Privacy Policy

The entity responsible for the processing of personal data described in this Privacy Policy is:

Plantel Protagonista, S.A. ("Felton", "we", "us" or "our"), a public limited company incorporated under the laws of Portugal. Registered office: Rua da Prata, No. 80, 1st floor, 1100-420 Lisbon, Portugal. Company registration number: 515665282. Contact: [email protected]

Felton acts as an independent data controller in respect of all data processing described in this Privacy Policy, in accordance with Regulation (EU) 2016/679 (GDPR) and all applicable Privacy Laws.

We process personal data in two distinct contexts: (A) data collected from Website visitors and B2B enquiries; and (B) publicly available data processed through the Platform on behalf of our customers.

A. Website Visitors and Business Contacts — When you visit our Website or contact us, we may collect: identification data (name, job title, company name); contact data (email address, telephone number); communication data (content of messages sent via contact forms or email); connection and technical data (device type, browser version, IP address, referring URL, and browsing behaviour collected via cookies and similar technologies).

B. Publicly Available Data Processed Through the Platform — As part of providing the Platform to our B2B customers, Felton collects and processes publicly available data from Instagram and other digital social media sources. This data relates to publicly accessible accounts, posts, and interactions and is processed by Felton as an independent data controller.

The categories of publicly available data processed include: social media channel data (public profile information, channel identifier, username, biography, profile image, follower/following counts, engagement metrics); post data (post identifiers, image/video URLs, captions, publication date, engagement metrics, hashtags, mentions); comment data (comment text, publication date, public username and profile image); author data (public username, display name, profile photo, follower/following counts, public biography, account type, geographic location data where publicly disclosed).

C. AI-Generated and Derived Data — The Platform uses AI models including NLP, computer vision, and sentiment analysis to generate derived insights: sentiment and emotional analysis (25 specific emotion types); entity recognition; post categorisation (9 content types) and call-to-action detection; content moderation signals; demographic and psychographic inferences from publicly available profile photos and following lists; brand and item detection; engagement and Community Trust Scores (CTS).

All AI-generated outputs are aggregated and used to provide analytics to Felton's B2B customers. Felton's AI models are designed in accordance with transparency, fairness, accountability, and data minimisation principles, and in compliance with the EU Artificial Intelligence Act (Regulation (EU) 2024/1689). AI outputs are probabilistic and informational and are not used to make automated decisions with legal or similarly significant effects on individuals.

We collect personal data through the following means:

Directly from you, when you submit a contact or enquiry form on our Website, subscribe to our communications, or contact us by email or telephone.

Through automated technologies on our Website, including cookies and similar tracking tools, which collect technical and behavioural data about your visit (see our Cookie Policy for further details).

From publicly available sources, specifically Instagram and other digital social media platforms, through automated data collection processes used to operate the Platform.

Through our social media pages, when you interact with Felton's own social media accounts.

We collect and process personal data on the following legal grounds under the GDPR: performance of contractual or pre-contractual measures; compliance with applicable legal obligations; our legitimate interests (where these are balanced against your rights); and, in limited cases, your consent.

The following table identifies the principal purposes for which we process personal data, the categories of data involved, and the applicable legal basis:

Felton's Platform relies on AI models to analyse publicly available data and generate fan community insights. We are committed to operating these systems in compliance with the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) and the GDPR.

Our AI models are designed with principles of transparency, fairness, accountability, and data minimisation. AI outputs are traceable and explainable, and Felton maintains appropriate technical and organisational safeguards to minimise the risk of unlawful bias.

Demographic and psychographic inferences (such as inferred gender, age range, ethnicity, and lifestyle indicators) are derived from publicly available profile images and following lists. These are probabilistic inferences used solely to generate aggregated audience analytics for our B2B customers and are not used to profile or make decisions about individuals.

No automated decision-making with legal or similarly significant effects on individuals is carried out using the Platform. We apply data minimisation principles: where insights can be provided in aggregated or anonymised form, we prefer that approach.

