Last Updated: 7 September 2022
Information privacy, also known as data privacy or data protection, is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, legal and political issues surrounding them.
Privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues may arise in response to information from a wide range of sources.
Privacy & Cookies Policy
We recognize that your privacy is very important and take it seriously. This Privacy & Cookies Policy describes “Orion Labs” policies and procedures on the collection, use and disclosure of your information when you use our
product (the “Product”), which comprises the Orion communications device (the “Device”), the Orion Labs website (the “Site”), the Orion mobile application (the “Application”), and associated services, or interact with us directly (collectively the “Services”) and tells you about your privacy rights and how the law protects you.
By using the Services, you consent to our use of your information in accordance with this Privacy & Cookies Policy. We will not use or share your personal information with anyone except as described in this Privacy & Cookies Policy. Capitalized terms that are not defined in this Privacy & Cookies Policy have the meaning given them in our Terms & Conditions.
With that in mind, this Privacy & Cookies Policy is designed to describe:
- Who we are and how to contact us?
- Our Relationship to You
- Your rights relating to your Personal Data
- Whose personal data do we collect?
- When we may process your personal data?
- What Personal Data we collect
- Marketing Communications Preferences
- How we use your Personal Data and why
- Who we share your personal Data with?
- Third Party Subprocessors
- How long we store your Personal Data
- Where we store your Personal Data
- How we protect your Personal Data
- Links to Other Websites
- Changes to our Privacy & Cookies Policy
This Privacy & Cookies Policy is intended to meet our duties of transparency under the "General Data Protection Regulation"("GDPR").
We will post any modifications or changes to this Privacy & Cookies Policy on this page.
Who We Are and How to Contact Us?
Who we are? Orion Labs, Inc. a company organized and existing under the laws of the State of California (referred to as either "Orion", "we", "us" or "our" in this Privacy & Cookies Policy).
Our address is 548 Market Street, PMB 88695. San Francisco, CA 94104-5401, USA.
How to contact us. If you have any questions about our practices or this Privacy & Cookies Policy, please contact us at: email@example.com.
Our Relationship to You
It is important that you identify which relationship(s) you have with Orion to understand Orion’s data protection obligations and your rights to your Personal Information under this Privacy & Cookies Policy.
Orion has the following relationships:
- A “User” is an individual providing Personal Information to us via our website or other services, software or platforms, such as by signing up for our newsletter or contacting us through contact form. Here, Orion is a data controller.
- A “Customer” is a specific type of User that has engaged us to act as an agent (a “data processor”) by obtaining our Services. The Customer is the data controller, and Orion is their data processor.
Hereinafter we may refer to Customers and Users collectively as “You.”
Your Rights Relating to Your Personal Data
You have the right under this Privacy & Cookies Policy to:
- Request access to your Personal Data. If you are in certain jurisdictions, this enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you in certain scenarios (for example if you want us to establish its accuracy or the reason for processing it).
- Request the transfer of your Personal Data. If you are in certain jurisdictions, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent. This right only exists where we are relying on consent to process your Personal Data ("Consent Withdrawal"). If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our Site. We will advise you if this is the case at the time you withdraw your consent.
How to exercise your rights. If you want to exercise any of the rights described above, please contact us using the contact details in Who We Are and How to Contact Us.
Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to submit a complaint regarding this Privacy & Cookies Policy or our practices in relation to your Personal Data, please contact us at: firstname.lastname@example.org with the subject: ‘Data privacy’.
We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that if you are in the EU the GDPR gives you the right to contact your local data protection supervisory authority. You can find information on your country’s data protection authority here.
Whose personal data do we collect?
We may process your personal data, if:
- You are our potential or current client;
- You are an entity (or you are providing services to an entity), that we want to sell our services to;
- You are providing services / work for our client or to an entity, that uses our services or platform developed by us (you act on behalf of them e.g. as their employee, associate, representative);
- You are interested in actions that we undertake (e.g. as part of contact with media).
When we may process your personal data?
