Orbus Software treats the privacy of our visitors with the highest importance
Orbus Software treats the privacy of our users with the highest importance. This policy details the measures that we take to preserve and safeguard your privacy when you use our website, our products, the Ecosystem, or communicate with our personnel. It also demonstrates how we may process data in accordance with the EU General Data Protection Regulation (“GDPR”).
1. Our details
We have a number of Orbus Software entities operating around the world:
- Seattle Software Limited, trading as Orbus Software, a company incorporated in the United Kingdom with company number 05196435 and registered office at Victoria House, 50-58 Victoria Road, Farnborough, Hampshire, GU14 7PG.
- Seattle Business Software Inc., dba Orbus Software, a Delaware corporation with its principal place of business at 2 Park Avenue, 24th Floor, New York, NY, 10016.
- Seattle Software Australia Pty Ltd, trading as Orbus Software, a company incorporated in Australia with ABN 69 159 076 418 and registered office at Sheltons (AU), Level 36 Governor Philip Tower, Sydney, NSW, 2000.
You can contact us on +44 (0) 203 824 2907 or by writing to us at:
8th Floor, Portland House
London, SW1E 5BH
For any questions please email firstname.lastname@example.org with the subject title FAO: Data Protection.
2. Information collection
We call data that identifies or could reasonably be used to identify you as an individual ‘Personal Data’. This includes information about you that you give us when you:
- Fill in a form on the website
- Register on our website or with the Ecosystem
- Correspond with us by phone, live web chat, email or otherwise
- Log support tickets
This information may include your full name, job title and contact details including your email address and telephone number.
We do not collect or process any special categories of Personal Data.
3. Your information and how we use it
We collect your data, including Personal Data, for certain legitimate business interests of ours. Processing under this basis may occur in the following circumstances:
- When you download resources that relate specifically to our products, such as trial software, starter packs, product brochures or case studies, we will contact you by telephone to ensure that the resources were successfully downloaded and help you get the most out of them.
- When you make a request for further information on our website, either through a demo form, live web chat, contact form or similar transmission, we will use the data you provide to fulfil your request for information. We will also store this information on our database and use it to follow up with you, either by telephone or through an electronic communication.
- When you register on our website, we will use the data provided to give you access to selected resources on the website that provide general information, with less focus on our specific products.
- When you have purchased our products, we will use the details you provide us at registration in order to provide you with access to our products and to the Ecosystem and all its resources. We will also use these details to let you know about our products and services which we think you will find interesting and may send you relevant email notifications based on your interests.
- When you use the Ecosystem as part of a proof of concept, we will use the details you provide us at registration in order to provide you with access to our products and to the Ecosystem and all its resources. If you do not continue using the Ecosystem after a proof of concept, then we may use your details to let you know about similar products and services which we think you will find interesting. You can opt-out of this at any time.
- We may store Personal Data including your account ID, contact ID, and registered email address for reporting purposes and to better track your usage of the Ecosystem.
- Where you have provided us with your details, we may contact you to notify you of changes to our services.
We also want you to be aware of the additional processing activities that may take place on our website:
- When you register on our website or download resources, you are also given the opportunity to provide us with your consent. Where you provide your consent, we will use Personal Data provided with your registration to contact you about our products and services which we think you will find interesting. You will be able to access resources on the website and will be sent relevant email notifications based on your interests. Where appropriate, we may also contact you by telephone.
- You can subsequently withdraw your consent at any time by a) contacting us; b) letting us know over the telephone; or c) following the ‘unsubscribe’ link that is provided in emails from Orbus Software.
- When you interact with our website, we use Google Analytics to better understand your journey and help us provide improvements. Google Analytics may record your geographical location, device, internet browser and operating system, none of which would be classified as Personal Data.
We also want you to be aware of the following activities that also take place in the Ecosystem:
- When you use the Ecosystem, we use Google Analytics to better understand your journey and help us provide improvements. Google Analytics may record your geographical location, device, internet browser and operating system, none of which would be classified as Personal Data.
- We have embedded UserVoice and Telligent into the Ecosystem which allows you to contribute to forum discussions. Some Personal Data may be processed under legitimate business interests to give you access to the forums, such as your name and email address. Please also note, however, that any information that you choose to share will be viewed by other people in the forum. We are not responsible for the information that you post or otherwise make available, nor for any use of that information by a third party. As such, we strongly advise you to refrain from disclosing any Personal Data on the forum.
Any information that we process, including Personal Data, will be stored on a secure server behind a firewall. We will not retain your Personal Data for longer than is necessary for the processing. Where you have registered and provided your consent to receive communications from us, then we will retain your Personal Data for this purpose until your consent is withdrawn
4. Where will your information be shared?
We use third party processors to assist us in storing your data safely and securely. These third parties are carefully screened so we can ensure that there are adequate controls in place and, where relevant, that such third parties are GDPR compliant. Additionally, where this would result in the transfer of Personal Data outside the EEA, we have confirmed that there are appropriate transfer mechanisms in place.
Our third party processors include:
- Salesforce Services, including Pardot, to store details of our end users and customers. Any international transfers, if necessary, are made in accordance with (1) Binding Corporate Rules; (2) EU-US Privacy Shield certification; or (3) EU Model Clauses signed. We use Salesforce to store details of our end users and customers.
