This Policy was last updated on December 9, 2019.
WHO IS RESPONSIBLE FOR YOUR PERSONAL INFORMATION?
If you are a user in the European Union (the “EU”) or European Economic Area (“EEA”), for purposes of the EU General Data Protection Regulation, 2016/679 (the “GDPR”), Orbit acts as a data controller with respect to the personal information described in this Policy. In this role, Orbit is responsible for implementing the applicable data protection principles and for safeguarding personal information.
This Policy does not apply to our processing of personal information as a processor, as defined under the GDPR, on behalf of our customers. Our customers act as data controllers with respect to such data, and questions regarding the data controller’s practices should be directed to the data controller. When we are acting as a data processor, we collect and process personal information in accordance with the instructions provided by the data controller.
WHAT PROCESSING ACTIVITIES ARE COVERED?
This Policy applies to the processing of personal information collected by us when you:
• Visit our websites that display or link to this Policy, including orbit.love (the “Site”);
• Interact with us on our social media pages;
• Receive communications from us, including emails, chats, phone calls, or, texts; and
• Use our services as an authorized user where we act as a controller of the personal information.
HOW DO WE PROCESS PERSONAL INFORMATION?
Personal Information We Collect from You
As a data controller, we collect and process the following personal information from you for the purposes set forth below. Please do not provide another person’s personal information to us.
When you request information about our products or services or ask to be added to our email distribution list, we collect your name, email address, and other contact details. When you do so in the course of a relationship between you, your organization, and us, we also collect your business contact information, including the name of your employer and your job title.
We process Contact Information in order to offer, market, and sell our products and services to you and to send you our notifications and newsletters. The legal basis for this processing is consent or, where applicable, our legitimate interests in taking steps, at your request, to enter into a contract with you.
We will only provide you with marketing-related information after you have, where legally required to do so, opted in to receive those communications. If at any time you would like to unsubscribe from receiving future emails, you may unsubscribe using the link at the bottom of each email.
In order to access and use certain features of the Site, you must first complete a registration. When you create an account and register with us, we collect your name, username, email address, and the password that you create.
We process Account Information to operate the Site, to provide our products and services to you, to ensure the privacy and security of our Site and services, to maintain back-ups of our databases, to manage our relationships with you, to communicate with you, to keep records of our communications with you, to send you our notifications and newsletters, and to promote our products and services to our customers. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Cookies and Similar Technologies
When you visit the Site, we collect cookies and use similar technologies as described in the “Cookies and Similar Technologies” (1) section of this Policy. If you choose to disable cookies and similar technologies, some areas and features of the Site may not work properly.
our services, to operate the Site, to serve you the content and
functionality you request, to ensure the privacy and security of our Site
and services, to develop new products and services, to enhance your
experience, to track visits to the Site, to provide you with a more personal
and interactive experience on the Site, to improve our marketing efforts,
and for usage analytics purposes. We rely on your express opt-in consent for the use of analytic and marketing cookies and similar technologies. The legal basis for processing of strictly necessary cookies is our legitimate interests in the proper administration of our Site and business.
When you visit the Site, we automatically collect information from your browser and your device, which includes the date and time of your visit as well as your location, Internet Protocol (IP) address or unique device identifier, domain server, browser type, access time, and data about which pages you visit.
We process Usage Information to analyze use of the Site and our services, to operate the Site, to serve you the content and functionality you request, to ensure the privacy and security of our Site and services, to develop new products and services, to enhance your experience, to track visits to the Site, to provide you with a more personal and interactive experience on the Site, to improve our marketing efforts, and for usage analytics purposes. The legal basis for this processing is our legitimate interests in monitoring and improving our Site and services.
Your Communications and Feedback
When you communicate with us or provide feedback, we will receive and retain your communications and the information included in those messages. If you receive email communications from us, we use certain tools to capture data related to if/when you open our message and if/when you click on any links or banners it contains. Other information collected through this email tracking feature includes: your email address, the date and time of your “click” on the email, a message number, the name of the list from which the message was sent, a tracking URL number, and a destination page. We use this information to enhance our marketing efforts.
We process your Communications and Feedback in order to communicate with you, to keep records of our communications with you, to enhance your experience, and to send you relevant notifications and newsletters. The legal basis for this processing is our legitimate interests in the proper administration of our Site and business and communications with our users.
Financial and Payment Information
We process Financial and Payment Information in order to provide our products and services to you and to keep records of those transactions. The legal basis for this processing is the performance of a contract between you and us and taking steps, at your request, to enter into such a contract and our legitimate interests in the proper administration of our Site and business.
