Skip to main content
Trust Center · Data Privacy

Data privacy with clear purpose and control

Rudrriv handles personal data through clear roles, limited use, appropriate safeguards and practical support for customer and individual privacy requirements.

Purpose-limited processing Rights request support Contract-based accountability
Clear purpose
Minimum data
Individual rights
Retention control
Accountable processing
Direct answer

How Rudrriv approaches data privacy

Personal data should be used only for a clear and authorised purpose, accessed only by people who need it and retained only for as long as there is a valid reason.

Privacy requirements are considered across website operations, customer delivery, supplier use and internal administration. The exact controls depend on Rudrriv’s legal role, the service, data sensitivity, customer instructions, system architecture and applicable jurisdiction.

Privacy principles

Practical principles for responsible personal-data handling

These principles guide service design and delivery. Specific legal obligations are assessed according to the people, data, purpose and jurisdictions involved.

Clear purpose and notice

Personal data should be collected and used for specific, understandable and legitimate business or service purposes.

Data minimisation

Rudrriv aims to request, access and retain only the personal data reasonably needed for an approved activity.

Choice and individual rights

Privacy requests are assessed and supported according to the applicable law, verified identity and Rudrriv’s role in the processing.

Protected handling

Access controls, confidentiality requirements and security practices support appropriate protection throughout the data lifecycle.

Retention discipline

Personal data should not be kept indefinitely. Retention is based on purpose, contract, legal duties and documented business need.

Accountability

Privacy responsibilities, decisions, vendors and material risks should be documented and reviewed as services and laws change.

Role clarity

Our privacy role depends on why and how data is processed

Labels vary by law, but the practical question is consistent: who decides the purpose and essential means of processing?

Rudrriv determines the purpose

Controller or data fiduciary activities

Rudrriv may determine the purpose and means for activities such as:

  • Operating and securing the Rudrriv website.
  • Managing business contacts, proposals and customer relationships.
  • Billing, accounting, legal compliance and business administration.
  • Responding to enquiries, preferences and legitimate security concerns.
Customer determines the purpose

Processor or service-provider activities

Rudrriv may process data for a customer when:

  • The customer selects the systems, data and business objective.
  • Rudrriv accesses personal data to deliver agreed services.
  • Processing is governed by documented instructions and data terms.
  • The customer remains responsible for notices, authority and end-user decisions.
Contract controls the engagement. Role allocation, instructions, permitted use, security, subprocessors, assistance, transfers and deletion should be recorded in the applicable agreement or Data Processing Agreement.
Data lifecycle

Privacy considered from collection through deletion

Controls should follow personal data throughout the service, not appear only at the point of collection.

Define

Identify the legitimate purpose, role, data categories, people affected and applicable requirements.

Collect

Use clear notices and obtain only the information reasonably needed for the approved purpose.

Use

Restrict access, sharing and reuse to authorised activity and documented instructions.

Review

Check accuracy, continued need, vendor access, new uses and privacy-risk changes.

Close

Return, delete, anonymise or restrict information when purpose and retention needs end.

Control areas

Privacy controls across people, process and technology

The controls used for a specific engagement are proportionate to the service, Rudrriv’s role, data sensitivity, platform capability and agreed obligations.

Privacy governance

  • Defined ownership and escalation
  • Policies and contractual controls
  • Risk-based review of processing
  • Periodic improvement of practices

Data and purpose awareness

  • Identify relevant data categories
  • Document intended purposes
  • Understand systems and recipients
  • Review material changes in use

Collection and minimisation

  • Request only necessary information
  • Avoid excessive permissions
  • Use lower-risk data where practical
  • Limit copies and uncontrolled exports

Access and confidentiality

  • Purpose-limited authorised access
  • Least-privilege permissions
  • Confidentiality expectations
  • Timely access removal

Privacy by design

  • Consider privacy during planning
  • Assess high-risk or new uses
  • Build appropriate defaults
  • Record decisions and safeguards

