Privacy Policy

Effective Date: 2025-01-21

1. Introduction

1.1 We are committed to safeguarding the privacy of your personal information.

1.2 This policy applies where we act as a data controller concerning personal data.

1.3 Our policy complies with the EU General Data Protection Regulation (GDPR) and applicable Estonian data protection laws.

1.4 The law requires us to inform you about your rights and our obligations regarding the processing and controlling of your personal data. More information is available at www.knowyourprivacyrights.org.

1.5 In this policy, “we,” “us,” and “our” refer to ORBICAP OÜ. For more information, see Section 11.

2. The Personal Data We Process

We may collect, use, store, and transfer different kinds of personal data, categorised as follows:

2.1 Identity Data – First name, last name, title, and other identifiers.

2.2 Contact Data – Billing address, email address, telephone number(s), and other communication details.

2.3 Personal Profile Data – Purchases, interests, preferences, feedback, and survey responses.

2.4 Financial Data – Bank details and payment information for service transactions.

2.5 Communication Data – IP address, browser type, time zone, and device information.

2.6 Marketing Data – Preferences for receiving marketing communications.

2.7 Online Training Data – Recordings, chat logs, and attendance information from online sessions conducted via Google Meet.

2.8 Anonymous Data – Aggregated data that does not identify individuals.

2.9 We do not collect personal data in special categories (e.g., race, health, or religious beliefs).

2.10 Failure to Provide Data—We may not be able to perform our services if you do not provide the required personal data.

3. Purposes of Processing Data and Legal Bases

We process personal data for the following purposes:

3.1 Operations

• Purpose: Website operation, order processing, and business administration.

• Legal Basis: Legitimate Interests.

3.2 Contractual Obligations

• Purpose: Fulfilling contracts for consulting and training services.

• Legal Basis: Contractual Necessity.

3.3 Communication

• Purpose: Respond to inquiries and track communication.

• Legal Basis: Legitimate Interests.

3.4 Training Services

• Purpose: Conducting online training via Google Meet, providing materials, issuing certificates, and collecting feedback.

• Legal Basis: Contractual Necessity and Legitimate Interests.

3.5 Consent

• Purpose: Marketing activities, including sending newsletters and promotional materials.

• Legal Basis: Consent.

3.6 Legal Obligation

• Purpose: Complying with legal and regulatory requirements.

• Legal Basis: Legal Obligation.

4. Data Retention Periods

We retain personal data only for as long as necessary for the purposes outlined in this policy:

Type of Data/Retention Period

Client Project Data - 5 years after project completion.

Training Registration data - 3 years after the training session.

Financial Data - 7 years for accounting and legal purposes.

Marketing Data - Until consent is withdrawn.

Communication Data - 2 years after the last interaction.

Online Training Data - 1 year after the session (unless otherwise agreed).

Note: Retention periods can be customised based on legal, contractual, or business requirements.

5. Providing Your Personal Data to Others

5.1 We may share your data with trusted third parties, such as:

• Google Meet for online training sessions.

• Squarespace for website hosting and analytics.

• Payment Processors for Handling Transactions.

• Legal Authorities if required by law.

5.2 We ensure all third parties adhere to data protection standards.

6. Cookies

Our website uses cookies. Our Cookie Policy explains how we use cookies and how you can control them.

7. Data Security

7.1 We use SSL encryption and implement security measures to protect your data.

7.2 We ensure that Google Meet sessions are secure and recordings are stored safely if applicable.

8. Your Rights

You have the right to:

• Access your data.

• Rectify inaccuracies.

• Erase your data (“right to be forgotten”).

• Restrict processing.

• Object to processing.

• Data portability.

• Withdraw consent at any time.

To exercise your rights, contact us at info@orbicap.com.

9. International Data Transfers

9.1 If we transfer data outside the EU (e.g., for services provided by Google Meet), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs).

• Data Protection Addendums (DPAs) with third parties.

10. Complaints

10.1 If you have concerns about our data practices, contact us at info@orbicap.com.

10.2 You may also file a complaint with the Estonian Data Protection Inspectorate:

• Website: www.aki.ee

• Email: info@aki.ee

11. Contact Information

• Company Name: ORBICAP OÜ

• Address: Järvevana tee 9, 11314 Tallinn, Estonia

• Email: info@orbicap.com

• Website: www.orbicap.com

This policy was last updated on 2025-01-21. We may update it periodically and will notify you of significant changes.