Privacy Policy

Privacy Policy – Todata Analytics, LLC

Effective date: 25Nov2025

Todata Analytics, LLC (“Todata,” “we,” “us,” or “our”) is dedicated to respecting your privacy and maintaining trust in how we handle your personal data. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and the rights you have in relation to your personal data.

This Policy applies to personal data we process when you visit our websites (including www.todata.com), use our products or services, communicate with us, or otherwise interact with Todata.

1. Personal data we collect

Depending on how you interact with us, we may collect:

  • Personal and business contact information (such as name, job title, company, postal address, email address, and telephone number).

  • Account information (such as username, password, and related account profile information).

  • Location information (such as general location derived from your IP address or other technical data).

  • Usage data (such as information about how you access and use our websites, portals, products, and services, including pages viewed, features used, access times, browser type, and device identifiers).

  • Customer content and data for analytics services (any data, including personal data, that you or your organization provide to us in connection with our analytics consulting services or products).

  • Survey and feedback information (such as information you provide in customer satisfaction surveys, feedback forms, or reviews).

  • Images, audio, and video (such as recordings or photographs from training sessions, webinars, or meetings, and recordings of calls or online meetings where permitted by law and with appropriate notice).

  • Third-party personal data (personal data about other individuals—such as your employees, customers, or collaborators—that you provide to us). If you provide such data, you are responsible for ensuring that you have the authority and appropriate legal basis to share that information with us.

We collect only the personal data necessary to provide and improve our services and to fulfill our legal and contractual obligations. All personal data stored or transmitted by us is protected using industry-standard encryption technologies.

2. How we collect personal data

We collect personal data in several ways, including:

  • When you or your organization engage us to provide analytics consulting or related services.

  • When you create an account, make a purchase, or use our products or web portals.

  • When you register for, attend, or participate in training sessions, demos, events, or webinars.

  • When you complete customer satisfaction or other surveys.

  • When you request product support or otherwise communicate with us.

  • Through cookies and similar technologies when you use our websites or online services.

We may combine information collected from different sources (for example, combining your name with your postal code or usage data). When combined in a way that identifies you, we treat the combined information as personal data.

3. How we use personal data

We use personal data for the following purposes:

  • To provide and operate our services, including delivering analytics and consulting services, hosting and maintaining our platforms, and enabling core functionality.

  • To manage our relationship with you, including responding to inquiries and support requests, communicating about your account or our services, and providing customer service.

  • To send marketing and informational communications you choose to receive, such as newsletters, product updates, event information, and promotional offers. You can opt out of marketing at any time by following the unsubscribe instructions in our emails or contacting us.

  • To improve and develop our products and services, including data analysis, testing, research, and optimization of our services, user experience, and business operations.

  • To manage purchases, payments, refunds, and related accounting, auditing, billing, and collection activities.

  • To maintain security and prevent misuse, including protecting our systems and data, detecting and preventing fraud, security incidents, and other harmful or illegal activity.

  • To comply with legal obligations and respond to lawful requests from public authorities.

  • For any other purpose disclosed to you at the time of collection or with your consent.

We retain personal data only for as long as necessary to fulfill the purposes described above, unless a longer retention period is required or permitted by law.

4. How we share personal data

We may share personal data with:

  • Affiliated entities and partners, for example with an affiliated partner or association at your specific request.

  • Service providers and vendors that perform services on our behalf, such as cloud hosting providers (including Microsoft Azure), analytics providers, customer support tools, and other suppliers who process personal data for us in order to provide services. These providers are contractually required to safeguard personal data and may only use it as instructed by us.

  • Professional advisors, such as lawyers, auditors, and insurers, where necessary for the provision of their professional services.

  • Public authorities or other third parties when required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of Todata, our customers, or others.

  • Other third parties with your consent or at your direction.

We do not sell personal information as “sale” is defined under applicable privacy laws. When sharing personal data with third parties, we limit the data disclosed to what is necessary for the relevant purpose and require recipients to protect it appropriately.

5. International data transfers

Todata is based in the United States and may process personal data in the United States and other countries that may have different data protection laws than your country of residence.

