Effective Date: 7 January 2026 | Last Updated: 7 January 2026
Nrutseab Ltd ("Nrutseab", "we", "us", or "our") respects your privacy and is committed to protecting personal data entrusted to us. This Data Collection & Privacy Policy ("Policy") explains how we collect, use, store, disclose, and safeguard information across all interactions with Nrutseab and its brands.
Scope: This policy applies to all forms of data collection and processing by Nrutseab, including but not limited to:
Website visitors and analytics (nrutseab.com and all subdomain sites)
Event registrations, RSVPs, waitlists, and invitations
Expressions of interest (EOIs) and beta program applications
Newsletters, marketing communications, and mailing lists
Corporate, institutional, and partner inquiries
Customers, purchasing users, and service recipients
Suppliers, contractors, vendors, and collaborators
Job applicants and candidates
Any online or offline form, platform, application, or communication channel operated by Nrutseab or its brands
Applicable Laws: This Policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable data protection laws.
Your Consent: By interacting with Nrutseab, accessing our websites, using our services, or providing us with your personal information, you acknowledge that you have read, understood, and agree to this Policy.
1. Information We Collect
1.1 Information You Provide Voluntarily
Depending on your interaction with Nrutseab, we may collect:
Professional information (e.g. company, title, role, industry)
Event-related preferences (e.g. dietary or accessibility requirements)
Account, order, and transaction information
Communications and correspondence with us
Any information you choose to submit through forms, emails, or other channels
Providing information is voluntary, but certain services or experiences may require specific details to proceed.
1.2 Information Collected Automatically
When you visit our websites, platforms, or digital products, we may automatically collect:
Device and browser information
IP address and general location data (city/country level)
Pages visited, interactions, and navigation patterns
Referring sources and timestamps
Performance, usage, and diagnostic data
This information is primarily collected through cookies, pixels, log files, and similar technologies.
1.3 Anonymized & Aggregated Data
We may generate and use anonymized, aggregated, or de-identified data that does not reasonably identify an individual. This may include analytical insights, usage trends, performance metrics, and statistical summaries.
Such data may be used freely by Nrutseab for:
Research and development
Product and service improvement
Experience design and optimization
Business intelligence and strategy
Reporting and internal analysis
2. How We Use Information
We collect and use information for legitimate business purposes, including:
Providing, operating, and improving our products, services, and experiences
Managing events, launches, and invitations
Processing transactions and delivering purchases
Communicating updates, confirmations, and relevant information
Responding to inquiries and requests
Managing relationships with customers, partners, and stakeholders
Personalizing content and experiences
Conducting analytics, research, and performance monitoring
Ensuring security, fraud prevention, and compliance
We do not sell personal data.
3. Legal Basis for Processing
Where required by applicable law (particularly GDPR), we process personal data based on one or more of the following legal grounds:
3.1 Consent
We process your personal data with your explicit consent for specific purposes, such as marketing communications or optional features. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
3.2 Contract Performance
Processing is necessary to:
Fulfill our contractual obligations to you (e.g., delivering purchased products or services)
Take steps at your request before entering into a contract (e.g., processing event registrations)
3.3 Legitimate Interests
We may process your data based on our legitimate business interests, provided such interests do not override your fundamental rights and freedoms. Examples include:
Fraud prevention and security
Internal administration and business operations
Network and information systems security
Improving our products and services
Direct marketing to existing customers for similar products/services
You have the right to object to processing based on legitimate interests.
3.4 Legal Obligations
We process personal data to comply with legal and regulatory obligations, such as:
Tax and accounting requirements
Responses to lawful requests from law enforcement or regulatory authorities
Compliance with court orders or legal processes
3.5 Vital Interests
In rare circumstances, we may process data to protect the vital interests of you or another person (e.g., emergency situations).
4. Data Sharing & Disclosure
We may share information with:
Trusted service providers (e.g. form platforms, analytics tools, payment processors, hosting providers)
Professional advisors (e.g. legal, financial, compliance)
Affiliates and entities within the Nrutseab group
Authorities or regulators where required by law
All third-party processors are engaged under appropriate confidentiality and data protection obligations.
