1. Introduction
Last Updated: Sep, 2024
At Datadek (“we,” “our,” “us”), your privacy is of the utmost importance. We are committed to protecting and respecting your personal data, ensuring that your privacy is safeguarded throughout your interaction with our Services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Services. It also informs you of your rights in relation to your personal data and how the law protects you.
By using our website, services, or otherwise providing us with your personal data, you agree to the practices described in this Privacy Policy. We encourage you to read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
1.1 Purpose of This Privacy Policy
This Privacy Policy provides information on how Datadek collects, uses, processes, and protects personal data, whether through our website at www.datadek.com, through research panels, service delivery, or as part of our business operations. The purpose of this policy is to ensure transparency and provide clarity regarding the personal data we collect, how we use it, and the measures we take to ensure that your privacy is respected in accordance with applicable data protection regulations, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws.
This Privacy Policy applies to all visitors to our website, clients, research participants, partners, and any other individuals who interact with Datadek’s Services.
1.2 Who We Are
Datadek is a leading B2B market research and data analytics company dedicated to delivering actionable insights to help businesses make informed decisions. We specialize in gathering and analyzing data through research panels, surveys, and other proprietary methodologies to provide our clients with the knowledge they need to succeed. Headquartered in Washington, Datadek serves clients globally and operates in compliance with the highest standards of data protection and privacy.
As part of our business operations, we collect and process personal data in various ways, including when you visit our website, communicate with us, participate in our research panels, or use our Services. We are responsible for ensuring that your personal data is handled in a lawful, transparent, and secure manner.
1.3 Our Commitment to Data Protection
Datadek is committed to ensuring that your personal data is processed in a secure, transparent, and lawful manner. We take our data protection obligations seriously and adhere to industry best practices when collecting, processing, and storing personal data. We are dedicated to safeguarding your rights and ensuring that your personal data is protected, regardless of where you are located.
Our commitment includes:
- Lawfulness, Fairness, and Transparency: We will only collect and process personal data in ways that are lawful, fair, and transparent. We will always explain why we are collecting your data and how it will be used.
- Purpose Limitation: We will only collect personal data for specific, explicit, and legitimate purposes. We will not use your data for any purpose that is incompatible with the original purpose for which it was collected unless you provide explicit consent.
- Data Minimization: We will only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
- Accuracy: We will take all reasonable steps to ensure that the personal data we hold is accurate and kept up to date. If any of the personal data we hold about you is inaccurate or incomplete, we will endeavor to rectify or update it as quickly as possible.
- Storage Limitation: We will retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law.
- Integrity and Confidentiality: We will implement appropriate technical and organizational measures to ensure that your personal data is protected from unauthorized access, disclosure, or destruction.
- Accountability: We will be accountable for how we handle your personal data, and we will regularly review our practices and policies to ensure compliance with applicable data protection laws.
1.4 Scope of This Privacy Policy
This Privacy Policy applies to all personal data collected by Datadek, whether it is collected through:
- Our website (www.datadek.com), which includes browsing, account creation, and any other interactions;
- Participation in our research panels, including surveys, interviews, focus groups, and any other research activities;
- Any engagement with our clients, partners, or vendors as part of the services we provide;
- Communications with us, whether by phone, email, or other electronic means;
- Third-party sources that provide us with personal data to enhance our services, provided that such data is collected in compliance with relevant data protection laws.
1.5 Changes to This Privacy Policy
Datadek reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or technological advancements. When we make changes to this Privacy Policy, we will revise the “Last Updated” date at the top of the page. If there are significant changes to how we collect, use, or share personal data, we will notify you via email (if applicable) or through a prominent notice on our website.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our website or Services after any modifications to this Privacy Policy constitutes your acceptance of the updated policy.
1.6 Contact Information
If you have any questions or concerns about this Privacy Policy, how we handle your personal data, or if you wish to exercise your data protection rights, please contact us at:
Data Protection Officer (DPO) Contact: [email protected]
Company Name: Datadek
Email Address: [email protected]
2. Data We Collect
At Datadek, we collect and process different types of personal data depending on how you interact with our Services. This section outlines the categories of personal data we collect, how we collect it, and the purposes for which we process that data. Our aim is to be transparent about the data we gather so that you can make informed decisions about your privacy.
2.1 Personal Data You Provide to Us
We collect personal data that you voluntarily provide when you interact with Datadek. This data may be provided in various ways, including when you:
- Contact Us: When you fill out a contact form, send us an email, or call us, we collect the information you provide, which may include:
- Your name
- Email address
- Phone number
- Company name
- Job title
- Any other information you choose to share in your message or inquiry
- Create an Account: When you create an account on our website or subscribe to our Services, we collect:
- Your name
- Email address
- Company details
- Job title and professional information
- Billing information, including payment details (e.g., credit card information)
- Username and password for account access
- Participate in Research Panels: When you agree to participate in our market research studies, surveys, interviews, or focus groups, we collect data relevant to the research, which may include:
- Demographic information (e.g., age, gender, income, location)
- Professional background (e.g., industry, job role, years of experience)
- Responses to survey or interview questions
- Opinions, preferences, and feedback on specific topics
- Any other data relevant to the research objectives
- Sign Up for Marketing Communications: When you subscribe to our newsletters, research reports, or other marketing materials, we collect your contact details and preferences to ensure that you receive the information most relevant to you. This may include:
- Your name
- Email address
- Marketing preferences (e.g., preferred topics or types of communications)
- Apply for a Job: When you apply for a position at Datadek, we collect personal data related to your application, including:
- Your name
- Contact details (email, phone, address)
- Resume/CV
- Employment history
- Educational background
- References and other supporting documents
2.2 Data Collected Automatically
When you use our website or interact with our digital Services, we automatically collect certain information about your device and usage patterns. This helps us optimize our website, improve user experience, and better understand how our Services are used. The data we collect automatically includes:
- Device Information: We collect details about the device you use to access our website, such as:
- IP address
- Browser type and version
- Operating system
- Device type (e.g., desktop, mobile, tablet)
- Screen resolution and other technical characteristics
- Usage Data: We gather information about your interactions with our website and Services, including:
- Pages you visit and how long you spend on each page
- Links you click on and actions you take
- The referring URL (i.e., the website or search engine that brought you to our site)
- Dates and times of your visits
- Location Data: We may infer your approximate location (e.g., city, region) based on your IP address. This helps us customize content and understand the geographic distribution of our users. Location data is not precise unless you explicitly provide it.