Where we transfer personal data from the European Economic Area (EEA) or the United Kingdom (UK) to countries that have not been deemed to provide an adequate level of protection, we use appropriate safeguards, such as standard contractual clauses approved by the European Commission or the UK government, and implement additional technical and organizational measures where appropriate.

6. Cookies and similar technologies

We use cookies and similar technologies on our websites and portals to:

  • enable core site functionality,

  • remember your preferences,

  • analyze usage and performance, and

  • support security and fraud prevention.

You can control cookies through your browser settings and other tools. If you disable certain cookies, some features of our websites or services may not function properly.

7. Your privacy rights

Depending on your location and applicable law (including the GDPR for EEA and UK residents and certain U.S. state privacy laws), you may have some or all of the following rights regarding your personal data:

  • Right of access – to know whether we process your personal data and to request a copy of that data.

  • Right to rectification – to request that inaccurate or incomplete personal data be corrected.

  • Right to erasure (“right to be forgotten”) – to request that we delete your personal data, subject to certain limitations (for example, where we must retain data to complete a transaction or comply with legal obligations).

  • Right to restriction of processing – to request that we restrict the processing of your personal data under certain circumstances.

  • Right to data portability – to request that we provide your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, transmit it to another controller.

  • Right to object – to object to certain processing of your personal data, including processing based on our legitimate interests and direct marketing.

  • Right to withdraw consent – where processing is based on consent, you may withdraw your consent at any time. This will not affect the lawfulness of any processing before withdrawal, but may impact your ability to use some services.

  • Right to lodge a complaint – you may lodge a complaint with a competent supervisory authority if you believe that our processing of your personal data violates applicable law.

To exercise your rights, please contact us using the details in the “Data Protection Officer,” “EU and UK GDPR representatives,” or “How to contact us” sections below. We may need to verify your identity before responding to your request. Some rights may be subject to limitations under applicable law.

8. Security

We use technical, administrative, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration. These measures include:

  • encrypting personal data in transit and at rest using industry-standard technologies,

  • access controls and role-based permissions,

  • secure disposal of paper and electronic media, and

  • staff training and internal policies on data protection and information security.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security; however, we strive to protect your personal data using commercially reasonable measures.

9. Children’s privacy

Our websites, products, and services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete it.

10. Data Protection Officer

Todata Analytics, LLC has appointed a Data Protection Officer (DPO).

Data Protection Officer (DPO)
Name: Michael Demman
Title: Director, Client Services
Phone: +1 402-871-4971
Email: info@todata.com (please reference “Data Protection Officer” in the subject line)

You may contact our DPO with questions or concerns about this Privacy Policy or our handling of your personal data.

11. EU and UK GDPR representatives

For individuals in the European Union and the United Kingdom, Todata has appointed local representatives in accordance with Article 27 of the GDPR. You may contact these representatives on matters related to the processing of your personal data under the GDPR.

EU – Ireland representative

Company name: Instant EU GDPR Representative Ltd
Contact person: Adam Brogden
Email: contact@gdprlocal.com
Tel: +353 15 549 700

EU Dublin address:
INSTANT EU GDPR REPRESENTATIVE LIMITED
Office 2, 12A Lower Main Street
Lucan, Co. Dublin K78 X5P8
Ireland

EU GDPR reporting link:
https://todataanalyticsllc.gdprlocal.com/eu

UK representative

Company name: GDPRLocal Ltd.
Contact person: Adam Brogden
Email: contact@gdprlocal.com
Tel: +44 1772 217 800

UK address:
GDPRLocal Ltd.
1st Floor Front Suite, 27–29 North Street
Brighton, England BN1 1EB
United Kingdom

UK GDPR reporting link:
https://todataanalyticsllc.gdprlocal.com/uk

12. How to contact us

If you have any questions about this Privacy Policy, our data practices, or if you would like to exercise any of the rights described above, you can contact us at:

Todata Analytics, LLC
3555 Farnam Street, Suite 303
Omaha, NE 68131
United States

Email: info@todata.com

You may also contact our Data Protection Officer or, if you are located in the EU or UK, our respective GDPR representative using the contact information above.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will update the “Effective date” at the top of this page and, where required, provide additional notice (such as by posting a notice on our website or by sending you a notification).

Your continued use of our websites, products, or services after any changes become effective signifies your understanding of and agreement to the updated Privacy Policy.