5. International Data Transfers
Nrutseab operates globally. Your information may be transferred to, stored in, or processed in jurisdictions outside your country of residence, including countries that may not provide the same level of data protection as your home country.
5.1 Transfers from the EU/EEA
When we transfer personal data from the European Economic Area (EEA) to countries outside the EEA that are not deemed to provide an adequate level of data protection by the European Commission, we implement appropriate safeguards, including:
Standard Contractual Clauses (SCCs): EU Commission-approved model contracts that provide appropriate safeguards for data transfers
Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
Binding Corporate Rules: Internal policies approved by data protection authorities (where applicable)
Data Transfer Impact Assessments: Regular assessments of the legal framework in destination countries
5.2 Transfers from Other Jurisdictions
We implement similar protections for transfers from other jurisdictions with comprehensive data protection laws, including the UK, Brazil (LGPD), and applicable US states.
5.3 Requesting Transfer Information
You may request more information about the safeguards we have in place for international data transfers by contacting us using the details in Section 13.
6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.
6.1 Retention Periods
Our typical retention periods include:
Account & Transaction Data: Retained for the duration of your relationship with us, plus applicable limitation periods (typically 6-7 years for tax and financial records)
Marketing & Communications: Retained until you withdraw consent or opt out, plus 6 months for suppression purposes
Website Analytics & Logs: Retained for 26 months maximum
Event Registration Data: Retained for the duration of the event plus 2 years for follow-up and compliance purposes
Customer Support Inquiries: Retained for 3 years from last interaction
6.2 Deletion Methodology
When retention periods expire, or upon valid deletion requests, we securely delete or anonymize personal data through:
Secure erasure protocols for electronic data
Physical destruction for paper records
Irreversible anonymization for statistical or research purposes
Anonymized and aggregated data that cannot identify individuals may be retained indefinitely for business intelligence, research, and service improvement.
7. Your Rights
Subject to applicable law, you may have the following rights:
7.1 Access & Portability
Right to Access: Request confirmation of what personal data we hold about you and receive a copy
Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
7.2 Correction & Deletion
Right to Rectification: Request correction of inaccurate or incomplete personal data
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
Right to Restriction: Request that we limit the processing of your personal data in certain situations
7.3 Consent & Objection
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling
Right to Opt-Out of Sales/Sharing: California residents have the right to opt out of the sale or sharing of personal information
7.4 Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects, unless such processing is necessary for contract performance, authorized by law, or based on your explicit consent.
7.5 How to Exercise Your Rights
To exercise any of these rights, please contact us using the details in Section 13. We will respond to your request within the timeframes required by applicable law (typically 30-45 days for GDPR, 45 days for CCPA/CPRA). You will not be discriminated against for exercising your rights.
We may need to verify your identity before processing your request. In some cases, we may be unable to fulfill your request due to legal obligations or other lawful reasons, in which case we will explain why.
8. Security Measures
We implement reasonable technical and organizational safeguards to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.
8.1 Technical Safeguards
Encryption: Data in transit is protected using TLS/SSL encryption; sensitive data at rest is encrypted
Access Controls: Role-based access controls and multi-factor authentication for internal systems
Network Security: Firewalls, intrusion detection systems, and regular vulnerability assessments
Secure Development: Security-by-design principles in product development
8.2 Organizational Safeguards
Staff Training: Regular data protection and security training for employees
Confidentiality Agreements: All employees and contractors sign confidentiality agreements
Incident Response: Documented procedures for detecting, responding to, and reporting security incidents
Third-Party Audits: Regular security assessments and compliance audits
Data Minimization: We collect and retain only the data necessary for specified purposes
8.3 Limitations
While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
8.4 Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.
9. Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance functionality, analyze usage, and improve performance.
Important Notice: If you do not see a cookie consent banner or popup when visiting a Nrutseab website or platform, this means that particular site uses only strictly necessary cookies (essential for basic site functionality and security) and does not use any analytics, marketing, or non-essential tracking cookies. No consent is required for strictly necessary cookies under applicable law.