- Cookies and Tracking Technologies: We use cookies, tracking pixels, and other similar technologies to collect information about your interactions with our website and Services. These technologies help us:
- Personalize your experience on our website
- Analyze user behavior and website performance
- Improve the effectiveness of our marketing campaigns
- Manage user preferences (e.g., language or layout settings)
2.3 Data Collected from Third Parties
In some cases, we receive personal data about you from third-party sources. We may combine this data with the information you provide directly to us or that we collect automatically. Third-party data sources include:
- Service Providers: We may work with third-party providers who enhance the data we collect or help us process data. These providers may supply us with information such as:
- Enriched contact details (e.g., job title, company size)
- Professional background or business information
- Analytics on how users interact with our content across different platforms
- Social Media Platforms: If you engage with us on social media or connect with our Services through social media accounts, we may receive data from those platforms, depending on your privacy settings. This may include:
- Public profile information (e.g., name, profile picture)
- Engagement metrics (e.g., likes, shares, comments)
- Other social media interactions relevant to our marketing and research efforts
- Partners and Affiliates: We may receive data from business partners or affiliates as part of our joint marketing, research, or service initiatives. This data may include:
- Referral information (e.g., the source that referred you to our Services)
- Shared business information for collaborative projects or research
We ensure that any third parties we receive data from comply with applicable data protection regulations and have obtained the necessary permissions from data subjects to share their personal data with us.
2.4 Special Categories of Personal Data
We do not intentionally collect or process special categories of personal data (sensitive data) unless it is necessary for a specific purpose and we have obtained your explicit consent. Special categories of data may include:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Health information or biometric data
- Sexual orientation or sexual life
If we need to process sensitive data as part of a research study or other project, we will explain the reason for collecting this data and obtain your explicit consent. Sensitive data will be handled with the highest level of confidentiality and in strict accordance with applicable data protection laws.
2.5 Children’s Data
Our Services are not intended for children under the age of 16 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information as soon as possible. If you believe we may have collected data from a child, please contact us at [email protected].
3. How We Use Your Data
At Datadek, we are committed to ensuring that the personal data we collect is used responsibly and transparently. We process personal data to provide our Services, improve user experiences, comply with legal obligations, and meet the legitimate interests of our business. This section explains the specific purposes for which we use personal data, ensuring that we maintain the highest standards of data protection and privacy.
3.1 Service Delivery and Account Management
We use the personal data you provide to deliver our Services, maintain your account, and ensure that we can communicate effectively with you. This includes:
- Provision of Services: We process personal data to provide access to our Services, including creating and managing user accounts, delivering research reports, facilitating participation in research studies, and responding to inquiries. This ensures that we can fulfill our contractual obligations to you.
- User Authentication and Security: We use personal data such as login credentials to authenticate users and protect our Services against unauthorized access, fraud, and security threats. This helps ensure that only authorized users can access sensitive data and resources.
- Customer Support: We process personal data, such as contact details and account information, to provide customer support, troubleshoot issues, and address any questions or concerns you may have about our Services.
3.2 Research and Data Analytics
As a market research company, much of our business involves collecting, analyzing, and using data to produce actionable insights for our clients. We use personal data for the following purposes related to research and analytics:
- Market Research Studies: We use the data collected from research participants to conduct market research, analyze trends, and produce reports. This data may include survey responses, opinions, demographic details, and other relevant data provided voluntarily by participants. Research data is often anonymized or aggregated before being shared with clients to protect the privacy of participants.
- Panel Management: We use personal data to manage our proprietary research panels, including selecting participants for studies based on demographic, geographic, and professional criteria. We process participant data to ensure that the research samples are representative and relevant to the objectives of our studies.
- Data Analytics: We analyze the data collected from users and research participants to identify trends, patterns, and insights that inform our research reports and help our clients make data-driven decisions. These analytics may include behavioral data (e.g., how users interact with our website or research tools), demographic data, and other information that helps us understand user behavior and market dynamics.
- Improvement of Services: We use data analytics to improve the quality of our Services, enhance user experiences, and identify areas where we can optimize performance. This includes analyzing website usage, customer feedback, and other operational data to refine our products and services.
3.3 Marketing and Communications
We use personal data to manage and execute marketing and communication strategies. This helps us keep you informed about our Services, industry trends, and relevant research opportunities:
- Email Marketing and Newsletters: If you have opted in to receive marketing communications, we will use your personal data, such as your name and email address, to send newsletters, updates, and promotional materials related to our Services. You can unsubscribe from marketing communications at any time by following the unsubscribe link provided in our emails.
- Event Invitations and Research Opportunities: We use your contact details to invite you to webinars, conferences, events, or to participate in future research studies that are relevant to your interests or professional background. These communications are based on your preferences and interactions with our Services.
- Targeted Advertising: We may use your personal data, such as demographic information or past interactions with our Services, to tailor marketing campaigns or display targeted advertisements on our website or third-party platforms. This helps us ensure that the content you see is relevant to your interests.
- Content Personalization: We use personal data to personalize content and recommendations on our website, ensuring that the information presented to you aligns with your preferences and previous interactions with our Services.
3.4 Legal Compliance and Regulatory Obligations
We process personal data to comply with legal obligations, fulfill regulatory requirements, and respond to lawful requests from government authorities. This includes:
- Compliance with Legal Obligations: We use personal data to comply with applicable laws and regulations, such as tax laws, employment laws, and data protection regulations (e.g., GDPR, CCPA). This may involve processing personal data for record-keeping, reporting, and other legal obligations.
- Responding to Legal Requests: If required, we may process and disclose personal data in response to legal requests, such as subpoenas, court orders, or requests from regulatory authorities. We take steps to ensure that any disclosure of personal data is limited to what is legally required and in compliance with applicable laws.
- Enforcement of Our Policies: We may process personal data to enforce our Terms of Service, Privacy Policy, and other policies. This includes investigating potential violations, preventing fraud, and ensuring the integrity and security of our Services.
3.5 Security and Fraud Prevention
We process personal data to maintain the security of our website, protect against fraud, and ensure that our Services are used safely and lawfully:
- Security Monitoring: We use personal data, such as IP addresses and usage patterns, to monitor for unusual or suspicious activity, identify potential security threats, and take appropriate measures to protect against cyberattacks, data breaches, or unauthorized access.
- Fraud Detection and Prevention: We process personal data to detect and prevent fraudulent activity, such as unauthorized transactions, account compromise, or misuse of our Services. This may involve analyzing user behavior and implementing security measures such as multi-factor authentication.
3.6 Business Operations and Internal Management
We process personal data to support the ongoing operations of our business, including administrative functions, business planning, and strategic decision-making:
- Business Administration: We use personal data to manage internal business operations, such as financial reporting, budgeting, and accounting. This includes processing data related to contracts, transactions, and customer relationships.
- Strategic Planning: We use personal data, including aggregated analytics and insights, to assess business performance, develop new products and services, and guide strategic decisions. This helps us improve our offerings and meet the needs of our clients.
- Mergers, Acquisitions, and Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred as part of the transaction. We will ensure that your data remains protected and will notify you of any significant changes affecting your privacy rights.
3.7 Other Legitimate Business Interests
In addition to the purposes outlined above, we may process personal data for other legitimate business purposes, provided that such processing does not override your rights and freedoms:
- Research and Development: We use personal data to conduct research and development activities aimed at improving our methodologies, tools, and analytical capabilities. This helps us maintain our competitive edge and continue to innovate in the market research space.
- Business Intelligence and Reporting: We may process personal data to generate reports and insights that help us evaluate the effectiveness of our business operations and inform key business decisions.
- Compliance Audits and Risk Management: We use personal data to conduct internal audits, manage business risks, and ensure compliance with our internal policies and regulatory requirements.
4. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, Datadek is required to have a valid legal basis for processing personal data. This section explains the legal grounds on which we rely to collect, use, and store personal data. Depending on the specific circumstances, we may rely on one or more of the following legal bases:
4.1 Consent
In certain situations, we rely on your explicit consent to process your personal data. Consent is obtained when you voluntarily provide us with your information for specific purposes, such as marketing communications or participation in research studies. Consent must be:
- Freely Given: You have the right to choose whether to give your consent without being pressured or coerced.
- Informed: We ensure that you are fully informed about what you are consenting to and the specific purposes for which your data will be processed.
- Specific and Unambiguous: Consent must be specific to the purpose at hand, and we use clear, plain language to explain what you are agreeing to.
- Withdrawable: You can withdraw your consent at any time by contacting us or using the opt-out mechanisms provided (e.g., “unsubscribe” links in emails). Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
Examples of processing activities based on consent:
- Sending you marketing emails, newsletters, and promotional offers if you have opted in to receive such communications.
- Collecting and processing data as part of research studies, surveys, or focus groups that require your explicit agreement to participate.
4.2 Contractual Necessity
We process personal data when it is necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract. This legal basis applies when we need to process your data to provide you with the Services you have requested, manage your account, or otherwise perform a contract with you.
Examples of processing activities based on contractual necessity:
- Creating and managing your user account, including billing and payment information.
- Providing access to our Services, such as delivering research reports or managing your participation in market research studies.
- Responding to inquiries and requests related to the performance of a contract, such as customer support.
Without processing this data, we would be unable to fulfill our contractual obligations to you, and you would not be able to access or use our Services effectively.
4.3 Legitimate Interests
We may process your personal data based on our legitimate business interests, provided that such interests are not overridden by your fundamental rights and freedoms. Legitimate interests allow us to process data in ways that support the effective operation of our business while respecting your privacy.
Examples of processing activities based on legitimate interests:
- Improving and optimizing our Services, including analyzing user behavior, website performance, and market trends to enhance the user experience and service delivery.
- Communicating with you about our Services, including sending you updates, service notifications, or information related to your account (non-marketing communications).
- Conducting business analytics and research to improve our methodologies, develop new services, and support decision-making processes.
- Securing our Services and preventing fraud, including monitoring for suspicious activity, unauthorized access, and security breaches.
- Enforcing our Terms of Service and other policies, including investigating potential violations and taking necessary action to protect our rights and interests.
We perform a careful balancing test to ensure that our legitimate interests do not unduly impact your rights and freedoms. In cases where we determine that your interests or fundamental rights outweigh our legitimate interests, we will either refrain from processing your data or seek your explicit consent.
4.4 Legal Obligation
In certain circumstances, we may be required to process your personal data to comply with legal obligations. This legal basis applies when we must process your data to fulfill regulatory, tax, or legal requirements imposed by applicable laws.
Examples of processing activities based on legal obligation:
- Keeping accurate financial records and invoices for tax compliance purposes.
- Responding to lawful requests from government authorities, such as subpoenas, court orders, or regulatory inquiries.
- Maintaining records and documentation to comply with data protection laws, including GDPR and CCPA, such as honoring your data access, correction, and deletion requests.
When we process data based on a legal obligation, we ensure that such processing is limited to what is strictly necessary to meet our legal requirements.
4.5 Vital Interests
Although rare, we may process personal data to protect the vital interests of you or another individual. This legal basis applies when processing is necessary to protect someone’s life or physical safety and no other legal basis is available.
Examples of processing activities based on vital interests:
- Processing personal data in an emergency situation, such as when a participant in a research study faces a medical emergency and immediate action is required to ensure their safety.
- Sharing personal data with law enforcement or emergency services if necessary to prevent imminent harm to an individual.
We would only rely on this legal basis in critical situations where your life, health, or safety is at risk, and we will make every effort to notify you if such processing becomes necessary.
4.6 Public Interest (in rare cases)
In very limited circumstances, we may process personal data in the public interest. This legal basis applies when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Examples of processing activities based on public interest:
- Conducting research that benefits the public or contributes to important societal issues, such as health studies or public policy research, as long as the processing is legally justified and appropriately safeguarded.
This legal basis is generally used by public authorities, and Datadek would only rely on it in collaboration with such bodies when conducting projects that serve a clear public benefit.
5. Data Sharing and Disclosure
Datadek is committed to protecting your privacy and ensuring that your personal data is handled responsibly. We only share personal data in limited circumstances and in accordance with applicable data protection laws, such as GDPR and CCPA. This section explains when and with whom we may share your data and the measures we take to ensure its protection.
5.1 Sharing with Service Providers
We engage trusted third-party service providers to assist us in delivering our Services, and we may share your personal data with them for the purposes of processing data on our behalf. These service providers act as data processors and are contractually bound to ensure the security and confidentiality of your data. Common types of service providers we use include:
- Cloud Hosting and Storage Providers: We use cloud hosting and storage services (e.g., AWS, Google Cloud) to store and process data securely.
- Payment Processors: We work with third-party payment processors to handle billing, payments, and transaction-related data.
- Survey and Analytics Platforms: We utilize third-party platforms to facilitate survey distribution, data collection, and analytics (e.g., Qualtrics, SurveyMonkey, Google Analytics).
- IT and Security Services: We engage IT service providers who help us maintain the security of our systems, detect potential threats, and manage backup and recovery solutions.
We take steps to ensure that these service providers only access the personal data necessary for them to perform their functions and that they process the data in compliance with our instructions and applicable data protection laws.
5.2 Business Transfers
In the event that Datadek undergoes a merger, acquisition, or sale of all or part of its assets, your personal data may be transferred as part of that transaction. Any such transfer will be conducted in compliance with applicable data protection laws, and we will notify you if your personal data is subject to a transfer that significantly affects your privacy rights.
- Mergers and Acquisitions: If Datadek is involved in a merger or acquisition, we may transfer personal data to the new entity or acquiring party.
- Asset Sales: If we sell or transfer any assets, personal data may be included in the transferred assets.
In the event of a transfer, we will take steps to ensure that your personal data remains protected and that the entity receiving the data continues to adhere to this Privacy Policy or an equivalent policy.
5.3 Sharing with Affiliates and Partners
We may share your personal data with our affiliates, subsidiaries, or business partners in connection with providing joint services, conducting research, or promoting shared offerings. Any data shared with these entities is subject to the same protections outlined in this Privacy Policy, and we ensure that they are bound by contractual obligations to safeguard your personal data.
- Joint Marketing or Service Offerings: We may collaborate with partners to offer joint services or promotions. In these cases, we may share your contact information and relevant data necessary to deliver these services or offers.
- Research and Consulting Collaborations: If we partner with other companies or research organizations to conduct joint studies or research projects, we may share anonymized or aggregated data to support the project.
We only share personal data with affiliates or partners for specific purposes and ensure that they comply with applicable data protection laws.
