Privacy and GDPR Policies

Rosslyn's Privacy Policy is simple and straightforward

We respect your privacy, and we are committed to protecting it. We protect the confidentiality and security of your company’s information by placing you, our Client, in control of the process by allowing you to consent to non-aggregate information sharing before it occurs as described in this Privacy Policy. RDT is committed to these four Privacy Principles.

Principle One

We limit how, and with whom, we share your company’s information based on your choice. RDT will only share your company’s information with others:

  • at your request;
  • to process or service a transaction or product authorized or requested by you;
  • when required by law to disclose such information to appropriate authorities;
  • to companies that assist us in marketing our products and services;

Principle Two

We collect only the information necessary to deliver the products and services you request. RDT collects only the company’s information necessary to serve your data analytics needs, to protect against fraud, and to fulfil legal and regulatory requirements. We collect the following:

  • Information we receive from you: from our website, your service, and any other information you subsequently provide to us orally, in writing or through the Internet;
  • Information about your transactions and communications with us;
  • Information from public records accessed in the ordinary course of business

Principle Three

We establish safeguards to ensure the security and confidentiality of your information.

RDT restricts access to your company’s information to our employees who need it to do their job. Employees with access to your information are required to strictly maintain the confidentiality of all Client information.

RDT maintains physical, electronic and procedural safeguards that comply with Industry standards to protect your company’s information. We routinely test our information systems and website to ensure that unauthorized access does not occur.

Principle Four

We maintain your privacy even after you cease to be our Client.

If your organisation decides to close or cancel your account or you become an inactive Client, RDT will continue to follow this privacy policy with respect to the information we have in our possession about you and your organisation.

Changes to this Privacy Policy. This privacy policy may be modified from time to time to comply with applicable laws or to conform to our current business practices, without prior notice to you. We will post any changes to this on our web site and notify you. We encourage you to revisit the Privacy Statement that is posted on our website from time to time to check for updates.

Additional Information

Security Statement

We take every reasonable precaution to protect your information. When you submit information to us through our website, your information is protected both on-line and off-line. All data transferred from / to the RDT internal network, from / to an external entity, is encrypted to industry standards (256 bit encryption). Please keep in mind that messages you send to us by e-mail may not be secure.

We maintain appropriate physical, electronic and procedural safeguards to ensure the security, integrity and privacy of your personal information within our company. Only those employees who require your organisation’s information to perform a specific job are granted access to your organisation’s identifiable information. Furthermore, all employees are kept up-to-date on our security and privacy practices.

Our Use of Internet Browser Cookies

RDT may use internet browser “cookies”. A cookie is a small line of text that is stored by your browser on your computer. Our cookies do not contain any personally identifiable information. We use them to measure visits and improve content and navigation on our website.

We and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies together to inform, optimise, and serve ads based on someone's past visits to your website. We adhere to Google’s policies about interest-based advertising and sensitive categories when doing so.

Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Preferences Manager. Some features of RDT’s website and service, such as personalisation and account information, require that cookies be turned on. If you wish, you can turn on your browser cookie preference when using these features, and then turn them off when you visit other websites.

RDT’s use of cookies will not affect our policy of not disclosing any of your personal information without your consent.

By using our website and / or our data analytics services, you consent to the collection and use of information as set forth in this Privacy Policy.

RDT’S Commitment to GDPR

We are committed to providing our Data Analytics solutions to our Clients in compliance with applicable laws and regulations in general and data privacy laws such as the EU General Data Protection Regulation (GDPR) in particular.

We seek to partner with our Clients and their users to help them understand how we achieve data privacy compliance as processor and how the RAPid platform enables our Clients to achieve data privacy compliance as controller.

GDPR and what it means for you

Effective as of May 25, 2018 the GDPR will replace the currently applicable EU Data Protection Directive. Unlike the Data Protection Directive, the GDPR will have direct effect in all EU member states without any need for local implementing legislation and it will override existing national privacy laws.

Besides strengthening and standardizing user data privacy across the EU nations, the GDPR will require new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations themselves are located.

Whenever the Data Protection Directive or the GDPR applies to our Clients they are deemed the controller of the personal data included on the RAPid Platform and RDT is deemed the processor. As such, both RDT and our Client have to comply with their respective obligations under the Data Protection Directive and the GDPR accordingly. One side of these obligations relates to the controller-processor relationship, while the other side relates to the controller obligations vis-à-vis the data subject, typically the user of the RAPid Platform (i.e. employees, contractors and partners of our Clients).

We expect our Clients and their users to comply with all applicable laws and regulation in connection with the use of the RAPid Platform, in particular making sure, that our Clients have all rights and consents necessary to allow RDT to use and process such data.

As a service provider, RDT is committed to supporting our Clients in their compliance activities, including as outlined in GDPR Chapter III (Rights of the data subject), most notably the rights of access and rectification (Art. 15 + 16 GDPR), right to erasure or ‘right to be forgotten’ (Art. 17 GDPR), right to data portability (Art. 20 GDPR), and right not to be subject to automated decision-making, including profiling (Art. 22 GDPR).