Personal Information Collected Via Cookies and Similar Technologies
First and Third-Party Cookies – Description
A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Permanent” cookies remain stored on your hard drive until they expire or are deleted by you. Local stored objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the Site, and they can only be read by the Site. Third Party Cookies are set by a party other than us. We use first-party and third-party session, persistent, and/or flash cookies and the information collected by them as set forth below.
Similar Technologies – Description
In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with the Site:
- Web beacons: These are tiny graphics (sometimes called “clear GIFs” or “web pixels”) with unique identifiers that are used to understand browsing activity. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons are rendered invisible on web pages when you open a page.
- Social Widgets: These are buttons or icons provided by third-party social media providers that allow you to interact with social media services when you view a webpage or mobile app screen. These social widgets may collect browsing data, which may be received by the third party that provided the widget and are controlled by third parties.
- UTM Codes: These are strings that can appear in a URL (the “Uniform Resource Locator,” which is typically the http or https address entered to go to a web page) when you move from one web page or website to another, where the string can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.
What Cookies and Similar Technologies Are in Use and Why Do We Use Them?
- _ga - The cookie is used by Google Analytics to calculate visitor, session, and campaign data and to keep track of site usage for the Site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors. Two years duration.
- _gat - This cookie is used to distinguish users. One minute duration.
- _gid - The cookie is used by Google Analytics to store information about how visitors use the Site, and it helps create an analytics report about how the Site is performing. The data collected includes the number of visitors, where the visitor access the page from, and the pages visited by the visitor in an anonymous form. 24 hours duration.
To opt-out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout and install the opt-out browser add-on feature. For more details, visit the “Google Analytics opt-out browser add-on” page (located at https://support.google.com/analytics/answer/181881?hl=en). Google Analytics has certified compliance with the EU-US Privacy Shield Framework set forth by the U.S. Department of Commerce.
Other Third-Party Technologies
Some third parties may use automated data collection technologies to collect information about you when you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties’ technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.
Choices About Cookies
We provide you with choices regarding the personal information you provide to us, and we have created ways to give you control over your information. Most web browsers are set by default to accept cookies. If you do not wish to receive cookies, you may choose to not allow marketing and analytic cookies via the cookies consent banner or set your browser to refuse all or some types of cookies or to alert you when cookies are being sent by website tracking technologies and advertising. You may adjust your browser settings to opt out of accepting a “persistent” cookie and to only accept “session” cookies, but you will need to log in each time you want to enjoy the full functionality of the Site.
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
- Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471
To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website at: https://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html.
For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/.
Is entry of personal information required?
You may choose not to provide us with any personal information, and you may still access and use much of the Site. Some pages on the Site may give you the option of providing certain of your personal information about yourself. However, you will not be able to access any portions of the Site that require your personal information. If you want to change any information about yourself that you have submitted, you may contact us via the contact methods listed at the end of this Policy.
Other Processing Activities
We may process any of personal information identified in this Policy when necessary for:
- The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for such processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.)
- Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (The legal basis for this processing is our legitimate interest in the proper protection of our business.)
- Purposes that are consistent with, related to and/or ancillary to the purposes and uses described in this Policy for which your personal information was provided to us.
We may process your personal information in connection with any of the purposes and uses set out in this Policy on one or more of the following legal grounds:
- Because it is necessary to perform the services you have requested or to comply with your instructions or other contractual obligations between you and us;
- To comply with our legal obligations as well as to keep records of our compliance processes;
- Because our legitimate interests, or those of a third-party recipient of your personal information, make the processing necessary, provided those interests are not overridden by your interests or fundamental rights and freedoms;
- Because you have chosen to publish or display your personal information on a public area of the Site, such as a comment area;
- Because it is necessary to protect your vital interests;
- Because it is necessary in the public interest; or
- Because you have expressly given us your consent to process your personal information in a particular manner.
We do not use your personal information for making any automated decisions affecting or creating profiles other than as described above.
SHARING AND DISCLOSING OF YOUR PERSONAL INFORMATION
We may share your personal information in the following contexts.
Subsidiaries and Acquisitions
We may share your personal information with our corporate subsidiaries and affiliates and with their respective officers, directors, employees, accountants, attorneys and agents.
In addition, we may disclose your personal information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about the Site’s users is among the assets transferred. For example, if another company acquires us, we will share your personal information with that company.