Individual rights support

  • Request intake and routing
  • Identity and authority checks
  • Search and response coordination
  • Lawful limitations and recordkeeping

Retention and disposal

  • Purpose-based retention periods
  • Legal and contractual holds
  • Deletion or return processes
  • Access removal at engagement close

Supplier and subprocessor controls

  • Business-need assessment
  • Data protection terms
  • Access and use restrictions
  • Review of material dependencies

International transfers

  • Identify transfer locations
  • Use recognised safeguards where required
  • Assess contractual and technical measures
  • Respond to lawful access considerations

Security and breach coordination

  • Appropriate technical and organisational controls
  • Issue escalation and investigation
  • Evidence-based impact assessment
  • Notification based on role and legal duty

Cookies and communications

  • Clear notices for relevant technologies
  • Consent choices where required
  • Preference and unsubscribe support
  • Purpose-limited analytics and outreach

Workforce awareness

  • Privacy and confidentiality guidance
  • Role-appropriate training
  • Secure collaboration expectations
  • Prompt reporting of suspected issues
Individual rights

A clear route for privacy requests

Rights vary by jurisdiction and are subject to identity, legal exceptions and Rudrriv’s role.

When Rudrriv processes personal data only on behalf of a customer, the customer normally controls the response. Rudrriv will support reasonable and contractually required assistance.

Submit a privacy request

Access or confirmation

Ask whether relevant personal data is being processed and request available information or a copy where the law provides.

Correction or update

Request correction of inaccurate information or completion of information that is materially incomplete.

Deletion

Request deletion where a legal right applies and no overriding retention requirement prevents it.

Restriction or objection

Ask to limit or object to certain processing where supported by applicable law and the relevant circumstances.

Portability

Request eligible data in a structured form where the applicable law provides a portability right.

Withdraw, appeal or complain

Withdraw consent where processing relies on consent, appeal an eligible decision, or contact the relevant supervisory authority.

Step 1

Send the request

Describe the right, relevant account or relationship and the information involved.

Step 2

Verify and route

Rudrriv may verify identity, authority, jurisdiction and whether a customer controls the data.

Step 3

Assess and search

Applicable systems, records, exceptions and third-party dependencies are reviewed.

Step 4

Respond securely

The outcome is communicated through an appropriate channel within the applicable timeframe.

Global services

International data transfers require an identified basis and safeguards

Data location depends on the customer architecture, approved providers and where authorised personnel access the service.

Transfer planning may include

  • Mapping countries of storage, remote access and onward transfer.
  • Determining which party selects and controls each provider.
  • Using adequacy, contractual clauses or another available mechanism where required.
  • Assessing supplementary security and organisational measures.

Customer engagement details matter

  • Customer-selected cloud and business platforms may determine primary locations.
  • Transfer obligations depend on the origin, destination and applicable law.
  • Formal mechanisms must be incorporated into the relevant agreement when required.
  • Changes in providers or locations should follow agreed notification or approval processes.
No universal transfer mechanism applies to every service. The correct approach must be selected for the actual data flow, parties and jurisdictions.
Global references

Practices informed by recognised privacy standards and laws

Rudrriv uses established references to structure privacy discussions, evaluate risk and define appropriate customer requirements.

Privacy management reference

ISO/IEC 27701:2025

Provides requirements and guidance for a privacy information management system and accountability for PII controllers and processors.

Privacy-risk reference

NIST Privacy Framework

Supports risk-based management of privacy outcomes across governance, data processing, communication and protection activities.

Global legal benchmark

GDPR and UK GDPR principles

Inform practices around lawfulness, fairness, transparency, purpose limitation, minimisation, accuracy, retention, security and accountability.

India legal framework

India DPDP Act and Rules

Inform lawful digital personal data processing, notices, consent, rights, security safeguards, breach response and organisational accountability where applicable.

Clear assurance statement: A framework or law is applied only where relevant to the specific activity. Referencing it here does not by itself represent certification, universal compliance, legal advice or regulatory approval.
Customer assurance

Privacy documentation for procurement and contracting

Customers can request reasonable information needed to understand data processing, allocate responsibilities and complete privacy due diligence.