- Zendesk, Inc. through which you may log support tickets. Your support tickets may be taken up by members of our support team based in Australia, the US, the UK, or Ukraine, depending on the previously agreed support terms.
- N-IX Nordic AB which assists us in providing maintenance and support services from Ukraine. International transfers are made in accordance with signed EU Model Clauses. Personal Data may be transferred when we provide you support, although this will only include details you provide to us when logging a support ticket (usually your name and email address). No other Personal Data is shared.
- Microsoft Azure is used for data storage and backup purposes, including Personal Data gathered through our reporting processes.
- Verint Systems UK Limited which is the Ecosytem’s community forum service provider (Telligent).
If you are an EU citizen, then your personal data may be shared among other Orbus Software entities based in the US and Australia as part of our providing support services to you. We transfer personal data according to the following transfer mechanisms:
- Seattle Business Software Inc. (US entity) – EU-US Privacy Shield certification
- Seattle Software Australia Pty Ltd (Australian entity) – EU Model Clauses
We will share your Personal Data with our sister company, Educational Systems Limited (trading as Good e-Learning with company number 07953392) as part of our legitimate business interests. You can object to this by exercising your rights, better detailed below.
5. Your rights
Under the EU General Data Protection Regulation, you possess a number of rights in relation to your Personal Data. These rights include (i) the right to be informed; (ii) the right of access; (iii) the right to rectification; (iv) the right to erasure; (v) the right to restrict processing; (vi) the right to data portability; (vii) the right to object; and (viii) rights in relation to automated decision making and profiling. We are committed to upholding these rights. If you wish to exercise any of these rights, please contact us using the details below.
Where you have provided us with consent, you have the right to withdraw this consent at any time. To reiterate, you can do this at any time by contacting us directly or following the ‘unsubscribe’ link provided in any electronic communications you receive from us.
You also have the right to complain to a supervisory authority where you feel that our processing of your Personal Data has infringed your rights. The supervisory authority in the United Kingdom is the Information Commissioner’s Office (ICO): https://ico.org.uk
6. Accessing your information
If you wish to exercise your right of access, then you may make a subject access request by contacting us as per the below. In most cases, we will not charge you a fee and will respond within one month. Fees may be charged for repeated or vexatious requests and we may take two months to provide all information in response to particularly complex requests. We will let you know if this is the case.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser. They enable the site or service provider systems to recognise your browser and capture and remember certain information, such as items saved in your online shopping basket.
8. Third party links
We may sometimes include or offer third party products or services on the Ecosystem. The websites of these third parties will have separate and independent privacy policies, with which you should familiarise yourself. We bear no responsibility or liability for the content and activities of these third party sites. Nonetheless, we seek to protect the integrity of our services and welcome any feedback regarding these third party websites.
9. Compliance with Privacy Shield Principles
You will be offered the opportunity to choose, either by opt-in or opt-out (as appropriate and in accordance with the GDPR) whether your Personal Data is to be disclosed to a third party acting as a Data Controller, or is to be used for a purpose materially different from the purpose for which it was originally collected, or subsequently authorised.
We do not process any sensitive Personal Data.
Orbus Software is committed to taking reasonable and appropriate precautions to protect Personal Data from loss, misuse, unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
Purpose Limitation and Data Integrity
Orbus Software will use Personal Data only in ways that are compatible with the purposes for which it was originally collected or as subsequently authorised by the individual. We will also take reasonable steps to ensure that the Personal Data is relevant to its intended use, accurate, complete and current. We undertake to adhere to the Privacy Shield Principles for the duration that we receive Personal Data under our Privacy Shield certification.
We recognise that we remain responsible for onward transfers to third party processors and undertake to take reasonable steps to prevent, remediate or stop such disclosure where we become aware that a third party processor is acting outside of its permitted scope. If we transfer Personal Data to a third party acting as a Data Controller, then we will apply the Notice and Choice principles and obtain reassurance from these third parties that they will provide the same level of protection as required under the Privacy Shield Principles.
Recourse, Enforcement and Liability
Where complaints cannot be resolved through Orbus Software’s internal processes, we have further committed to cooperate with EU Data Protection Authorities (“EU DPAs”) and comply with advice given by the EU DPAs regarding human resources and non-human resources transferred from the EU in accordance with Privacy Shield Principles. In the event that Orbus Software has been deemed non-compliant with the Privacy Shield Principles, we shall take appropriate steps to address any adverse effects and promote future compliance. Orbus Software is also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory authority under the Privacy Shield.
Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right to invoke binding arbitration under the Privacy Shield Panel as last resort recourse mechanism.
Orbus Software’s adherence to the Privacy Shield Principles may be limited (a) to the extent necessary to meet applicable national security, public interest or law enforcement requirements such as lawful requests from public authorities; (b) by statute, government regulation or case law that creates conflicting obligations or explicit authorisations, provided that in exercising any such authorisation, an organisation can demonstrate that its non-compliance with the Privacy Shield Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorisation; or (c) where the effect of the GDPR or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.