Orbus Software treats the privacy of our visitors and users with the highest importance. This policy details the measures that we take to preserve and safeguard your privacy when you visit our website or communicate with our personnel. It also demonstrates how we may process data in accordance with the EU General Data Protection Regulation (“GDPR”).
1. Our details
Orbus Software is the trading name of Seattle Software Limited, a company incorporated in the United Kingdom with company number 05196435 and registered office at Victoria House, 50-58 Victoria Road, Farnborough, Hampshire, GU14 7PG.
Orbus Software is also the trading name of other entities based in the USA (Seattle Business Software Inc.) and Australia (Seattle Software Australia Pty Ltd).
You can contact us on +44 (0) 203 824 2907 or by writing to us at:
8th Floor, Portland House,
London, SW1E 5BH
If you need to contact our Data Protection Officer, please email firstname.lastname@example.org with the subject title FAO: Data Protection Officer.
2. Information collection
We call data that identifies or could reasonably be used to identify you as an individual ‘Personal Data’. This includes information about you that you give us by filling on forms on this site, registering or by corresponding with us by phone, live web chat, email or otherwise. This information may include your full name, job title and contact details including your email address and telephone number.
We do not collect or process any special categories of Personal Data.
3. Your information and how we use it
We collect your data, including Personal Data, for certain legitimate business interests of ours. Processing under this basis may occur in the following circumstances:
- When you make a request for further information on our website, either through a demo form, live web chat, contact form or similar transmission, we will use the data you provide to fulfil your request for information. We will also store this information on our database and use it to follow up with you, either by telephone or through an electronic communication.
- When you register on our website, we will use the data provided to give you access to resources on the website.
- When you interact with our website, we use Google Analytics to better understand your journey and help us provide improvements. Google Analytics may record your geographical location, device, internet browser and operating system, none of which would be classified as Personal Data.
- Where you have provided us with your details, we may contact you to notify you of changes to our services.
When you register on our website, you are also given the opportunity to provide us with your consent. If you choose to do this, then we will use the Personal Data provided with your registration to let you know about our products and services which we think you will find interesting. You will be able to access resources on the website and will be sent relevant email notifications based on your interests. We may also contact you by telephone.
You can subsequently withdraw your consent at any time by contacting us, or following the ‘unsubscribe’ link that is provided in emails from Orbus Software.
Any information that we process, including Personal Data, will be stored on a secure server behind a firewall. We will not retain your Personal Data for longer than is necessary for the processing. Where you have registered and provided your consent to receive communications from us, then we will retain your Personal Data for this purpose until your consent is withdrawn.
4. Where will your information be shared?
We use third party processors to assist us in storing your data safely and securely while interacting with our website. These third parties are carefully screened so we can ensure that there are adequate controls in place and, where relevant, that such third parties are GDPR compliant. Additionally, where this would result in the transfer of Personal Data outside the EEA, we have confirmed that there are appropriate transfer mechanisms in place.
Our third party processors include:
- Salesforce Services, including Pardot – international transfers, if necessary, in accordance with (1) Binding Corporate Rules; (2) EU-US Privacy Shield certification; or (3) EU Model Clauses signed.
- Accord (using DC Storm)
- Google Analytics (no personal data processed)
We will share your Personal Data with our sister company, Educational Systems Limited (trading as Good e-Learning with company number 07953392) as part of our legitimate business interests. You can object to this by exercising your rights, better detailed below.
5. Your rights
Under the EU General Data Protection Regulation, you possess a number of rights in relation to your Personal Data. These rights include (i) the right to be informed; (ii) the right of access; (iii) the right to rectification; (iv) the right to erasure; (v) the right to restrict processing; (vi) the right to data portability; (vii) the right to object; and (viii) rights in relation to automated decision making and profiling. We are committed to upholding these rights. If you wish to exercise any of these rights, please contact us using the details below.
Where you have provided us with consent, you have the right to withdraw this consent at any time. To reiterate, you can do this at any time by contacting us directly or following the ‘unsubscribe’ link provided in any electronic communications you receive from us.
You also have the right to complain to a supervisory authority where you feel that our processing of your Personal Data has infringed your rights. The supervisory authority in the United Kingdom is the Information Commissioner’s Office (ICO): https://ico.org.uk
6. Accessing your information
If you wish to exercise your right of access, then you may make a subject access request by contacting us as per the below. In most cases, we will not charge you a fee and will respond within one month. Fees may be charged for repeated or vexatious requests and we may take two months to provide all information in response to particularly complex requests. We will let you know if this is the case.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser. They enable the site or service provider systems to recognise your browser and capture and remember certain information, such as items saved in your online shopping basket.
8. Third party links
We may sometimes include or offer third party products or services on our website. The websites of these third parties will have separate and independent privacy policies, with which you should familiarise yourself. We bear no responsibility or liability for the content and activities of these third party sites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback regarding these third party websites.
9. Compliance with Privacy Shield Principles
You will be offered the opportunity to choose, either by opt-in or opt-out (as appropriate and in accordance with the GDPR) whether your Personal Data is to be disclosed to a third party acting as a Data Controller, or is to be used for a purpose materially different from the purpose for which it was originally collected, or subsequently authorised.
We do not process any sensitive Personal Data.
Orbus Software is committed to taking reasonable and appropriate precautions to protect Personal Data from loss, misuse, unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
13. Purpose Limitation and Data Integrity
Orbus Software will use Personal Data only in ways that are compatible with the purposes for which it was originally collected or as subsequently authorised by the individual. We will also take reasonable steps to ensure that the Personal Data is relevant to its intended use, accurate, complete and current. We undertake to adhere to the Privacy Shield Principles for the duration that we receive Personal Data under our Privacy Shield certification.
14. Onward Transfer
We recognise that we remain responsible for onward transfers to third party processors and undertake to take reasonable steps to prevent, remediate or stop such disclosure where we become aware that a third party processor is acting outside of its permitted scope. If we transfer Personal Data to a third party acting as a Data Controller, then we will apply the Notice and Choice principles and obtain reassurance from these third parties that they will provide the same level of protection as required under the Privacy Shield Principles.
15. Recourse, Enforcement and Liability
Where complaints cannot be resolved through Orbus Software’s internal processes, we have further committed to cooperate with EU Data Protection Authorities (“EU DPAs”) and comply with advice given by the EU DPAs regarding human resources and non-human resources transferred from the EU in accordance with Privacy Shield Principles. In the event that Orbus Software has been deemed non-compliant with the Privacy Shield Principles, we shall take appropriate steps to address any adverse effects and promote future compliance. Orbus Software is also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory authority under the Privacy Shield.
Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right to invoke binding arbitration under the Privacy Shield Panel as last resort recourse mechanism.
Orbus Software’s adherence to the Privacy Shield Principles may be limited (a) to the extent necessary to meet applicable national security, public interest or law enforcement requirements such as lawful requests from public authorities; (b) by statute, government regulation or case law that creates conflicting obligations or explicit authorisations, provided that in exercising any such authorisation, an organisation can demonstrate that its non-compliance with the Privacy Shield Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorisation; or (c) where the effect of the GDPR or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.