top of page

Legal Notice

(Last Updated January 1, 2021)



This page explains what GDPR means for you and the steps that have been taken to ensure the protection of your privacy.


The EU General Data Protection Regulation (GDPR) has come into effect on May 25, 2018 and places new obligations on organizations based in the EEA or which hold or process personally identifiable information (PII) about EU residents.


Commitment to Data Security


Personal data collected by Rutteman and are processed in accordance with the law on the legal protection of personal data and other legal acts. All partners of Rutteman and who keep personal data must keep it safe even after termination of the service or contractual relationship. All personal data collected from this site complies with the principles of the EU GDPR Data Protection Act 1998 and May 25, 2018. By accessing this site you agree to the terms and condition of use and our privacy policy and consent to the collection, processing, use or transfer of data as set out in this policy.


Article 32 of the GDPR requires that controllers and processors have adequate levels of security in place for ensuring the confidentiality, integrity, availability – and more, of processing and other related activities.

Specifically, Article 32 requires Rutteman and to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the following as deemed appropriate:


  • The pseudonymisation and encryption of personal data.

  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

The commitment of Rutteman and to confidentiality, integrity, and availability – known as the CIA triad of information security, consists of the following initiatives:


  • Robust set of internal controls relating to the storing, processing and/or transmission of personal data for EU data subjects.

  • Comprehensive information security and operational policies, procedures, and processes relating to all core InfoSec domains,


  • Access Control

  • Anti-Virus and Anti-Malware

  • Data and Information Classification

  • Data Backup and Recovery

  • Database Policy

  • Firewall Policy

  • Internet Usage Policy

  • Remote Access Policy

  • Security Management

  • Software Development Life Cycle

  • Web Server Security Policy

  • Workstation Security


  • Annual security awareness training for all employees.

  • Annual risk assessment initiatives for assessing relevant risks to the organization and taking necessary action for reducing risk exposure.

  • Monitoring, as necessary, of all relevant third-party providers with which Rutteman and has a business relationship in terms of storing, processing, and/or transmitting personal data for EU residents.




Your Rights as a Data Subject


If Rutteman and is storing, processing, and/or transmitting personal data for EU data subjects, then you must be made aware of the following rights and privileges under the General Data Protection Regulation (GDPR):


  • Right of Access: The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

  • Right to Rectification: The data subject shall have the right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • Right to Erasure (“Right to be Forgotten): The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay and the data controller shall have the obligation to erase personal data without undue delay when various grounds apply, however when a user violates any of our terms and conditions or privacy policy or perhaps shares our material without permission, such a user will have no right to this clause, for they have waived such a right to us.

  • Right to Restriction of Processing: The data subject shall have the right to obtain from the data controller a restriction of processing when various grounds apply.

  • Right to Data Portability: The data subject shall have the right to receive the personal data concerning him or her within a time frame to be decided by the data controller, which he or she has provided to a data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided.

  • Right to Object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her. The data controller shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.





GDPR Data Protection Scope


The General Data Protection Regulation (GDPR) was enacted by the European Union to deepen and harmonize personal data protection regulations. Now in effect as of May 25, 2018, it is a comprehensive and clear set of guidelines that acknowledges that different “flavors” of personal data require different levels of protection.

GDPR applies to all businesses irrespective of the region or jurisdiction, no matter where they are based, who collect and process personal data on EU residents. Non-EU companies have to appoint a GDPR representative and will be liable for all fines and sanctions.

Some of the key requirements of the GDPR are:


  • Consent: Organizations must get consent to collect personal data, with the level of consent varying according to the type of personal data being collected.

  • Data minimization: Responding to years of gratuitous collection of personal data by apps, with no clear purpose in mind, the GDPR stipulates that organizations can only collect personal data that is clearly related to a well-defined business objective. If an organization gathers personal data for one purpose but then decides it wants to use it for another purposes (such as consumer profiling), that could be considered non-compliance.

  • Individual rights: Another key feature of the GDPR is the very clear rights that it gives data subjects (i.e., the individuals whose personal data is being collected) to understand why their data is being collected and how it is being processed. They have the right to object, to correct—and they have the right to be erased/forgotten. They also have the right to be notified (individually) if their personal data has been breached in a way that could endanger their freedoms and rights.



Rutteman and complies with the applicable legislation, regulations, statutes or orders which may apply from time to time relating to the collection, storage and use of Personal Information including (without limitation) the Privacy Act 1988(Cth), the Data Protection Act 1998, the European Union General Data Protection Regulation May 25, 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Data Protection (Processing of Sensitive Personal Data) Order 2000 and comparable laws, as the case may be in the applicable jurisdiction, or any amendments and/or re-enactments thereof. 


How we are compliant with the EU GDPR regulation


This is a notice to inform you of Rutteman and policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.


  1. If there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.

  2. Rutteman and take the protection of your privacy and confidentiality seriously. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.

  3. Rutteman and undertake to preserve the confidentiality of all information you provide to us.

  4. Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.


The operations of Rutteman and are in accordance with the European Union's General Data Protection Regulation (GDPR), effective May 25, 2018.


GDPR Scope


Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which became enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.


Privacy Policy


We have updated our privacy policy to ensure it complies with our obligations under the EU GDPR Regulation. You can learn more regarding our collection and use of your personal information on our privacy policy page.


Data Security Policy


Rutteman and have always been committed to ensuring we maintain’ data as securely as possible. Details of our Data Security Policy consistent with our obligations under the GDPR is available on our website terms and condition page.



If you wish to submit a data request under the GDPR, or have any additional queries, please contact

bottom of page