Privacy Policy

Purpose of this policy

This privacy policy sets out how Orbit Business Management Ltd (Orbit) uses and protects any information that you provide when using this website.

We are firmly committed to the “accountability” principle of the GDPR and will take all steps necessary to safeguard personal information in accordance with the current data protection legislation, currently the GDPR and Data Protection Act 2018.

Who we are

If you have any questions about this privacy policy or the data we hold about you, please get in touch. The best way to contact us is to write directly to our Managing Director:

Mike Huthnance at 3 Victoria Place, Love Lane, Romsey, Hampshire, SO51 8DE

or email mjh@orbit.co.com and include “data protection” in the email title.

Orbit are registered with the ICO as a data controller, reference: ZA270739.

What information we collect and why

We may collect and process various forms of information when you use our website:

  • User-Provided Information: When you use our website you may provide personal information and we, as a result, may process this. For example, you may send us a message via a contact form and we will process it in order to respond accordingly.
  • Automatically Collected Information: During your use of our website, we may automatically collect information about your computer, including, where available, your IP address, operating system and browser type. We achieve this by using cookies and other forms of technology and all of the information that is automatically collected is statistical data about user browsing actions and patterns; we collect this to enhance the user experience.

See the “cookies”  section below for more detailed information.

Comments

If you leave a comment on the site then we collect the data shown in the comments form, and also your IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

When you complete the simple form on the Contact Us page (name, email, subject, message) the details are emailed directly via SMTP to an Orbit mailbox and we use these details to make contact and discuss your enquiry. If your enquiry relates to using our Consultancy services then we may add your details to our CRM to improve the quality of our communication and service provision.

Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Analytics

We use Google Analytics to measure traffic to our Site and understand how Users move around and use our Service. We use this information to enhance the Site and Service we provide to ensure that Users get the best experience possible. All of the information we collect from Google Analytics is aggregate and will not be disclosed with any other third parties.

We do not use any of the Advertising Features provided by Google Analytics.

The Google Analytics service will set up to 3 cookies in your browser. Two are used to uniquely identify you (to distinguish one visitor from another). These expire after 1 day and 2 years respectively. The third cookie is used to throttle the request rate, and expires after 1 minute.

Google has its own privacy policy which we recommend you review. Further information specific to Google analytics and how they secure the data collected can be found here.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Who we share your information with

We only share your personal information in very limited circumstances, these being when we contract an Associate Consultant (i.e. a specialist consultant who normally runs their own Limited Company) to provide you with Consultancy services and in these circumstances an appropriate Non-Disclosure Agreement has been signed which states their obligations and responsibilities relating to supplied personal information.

Other than this, we would only share your personal information if required to do so by law.

Where your information is securely stored

In accordance with Chapter V of the GDPR, we recognise the restrictions relating to transferring your personal information either outside the EEA or to an International Organisation. We store your information as follows:

  • Email: Office 365 (Durham and London) per their updated Online Services Terms (May 1, 2018)
  • File Storage: Box (UK Zone and approved BCR)
  • CRM: Really Simple Systems (UK SME, datacentres in Belgium and Fareham)
  • Project planning tools: Office 365 OneNote (Cardiff and London) and Planner (Ireland).

We have selected these platforms and tools after assessing their security features (e.g. multi factor authentication) and independent certification (e.g. ISO 27001, SOC2) and are confident that they are effective and appropriate.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely within the website content management system. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

However, if you submit personal information on a Contact Us form then the website does not store the information and we will only retain the relayed email whilst we attempt to contact you. If we quote for work or undertake work then your information will be added to our CRM (see above) and any information that remains dormant for more than 2 years will be deleted.

Your Rights

You have a number of rights that you can exercise free of charge and on request, under certain circumstances. However, if your requests are unfounded or excessive, we reserve the right to charge a reasonable fee or to refuse to act on them.

In summary, depending on the circumstances, you have the right:

  • to be informed about the collection and use of your personal data
  • to access your personal data and supplementary information
  • to have inaccurate personal data corrected, or completed (if it is incomplete)
  • to have your personal data erased
  • to restrict our processing of your personal data
  • to receive a copy of any personal data you have provided to us, in a machine-readable format, or have this information sent to a third party
  • to object at any time to processing of your personal data for direct marketing purposes
  • to object in certain other situations to the continued processing of your personal data

For more information on these rights and when you can exercise them, see the Information Commissioner’s Guide

If you need to exercise any of your rights, please let us know by using the contact details above. If you want us to reply, or to send you anything, you must give us your contact details as well. We will ask you to verify your identity and may take up to 1 month from when we receive your request, unless the complexity and number of requests we receive means that we need more time. If we need more time (up to two further months) we will tell you why within the first month.

How to make a complaint

You also have the right to lodge a complaint with the Information Commissioner’s Office if you are in the UK, or with the supervisory authority of the European Member State where you work, normally live or where the alleged infringement of data protection laws occurred. The Information Commissioner’s Office can be contacted here .

Marketing Communications

If you provide us with your contact details via our Contact Us page, we may use them for the purposes of sending you marketing communications.

We will not send you any marketing communications by email unless you have given us your details to obtain a quotation for consultancy services, request a meeting to discuss our consultancy services or similar. The marketing will be in respect of similar services and you will be provided a clear opportunity to opt-out.

The legal basis we rely on for the purposes of sending you marketing communications is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

If at any time you do not wish to receive marketing communications (whether by email or otherwise), please let us know and we’ll update our records immediately to reflect your wishes.

 

(Last updated: 01/06/2018)