Clear purpose and notice
Personal data should be collected and used for specific, understandable and legitimate business or service purposes.
Rudrriv handles personal data through clear roles, limited use, appropriate safeguards and practical support for customer and individual privacy requirements.
Personal data should be used only for a clear and authorised purpose, accessed only by people who need it and retained only for as long as there is a valid reason.
Privacy requirements are considered across website operations, customer delivery, supplier use and internal administration. The exact controls depend on Rudrriv’s legal role, the service, data sensitivity, customer instructions, system architecture and applicable jurisdiction.
These principles guide service design and delivery. Specific legal obligations are assessed according to the people, data, purpose and jurisdictions involved.
Personal data should be collected and used for specific, understandable and legitimate business or service purposes.
Rudrriv aims to request, access and retain only the personal data reasonably needed for an approved activity.
Privacy requests are assessed and supported according to the applicable law, verified identity and Rudrriv’s role in the processing.
Access controls, confidentiality requirements and security practices support appropriate protection throughout the data lifecycle.
Personal data should not be kept indefinitely. Retention is based on purpose, contract, legal duties and documented business need.
Privacy responsibilities, decisions, vendors and material risks should be documented and reviewed as services and laws change.
Labels vary by law, but the practical question is consistent: who decides the purpose and essential means of processing?
Rudrriv may determine the purpose and means for activities such as:
Rudrriv may process data for a customer when:
Controls should follow personal data throughout the service, not appear only at the point of collection.
Identify the legitimate purpose, role, data categories, people affected and applicable requirements.
Use clear notices and obtain only the information reasonably needed for the approved purpose.
Restrict access, sharing and reuse to authorised activity and documented instructions.
Check accuracy, continued need, vendor access, new uses and privacy-risk changes.
Return, delete, anonymise or restrict information when purpose and retention needs end.
The controls used for a specific engagement are proportionate to the service, Rudrriv’s role, data sensitivity, platform capability and agreed obligations.
Rights vary by jurisdiction and are subject to identity, legal exceptions and Rudrriv’s role.
When Rudrriv processes personal data only on behalf of a customer, the customer normally controls the response. Rudrriv will support reasonable and contractually required assistance.
Submit a privacy requestAsk whether relevant personal data is being processed and request available information or a copy where the law provides.
Request correction of inaccurate information or completion of information that is materially incomplete.
Request deletion where a legal right applies and no overriding retention requirement prevents it.
Ask to limit or object to certain processing where supported by applicable law and the relevant circumstances.
Request eligible data in a structured form where the applicable law provides a portability right.
Withdraw consent where processing relies on consent, appeal an eligible decision, or contact the relevant supervisory authority.
Describe the right, relevant account or relationship and the information involved.
Rudrriv may verify identity, authority, jurisdiction and whether a customer controls the data.
Applicable systems, records, exceptions and third-party dependencies are reviewed.
The outcome is communicated through an appropriate channel within the applicable timeframe.
Data location depends on the customer architecture, approved providers and where authorised personnel access the service.
Rudrriv uses established references to structure privacy discussions, evaluate risk and define appropriate customer requirements.
Provides requirements and guidance for a privacy information management system and accountability for PII controllers and processors.
Supports risk-based management of privacy outcomes across governance, data processing, communication and protection activities.
Inform practices around lawfulness, fairness, transparency, purpose limitation, minimisation, accuracy, retention, security and accountability.
Inform lawful digital personal data processing, notices, consent, rights, security safeguards, breach response and organisational accountability where applicable.
Customers can request reasonable information needed to understand data processing, allocate responsibilities and complete privacy due diligence.
Review the documents relevant to your interaction or proposed service.
Send the service scope, jurisdictions, required deadline and questionnaire or contract requirements.
These answers provide a general Trust Center overview. Service-specific rights and commitments are defined by applicable law and signed agreements.
Last reviewed: July 2026
Share your service scope, data categories, jurisdictions, retention expectations and review process so roles and safeguards can be documented early.