Bombe

Privacy

Privacy Policy

Last updated: 1 October 2023

Next review: 1 May 2024

Basics

Bombe is a software-as-a-service (SaaS) audience intelligence platform operated by Bombe Platform Ltd, a company limited by shares incorporated in England and Wales under company registration number 14978678.

Bombe Platform Ltd is registered with the Information Commission under registration number ZB604981, confirmation of which can be found here.

Bombe Platform Ltd operates in compliance with the laws of England and Wales, as well as the European Union’s General Data Protection Regulation (GDPR) as incorporated into law as part of the UK General Data Protection Regulation and the Data Protection Act of 2018.

Grounds for Processing

Bombe is a product intended to help businesses understand how public opinion is formed, by who and why. It relies on a variety of sources of data to do so, ranging from private opinion polling information, open government statistics, parliamentary data and public social media data

The overwhelming majority of this data is not directly personally identifiable information about individuals at the present moment, and therefore does not fall into the scope of UK GDPR or the European Union’s GDPR for the purposes of establishing a legal basis for processing.

The exception to this is public social media data, for which our primary legal basis for processing is the legitimate interest of Bombe Platform Ltd and our customers. While carefully balancing the fundamental rights of data subjects, we provide services to assist our customers in their legitimate interest to understand what’s being discussed on the most important forum for discussion in the modern world, social media. The information that we process in this respect is public, and any user may at any time choose not to share this further by changing their social media privacy settings.

How we process your data

Bombe ingests a wide range of different data from many different data sources, the majority of which is not personally identifiable information.

In the context of the social media data collected by Bombe Platform Ltd to provide services to our customers, we collect and process the following information:

We may then process this data further to infer the overall sentiment of the social media post, or information about data subjects like language, age, gender, location, topics of interest and so on. This is done automatically and algorithmically by our platform. Whether collected or deduced, we never make any decisions about data subjects based on the data we hold on them – this is solely provided to our customers.

Your Rights

Under the European Union’s GDPR and UK GDPR, you have the a range of rights, which we comply with as follows:

The Right(s)

How We Comply with This Right

To be informed

As part of this statement, we provide:

  • The name and contact details of the organization processing their information

  • Why their information is being processed

  • The lawful basis of doing so

  • How long their data will be retained for

  • Information about their rights to access, withdraw consent, lodge complaints, and automated decision-making

To access

You can exercise this right by writing to us at [email protected].

To rectify

You can exercise this right by writing to us at [email protected].

To delete

You can exercise this right by writing to us at [email protected].

To restrict processing or object

You can exercise this right by writing to us at [email protected].

To data portability

We always provide data in a machine-readable, portable manner.

With respect to automated decision-making

We do not automatically make decisions or profile on the Bombe platform.

Data Storage and Retention

Data is retained while it is still in use and working in the legitimate interest of Bombe Platform Ltd and its customers.

When personal data is deleted, it is removed immediately from the live database. Back-ups are kept for one week, after which point the data is irretrievably deleted.

Data may be kept for statistical reasons, for example, to track trends in activity or report on usage for billing or financial purposes. Similarly, we may need to keep some data to track for anti-abuse purposes or to comply with a request to restrict processing of a data subject. In this case, the data will be anonymised to the greatest extent possible to fulfil our requirements in keeping with the GDPR principles of data minimisation and security.

All data is hosted in databases and storage within the European Economic Area (EEA). Where the functionality of software we produce requires it, or we have necessary subprocessors based outside the EEA, data may leave the EEA to fulfil this functionality. In these cases, we carefully ensure that all such data transfers take place within a legal framework such as the Standard Contractual Clauses (SCCs).

Security

Our broad data protection procedures are as follows:

Future Development

In the future, we foresee developing functionality to allow customers to import their own data into the platform to help them understand what their own audiences are likely to think and why. Our customers would contractually warrant to Bombe Platform Ltd that they have the right to hold, process, and assign the processing to subprocessors like us for this data.

In that instance, our basis for processing would be therefore performance of a contract for processing data on behalf of these organisations. For more information on how they store and process personal data, or to exercise your rights as a data subject, please refer to their own privacy policies.