9.1 Types of Cookies We Use
When cookies are deployed on our sites, they may include:
Strictly Necessary Cookies: Essential for website operation and security (cannot be disabled) - these may be present even without a consent banner
Performance & Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics) - require consent
Functional Cookies: Enable enhanced functionality and personalization (e.g., language preferences) - require consent
Marketing & Targeting Cookies: Used to deliver relevant advertising and track campaign effectiveness - require consent
Sites with Cookie Consent Banners: If you see a cookie consent banner, you have the choice to accept or reject non-essential cookies. Your preferences will be respected.
Sites without Cookie Consent Banners: These sites use only strictly necessary cookies for core functionality (e.g., security, session management, load balancing). No tracking or analytics cookies are deployed.
9.2 Cookie Duration
Cookies deployed on our sites may have different lifespans:
Session Cookies: Temporary cookies deleted when you close your browser (used for strictly necessary functions like maintaining your session)
Persistent Cookies: Remain on your device for a set period - strictly necessary cookies may persist for up to 30 days; analytics and marketing cookies (where consented) typically persist for up to 13 months
9.3 Third-Party Cookies
On sites where you provide cookie consent, some cookies may be placed by third-party services that appear on our pages, including:
Analytics providers (Google Analytics, etc.)
Social media platforms (embedded content)
Advertising networks
Sites without cookie consent banners do not deploy third-party tracking cookies.
9.4 Managing Your Cookie Preferences
You can manage cookie preferences through:
Browser Settings: Most browsers allow you to refuse or accept cookies. Consult your browser's help section for instructions
Cookie Consent Tool: Use our cookie preference center to customize your choices (where applicable)
Do Not Track: We honor Global Privacy Control (GPC) and similar opt-out preference signals where required by law
Note: Disabling certain cookies may impact website functionality and user experience.
10. Children's Privacy
Nrutseab does not knowingly collect personal information from children under the age of 16 without verifiable parental or guardian consent. Our services are not directed to children under 16.
If we become aware that we have collected personal information from a child under 16 without proper consent, we will take steps to delete that information as quickly as possible.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately using the details in Section 13.
For California Residents: We do not sell or share personal information of consumers we know to be under 16 years of age without affirmative authorization.
11. Do Not Sell or Share My Personal Information
11.1 Your Right to Opt Out (California Residents)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt out of the "sale" or "sharing" of their personal information.
Nrutseab does not sell personal information in the traditional sense of monetary exchange. However, under California law's broad definition, certain data sharing practices (such as sharing data with advertising partners or analytics providers) may be considered a "sale" or "share."
11.2 Categories That May Be Shared
The following categories of personal information may be shared with third parties for advertising or analytics purposes:
Identifiers (IP address, device IDs, cookie IDs)
Internet or network activity information (browsing behavior, interactions)
Geolocation data (approximate location based on IP address)
Inferences drawn from the above to create consumer profiles
11.3 How to Opt Out
To opt out of the sale or sharing of your personal information:
Submit a request via email to: [email protected] with subject line "Do Not Sell My Personal Information"
Use our cookie preference center to disable marketing and advertising cookies
Enable Global Privacy Control (GPC) in your browser (we honor GPC signals)
We will process your opt-out request within 15 business days and will not discriminate against you for exercising this right.
12. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
When we make material changes to this policy, we will:
Update the "Last updated" date at the top of this policy
Notify you via email (if you have provided your email address) or through a prominent notice on our website
For material changes affecting how we use personal data, obtain your consent where required by applicable law
We encourage you to review this policy periodically to stay informed about how we protect your information. Continued use of our services after changes take effect constitutes acceptance of the updated policy.
To exercise your rights under GDPR, CCPA, or other applicable laws, please email [email protected] with:
Subject line: "Data Subject Request" or "Privacy Rights Request"
Your full name and email address
Description of your request (access, deletion, correction, opt-out, etc.)
Proof of identity (we may request additional verification)
13.2 Complaints & Supervisory Authorities
If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority.
For EU/EEA residents: You can find your data protection authority at https://edpb.europa.eu
For California residents: You may contact the California Privacy Protection Agency at https://cppa.ca.gov