Information that may be available

  • Service-specific data categories, purposes and role allocation.
  • Relevant systems, locations, recipients and provider information.
  • Data Processing Agreement and transfer terms where applicable.
  • Privacy and security questionnaire responses.
  • Retention, deletion, request-support and incident-coordination terms.

Need privacy information for your review?

Send the service scope, jurisdictions, required deadline and questionnaire or contract requirements.

Contact support@rudrriv.com
Privacy questions

Frequently asked questions

These answers provide a general Trust Center overview. Service-specific rights and commitments are defined by applicable law and signed agreements.

What personal data may Rudrriv process?
The categories depend on the interaction and service. They may include business contact details, website and device information, account or project information, communications, billing records and personal data contained in customer-provided systems or materials. The applicable privacy notice, contract and service scope provide the relevant detail.
Is Rudrriv a controller or a processor?
Rudrriv may act as a controller or data fiduciary for its own website, business administration, security and relationship management. For many customer engagements, Rudrriv may act as a processor or service provider when handling personal data on documented customer instructions. The contract and actual processing activity determine the role.
Does Rudrriv offer a Data Processing Agreement?
A Data Processing Agreement can be used where Rudrriv processes personal data on behalf of a customer and data protection terms are required. The agreement should describe the subject matter, duration, data categories, instructions, security expectations, subprocessors, assistance and return or deletion requirements.
How can an individual submit a privacy request?
Email support@rudrriv.com with the subject “Privacy Request” and describe the request and relevant relationship with Rudrriv. Additional information may be requested to verify identity, authority and the records involved. When Rudrriv acts only as a processor, the request may be referred to or coordinated with the responsible customer.
How long does Rudrriv retain personal data?
Retention depends on the purpose, service duration, customer instructions, legal or accounting duties, dispute needs, security requirements and technical limitations. Data should be deleted, returned, anonymised or access-restricted when it is no longer reasonably required, subject to lawful retention obligations.
Does Rudrriv transfer personal data internationally?
International access or storage may occur depending on the service architecture, customer-selected platforms and approved providers. Where transfer rules apply, the relevant parties should use an available legal mechanism and any necessary contractual, organisational or technical safeguards.
Does Rudrriv use subprocessors or service providers?
Rudrriv may use suitable technology, hosting, communication, analytics, payment or professional-service providers where needed. Their role and access depend on the service. Material customer-data processing arrangements should be addressed through the applicable contract or Data Processing Agreement.
How does Rudrriv address personal data breaches?
Suspected incidents should be escalated, assessed, contained and investigated. Notification decisions are based on Rudrriv’s role, verified facts, risk to individuals, customer instructions, contractual terms and applicable law. Customers should provide current incident contacts and cooperate with time-sensitive assessments.
How are cookies and marketing preferences handled?
The website should provide clear information about relevant cookies and similar technologies. Consent or preference controls should be used where required. Marketing recipients can use the unsubscribe method in the communication or contact support@rudrriv.com to update preferences.
Does this page mean Rudrriv is privacy certified?
No. This page describes Rudrriv’s privacy approach and recognised references. It does not represent certification, regulatory approval or independent attestation unless Rudrriv separately publishes current supporting evidence.
Does Rudrriv intentionally collect children’s data?
Rudrriv’s business services are not intended to solicit personal data directly from children. If a customer engagement may involve children’s data or another protected category, the customer should disclose that requirement before processing so appropriate legal, contractual and technical safeguards can be assessed.
Can customers complete a privacy due-diligence review?
Yes. Customers may send reasonable privacy questionnaires, data-flow questions or contract requirements to support@rudrriv.com. Responses and evidence depend on service scope, confidentiality, third-party restrictions and the commitments included in signed agreements.

Last reviewed: July 2026

Define privacy requirements before processing begins

Share your service scope, data categories, jurisdictions, retention expectations and review process so roles and safeguards can be documented early.

Start a privacy discussion