5.4 Sharing for Legal Compliance
We may disclose personal data if required to do so by law or in response to valid legal requests, such as subpoenas, court orders, or government demands. This disclosure is made to ensure compliance with legal obligations and to protect our rights, the rights of others, or public safety.
- Compliance with Laws: We may share personal data if we believe that disclosure is necessary to comply with applicable laws, regulations, or legal proceedings.
- Law Enforcement and Public Safety: We may disclose personal data to law enforcement agencies or regulatory bodies if we believe it is necessary to protect the safety, rights, or property of our users, employees, or the public, or to enforce our legal agreements and policies.
In all cases, we will take steps to ensure that the disclosure is legally justified and will notify you whenever possible unless prohibited by law.
5.5 Sharing Aggregated or Anonymized Data
We may share aggregated or anonymized data with third parties for research, marketing, analytics, or other purposes. Aggregated or anonymized data is data that cannot be used to identify you personally. For example, we may share insights from market research with our clients or publish industry reports based on anonymized data sets.
- Research and Insights Sharing: Aggregated data may be shared with clients or used in industry reports to provide insights into market trends and behaviors.
- Product and Service Improvements: We may share aggregated data with service providers or business partners to help improve our services, technology, or research capabilities.
Because this data does not identify any individual, it is not subject to the same privacy protections as personal data, but we still ensure that all data shared is processed in a responsible and ethical manner.
5.6 International Data Transfers
In certain cases, we may transfer your personal data to recipients outside of your country of residence, including to countries that may not offer the same level of data protection as your home country. When we transfer personal data internationally, we take steps to ensure that it remains protected in accordance with applicable data protection laws, including GDPR and CCPA.
- Transfers Outside the European Economic Area (EEA): If we transfer personal data from the EEA to a country outside the EEA that does not have an adequate level of data protection, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).
- Compliance with Privacy Laws: For transfers of personal data under CCPA or other applicable laws, we ensure that necessary agreements are in place to protect the data and meet the requirements of the respective privacy regulations.
5.7 Data Sharing with Your Consent
In cases where we wish to share your personal data for purposes not covered by this Privacy Policy, we will request your explicit consent before proceeding. For example, we may seek your consent to share your data with a third party for marketing purposes or to participate in a research study with a specific organization.
- Opt-in Sharing: You have the right to decide whether to share your personal data for specific purposes, and we will only proceed with your consent.
6. Data Retention
Datadek is committed to retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. This section explains our data retention practices and the criteria we use to determine retention periods for various categories of personal data. We aim to manage data responsibly, minimizing retention where possible, while ensuring that data is kept for a period that serves our legitimate business needs and meets our legal requirements.
6.1 General Retention Policy
We retain personal data in accordance with the following principles:
- Purpose-Driven Retention: We retain personal data only for as long as it is needed to fulfill the purposes for which it was collected, as outlined in this Privacy Policy. Once the data is no longer necessary for those purposes, we will either delete, anonymize, or securely archive it.
- Legal Compliance: We retain personal data for as long as is required to comply with applicable legal, tax, and regulatory obligations. This includes retaining certain financial, transactional, and employment data to comply with accounting, tax reporting, and employment laws.
- Dispute Resolution and Enforcement: We may retain personal data for a longer period in order to resolve disputes, enforce our agreements, protect our legal rights, and defend against legal claims. This includes maintaining records for potential litigation or audit purposes.
6.2 Retention Periods by Data Type
The retention periods for different categories of personal data may vary based on the nature of the data and the legal or contractual obligations that apply. Below is an overview of our general retention periods:
- Account Data: Personal data associated with your account, such as your name, email address, and payment information, is retained for as long as your account remains active and for a period thereafter as required by applicable laws. If you close your account, we will delete or anonymize your personal data within 30 days after account closure, unless retention is required by law (e.g., for tax or legal reasons).
- Research Data: Data collected during research studies (e.g., surveys, interviews, focus groups) is retained for the duration of the study and for a reasonable period thereafter to allow for analysis and reporting. In most cases, research data is anonymized and retained in aggregate form for long-term research purposes. Any personal data related to research participation is deleted or anonymized within 12 months after the conclusion of the research project, unless longer retention is required by law.
- Marketing Data: If you have consented to receive marketing communications, we retain your contact information and preferences for as long as you remain subscribed to our communications. If you choose to unsubscribe, we will remove your contact details from our marketing lists within 7 days of receiving your opt-out request. However, we may retain a record of your opt-out request to ensure compliance with your preferences.
- Transactional Data: We retain records of transactions, payments, and billing information for as long as necessary to complete the transaction and for the duration required by applicable laws (e.g., tax laws, accounting regulations). Typically, this data is retained for 7 years to comply with legal requirements.
- Job Applicant Data: Personal data collected from job applicants, such as resumes and application forms, is retained for 12 months after the recruitment process concludes unless the applicant becomes an employee, in which case the data will be transferred to the employee file. If we believe that an applicant may be suitable for future opportunities, we may retain their data for an extended period with their consent.
- Legal and Compliance Data: Personal data retained for legal or compliance reasons, such as data related to litigation, audits, or government investigations, will be retained for as long as necessary to fulfill those legal obligations. This period may vary based on the specific legal requirement and the jurisdiction.
6.3 Data Anonymization and Aggregation
In certain cases, where personal data is no longer required for its original purpose but may still be useful for research, statistical analysis, or business insights, we may anonymize or aggregate the data. Anonymized data is stripped of any identifiable information, making it impossible to link the data back to any individual. This anonymized or aggregated data may be retained indefinitely and used for research, analytical, or operational purposes without further notice to you.
6.4 Retention of Sensitive Data
If we collect sensitive personal data (e.g., health information, racial or ethnic data) as part of a research study or other activities, we will retain such data only for as long as necessary to achieve the specific purpose for which it was collected and in accordance with applicable laws. Sensitive data is typically anonymized or securely deleted at the earliest opportunity, particularly once the purpose for its collection has been fulfilled.
6.5 Data Deletion and Disposal
When personal data is no longer needed, we take steps to ensure that it is deleted or securely destroyed. The method of deletion depends on the medium in which the data is stored:
- Electronic Data: Personal data stored electronically is deleted from our systems or securely archived, depending on the retention requirements. We use industry-standard techniques to ensure that deleted data is not recoverable, such as permanent data erasure or de-identification processes.
- Physical Data: Any personal data stored in physical form (e.g., paper records) is securely shredded or otherwise destroyed when no longer required, ensuring that the information cannot be reconstructed or read.
6.6 Your Rights Regarding Data Retention
As a data subject, you have certain rights regarding the retention of your personal data, which may include:
- Right to Deletion (Right to be Forgotten): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent (if applicable). We will comply with such requests unless legal or contractual obligations require further retention of your data.
- Right to Access: You have the right to request access to the personal data we hold about you, including details about how long we intend to retain your data.
- Right to Object or Restrict Processing: You may request that we restrict the processing of your personal data, including data retention, in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
To exercise any of these rights or to inquire about our data retention practices, you can contact us at [email protected].
