Orbus Software treats the privacy of our visitors with the highest importance
Orbus Software treats the privacy of our users with the highest importance. This policy details the measures that we take to preserve and safeguard your privacy when you use our website, our products, the Ecosystem, or communicate with our personnel. It also demonstrates how we may process data in accordance with the EU General Data Protection Regulation (“GDPR”).
We have a number of Orbus Software entities operating around the world:
You can contact us on +44 (0) 203 824 2907 or by writing to us at:
4th Floor, 60 Buckingham Palace Road, London, SW1W 0RR
For any questions please email firstname.lastname@example.org with the subject title FAO: Data Protection.
We call data that identifies or could reasonably be used to identify you as an individual ‘Personal Data’. This includes information about you that you give us when you:
This information may include your full name, job title and contact details including your email address and telephone number.
We do not collect or process any special categories of Personal Data.
We collect your data, including Personal Data, for certain legitimate business interests of ours. Processing under this basis may occur in the following circumstances:
We also want you to be aware of the additional processing activities that may take place on our website:
We also want you to be aware of the following activities that also take place in the Ecosystem:
Any information that we process, including Personal Data, will be stored on a secure server behind a firewall. We will not retain your Personal Data for longer than is necessary for the processing. Where you have registered and provided your consent to receive communications from us, then we will retain your Personal Data for this purpose until your consent is withdrawn
We use third party processors to assist us in storing your data safely and securely. These third parties are carefully screened so we can ensure that there are adequate controls in place and, where relevant, that such third parties are GDPR compliant. Additionally, where this would result in the transfer of Personal Data outside the EEA, we have confirmed that there are appropriate transfer mechanisms in place.
Our third party processors include:
If you are an EU citizen, then your personal data may be shared among other Orbus Software entities based in the US and Australia as part of our providing support services to you. We transfer personal data according to the following transfer mechanisms:
We will share your Personal Data with our sister company, Educational Systems Limited (trading as Good e-Learning with company number 07953392) as part of our legitimate business interests. You can object to this by exercising your rights, better detailed below.
Under the EU General Data Protection Regulation, you possess a number of rights in relation to your Personal Data. These rights include (i) the right to be informed; (ii) the right of access; (iii) the right to rectification; (iv) the right to erasure; (v) the right to restrict processing; (vi) the right to data portability; (vii) the right to object; and (viii) rights in relation to automated decision making and profiling. We are committed to upholding these rights. If you wish to exercise any of these rights, please contact us using the details below.
Where you have provided us with consent, you have the right to withdraw this consent at any time. To reiterate, you can do this at any time by contacting us directly or following the ‘unsubscribe’ link provided in any electronic communications you receive from us.
You also have the right to complain to a supervisory authority where you feel that our processing of your Personal Data has infringed your rights. The supervisory authority in the United Kingdom is the Information Commissioner’s Office (ICO): https://ico.org.uk
If you wish to exercise your right of access, then you may make a subject access request by contacting us as per the below. In most cases, we will not charge you a fee and will respond within one month. Fees may be charged for repeated or vexatious requests and we may take two months to provide all information in response to particularly complex requests. We will let you know if this is the case.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser. They enable the site or service provider systems to recognise your browser and capture and remember certain information, such as items saved in your online shopping basket.
We may sometimes include or offer third party products or services on the Ecosystem. The websites of these third parties will have separate and independent privacy policies, with which you should familiarise yourself. We bear no responsibility or liability for the content and activities of these third party sites. Nonetheless, we seek to protect the integrity of our services and welcome any feedback regarding these third party websites.
You will be offered the opportunity to choose, either by opt-in or opt-out (as appropriate and in accordance with the GDPR) whether your Personal Data is to be disclosed to a third party acting as a Data Controller, or is to be used for a purpose materially different from the purpose for which it was originally collected, or subsequently authorised.
We do not process any sensitive Personal Data.
Orbus Software is committed to taking reasonable and appropriate precautions to protect Personal Data from loss, misuse, unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
Orbus Software will use Personal Data only in ways that are compatible with the purposes for which it was originally collected or as subsequently authorised by the individual. We will also take reasonable steps to ensure that the Personal Data is relevant to its intended use, accurate, complete and current. We undertake to adhere to the Privacy Shield Principles for the duration that we receive Personal Data under our Privacy Shield certification.
We recognise that we remain responsible for onward transfers to third party processors and undertake to take reasonable steps to prevent, remediate or stop such disclosure where we become aware that a third party processor is acting outside of its permitted scope. If we transfer Personal Data to a third party acting as a Data Controller, then we will apply the Notice and Choice principles and obtain reassurance from these third parties that they will provide the same level of protection as required under the Privacy Shield Principles.
Where complaints cannot be resolved through Orbus Software’s internal processes, we have further committed to cooperate with EU Data Protection Authorities (“EU DPAs”) and comply with advice given by the EU DPAs regarding human resources and non-human resources transferred from the EU in accordance with Privacy Shield Principles. In the event that Orbus Software has been deemed non-compliant with the Privacy Shield Principles, we shall take appropriate steps to address any adverse effects and promote future compliance. Orbus Software is also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory authority under the Privacy Shield.
Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right to invoke binding arbitration under the Privacy Shield Panel as last resort recourse mechanism.
Orbus Software’s adherence to the Privacy Shield Principles may be limited (a) to the extent necessary to meet applicable national security, public interest or law enforcement requirements such as lawful requests from public authorities; (b) by statute, government regulation or case law that creates conflicting obligations or explicit authorisations, provided that in exercising any such authorisation, an organisation can demonstrate that its non-compliance with the Privacy Shield Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorisation; or (c) where the effect of the GDPR or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.