reviewed by a senior engineer with security best practice training before being deployed to production systems.
- Automated Testing and Build Processes – We have an extensive set of automated testing procedures that are run for every code change.
- Software Dependencies – Relative Insight keeps up to date with software dependencies and has automated tools scanning for common security issues
- Development and QA Environments – These environments are separated physically from Relative Insight production environment. No customer data is ever used in development or QA environments.
- User Logins – User passwords are one-way encrypted and salted before being stored in our database.
- Penetration Testing – Relative Insight performs regular penetration test audits with a contracted third party.
Data in Transit
All data transferred in and out of Relative Insight is encrypted using hardened TLS. Relative Insight is also protected by HTTP Strict Transport Security and is pre-loaded in major browsers.
Relative Insight will only access a client’s data as part of addressing a support query or if we have been commissioned to provided professional services around it (i.e. an analysis project). In these cases only the relevant and senior staff within Relative Insight will have access to the data.
Tracking and Cookies
Our web analysis dashboard does not use any cookies, however we do use 3rd party products that do. In order to help us improve the user experience, we use a number of tracking tools that keep logs of how users interact with the dashboard and helps us identify difficulties so we can better support them. Aside from the users dashboard username for logging purposes, no personally identifiable information is provided to these 3rd parties.
Website Contact Form
Our website contains a form which can be used to contact us. By completing and submitting this form the individual/organisation is providing consent for us to use their details for the purpose of contacting them in relation to their query and for future marketing purposes.
Their information will not be used for any other purpose and can be deleted upon request.
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order or legal process served upon us.
Furthermore, please be aware that despite our best efforts, no data security measures can guarantee 100% security.