Legal & Privacy Center
GDPR Compliance Statement
Last Updated: 9 November 2025
Datadini Ltd is fully committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
1. Legal Basis for Processing
We process personal data under the following lawful bases:
| Purpose | Legal Basis |
|---|---|
| Account management | Contractual necessity |
| Service delivery | Contractual necessity |
| Marketing communications | Consent (opt-in) |
| Legal compliance | Legal obligation |
| Analytics | Legitimate interest |
| Security & fraud prevention | Legitimate interest |
2. Data Protection Principles
We adhere to the six GDPR principles:
Lawfulness, Fairness & Transparency
- We process data lawfully and transparently
- We clearly communicate how data is used
- We obtain consent where required
Purpose Limitation
- Data is collected for specific, explicit purposes
- We do not use data for incompatible purposes
Data Minimization
- We only collect data that is necessary
- No excessive or irrelevant data is gathered
Accuracy
- We maintain accurate and up-to-date records
- You can request corrections at any time
Storage Limitation
- Data is retained only as long as necessary
- Clear retention periods are defined
Integrity & Confidentiality
- Appropriate security measures protect your data
- We prevent unauthorized access or data breaches
3. Your Data Rights
Under GDPR, you have the following rights:
Right to Access (Article 15)
Request a copy of all personal data we hold about you.
Right to Rectification (Article 16)
Correct inaccurate or incomplete personal data.
Right to Erasure (Article 17)
Request deletion of your data ("right to be forgotten").
Right to Restrict Processing (Article 18)
Limit how we use your personal data.
Right to Data Portability (Article 20)
Receive your data in a machine-readable format.
Right to Object (Article 21)
Object to processing based on legitimate interests.
Rights Related to Automated Decision-Making (Article 22)
Request human review of automated decisions.
How to Exercise Your Rights: You can exercise your rights using our Data Rights Request Form or by contacting privacy@datadini.com.
4. Data Processing Activities
Authentication & Account Management
- Processor: Kinde.com (GDPR compliant)
- Data: Email, name, authentication tokens
- Location: EU/UK data centers
Payment Processing
- Processor: Stripe (GDPR compliant)
- Data: Payment information, transaction history
- Location: Secure, encrypted storage
Analytics
- Processor: PostHog (GDPR compliant)
- Data: Anonymized usage data
- Location: EU data centers
Form Submissions
- Processor: Datadini Ltd (Data Controller)
- Data: Contact information, request details
- Location: UK servers
Public Business Data Collection (Dinibot)
- Processor: Datadini Ltd (Dinibot automated crawler)
- Data: Publicly available UK business information such as business emails, phone numbers, company URLs, social media profiles, and publicly listed company numbers where displayed
- Legal Basis: Legitimate interests (business intelligence and fraud prevention)
- Rights: Businesses may opt-out or request removal at any time
- Ethical Standards: We respect robots.txt and do not access private or pay-walled content
5. International Data Transfers
When data is transferred outside the UK/EU, we ensure:
- Adequate protection mechanisms (Standard Contractual Clauses)
- Recipient countries provide adequate protection
- GDPR Chapter V compliance
We process publicly available business data under the legitimate interests basis. A Legitimate Interests Assessment (LIA) has been completed and is available upon request.
6. Data Security Measures
We implement technical and organizational measures:
- Encryption: TLS/SSL for data in transit, encryption at rest
- Access Control: Role-based access, multi-factor authentication
- Monitoring: Continuous security monitoring and logging
- Auditing: Regular security audits and penetration testing
- Staff Training: Data protection training for all staff
7. Data Breach Notification
In the event of a data breach:
- If a personal data breach occurs and poses a risk to individuals, we will notify the ICO within 72 hours
- Affected individuals will be informed without undue delay
- We will document all breaches and remedial actions
Report a Breach: privacy@datadini.com
8. Data Protection Lead
Our Data Protection Lead oversees GDPR compliance:
Contact our Data Protection Lead:
Email: privacy@datadini.com
Role: Oversight of data protection strategy and compliance
9. Data Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Active account + 30 days | Service provision |
| Payment records | 6 years | Legal/tax compliance |
| Form submissions | 6 years | Legal compliance |
| Analytics data | 24 months | Service improvement |
| Security logs | 12 months | Security monitoring |
| Opt-out requests | Indefinite | Ensure ongoing exclusion from automated crawling activities |
10. Third-Party Processors
All third-party processors are:
- GDPR compliant
- Bound by Data Processing Agreements (DPAs)
- Subject to regular compliance audits
- Certified under recognized frameworks (SOC 2, ISO 27001)
Current Processors:
- Kinde.com (Authentication)
- Stripe (Payments)
- PostHog (Analytics)
11. Children's Data
- We do not knowingly process data of individuals under 16
- We do not target services at children
- Parents/guardians can request deletion of children's data
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
13. Cookies & Tracking
See our Privacy Policy for detailed cookie information. You can:
- Manage cookies via browser settings
- Opt out of analytics tracking
- Use "Do Not Track" signals
14. Updates to This Statement
We review and update this statement annually or when:
- Legal requirements change
- Our processing activities change
- Best practices evolve
Material changes will be communicated via email and website notices.
15. Supervisory Authority
You have the right to lodge a complaint with:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
16. Contact Us
For GDPR-related inquiries:
Email: privacy@datadini.com
Subject Line: GDPR Inquiry
Response Time: Within 30 days
Datadini Ltd
United Kingdom
We are committed to protecting your privacy and ensuring GDPR compliance at every level of our organization.