7. Data Security
At Datadek, the security of your personal data is one of our top priorities. We implement a variety of robust technical and organizational measures to ensure that your data is protected against unauthorized access, disclosure, alteration, loss, or destruction. This section outlines how we safeguard your personal data and the security practices we follow to maintain the confidentiality and integrity of the information we collect.
7.1 Security Measures
We take the protection of your personal data seriously and have implemented industry-standard security measures to protect your information. These measures are designed to provide a high level of security, covering the data’s lifecycle from collection to storage and deletion. Our security measures include:
- Encryption: We use encryption technologies to protect personal data both in transit and at rest. This includes using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols to secure data transmitted over the internet and encryption algorithms to protect stored data on our servers.
- Access Control: Access to personal data is restricted to authorized personnel only. We use role-based access controls (RBAC) to ensure that only employees or contractors with a legitimate business need can access sensitive data. These controls include user authentication mechanisms such as multi-factor authentication (MFA) and strong password policies.
- Firewalls and Intrusion Detection: Our systems are protected by firewalls and intrusion detection/prevention systems (IDS/IPS) that monitor network traffic for suspicious activities. These tools help prevent unauthorized access to our infrastructure and detect any potential threats in real time.
- Data Minimization: We follow the principle of data minimization, collecting only the personal data that is necessary for specific purposes and limiting the amount of sensitive data stored in our systems.
- Data Masking and Pseudonymization: When applicable, we use data masking and pseudonymization techniques to protect personal data. This ensures that sensitive data is not directly exposed to unauthorized individuals while still allowing us to use the information for legitimate purposes, such as research and analysis.
- Regular Security Audits: We regularly perform security audits and vulnerability assessments to identify and mitigate potential risks to our systems and infrastructure. These assessments help us ensure that our security practices are up to date and effective in protecting your data from evolving threats.
- Secure Data Backup: We maintain secure backups of critical data to ensure business continuity and data recovery in case of an unexpected event, such as a data breach or system failure. Our backups are encrypted and stored in secure, geographically diverse locations.
- Physical Security: We ensure that physical access to our data centers and offices is restricted and monitored through security measures such as keycard access, security personnel, and surveillance systems. This prevents unauthorized individuals from physically accessing our systems or data storage facilities.
7.2 Employee and Contractor Training
Ensuring data security is not only a matter of technology but also of people. At Datadek, we take steps to ensure that all employees and contractors are aware of their responsibilities regarding data protection and privacy. Our security training and awareness programs include:
- Security Awareness Training: All employees undergo regular training on data security best practices, including how to handle personal data, recognize phishing attempts, and follow secure data handling procedures. This training is refreshed periodically to ensure ongoing awareness of security threats and new compliance requirements.
- Confidentiality Agreements: All employees, contractors, and third-party service providers are required to sign confidentiality agreements and adhere to strict policies that govern the handling of personal data. This ensures that they are legally bound to protect the data they access.
- Monitoring and Accountability: We maintain logs of employee and contractor access to personal data to ensure accountability and traceability. Any inappropriate access or use of data is subject to investigation and disciplinary action, as appropriate.
7.3 Third-Party Service Providers
When we engage third-party service providers to process personal data on our behalf (e.g., cloud hosting providers, payment processors, or research platforms), we ensure that they meet our high security standards. We require all third-party service providers to:
- Data Protection Agreements: Enter into binding data protection agreements with us that stipulate how personal data must be handled and protected. These agreements include security obligations that align with our policies and applicable data protection laws.
- Security Audits: Where necessary, we conduct due diligence on third-party service providers’ security practices, including reviewing audit reports and certifications (e.g., ISO/IEC 27001, SOC 2 Type II) to ensure that their security measures are adequate.
- Data Transfers: If personal data is transferred to a third-party provider located outside of your jurisdiction, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other data protection agreements, to maintain the security of your data during the transfer.
7.4 Incident Response and Breach Notification
Despite our best efforts to protect your data, no system is completely immune to the risk of a breach. Datadek has developed and implemented a comprehensive incident response plan to manage potential security incidents swiftly and effectively. Key aspects of our incident response process include:
- Incident Detection and Monitoring: We continuously monitor our systems for suspicious activity and potential security incidents. Our security team is equipped to respond quickly to any alerts or indications of a data breach or cyberattack.
- Incident Response Team: We have an established incident response team responsible for investigating, mitigating, and resolving security incidents. This team includes data protection officers, security experts, legal counsel, and communications professionals.
- Data Breach Notification: In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable data protection laws (e.g., GDPR, CCPA). Our notification will include the nature of the breach, the types of data affected, the potential consequences, and the steps we are taking to mitigate the risk.
- Mitigation and Remediation: Following any security incident, we take steps to address the root cause, repair any damage, and prevent future breaches. This may include enhancing our security measures, providing additional training to employees, and reviewing our policies and procedures to address any weaknesses.
7.5 Your Role in Protecting Your Data
While we take extensive measures to protect your data, you also play an important role in safeguarding your personal information. We encourage you to:
- Use Strong Passwords: Choose strong, unique passwords for your accounts and services and change them regularly. Avoid using the same password across multiple websites or services.
- Enable Two-Factor Authentication (2FA): Where available, enable two-factor authentication for your accounts to add an extra layer of security.
- Be Cautious with Phishing Attempts: Be mindful of unsolicited emails, texts, or phone calls asking for personal information. Datadek will never request sensitive information via email, and we recommend that you verify the authenticity of any communications you receive before responding.
- Update Software and Devices: Ensure that your devices, operating systems, and software are kept up to date with the latest security patches to protect against vulnerabilities.
8. User Rights
As a data subject, you have several rights concerning the personal data that Datadek processes about you. These rights are designed to give you more control over how your personal data is collected, used, and shared. This section outlines your rights under applicable data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and explains how you can exercise them.
8.1 Right to Access
You have the right to request access to the personal data that Datadek holds about you. This is commonly known as a “data subject access request.” Upon receiving a valid request, we will provide you with:
- Confirmation of Processing: Whether or not we process your personal data.
- Access to Personal Data: A copy of your personal data being processed, as well as certain related information, such as the purposes of the processing, the categories of personal data involved, and any third parties with whom the data has been shared.
To submit a request, please contact us using the information provided in the Contact Information section. We will respond to your request within the timeframe required by law (typically within 30 days).
8.2 Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal data that we hold about you. If you believe that the data we hold is incorrect or outdated, you can request that we rectify or update the information.
- Updating Information: You can request corrections to personal details such as your name, contact information, or account preferences.
- Factual Corrections: If there are factual inaccuracies in any of the personal data processed, you can ask us to amend those details.
To ensure that we can update your information accurately, please provide specific details regarding the data that needs to be corrected.
8.3 Right to Erasure (Right to Be Forgotten)
In certain circumstances, you have the right to request the deletion of your personal data. This right, also known as the “right to be forgotten,” allows you to ask us to remove your personal data when:
- No Longer Necessary: The personal data is no longer necessary for the purposes for which it was collected or processed.
- Withdrawal of Consent: You have withdrawn your consent, and there is no other legal ground for processing.
- Objection to Processing: You object to the processing of your personal data, and there are no overriding legitimate grounds for continuing to process it.
