Back to DataDial

Privacy Policy

Last updated: May 5, 2026

This Privacy Policy explains how DataDial collects, uses, discloses, and protects personal data when you visit our website at datadial.io (the "Site"), complete a form or questionnaire, request a report, subscribe to updates, click on advertising that points to the Site, or otherwise interact with us. Please read this Privacy Policy carefully. By using the Site or submitting information to us, you acknowledge that you have read and understood this Privacy Policy.

1. Who we are

The data controller for this Site and the related forms is Admirable Ceremony Unipessoal Lda, a private limited company registered in Portugal under NIPC 516679562, operating under the trade name "DataDial." References in this Privacy Policy to "DataDial," "we," "us," or "our" mean Admirable Ceremony Unipessoal Lda.

If you have privacy-related questions or wish to exercise any of the rights described below, please contact us at Info@datadial.io.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data we collect through the Site, our online forms (including forms hosted on our behalf by Tally), our marketing emails, and our direct correspondence with you. It does not cover the practices of third parties that operate their own websites or platforms, even if their tools, pixels, or links appear on the Site. Their use of your information is governed by their own privacy notices.

This Site is intended for visitors located in the United States, the European Economic Area, the United Kingdom, and other regions where it is lawful to access. We do not represent that the Site is appropriate or available in every jurisdiction.

3. Information we collect

We collect personal data in three ways: (a) directly from you, (b) automatically through your device and browser, and (c) from third-party service providers that help us operate the Site, host forms, run advertising, and send emails.

Information you provide to us. When you complete a questionnaire, request a report, request a workflow review, subscribe to updates, or contact us, we may collect:

  • your name;
  • your work email address;
  • your phone number (where you choose to provide it);
  • your company name, job title, and basic business context;
  • your responses to questionnaire items, including the description of your business needs and operational details you choose to share;
  • the contents of any messages, comments, or feedback you send us;
  • your marketing communication preferences and any consent you provide.

Information collected automatically. When you visit the Site, we and our service providers may automatically collect:

  • your IP address (which approximates your general location);
  • your device type, operating system, and browser type and version;
  • your screen size and language settings;
  • the referring URL and the search terms or campaign that brought you to the Site;
  • the pages and forms you view, the buttons you click, the time spent on each page, and the order in which you navigate;
  • session timestamps and approximate session duration;
  • cookie identifiers, advertising identifiers, and pixel-based identifiers placed on your device;
  • privacy preference signals, including any cookie banner choices and any Global Privacy Control or similar opt-out signals your browser sends.

Information from third parties. We may receive limited information from advertising platforms (for example, that an ad on Google, Meta, LinkedIn, TikTok, X, or Reddit was clicked and led to a conversion), from analytics providers, from email delivery providers (for example, whether an email was delivered, opened, or clicked), and from form-hosting providers (for example, the responses you submitted through Tally).

We do not knowingly collect government identification numbers, payment card numbers, biometric data, precise geolocation data, patient or medical records, or other categories of sensitive personal data through this Site.

4. Please do not submit sensitive information

The Site and its forms are designed to collect only the limited business information described above. Please do not include in free-text fields any information about identifiable patients, clinical records, payment cards, government identifiers, racial or ethnic origin, religion, health, sex life, sexual orientation, biometric or genetic data, or other sensitive or special-category personal data, unless we specifically request it and provide a separate notice and lawful basis for that collection. If you submit such information voluntarily and it is not necessary for the purpose of your request, we may delete it.

5. How we use your information

We use the information we collect for the following purposes:

  • to prepare, generate, and deliver the report, benchmark, or workflow review you requested;
  • to respond to your questions, demo requests, and other inquiries, and to manage our business communications with you;
  • to operate, secure, troubleshoot, and improve the Site and our forms, including detecting and preventing fraud, abuse, and security incidents;
  • to analyze how visitors find, use, and interact with the Site, and to improve our content, copy, and conversion funnel;
  • to measure and optimize the performance of our advertising campaigns, including measuring conversions and reach across advertising platforms;
  • to deliver, target, and personalize advertising on third-party platforms (cross-context behavioral advertising), including retargeting visitors who have interacted with the Site;
  • to build and refine marketing audiences (for example, through hashed-email matching, lookalike audiences, and similar audience-building tools), where lawful;
  • to send product updates, educational content, newsletters, event invitations, and other marketing communications, where you have opted in or where we are otherwise permitted to do so under applicable law;
  • to maintain records of your communications with us, your consent choices, and your unsubscribe history; and
  • to comply with our legal obligations, exercise or defend legal claims, and enforce our terms.

