Legal

Data Protection & Privacy Policy

Datnal Services is committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, store, and safeguard your information.

Our Commitment

We believe the protection of personal data — whether of our clients, panelists, or survey participants — is the primary responsibility of any organisation that collects or processes it. Datnal Services regularly audits its data protection mechanisms and follows best practices outlined by international regulations and leading market research associations.

We are certified to ISO 27001:2022 (Information Security Management) and ISO 9001:2015 (Quality Management), and fully comply with the General Data Protection Regulation (GDPR) and applicable local data protection laws.

What Information We Collect

Personal Identification Information

When you interact with our website, sign up as a panel member, or engage our services, we may collect:

  • Full name, email address, phone number, and postal address
  • Job title, company name, and industry sector
  • Demographic information (age range, gender, location)
  • Survey responses and opinions you voluntarily provide
Technical & Usage Data

We automatically collect certain technical information when you visit our website, including:

  • IP address and device identifiers
  • Browser type, version, and language preferences
  • Operating system and device type
  • Pages viewed, time spent, and navigation patterns
  • Referring URL and exit pages
Sensitive Data

For certain healthcare and patient research studies, we may collect sensitive personal data (e.g., health information) only with your explicit consent and in compliance with applicable regulations. Such data is processed under strict controls and never used for purposes beyond the specific study for which it was provided.

Cookies

Our website uses essential cookies for functionality and analytics. We do not use cookies for tracking or advertising purposes.

Cookie Type Purpose Duration
Essential Site functionality & security Session
Analytics Anonymous usage statistics 13 months
Preference Theme & language preferences 12 months

You can manage cookie preferences through your browser settings.

How We Use Your Information

Service Delivery

We use personal data to conduct market research studies, administer surveys, manage panel membership, and fulfill client research objectives. This processing is necessary for the performance of our contractual obligations.

Communication

We may contact you regarding survey invitations, account-related updates, service changes, or to respond to your enquiries. Marketing communications are sent only with your explicit consent, and you may opt out at any time.

Quality & Improvement

We analyse aggregated usage data to improve our website, survey platforms, and service quality. This processing is based on our legitimate interest in continuously improving our offerings.

Legal Compliance

We may process personal data to comply with legal obligations, regulatory requirements, or in response to lawful requests from public authorities.

Lawful Basis for Processing

Under GDPR, we process personal data on the following lawful bases:

Consent — You have given clear consent for us to process your personal data for a specific purpose (e.g., panel membership).
Contract — Processing is necessary for a contract we have with you (e.g., fulfilling a research engagement).
Legal Obligation — Processing is necessary to comply with the law (e.g., data retention requirements).
Legitimate Interests — Processing is necessary for our legitimate interests (e.g., improving our services, fraud prevention) that do not override your rights.

Disclosure of Your Information

We may share your personal data with the following categories of recipients, only where necessary and in compliance with applicable data protection laws:

Clients (as Data Controllers)

When acting as a data processor for client research projects, we share anonymised or pseudonymised survey responses with our clients. Personal identifiers are removed unless the client has obtained separate consent from respondents.

Service Providers & Sub-processors

We engage trusted third-party service providers for survey hosting, data processing, analytics, and IT infrastructure. All sub-processors are vetted, contractually bound to GDPR-equivalent standards, and prohibited from using data for their own purposes.

Legal & Regulatory Authorities

We may disclose personal data to law enforcement, regulatory bodies, or courts when required by law or in response to a valid legal request.

International Data Transfers

As a global organisation operating across 35+ countries, we may transfer personal data to recipients in countries outside your home jurisdiction. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission, or transfers to countries deemed adequate by applicable regulators.

Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Panel member data is retained for the duration of panel membership plus 12 months, after which it is securely deleted or anonymised. Survey response data is retained for 24 months post-project completion, unless a longer retention period is contractually agreed with the client.

Data Security

We implement robust technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • Encryption at rest and in transit (TLS 1.3, AES-256)
  • Role-based access controls with least-privilege principle
  • Regular security audits, penetration testing, and vulnerability scanning
  • Employee data protection training and confidentiality agreements
  • ISO 27001:2022 certified Information Security Management System

Your Rights

Under applicable data protection laws, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data where there is no compelling reason to retain it.

Right to Restrict Processing

Request restriction of processing in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, please contact us using the details below. We will respond to your request within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly. Where a research study specifically requires participation of minors (e.g., parental consent studies), we obtain verifiable parental consent before collecting any data.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. Material changes will be notified via a prominent notice on our website or by email. We encourage you to review this page regularly for the latest information.

Effective Date

This Privacy Policy is effective as of 1 January 2025.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Datnal Services

Email: [email protected]

Subject: Data Protection Enquiry