- Unlawful Processing: The personal data has been unlawfully processed.
- Legal Compliance: The personal data must be erased to comply with a legal obligation.
Please note that there are exceptions to this right. For example, we may retain certain personal data if we have a legal obligation to do so, or if retention is necessary to exercise or defend legal claims.
8.4 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain situations. Restriction means that we can store your data but not process it further. You may request restriction if:
- Inaccuracy: You contest the accuracy of your personal data, and we need time to verify its accuracy.
- Unlawful Processing: The processing is unlawful, and you oppose the erasure of your personal data, preferring that we restrict its use instead.
- Legal Claims: We no longer need the personal data for processing, but you require it to establish, exercise, or defend legal claims.
- Objection Pending Resolution: You have objected to the processing of your personal data, and we are considering whether our legitimate grounds for processing override your objection.
During the restriction period, we will not process your personal data except for storage, legal claims, or with your consent.
8.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transferred to another controller where:
- Automated Processing: The processing is carried out by automated means.
- Consent or Contract: The processing is based on your consent or necessary for the performance of a contract.
This right allows you to obtain and reuse your personal data across different services. Where technically feasible, we can transfer your data directly to another data controller at your request.
8.6 Right to Object
You have the right to object to the processing of your personal data in certain circumstances, including when:
- Legitimate Interests: We are processing your personal data based on our legitimate interests, and you object to the processing for reasons relating to your particular situation.
- Direct Marketing: You have the right to object to the processing of your personal data for direct marketing purposes. If you object, we will stop processing your personal data for these purposes immediately.
When we receive an objection request, we will assess the situation and either comply with your request or provide a compelling legal reason for continuing to process the data.
8.7 Right to Withdraw Consent
If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of the processing based on consent before its withdrawal.
- Marketing Communications: If you have provided consent for marketing communications, you can withdraw this consent at any time by following the unsubscribe link in any email communication or by contacting us directly.
Once consent is withdrawn, we will cease processing your data for the specific purpose for which consent was given unless there is another legal basis for continuing to process the data.
8.8 Right to Lodge a Complaint
If you believe that Datadek has not complied with applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority. For individuals in the European Union, this will be the data protection authority in the country where you are located.
- Supervisory Authority: You can find contact details for your local data protection authority on their official website. We encourage you to contact us first with any concerns, so we can try to resolve the issue directly before escalating it to a supervisory authority.
8.9 Right to Non-Discrimination (for California Residents under CCPA)
California residents have the right to not be discriminated against for exercising their rights under the California Consumer Privacy Act (CCPA). This means that:
- Equal Services and Pricing: We will not deny you goods or services, charge you different prices, or provide a different quality of services for exercising your privacy rights under CCPA.
8.10 Exercising Your Rights
To exercise any of your data protection rights, you can contact us using the details provided in the Contact Information section of this Privacy Policy. When submitting a request, please include sufficient information to identify yourself and specify the rights you wish to exercise. We may ask you for additional information to verify your identity before processing your request.
We will respond to your request within the timeframe specified by the relevant law (typically within 30 days). If your request is complex or requires more time to fulfill, we will inform you of any extensions needed.
9. International Data Transfers
Datadek operates globally, and as a result, personal data we collect may be transferred to and processed in countries outside of your jurisdiction, including countries that may not have the same level of data protection laws as your country of residence. This section explains how we handle international data transfers and the safeguards we implement to ensure that your personal data is protected regardless of where it is processed.
9.1 Data Transfers Within Datadek
As an international company, Datadek may transfer your personal data between our affiliated entities, offices, or subsidiaries located in different countries. This allows us to provide our Services efficiently, ensure proper management of global operations, and maintain a high level of service quality across all of our locations.
- Transfers Within Our Group: If your personal data is transferred within our corporate group, we implement consistent data protection standards across all locations, regardless of the jurisdiction. This includes ensuring that your data is processed in accordance with this Privacy Policy and applicable data protection laws.
9.2 Data Transfers to Third-Party Service Providers
We may engage third-party service providers located in various countries to perform functions on our behalf, such as data storage, cloud hosting, payment processing, research services, or technical support. These service providers may have access to personal data as necessary to provide their services, and they are contractually required to implement adequate safeguards to protect your data.
- Third-Party Transfers: When we transfer personal data to third-party service providers located outside your country of residence, we ensure that appropriate data protection measures are in place. These measures are designed to protect your personal data and to ensure that it is processed lawfully, securely, and in accordance with the relevant data protection regulations.
9.3 Data Transfers Outside of the European Economic Area (EEA)
For users located in the European Economic Area (EEA), your personal data may be transferred to countries outside of the EEA that may not provide the same level of protection as the data protection laws in your home country. However, when we transfer personal data outside of the EEA, we ensure that appropriate safeguards are in place to protect your data, as required by the General Data Protection Regulation (GDPR).
- Adequacy Decisions: Where possible, we rely on the European Commission’s adequacy decisions. These decisions recognize that certain countries outside the EEA provide an adequate level of protection for personal data, meaning that no additional safeguards are required for data transfers to those countries.
- Standard Contractual Clauses (SCCs): In the absence of an adequacy decision, we use Standard Contractual Clauses (SCCs) approved by the European Commission to provide the necessary safeguards for cross-border data transfers. SCCs are legally binding agreements that require the recipient to protect your personal data in line with EU data protection standards.
- Binding Corporate Rules (BCRs): In some cases, we may use Binding Corporate Rules (BCRs) as a framework to govern data transfers within our corporate group. BCRs provide a consistent level of protection for personal data transferred between different entities of our company, regardless of the location.
9.4 Data Transfers Outside of California (for CCPA Compliance)
For California residents protected under the California Consumer Privacy Act (CCPA), we take steps to ensure that your personal data is transferred to countries with adequate data protection or that proper contractual agreements are in place, such as SCCs, to ensure that your privacy rights are respected.
- No Discrimination: Regardless of where your personal data is transferred, Datadek will ensure that your rights under CCPA are upheld and that you are not discriminated against for exercising your rights under California law.
9.5 Safeguards for International Data Transfers
To ensure that your personal data remains protected when it is transferred internationally, we implement a range of safeguards, including:
- Contractual Obligations: We require that all recipients of personal data, whether they are within or outside of our corporate group, comply with data protection obligations consistent with GDPR, CCPA, and other applicable regulations. This includes implementing technical and organizational measures to protect your data and requiring third parties to process data only for the purposes specified by Datadek.
- Encryption and Security Measures: We use encryption and other security measures to protect personal data during international transfers. This ensures that data remains secure as it moves across borders and is accessed only by authorized individuals.
- Data Minimization: We limit the amount of personal data transferred internationally to what is necessary for the specific purpose. This ensures that your data is not transferred unnecessarily and that it is handled with the appropriate level of care and protection.
9.6 Your Rights and International Data Transfers
Regardless of where your data is transferred, you retain your rights as outlined in the User Rights section of this Privacy Policy. This means that you can request access to your data, request correction or deletion, object to processing, or exercise any other rights granted to you by applicable data protection laws, even if your data has been transferred internationally.