6. Legal bases for processing (GDPR / UK GDPR)

Where the EU General Data Protection Regulation (GDPR) or the UK GDPR applies, we rely on the following legal bases under Article 6:

  • Performance of a contract or pre-contractual steps taken at your request, for preparing and delivering the report or review you requested;
  • Consent, for non-essential cookies and similar technologies that require consent, for cross-context behavioral advertising where consent is required, and for email marketing communications where consent is required by law;
  • Our legitimate interests, for security, fraud prevention, basic analytics, the operation and improvement of the Site, the management of our business records, and (in jurisdictions where this is lawful) for limited B2B marketing to professional contacts;
  • Compliance with a legal obligation to which we are subject.

Where we rely on consent, you may withdraw your consent at any time, without affecting the lawfulness of any processing carried out before the withdrawal. Where we rely on legitimate interests, you have the right to object as described in Section 13.

7. Cookies, pixels, and similar tracking technologies

We and our service providers use cookies, pixels, software development kits, local storage, and similar technologies (collectively, "tracking technologies") on the Site. These technologies allow us to recognize your device, store preferences, measure traffic, deliver advertising, and improve the Site.

We use the following categories of tracking technologies:

  • Strictly necessary technologies are required to provide the Site and the forms you interact with, to remember your privacy choices, to maintain security, and to keep the Site functioning. These cannot be turned off through our cookie controls because the Site cannot operate without them.
  • Analytics technologies help us understand how visitors find and use the Site, which pages and forms perform well, and where users encounter friction. We use Google Analytics 4 for this purpose.
  • Advertising and conversion technologies allow us to measure the performance of our advertising, attribute conversions to the campaigns that generated them, retarget visitors who have shown interest in our offering, and build advertising audiences on third-party platforms. The platforms whose tags and pixels may load on the Site include Google Ads (including Google Ads conversion tags and remarketing tags), Meta (Facebook/Instagram) Pixel, LinkedIn Insight Tag, TikTok Pixel, X (Twitter) Pixel, and Reddit Pixel. The exact set of advertising tags active on the Site may change over time as we adjust our marketing channels.
  • Preference technologies remember your cookie banner choices and other settings.

You can manage non-essential tracking technologies through the cookie banner on the Site, through any in-product privacy controls we offer, and through your browser settings (most browsers allow you to refuse, restrict, or delete cookies). Some browsers and privacy tools also send a Global Privacy Control (GPC) signal; we treat a GPC signal received from your browser as a valid request to opt out of the "sale" or "sharing" of your personal information for residents of U.S. states whose laws recognize that signal, as described in Sections 9 and 14.

Refusing non-essential tracking technologies will not block your basic access to the Site or its forms, except where a specific technology is objectively necessary for a function you have requested.

For details about how each platform processes information collected through its tags and pixels, please review the privacy notices of those platforms directly.

8. How we share your information

We share personal data only with parties that have a legitimate need to receive it. The categories of recipients include:

  • Service providers and processors that help us operate the Site and our business, including:
    • Tally (form hosting and response collection);
    • Notion (internal documentation and workflow);
    • HubSpot (CRM, email delivery, and marketing automation);
    • hosting, infrastructure, security, error-monitoring, and analytics providers;
    • report-generation tooling, including third-party AI and large language model providers used to draft the content of the report you requested.
    These providers act on our documented instructions or under their own privacy terms, depending on the service.
  • Advertising and analytics platforms to which we transmit limited information through their tags and pixels for the purposes described in Section 7. Depending on the platform and configuration, these platforms may act as our service provider, as an independent controller of the information they receive, or as a joint controller with us. This activity may constitute "sharing" or, in some cases, "sale" of personal information under U.S. state privacy laws (see Section 9).
  • Professional advisers, including lawyers, accountants, auditors, and insurers, where reasonably necessary.
  • Public authorities, courts, and law-enforcement agencies, where we are required to disclose information by law or where disclosure is reasonably necessary to investigate, prevent, or take action against illegal activity or to protect our rights, property, or safety, or that of our users or others.
  • Acquirers and successors, in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets.