We implement appropriate technical and organisational measures to ensure the security and confidentiality of personal data, including:

Measures to ensure the ongoing confidentiality, integrity, availability, and resilience of our processing systems and services.

A data breach response policy for detecting, resolving, and communicating personal data breaches in a timely manner.

The ability to restore availability and access to personal data following a physical or technical incident.

Regular testing, assessment, and evaluation of the effectiveness of our technical and organisational security measures.

Maintenance of a written record of all processing activities in compliance with GDPR Article 30.

Confidentiality and non-disclosure agreements with all employees and contractors who have access to personal data.

Internal privacy and information security policies and procedures.

We respect the confidentiality of all personal data we process. Your personal data will never be transferred to third parties for purposes other than those described in this Privacy Policy.

We may engage third-party service providers (subcontractors) such as cloud hosting providers, email platforms, analytics tools, and infrastructure partners, who process personal data on our behalf strictly in accordance with our instructions and applicable data protection law. These providers will not use personal data for their own purposes.

We may disclose personal data to third parties if you provide your express consent, or where required by a competent authority to comply with a legal obligation or court order.

We may share aggregated or anonymised analytics data derived from the Platform with our B2B customers. Such data does not directly identify any individual.

Felton may identify customers and prospective clients by name in its marketing materials, but will not disclose their Confidential Information without prior written consent.

We will only transfer personal data outside the European Union or the European Economic Area (EEA) in compliance with applicable European data protection legislation. We ensure adequate protection through one or more of the following mechanisms:

Adequacy decisions issued by the European Commission, where the destination country has been determined to offer an equivalent level of data protection.

Standard Contractual Clauses (SCCs) adopted by the European Commission for transfers of personal data to organisations located outside the EEA.

Other appropriate safeguards as permitted under Chapter V of the GDPR.

We retain personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy. The criteria we apply include: the duration of our contractual or pre-contractual relationship; any legal obligation to retain records; and the need to retain data for the defence of legal claims.

Personal data collected through the Website (e.g., contact form submissions) is retained for a maximum of three (3) years from the date of last contact, unless a longer retention period is required by law.

Publicly available data processed through the Platform is retained in accordance with our data minimisation and anonymisation policies. After the applicable retention period, personal data is permanently deleted or anonymised.

Subject to applicable law, you have the following rights: right to be informed; right of access; right to rectification; right to erasure ('right to be forgotten'); right to object; right to data portability; right to restriction of processing; and the right to lodge a complaint with the Portuguese data protection supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD), at https://www.cnpd.pt/

Please note that certain rights may not apply to publicly available data processed by the Platform where such data was not provided directly by you. We will assess each request individually.

To exercise any of your rights, please contact us at: [email protected]

Our Website may contain links to third-party websites and platforms. Data processing carried out by those third parties is their own responsibility and is not governed by this Privacy Policy. We recommend that you read the privacy policy of any third-party website you visit when leaving the Felton Website.

Our Website uses cookies and similar technologies to enhance your browsing experience, analyse Website usage, and support our marketing activities. The types of cookies used and your options for managing or withdrawing consent are described in our Cookie Policy, available on the Website.

Where your consent is required for the use of non-essential cookies, we will request it before placing such cookies on your device.

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or the features of the Platform. Any material changes will be communicated on the Website prior to taking effect, and where legally required, we will seek your consent.

We encourage you to review this Privacy Policy periodically. The "Last updated" date at the top of this document indicates when it was most recently revised.

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

Plantel Protagonista, S.A. (Felton) | Rua da Prata, No. 80, 1st floor, 1100-420 Lisbon, Portugal | Email: [email protected] | Website: www.felton.ai

Plantel Protagonista, S.A. | Rua da Prata, No. 80, 1st floor, 1100-420 Lisbon, Portugal | Reg. No. 515665282