- Exercise of Rights: If you have concerns about how your personal data is handled in the context of international data transfers, you can contact us at any time to exercise your rights or to request further information about the safeguards we use.
9.7 Data Transfers Involving Special Categories of Data
If we need to transfer special categories of personal data (e.g., health data, racial or ethnic origin) outside of your jurisdiction, we will take additional steps to ensure that this data is adequately protected. This may include obtaining your explicit consent for the transfer, ensuring that the recipient has strong data protection measures in place, and using secure transmission methods.
9.8 Changes in International Data Transfer Practices
We regularly review our international data transfer practices to ensure that they comply with applicable legal requirements and industry standards. If there are any significant changes to our data transfer practices, we will update this section of the Privacy Policy and notify you as required by applicable law.
10. Children’s Privacy
At Datadek, protecting the privacy of children is of paramount importance. Our Services are not intended for use by children, and we do not knowingly collect personal data from children under the age of 16 (or the applicable age of majority in your jurisdiction) without verifiable parental consent. This section outlines our approach to children’s privacy and the steps we take to ensure that their personal data is handled appropriately and in compliance with relevant laws such as the Children’s Online Privacy Protection Act (COPPA) in the United States, and the General Data Protection Regulation (GDPR) in the European Union.
10.1 Age Restrictions
Datadek’s website, research panels, and Services are intended for use by individuals who are at least 16 years old (or the age of majority as determined by the laws in your jurisdiction). We do not intentionally collect personal data from individuals under the age of 16 unless we receive explicit parental or guardian consent. If you are under 16 years of age, please do not provide any personal data to us or use our Services without parental consent.
- COPPA Compliance: For users in the United States, we comply with the Children’s Online Privacy Protection Act (COPPA), which prohibits the collection of personal data from children under 13 without verifiable parental consent. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take immediate steps to delete such information.
- GDPR Compliance: For users in the European Union, we comply with the GDPR, which requires parental consent for the processing of personal data of children under 16. If the law of your country provides a lower age for such consent (no lower than 13), we will comply with that local requirement.
10.2 Collection of Children’s Data
In the rare circumstances where we may need to collect personal data from children (e.g., for educational research purposes or child-focused studies), we will take special precautions to ensure that the data is collected and processed in compliance with applicable laws. This includes:
- Parental or Guardian Consent: Before collecting personal data from a child, we will obtain verifiable parental or guardian consent. This may involve requiring a parent or guardian to provide an email address or phone number for consent verification, or submitting a signed consent form authorizing the collection and use of the child’s data.
- Data Minimization: We will limit the collection of personal data from children to what is strictly necessary for the specific purpose of the research or study. We do not collect or process more data than is needed, and we will avoid collecting sensitive data (such as health information) from children unless it is essential for the purpose of the study.
- Clear Communication: We will ensure that the purpose of data collection is clearly communicated to both the child (in an age-appropriate manner) and the parent or guardian. This includes providing information about the specific data being collected, how it will be used, and the safeguards we have in place to protect the child’s privacy.
10.3 Use and Sharing of Children’s Data
We will only use the personal data of children for the purposes for which it was collected and with the explicit consent of the parent or guardian. Children’s data will not be shared with third parties except as permitted by law and outlined in the consent provided by the parent or guardian.
- No Targeted Advertising: We do not use children’s personal data for marketing or targeted advertising purposes. Any communication directed at children will be educational, research-based, or relevant to the specific purpose for which the data was collected.
- Data Sharing: We will not disclose or share a child’s personal data with third parties unless it is necessary to fulfill the purpose of the research or study, and only with the consent of the parent or guardian. Third-party service providers involved in processing the data are contractually required to comply with applicable data protection laws and to implement strong safeguards to protect the child’s privacy.
10.4 Parental Rights
Parents and guardians have several rights with respect to the personal data of their children, including the right to access, correct, or delete the data. If you are a parent or guardian and believe that we have collected your child’s personal data without your consent, or if you wish to review, correct, or delete your child’s data, please contact us using the details provided in the Contact Information section of this Privacy Policy.
- Access to Data: As a parent or guardian, you have the right to request a copy of the personal data we hold about your child. We will provide you with a summary of the data, along with information about how it is being used.
- Correction or Deletion: You have the right to request that we correct or delete your child’s personal data if it is inaccurate, incomplete, or no longer necessary for the purposes for which it was collected. Upon receiving a valid request, we will take reasonable steps to comply with your request and delete the data from our systems.
- Withdrawal of Consent: You have the right to withdraw your consent for the processing of your child’s personal data at any time. Once consent is withdrawn, we will stop processing your child’s data and delete it from our records unless we have a legal obligation to retain it.
10.5 Security of Children’s Data
We take extra precautions to ensure that children’s personal data is protected against unauthorized access, use, disclosure, or destruction. Our security measures include:
- Encryption: We use encryption technologies to protect personal data during transmission and while stored in our systems, ensuring that children’s data is secure from unauthorized access.
- Access Controls: Only authorized personnel with a legitimate business need are allowed to access children’s personal data. These individuals are trained in data protection principles and are required to comply with our strict privacy policies.
- Regular Audits: We conduct regular audits of our systems and processes to ensure that we are complying with the highest standards of data protection for children’s data. Any vulnerabilities or risks identified are promptly addressed to ensure the ongoing security of the data.
10.6 Retention of Children’s Data
We retain personal data collected from children only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Once the data is no longer needed, it will be securely deleted or anonymized.
- Research Data: If the personal data is collected as part of a research study, we will retain the data for the duration of the study and for a reasonable period thereafter for analysis and reporting. Once the study concludes, any identifiable data will be deleted, and only anonymized data will be retained for future research purposes.
- Deletion Requests: Parents or guardians have the right to request the deletion of their child’s personal data at any time. We will comply with such requests promptly, except in cases where the data must be retained for legal or compliance reasons.
10.7 Changes to Our Children’s Privacy Policy
We may update this Children’s Privacy section from time to time to reflect changes in laws, regulations, or best practices. If we make any significant changes to how we handle children’s personal data, we will notify parents or guardians via email (if applicable) and provide an updated version of this policy on our website.
11. Changes to This Privacy Policy
At Datadek, we are committed to maintaining transparency and keeping you informed about how we handle your personal data. This Privacy Policy may be updated from time to time to reflect changes in our practices, legal obligations, or technological advancements. This section outlines our approach to making changes to the Privacy Policy, how we will notify you of such changes, and how these changes may affect you.
11.1 Reasons for Updates
We may update this Privacy Policy for several reasons, including but not limited to:
- Changes in Data Processing Practices: As our business evolves, we may develop new features or services, adjust how we collect and process personal data, or engage new third-party service providers. These changes may require updates to the Privacy Policy to ensure that it accurately reflects our practices.
- Legal and Regulatory Changes: Privacy laws and regulations are constantly evolving. We may update this Privacy Policy to comply with new or amended laws, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or other data protection regulations applicable to our operations.
- Technological Advancements: As technology evolves, we may implement new tools, methods, or security measures to protect personal data. These changes may necessitate updates to our Privacy Policy to reflect improvements in how we handle and secure your data.