We do not exchange your personal data for monetary payment.

9. "Sale" and "sharing" of personal information under U.S. state law

The terms "sale" and "sharing" have specific meanings under several U.S. state privacy laws, in particular the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA").

We do not sell personal information for money. However, because the Site uses advertising tags and pixels operated by Google, Meta, LinkedIn, TikTok, X, Reddit, and similar platforms, we share personal information for purposes of cross-context behavioral advertising as that term is used under the CCPA. Depending on how the term "sale" is interpreted under specific U.S. state laws, this activity may also be considered a "sale" or "targeted advertising" under those laws.

The categories of personal information involved in this sharing/sale are:

  • Identifiers (for example, online identifiers, IP address, cookie IDs, advertising IDs, hashed email addresses where used for audience matching);
  • Internet or other electronic network activity information (for example, browsing behavior on the Site, pages visited, interactions with forms and ads);
  • Commercial information (for example, the fact that you expressed interest in our reports or services);
  • Geolocation information (general location only, derived from IP address); and
  • Inferences drawn from the above to create marketing audiences.

The categories of third parties to whom we disclose this information for advertising purposes include digital advertising platforms, advertising networks, social media platforms, and analytics and measurement providers.

You have the right to opt out of this sharing/sale, as described in Section 14. We honor opt-out preference signals (including the Global Privacy Control) for residents of U.S. states whose laws require us to do so.

We do not sell or share the personal information of any consumer we have actual knowledge is under the age of 16 without affirmative authorization, as required by applicable law.

10. International data transfers

We are based in Portugal, and our service providers and infrastructure may be located in other countries, including the United States and other jurisdictions outside the European Economic Area ("EEA") and the United Kingdom.

Where we transfer personal data from the EEA or the United Kingdom to a country that has not received an adequacy decision, we rely on appropriate safeguards recognized by applicable law, which may include:

  • Adequacy decisions of the European Commission or the UK government for the destination country or sector, including the EU-U.S. Data Privacy Framework (and its UK Extension and Swiss Extension) for transfers to U.S. recipients certified under that framework;
  • Standard Contractual Clauses approved by the European Commission (and the UK International Data Transfer Addendum, where relevant), supplemented by a transfer impact assessment and additional technical and organizational measures where appropriate; or
  • another lawful transfer mechanism permitted under Articles 46 to 49 GDPR.

You may request a copy of the safeguards we apply to a specific transfer by contacting us at Info@datadial.io.

11. Data retention

We keep personal data only for as long as is reasonably necessary for the purposes described in this Privacy Policy, and then we delete or de-identify it, unless a longer retention period is required or permitted by law.

As general guidance:

  • Data submitted through report-request and lead-intake forms is retained for the duration of our active business relationship with you and, in any event, for no longer than 24 months after your last meaningful interaction with us, unless we need to retain it longer to comply with the law or to establish, exercise, or defend legal claims.
  • Data used for email marketing is retained until you unsubscribe or withdraw your consent. After that, we keep a minimal suppression record (typically only your email address and the fact that you opted out) so that we can respect your choice on an ongoing basis.
  • Server logs, security logs, and basic analytics records are typically retained for up to 12 months, unless a longer retention period is needed to investigate incidents, comply with the law, or protect our legitimate interests.
  • Records of consent and of privacy-rights requests are retained for the period required by applicable law.

12. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, alteration, or disclosure. These measures include access controls, encryption in transit, vendor due diligence, and security monitoring.

No method of transmitting information over the internet and no storage system can guarantee absolute security. You are responsible for maintaining the confidentiality of any credentials you use and for promptly notifying us if you believe your information has been compromised.

13. Your rights in Europe and the United Kingdom

If you are located in the EEA, the United Kingdom, or Switzerland, and the GDPR or UK GDPR applies to our processing, you have the following rights, subject to the conditions and limitations set out in the law:

  • the right to access the personal data we hold about you and to receive certain information about how we process it;
  • the right to rectification of inaccurate or incomplete personal data;
  • the right to erasure ("right to be forgotten") of your personal data, in defined circumstances;
  • the right to restriction of processing, in defined circumstances;
  • the right to data portability, where the legal basis is consent or contract and the processing is automated;
  • the right to object to processing carried out on the basis of our legitimate interests, including profiling for direct marketing — for direct marketing, this right is absolute;
  • the right to withdraw consent at any time, where we rely on consent, without affecting the lawfulness of processing carried out before the withdrawal; and
  • the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Portuguese data protection authority, Comissão Nacional de Proteção de Dados (CNPD)www.cnpd.pt. You may also complain to the supervisory authority in your country of residence or place of work.