Preparing for GDPR

Data privacy is at the heart of RDT’s operating model. Our existing RDT compliance program is comprehensive and based on globally accepted standards. It includes compliance certifications such as ISO 27001 and ISO 9001. In light of the upcoming GDPR, our Legal, Security, Operations and Product teams have operated a RDT GDPR readiness project, working towards meeting the May 2018 deadline.

Top 5 Priorities for GDPR compliance

(*The following section refers to the Gartner Blog “Smarter with Gartner” on GDPR)

Gartner lists the top 5 priorities for organisations to focus on to ensure compliance when GDPR comes into effect.

Below we explain RDT’s position relating to these priorities:

#1 - Determine Your Role Under the GDPR

As a cloud-based data analytics solutions provider, RDT is processing data on behalf of its Clients using the RAPid Platform; therefore RDT is seen as a data processor under the GDPR. In light of existing data privacy laws and data security measures generally expected from a global cloud service provider such as RDT, we have already implemented an information security program consisting of policies and procedures to help ensure that RDT is acting in accordance with current and new compliance requirements when providing our services.

#2 - Appoint a Data Protection Officer

The GDPR will require some organisations to designate a Data Protection Officer (DPO). Organisations requiring DPOs include public authorities, organisations whose activities involve the regular and systematic monitoring of data subjects on a large scale, or organisations who process what is known as sensitive personal data on a large scale. At RDT we have appointed a Main Board member to this role.

#3 - Demonstrate Accountability in All Processing Activities

Our RDT compliance program is already comprehensive and based on globally accepted standards. Its effectiveness is periodically attested to by 3rd parties under various compliance certifications (e.g., ISO 27001, ISO 9001, CREST). RDT has implemented an information security program consisting of policies and procedures that define how system information is entered, managed, and protected. RDT’s current information security program is further specified in our Master Subscription Agreement (MSA) as well as our Data Processing Agreement (DPA). In particular, RDT commits to monitor, analyse and respond to security incidents in a timely manner in accordance with RDT’s standard operating procedure, which sets forth the steps that RDT employees must take in response to a threat or security incident. RDT continues to invest in growing global security capabilities.

#4 - Check Cross-Border Data Flows

Both the Data Protection Directive and the GDPR permit personal data transfers outside of the EU subject to compliance with defined conditions, including conditions for onward transfer. When a Client contracts with RDT, we can enter into a Data Processing Agreement (DPA) with applicable Clients. In the DPA, we agree with our Client on the terms for the compliant processing of Client personal data, including the description of our security and data privacy policy and the EU standard contractual clauses.

#5 - Prepare for Data Subjects Exercising Their Rights

Within the RAPid Platform, our Clients use the personal data of their users to interact with each other in order to better manage their data analytics. These acting individuals are the data subjects and our Clients - acting as data controllers - need to be able to answer certain legitimate requests under the GDPR. As such, our Clients will look to RDT as service provider and data processor to offer functionalities within the RAPid Platform that enable our Clients to achieve compliance. Our internal product design processes are focused on the user and their positive and productive experience on the RAPid Platform. In light of GDPR, RDT periodically reviews the RAPid Platform features in order to validate that the RDT platform provides the required functionalities to our Clients.

Staying Current

Ensuring the privacy and security of our Client’s data is an ongoing commitment for RDT. As we continue to approach the May 2018 GDPR deadline we will update this website to reflect any GDPR-related developments.

External Resources

Download the full text of the GDPR (PDF English) -

Download the full text of the GDPR (Website with various language versions) -

UK - Information Commissioner's Office on GDPR -

Eversheds Sutherland on GDPR -

Cordery GDPR Navigator -

Rosslyn Marketing Statement

How do we collect information from you?

We collect information about you when you use our website (for example contact us with a query or download a report), register for one of our newsletters, or email us directly.

What type of information is collected from you?

If you provide us with personal information such as your name, address, email address or job title, we will collect and store that data. We also might collect information regarding which Rosslyn website pages you have visited and when.

How is your information used?

We’d like to keep in touch with you about the latest research, best practice and innovations in analytics technology. We design our content to share skills and support you in your role.

We may use your information to:

  • Personalise and tailor educational and skills share content
  • Invite you to upcoming events that may interest you
  • Ask for your feedback on any Rosslyn products and services you are using
  • Deal with entries into a competition
  • Notify you of changes to our services

We review our retention periods for personal information on a regular basis. We will only hold your personal information on our systems for as long as is necessary for the intended purpose when you provided your data.

Who has access to your information?

  • Your data will never be sold or rented to third parties, or provided to advertisers.
  • Your data will only ever be used for the intended purpose when it was provided to us.
  • Your data will never be published or shared outside of Rosslyn Data Technologies.

Your rights

You will always have a choice about whether or not to receive communications from us. If you do not want to hear from us, you can update your preferences using this form at any time.

If you have any further questions about your privacy or communication preferences, please contact us at

The accuracy of your information is important to us. You have the right to ask for a copy of the information Rosslyn holds about you, please contact and we will provide your information for you to review or amend as needed.