- Business Changes: If Datadek undergoes significant changes, such as a merger, acquisition, or sale of assets, the Privacy Policy may need to be updated to reflect how personal data will be handled following such a transaction.
11.2 Notification of Changes
When we make material changes to this Privacy Policy, we will provide you with appropriate notice to ensure that you are aware of the updates and understand how they affect your personal data. We take the following steps to notify you:
- Website Notice: We will post a prominent notice on our website informing visitors of the updated Privacy Policy. This notice will include a summary of the key changes and a link to the full, updated policy.
- Email Notification: If the changes are material or significantly impact how we process your personal data, we will send you an email notification (where applicable) outlining the changes and providing a link to the updated Privacy Policy. This will ensure that you are informed even if you do not visit our website regularly.
- In-App or Service Notifications: For users of specific services or platforms, we may display in-app or service-based notifications informing you of the updated Privacy Policy, particularly if the changes impact how the service operates or how your data is processed.
11.3 Effective Date of Changes
All updates to this Privacy Policy will include an “Effective Date” to indicate when the new policy goes into effect. The effective date will be clearly displayed at the top of the policy. We encourage you to review the updated Privacy Policy periodically to stay informed about how we handle your personal data.
- Immediate Effect: Minor changes or clarifications that do not materially impact your rights or the way we process your personal data will take effect immediately upon posting the updated Privacy Policy on our website.
- User Consent for Material Changes: If the changes to the Privacy Policy materially affect how we collect, use, or share your personal data in a way that requires your consent under applicable laws, we will seek your consent before implementing the changes. This may involve asking you to review and accept the updated policy before continuing to use our services.
11.4 Continued Use of Services
Your continued use of our website or services after the updated Privacy Policy has gone into effect constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you should discontinue using our services and contact us to address any concerns you may have.
- Opt-Out Options: If the updated Privacy Policy includes changes that allow for new uses of your personal data or data sharing practices, you may be provided with options to opt out of certain uses or sharing. We will provide clear instructions on how to exercise these options in our communications or within the updated policy.
11.5 Historical Versions
For transparency, we may retain previous versions of this Privacy Policy for reference. If you wish to review any prior versions to compare changes, you can contact us using the information provided in the Contact Information section of this policy.
- Accessing Previous Versions: Upon request, we can provide you with copies of previous versions of our Privacy Policy to ensure that you can fully understand how our practices have evolved over time.
11.6 Your Responsibilities
While we are committed to keeping you informed of any changes to this Privacy Policy, it is also your responsibility to stay informed about our privacy practices by regularly reviewing this policy. We encourage you to take the time to read our notifications and the updated Privacy Policy when changes occur to ensure that you remain aware of your rights and how your personal data is handled.
- Staying Informed: As privacy practices and laws evolve, understanding how your data is handled and what rights you have is important. If you have any questions or concerns about changes to the Privacy Policy, you are welcome to reach out to us for clarification.
11.7 Contact Information
If you have any questions about changes to this Privacy Policy or need further clarification on how these changes may affect your personal data, please do not hesitate to contact us. We are here to assist you and ensure that your privacy concerns are addressed promptly.
12. Contact Information
We take your privacy seriously and are committed to addressing any questions, concerns, or requests you may have regarding your personal data and how it is processed. Whether you want to exercise your rights under data protection laws, inquire about our data practices, or clarify any aspect of this Privacy Policy, we encourage you to reach out to us.
This section provides you with various ways to contact us and outlines how we handle inquiries related to privacy and data protection.
12.1 How to Contact Us
If you have any questions, concerns, or comments about this Privacy Policy or your personal data, you can contact us through the following methods:
- Email: For privacy-related inquiries, please send an email to [email protected]. We strive to respond to email inquiries within 3 business days.
- Website Contact Form: You may also submit inquiries through our website’s contact form, which can be accessed at www.datadek.com/contact. We will route your inquiry to the appropriate department and respond as quickly as possible.
12.2 Data Protection Officer (DPO)
If your inquiry relates to a more complex data protection matter, or if you are located in a jurisdiction that requires a dedicated Data Protection Officer (DPO), you may contact our DPO directly. Our DPO is responsible for overseeing Datadek’s data protection strategy and ensuring compliance with data protection regulations.
- Contact the DPO: You can reach our Data Protection Officer at [email protected].
Our DPO is your point of contact for issues such as:
- Exercising your data protection rights (e.g., access, rectification, erasure, etc.).
- Addressing concerns about how your personal data is processed.
- Reporting potential data breaches or security incidents.
- Raising any complaints regarding our compliance with data protection laws.
12.3 Supervisory Authorities
If you are unsatisfied with how Datadek handles your personal data or your privacy-related requests, you have the right to lodge a complaint with the relevant supervisory authority responsible for data protection in your jurisdiction.
- For EU Residents: If you are located in the European Union, you can contact your local data protection authority. Each member state has a data protection authority responsible for monitoring compliance with the GDPR. You can find contact details for your local authority on the European Data Protection Board’s website.
- For UK Residents: If you are located in the United Kingdom, you can contact the Information Commissioner’s Office (ICO). The ICO’s contact details are available on their website.
- For California Residents: If you are located in California and believe that we have violated your privacy rights under the California Consumer Privacy Act (CCPA), you may contact the California Attorney General’s office or submit a complaint online.
We are committed to addressing any concerns you may have before escalating the issue to a supervisory authority, so we encourage you to contact us directly first.
12.4 How We Handle Privacy Requests
When you contact us regarding privacy matters, we take the following steps to ensure that your request is handled efficiently and securely:
- Verification: To protect your privacy and the confidentiality of your personal data, we may need to verify your identity before responding to your request. This may involve asking for additional information to confirm that you are the rightful owner of the data or the authorized representative of the individual making the request.
- Response Time: We aim to respond to all privacy-related inquiries within 30 days. For more complex requests, such as data access or deletion requests, we will notify you if additional time is needed to process your request.
- Follow-Up: In some cases, we may need to follow up with you to clarify your request or provide updates on the progress of your inquiry. We are committed to keeping you informed throughout the process.
12.5 Information We Need From You
When submitting a privacy request or inquiry, please provide the following details to help us handle your request efficiently:
- Your Full Name
- Your Contact Information (email, phone number, mailing address)
- A Clear Description of Your Request or Inquiry
- Any Relevant Account or Reference Numbers (if applicable)
- Documentation of Identity (if required for verification)
If you are submitting a request on behalf of another individual, please provide proof of your authorization to act on their behalf (e.g., a signed authorization or legal power of attorney).
12.6 Data Breach Notification
In the unlikely event of a data breach that affects your personal data, we will notify you in accordance with applicable laws. We will provide timely and detailed information regarding the breach, including:
- Description of the Incident: What happened and the nature of the breach.
- Affected Data: Details of the personal data involved in the breach.
- Mitigation Steps: What we are doing to mitigate the effects of the breach and protect your data.
- Contact Information: How you can reach us for further information or to ask questions.
If required by law, we will also notify relevant regulatory authorities of the data breach within the prescribed timeframe.