Disclosures with Your Consent
We may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your personal information in this context with your consent.
Legal Obligations and Rights
We may disclose your personal information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our legal rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our contract. We may also disclose personal information as need to protect vital interests.
Some areas of our Site may offer forums or provide the opportunity for users to post comments or reviews in a public forum. Please remember that any information that is disclosed in these areas becomes public information, and you should exercise caution when deciding to disclose your personal information. If you decide to submit your personal information in these areas, you do so at your own risk and acknowledge that the information will be publicly-available.
We may share your personal information with our service providers that need access to your information to provide operational or other support services on our behalf. Among other things, service providers help us to administer the Site; support our provision of services/products requested by you; provide technical support; send marketing, promotions and communications to you about our services/products; provide payment processing; and assist with other legitimate purposes permitted by law.
We may share your personal information with our insurers and other professional advisors, including attorneys and accountants, that need access to your information to provide operational or other support services on our behalf.
We may disclose aggregated information about our users, and information that does not identify any specific individual, such as groupings of demographic data and customer preferences, for new product and marketing development.
We may provide personal information about you to third parties that may offer products and services specifically requested by you. The third party will act as the controller for purposes of the GDPR.
HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?
We will retain and use your personal information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements.
We may decide to delete your personal information if we believe it is incomplete, inaccurate, or that our continued storage of your personal information is contrary to our legal obligations or business objectives. We take reasonable steps to delete the personal information we collect about you, where we have a legal obligation to do so, if you ask us to delete your information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. To the extent permitted by law, we may retain and use anonymous and aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement. When we delete personal information, it will be removed from our active servers and databases as well as the Site; but, it may remain in our archives when it is not practical or possible to delete it.
HOW DO WE PROTECT YOUR INFORMATION?
We have put security measures in place to protect the personal information that you share with us from being accidentally lost, used, altered, or disclosed or accessed in an unauthorized manner. From time to time, we review our security procedures to consider appropriate new technology and methods.
We use SSL technology to encrypt data in transit, and we also encrypt data at rest on our systems. We do not store or save your financial information. While our security measures seek to protect your personal information in our possession, no security system is perfect, and no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee or warrant the security of any information you transmit to or from our Site, and you do so at your own risk. We cannot promise that your personal information will remain absolutely secure in all circumstances.
The safety and security of your personal information also depends on you. Where you use a password for access to restricted parts of the Site, you are responsible for keeping the password confidential. Do not share your password with anyone.
If a security breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.
RIGHTS AND CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
Please use the Contact Us details at the end of this Policy to exercise your rights and choices under this Policy. If you would like to manage, change, limit, or delete your personal information or if you no longer want to receive any email, postal mail, or telephone contact from us in the future, such requests may be submitted via the “Contact Us” details at the end of this Policy. If you are exercising a right that is the responsibility of our data controller customers, we will direct you to contact the appropriate data controller who is responsible for responding to your request.
Email Opt-Out. If you no longer wish to receive communications from us via email, you may opt-out by clicking the “unsubscribe” link available at the bottom of our email communications or by contacting us at email@example.com and providing your name and email address so that we may identify you in the opt- out process. Once we receive your instruction, we will promptly take corrective action.
Cookies. You may choose to not allow cookies via the cookies consent banner or set your browser to refuse all or some browser cookies or to alert you when cookies are being set. For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/.
Online Tracking. We do not currently recognize browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities. We adhere to the standards set out in this Policy and do not currently respond to “Do Not Track” signals on the Site or on third-party websites or online services where we may collect information.
Accuracy and Updating Your Personal Information. Our goal is to keep your personal information accurate, current, and complete. If any of the personal information you have provided to us changes, please let us know via “Contact Us” details provided at the end of this Policy. For instance, if your email address changes, you may wish to let us know so that we can communicate with you. If you become aware of inaccurate personal information about you, you may want to update your information. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
Preferences. If you wish to change your communication preferences or ask that we restrict how we use your personal information, please contact us using the information in the “Contact Us” section of this Policy. You may follow opt-out links on any marketing communications sent to you.
Complaints. If you believe that your rights relating to your personal information have been violated, you may lodge a complaint with us by contacting us using the information provided in the “Contact Us” section of this Policy.
California Residents. Under California Civil Code Section 1798.83, California residents who provide personal information in obtaining products or services for personal, family, or household use may be entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for direct marketing uses. At present, we do not share your personal information with third parties for those third parties’ direct marketing purposes. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing, if any, will be included in our response. As part of the California Online Privacy Protection Act, all users of our Site may make any changes to their information at any time by contacting us at firstname.lastname@example.org.