We may process your personal data received directly from You or from other sources. Therefore, your personal data may be processed:
- If you have provided us with your personal data via various means of communication (e.g. by sending us an inquiry, via email, via our Site);
- In the case of conclusion or performance of a contract, including in case when your personal data has been provided to us as contact data for the purpose of proper performance of the above contract;
- If we have received your personal data from another source (e.g. from an entity that is our contractor / client, during events or from publicly available sources / websites).
What Personal Data we collect
Orion uses Personal Data we collect to provide the Services, maintain security, monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns, and track user content and users as necessary to comply with the Digital Millennium Copyright Act and other applicable laws.
Information You Directly Provide to Us. There are many occasions when you provide information that may enable us to identify you personally ("Personal Data") while using the Services. The Personal Data we may collect from you is outlined in the table below.
|Category of Personal Data collected
|What this means
|First name, last name, username, demographic information (such as your gender and occupation), avatar, LinkedIn contact information, or other forms of identification.
|Your email address, postal address and phone number.
|Any details about payments including your payment card details, billing account and other details of the services you have purchased from us.
|Marketing and Communications Data
|Your preferences in receiving marketing from us and our third parties and your communication preferences. If you correspond with us by email or messaging through the Services, we may retain the content of such messages and our responses.
|Any content you post to the Services not already included in another category, including without limitation, voice data, profiles, questions, preference settings, answers, messages, calls, comments, business information and other interaction on the Site (“Content").
|Inferred or assumed information relating to your behavior and interests, based on your online activity. This is most often collated and grouped into "segments."
|When visiting our Site, we log Internet protocol (IP) address, your login data, GA tags, browser type and version, time zone setting and location, website you visited before browsing to our Site.
From the Device, we log the model, serial number, hardware version, firmware version and connection ID.
From the Application, the make, model, serial number, carrier, application version, location data and contact list are logged.
Aggregated Data. We may also collect, use and share "Aggregated Data" for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy & Cookies Policy.
No Special Categories of Personal Data. We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership). Nor do we collect any information about criminal convictions and offences.
Personal Credit Information. Orion Labs does not store any customer credit card data directly. All customer credit card data is processed via and stored within Recurly’s PCI-DSS Level 1 compliant service.
We do not knowingly solicit personal information of children under the age of 18. We do not knowingly collect personal information of and from children under the age of 18. If we learn that a child under the age of 18 has provided us with personal information without parental consent, we will take steps to delete it.
Marketing Communications Preferences
You can ask us to stop sending you marketing messages or modify your email preferences at any time through any of the following methods:
- by following the opt-out links on any marketing message sent to you; or
- by contacting us at any time using the contact details in Who We Are and How to Contact Us.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of emails relating to existing or pending hires, using the Services or consent to direct marketing communications.
What are cookies? When you visit the Services, we may send one or more "cookies" – small data files – to your computer to uniquely identify your browser and let Orion help you enhance your navigation through the Site. A cookie may convey anonymous information about how you browse the Services to us so we can provide you with a more personalized experience, but does not collect personal information about you. A persistent cookie remains on your computer after you close your browser so that it can be used by your browser on subsequent visits to the Service. Persistent cookies can be removed by following your web browser's directions. A session cookie is temporary and disappears after you close your browser.
What types of cookies do we use? Our Site use the following types of cookies for the purposes set out below:
|Type of cookie
|These cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they help the content of the pages you request to load quickly. Without these cookies, the Services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
|These cookies enable and support our security features, and to help us detect malicious activity.
|These cookies allow our Site to remember choices you make when you use our Site, such as remembering the changes you make to other parts of our Site which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
|Analytics and Performance Cookies
|These cookies are used to collect information about traffic to our Site and how users use our Site. The information gathered via these cookies does not "directly" identify any individual visitor. However, it may render such visitors "indirectly identifiable". This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access our Site. The information collected is aggregated and anonymous. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site. We use a number of different tools including Google Analytics and HubSpot for this purpose.