To exercise any of these rights, please contact us at Info@datadial.io. We may need to verify your identity before fulfilling your request, and we will respond within the time limits set out in applicable law (generally one month under the GDPR, extendable by up to two further months for complex requests).

14. Your rights in the United States

This Section describes the privacy rights available to residents of U.S. states whose laws apply to us. The exact rights you have depend on the state in which you reside and on whether we meet the applicability thresholds of that state's law.

14.1 California (CCPA / CPRA)

If you are a California resident, you may have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • the right to know the categories of personal information we have collected, the categories of sources, the business or commercial purposes for collection, the categories of third parties with whom we share that information, and the specific pieces of personal information we have collected about you;
  • the right to delete personal information we have collected from you, subject to applicable exceptions;
  • the right to correct inaccurate personal information we maintain about you;
  • the right to opt out of the sale or sharing of your personal information, including for purposes of cross-context behavioral advertising;
  • the right to limit the use and disclosure of sensitive personal information, where applicable; and
  • the right to be free from retaliation or discrimination for exercising any of these rights.

You may submit a request by emailing us at Info@datadial.io with the subject line "California Privacy Request" and a description of the right you wish to exercise. To opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising, you may also use the "Do Not Sell or Share My Personal Information" link in the Site footer.

We honor the Global Privacy Control (GPC) signal as a valid opt-out request from California residents (and from residents of other U.S. states whose laws recognize that signal). When we detect a GPC signal from your browser, we treat it as an opt-out of sale and sharing for that browser and device.

You may designate an authorized agent to make a request on your behalf, in accordance with California law. We may require the agent to provide proof of authorization and may require you to verify your identity directly.

14.2 Other U.S. states

A growing number of U.S. states — including, as of 2026, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Delaware, Iowa, Montana, New Hampshire, New Jersey, Tennessee, Indiana, Kentucky, Maryland, Minnesota, Nebraska, Rhode Island, and Florida — have enacted comprehensive consumer privacy laws.

If you are a resident of one of these states and that state's law applies to our processing, you may have rights to:

  • confirm whether we process your personal data and access that data;
  • correct inaccurate personal data;
  • delete personal data;
  • obtain a portable copy of your personal data;
  • opt out of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, and (iii) profiling that produces legal or similarly significant effects; and
  • appeal our decision on a privacy request, where required by your state's law.

To exercise these rights, please email us at Info@datadial.io and identify the state in which you reside and the right you wish to exercise. Where required, we will recognize universal opt-out preference signals (including the Global Privacy Control) as valid opt-out requests for residents of states whose laws so require.

We will not discriminate against you for exercising any of these rights.

15. Children's privacy

The Site is intended for business professionals and is not directed to children. We do not knowingly collect personal information from children under the age of 13 (or under age 16 for purposes of opt-in to "sale" or "sharing" of personal information under California law and equivalent provisions of other U.S. state laws). If you believe that a child has submitted personal information to us, please contact us at Info@datadial.io and we will take reasonable steps to delete it.

16. Automated processing

We use software tools, including third-party AI and large language model services, to process the responses you submit through our questionnaires and to draft the content of the report you requested. This automated processing is intended to assist us in producing the advisory output that you requested. It is not used to make decisions that produce legal effects concerning you or that significantly affect you in a similar manner within the meaning of Article 22 GDPR.

17. Third-party links and content

The Site may contain links to third-party websites, services, and resources that we do not own or control. We are not responsible for the privacy practices or content of those third parties, and this Privacy Policy does not apply to them. We encourage you to review the privacy notices of any third-party site you visit.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our product, our operations, our service providers, or applicable law. When we make material changes, we will post the updated Privacy Policy on this page with a new "Last updated" date and, where required by law, take additional steps to notify you (for example, through a notice on the Site or by email). We encourage you to review this Privacy Policy periodically.

19. Contact us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise any of your rights, please contact us:

Admirable Ceremony Unipessoal Lda (operating as DataDial)
NIPC: 516679562
Email: Info@datadial.io
Privacy Policy URL: https://datadial.io/privacy