Nevada Residents. Effective October 1, 2019, you may submit a verified request to us at email@example.com to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. We will respond to any such request as required by Nevada law.
EU/EEA Residents. If you are located in the EU or EEA, you have the following rights under the GDPR. All requests should be sent to the address noted in the “Contact Us” section of this Policy, and we will fulfill requests to the extent required by applicable law.
Right of Access. To the extent required by law, you have the right to receive confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; and the recipients or categories of recipient to whom the personal data have been or will be disclosed. We will provide a copy of your personal information in compliance with applicable law.
Right of Rectification. Our goal is to keep your personal information accurate, current, and complete. Please contact us if you believe your information is not accurate or if it changes.
Right to Erasure. In some cases, you have a legal right to request that we delete your personal information when (1) it is no longer necessary for the purposes for which it was collected, (2) consent has been withdrawn in certain instances, (3) the data subject has objected to the process in certain instances, (4) the personal information has been unlawfully processed, (5) the personal data have to be erased for compliance with a legal obligation; and (6) the personal data were collected in relation to the offer of information society services. However, the right is not absolute. When we delete personal information, it will be removed from our active servers and databases as well as the Site; but, it may remain in our archives when it is not practical or possible to delete it. We may also retain your personal information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.
Right to Restrict Processing. You have the right to restrict when the accuracy of the personal data is contested, the processing is unlawful and the data subject opposes erasure, we no longer need the personal data but you require it for the establishment, exercise or defense of legal claims; or the data subject has objected to processing.
Right to Object. In certain circumstances, you have the right to object to the processing of your personal information where the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object where personal data are processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your personal information, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal information for the provision of our services.
Right to Complain. If you believe we have not processed your personal information in accordance with applicable provisions of the GDPR, we encourage you to contact us at firstname.lastname@example.org. You also have the right to make a GDPR complaint to the relevant Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
We are located and established in the United States and, therefore, your personal information may be transferred to, stored, or processed in the United States. While the data protection, privacy and other laws of the United States might not be as comprehensive as those in your country, we take necessary and appropriate steps to protect the privacy and security of your personal information. By using the Site or requesting services from us, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this Policy.
This Policy is applicable only to the Site, and it does not apply to any third-party websites.
The Site may contain links to, and media and other content from, third-party websites. These links are to external websites and third parties with which we may have no relationship. Because of the dynamic media capabilities of the Site, it may not be clear to you which links are to the Site and which are to external, third-party websites. If you click on an embedded third-party link, you will be redirected away from the Site to the external third-party website. You can check the URL to confirm that you have left this Site.
We cannot and do not (1) guarantee the adequacy of the privacy and security practices employed by or the content and media provided by any third parties or their websites, (2) control third parties’ independent collection or use or your personal information, or (3) endorse any third-party information, products, services or websites that may be reached through embedded links on this Site.
CHILDREN’S ONLINE PRIVACY PROTECTION ACT
The Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. Our Site and services are not directed to children aged 16 or younger, nor is information knowingly collected from children under the age of 16. No one under the age of 16 may access, browse, or use the Site or provide any information to or on the Site. If you are under 16, please do not use or provide any information on the Site (including, for example, your name, telephone number, email address, or username). If we learn that we have collected or received personal information from a child under the age of 16 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe we might have any information from or about a child under the age of 16, please contact us using the contact information provided below.
For more information about COPPA, please visit the Federal Trade Commission's website at:
UPDATES AND CHANGES TO THIS POLICY
We reserve the right, at any time, to add to, change, update, or modify this Policy to reflect any changes to the way in which we treat your personal information or in response to changes in law. Should this Policy change, we will post all changes we make to this Policy on this page. If we make material changes to how we treat your personal information, we will also notify you through a notice on the home page of the Site for a reasonable period of time. Any such changes, updates, or modifications shall be effective immediately upon posting on the Site. The date on which this policy was last modified is identified at the beginning of this Policy.
You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Site, and from time to time, so that you are aware of any changes. Your continued use of the Site after the “Last Updated” date will constitute your acceptance of and agreement to such changes and to our collection and sharing of your personal information according to the terms of the then-current Policy. If you do not agree with this Policy and our practices, do not access, view, or use any part of the Site.
In Writing: 325 9th St, San Francisco, CA 94103
By Email: email@example.com