Case Studies Book Briefing
Legal

Privacy Notice

How RapidData collects, uses, and protects personal data — written for clients, candidates, partners, and visitors to this site.

Last updated: 29 April 2026

1. Who we are

RapidData ("RapidData", "we", "us") is a global digital transformation, AI and Mendix Premier partner with offices in India, the UAE, Saudi Arabia, Bahrain, Singapore, the United Kingdom, and the United States. RapidData acts as a data controller for information we collect directly (e.g. enquiries, recruitment, marketing) and as a data processor for client information we handle in the course of delivering services.

2. What data we collect

We may collect the following categories of personal data:

  • Contact details — name, work email, employer, role, country, phone (when you submit an enquiry, attend an event, or subscribe to our briefing).
  • Technical data — IP address, browser type, device type, referring URL, and pages viewed (collected through cookies and server logs).
  • Recruitment data — CV, education, employment history, and the right-to-work documentation required by the jurisdiction you are applying in.
  • Engagement data — meeting notes, contract metadata, billing details, and project artefacts created during a client engagement.
  • Marketing preferences — whether you have opted in to our quarterly executive briefing and any topical preferences you have indicated.

3. Why we use it (lawful bases)

Depending on the jurisdiction you reside in, the lawful bases for processing include:

  • Performance of a contract — to deliver the services you, your employer, or your government department have engaged us to deliver.
  • Legitimate interests — to operate, secure, and improve our website and to respond to enquiries from prospective clients and partners.
  • Consent — for marketing communications and any non-essential cookies (you may withdraw consent at any time).
  • Legal obligation — to comply with tax, employment, anti-money-laundering, sanctions screening, and other regulatory requirements.

4. Who we share data with

We share personal data only when necessary, with categories that include:

  • Vetted technology partners (e.g. CRM, marketing automation, e-signature, identity providers) under data-processing agreements.
  • Cloud and hosting providers (AWS, Microsoft Azure, Google Cloud, Oracle Cloud) configured to keep data in the residency you contracted for.
  • Auditors, advisors, and regulators when we are legally compelled to disclose.
  • A successor entity in the event of a corporate transaction, with continuity of these protections.

5. International transfers

RapidData operates across multiple jurisdictions. Where personal data is transferred outside its country of origin, we rely on appropriate safeguards including the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, ADGM and DIFC equivalents, and any explicit jurisdictional approvals required by your local regulator (e.g. UAE PDPL, KSA PDPL, India DPDP).

6. How long we keep it

We retain personal data only for as long as is necessary for the purpose it was collected. Indicative retention windows:

  • Enquiry and marketing records — 24 months from last engagement, then deleted or anonymised.
  • Recruitment data — 12 months for unsuccessful candidates; for successful hires, retained for the duration of employment plus the statutory period required by local law.
  • Engagement records — for the term of the contract plus the period required by tax, accounting, and audit obligations (typically 7 years).
  • Server logs — 90 days, except for security-incident logs which may be retained longer under documented legal hold.

7. Your rights

Subject to local law, you have the right to:

  • Access the personal data we hold about you and obtain a copy in a portable format.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of personal data ("right to be forgotten") where there is no overriding lawful basis to retain it.
  • Object to or restrict processing for marketing or where we rely on legitimate interests.
  • Withdraw consent for marketing communications at any time, with no detriment to services.
  • Lodge a complaint with your local data protection authority if you are not satisfied with our response.

8. Security

RapidData operates a defence-in-depth security programme: ISO 27001 certified, SOC 2 Type II audited, and aligned with the NIST Cybersecurity Framework. Controls include least-privilege access, end-to-end encryption in transit and at rest, key rotation, continuous vulnerability scanning, and a 24×7 security operations centre.

9. Changes to this notice

We may update this notice from time to time. Material changes will be highlighted on this page and, where appropriate, communicated by email to subscribers. The "last updated" date at the top of this page reflects the most recent revision.

Contact us

If you have questions about this notice or wish to exercise any of the rights described above, please write to our Data Protection Office at privacy@rapiddata.com or by post to:

RapidData India HQ
Tecci Park – 1st Floor, Rajeev Gandhi Salai, Elcot SEZ, Karapakkam, Chennai – 600119
044-48041411 / +91 96297 02455
Talk to a partner

Questions about this policy?

A senior RapidData partner will respond within one business day.

Contact us