What cookies do we use? Our Site may use the following cookies:
|MUID, SRCHD, SRCHHPGUSR, SRCHUID, SRCHUSR
|__hs_opt_out, __hssc, __hssrc, __hstc, _clck, _fbp, _ga, _ga_Y8YZSCEFRF, _gac_UA-40160140-10, _gcl_au, _gcl_aw, _gid, _privy_595F3A907612A29CD9873498, _shopify_y, _uetsid, _uetvid, _y, fs_uid, gclid, hubspotutk, messagesUtk, mp_4735202df87193e9def75ae43e84a326_mixpanel
|60 days, 1 day, Session, 90 days, 10 days, 60 days, 420 days, 420 days, 90 days, 90 days, 90 days, 30 days, 270 days, 365 days, 30 days, 400 days, 365 days, 270 days, 365 days, 90 days, 210 days, 365 days
|sliguid, slireg, slirequested, vv_session_id, vv_visitor_id, wp-settings-65, wp-settings-time-65, _pk_id.96665.3e56, _pk_id.96670.3e56, _pk_ref.96665.3e56, _pk_ref.96670.3e56, _pk_ses.96665.3e56
|270 days, 30 days, 270 days, 30 days, 420 days, 365 days, 365 days, 300 days, 300 days, 210 days, 120 days, 30 days
|PLAY_SESSION, messagesUtk, sliguid, slireg, slirequested, vv_session_id, vv_visitor_id
|365 days, 183 days, 365 days, 7 days, 365 days, 1 day, 365 days
|240 days, 240 days
|DSID, IDE, RUL
|14 days, 400 days, 365 days
|bcookie, li_gc, UserMatchHistory, lang, AnalyticsSyncHistory, lidc
|730 Days, 728 Days, 30 Days, Session, A few seconds, 1 Day
How can I disable cookies? You can typically reset your web browser to refuse all cookies or to notify you when a cookie is being sent. In order to do this, follow the instructions provided by your browser (usually located within the "settings", "help" "tools" or "edit" facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience some inconvenience in your use of our Services and some features of the Service may not function properly.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.
Log Files: Log file information is automatically reported by your browser each time you access a web page. When you use the Site, our servers automatically record certain information your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol address, browser type, referring / exit pages and URLs, location, domain names, pages viewed, and other such information.
Third Party Services: Orion uses third-party services to help understand/improve the use of the Website. These services typically collect the information sent by your browser as part of a web page request, including cookies and your IP address. They receive this information and their use of it is governed by their respective privacy policies.
How We Use Your Personal Data and Why
We generally use Personal Data for the following: to deliver and improve our Services; to manage our Site and provide you with customer and technical support; to perform research and analysis about our products; to verify your identity and prevent fraud or other unauthorized or illegal activity; to enforce or exercise any rights in our Terms & Conditions;
In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a legal basis for that use if you are within the EU. The legal bases depend on the Services you use and how you use them. This means we collect and use your Personal Data only where:
- We need it to provide you the Services, including to operate the Site, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; or
- We need to process your data to comply with a legal or regulatory obligation.
We may also rely on your consent as a legal basis for using your Personal Data where we have expressly sought it for a specific purpose. If we do rely on your consent to a use of your Personal Data, you have the right to change your mind at any time (but this will not affect any processing that has already taken place). We have set out below, in a table format, more detailed examples of relevant purposes for which we may use your Personal Data.
|Why do we do this
|Providing, updating, and maintaining our Services, Site and business
|To deliver the Services you have requested.
|Research and development
|To enable us to improve the Services and better understand our users and the markets in which we operate. For example, we may conduct or facilitate research and use learnings about how people use our Services including Site and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, areas for additional features and improvement of the Services and other insights. We also test and analyze certain new features with some users before introducing the feature to all users.
|Communicating with users about the Services
|To send communications via email, including, for example, responding to your comments, questions and requests, providing customer support, and sending you technical notices, service updates, security alerts. We may also provide tailored communications based on your activity and interactions with us.
|Providing customer and technical support
|To respond to your requests for assistance, comments and questions, to analyze crash information, to repair and improve the Services and provide other customer support.
|To keep our Services and associated systems operational and secure, including, for example, verifying accounts and activity, monitoring and investigating suspicious or fraudulent activity and to identify violations of our terms and policies.
|To comply with applicable law, legal process and regulations and protect legitimate business interests
|As we believe is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization or audit or to protect the safety of any person, to address fraud, security issues, or to protect our legal rights, interests and the interests of others.
What happens when you do not provide necessary Personal Data? Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the Services). In this case, we may have to stop you from using our Services.
Who We Share Your Personal Data With?
We may share your Personal with third parties in the ways that are described in the table below. We consider this information to be a vital part of our relationship with you.
|Why we share it
|Our Third Parties Subprocessors
|Our subprocessors may access your Personal Data to help us develop, maintain and provide our Services and help manage our customer relationships (including providing customer support, customer liaison, etc).
|Our service providers provide us support for our Services, including, for example, development tools, search engine, hosting, maintenance, backup, storage, virtual infrastructure, analysis, identity verification, background and compliance reviews, banking services, and other services for us, which may require them to access or use Personal Data about you.
|Our lawyers, accountants may need to review your personal data to provide consultancy, compliance, banking, legal, insurance, accounting and similar services.
|Legal and Taxing Authorities, Regulators and Participants in Judicial Proceedings
|We may disclose your Personal Data if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization or audit or to protect the safety of any person, to address fraud, security or technical issues, or to protect our legal rights, interests and the interests of others, such as, for example, in connection with the acquisition, merger or sale of securities or a business (e.g., due diligence).
As we develop our business, we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, we may also transfer your Personal Data as part of the transferred assets without your consent or notice to you.
Third Party Subprocessors
We currently use third party subprocessors to provide our services and Site. Prior to engaging any third party subprocessor, Orion performs diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.
Orion may use the following subprocessors for the purpose described below:
|Hosting and Infrastructure Services
|Storage, Analytics and CRM Services
|Storage, Sales and Marketing Services
|Storage & Analytics Services
|Advertising and Marketing Services
As our business grows and evolves, the Subprocessors we engage may also change. We will endeavor to provide the owner of Customer’s account with notice of any new Subprocessors to the extent required under the Agreement, along with posting such updates here. Please check back frequently for updates.
How long we store your Personal Data
We will retain your information for as long as it is reasonably needed for the purposes set out in How We Use Your Personal Data and Why unless you request that we remove your Personal Data as described in Your Rights Relating to Your Personal Data. We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes). This may include keeping your Personal Data after the termination of your contract for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Where We Store Your Personal Data
The Services are maintained in the North America. Personal Data that you provide us may be stored, processed and accessed by us, our staff, sub-contractors and third parties with whom we share Personal Data in USA or elsewhere for the purposes described in this policy. We may also store Personal Data in locations outside the direct control of Orion (for instance, on servers or databases co-located with hosting providers).
By accessing the Services and providing us with your Personal Data, you consent to and authorize the export of Personal Data and its storage and use as specified in this Privacy & Cookies Policy.
How We Protect Your Personal Data
Orion uses industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We periodically review our policies and procedures to evaluate their effectiveness and ensure that they remain up to date. We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event that personal information is compromised as a result of such a breach of security, Orion will promptly notify those persons whose personal information has been compromised, in accordance with the notification procedures set forth in this Privacy & Cookies Policy, or as otherwise required by applicable law.
Personal Credit Information. Orion Labs utilizes a platform, Recurly, as its payment processor and gateway. Recurly is PCI-DSS Level 1 compliant, and recognized on the Visa Global Registry of Service Providers and follows the Payment Card Industry Data Security Standard (PCI-DSS).
Links to Other Websites
This Privacy & Cookies Policy applies only to the Services. Our services may contain links to other websites not operated or controlled by Orion. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us.
Please remember that when you use a link to go from the Services to another website, our Privacy & Cookies Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our Site, is subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.
Changes to Our Privacy & Cookies Policy
We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Privacy & Cookies Policy at any time. Any changes or updates will be effective immediately upon posting to this page. You should review this Privacy & Cookies regularly for changes. You can determine if changes have been made by checking the Effective Date below. Your continued use of our services following the posting of any changes to this Privacy & Cookies means you consent to such changes.