Privacy Policy

 

Effective date: June 22, 2025

At Orbem, protecting your privacy is a foundational principle in how we operate. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and protect your personal data when you engage with any Orbem product or service. This includes our websites, platforms, software, APIs, mobile apps, and devices (collectively, “Orbem Products”).

Orbem earns revenue from paid subscriptions, imaging hardware sales and professional services. We do not sell or rent your personal data; our commercial interest lies in delivering products worth paying for.

This Policy also informs you about your rights under applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), relevant laws in the state of Texas (including Houston), and other regional data protection frameworks.

1. Data Protection Governance

Orbem has appointed a Data Protection Officer (DPO) to oversee our privacy program and ensure compliance with all applicable laws and regulations. The DPO is responsible for monitoring internal data practices, managing inquiries, and serving as the primary contact point for data subjects and supervisory authorities.

We maintain a comprehensive third-party risk management program that includes initial due diligence and ongoing assessments. This ensures that vendors, service providers, and other external parties processing personal data on our behalf meet strict privacy, security, and compliance standards. Prior to engaging such third parties, we assess their data protection controls, privacy practices, and legal compliance.

Where personal data must be transferred to third parties, including across borders, we ensure that appropriate agreements are in place. These include Data Processing Agreements (DPAs) and, where relevant, international data transfer mechanisms such as Standard Contractual Clauses (SCCs) or reliance on jurisdictions recognized as having adequate levels of data protection.

Orbem stores personal data primarily in data centers located within the European Union. If data must be stored or processed outside the EU, we ensure that the destination jurisdiction offers equivalent legal protections for privacy and data rights. This helps maintain the integrity, security, and legal compliance of your personal data throughout its lifecycle.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Contact and Identification Data: Your name, email address, phone number, postal address, organization, and job title.

  • Authentication Data: Login credentials, two-factor verification, security tokens.

  • Device and Technical Data: IP address, device ID, browser type, OS, referral source, time zone, and language settings.

  • Usage and Interaction Data: Clickstream data, session logs, user preferences, and navigation behavior on our platforms.

  • Transactional and Billing Information: Payment card data, billing addresses, order history.

  • Content and Communication Data: Files and documents you upload, prompts you submit, output data generated by Orbem Products, messages exchanged with our team.

  • Job Application Data: Résumés, cover letters, qualifications, employment history, interview notes, reference feedback, and related recruitment information.

We may collect information directly from you, through cookies and analytics, or from authorized third parties including affiliates, partners, and publicly available databases.

3. How We Use Your Personal Data

We process your personal data for the following purposes:

  • Account Management: Creating and managing user accounts, profiles, and credentials.

  • Service Delivery: Operating Orbem Products, providing support, and fulfilling requests.

  • Security and Fraud Prevention: Detecting and preventing unauthorized access, misuse, or illegal activity.

  • Product Development: Improving our offerings through analytics, feedback, and testing.

  • Personalization: Customizing your experience based on your interactions, usage patterns, and settings.

  • Marketing and Communication: Sending updates, newsletters, promotional offers (only if you opt-in).

  • Recruitment: Evaluating job applications and managing the hiring process.

  • Compliance: Meeting legal obligations, enforcing our terms, and responding to lawful requests.

For more details, refer to the below: 

Purpose

Typical Processing Activities

Lawful Basis*

Provide the service

Authenticate via Google Workspace SSO or Microsoft Entra ID; deliver imaging outputs; maintain user workspaces

Contract

Improve & secure the service

Debug errors, run phishing simulations, train models on aggregated & de-identified telemetry

Legitimate interest

Support & communications

Respond to tickets, send transactional emails

Contract / legitimate interest

Marketing (opt-in)

Newsletters, webinars, audience-matched ads

Consent

Recruitment

Screen CVs, schedule interviews (video or onsite), record evaluations, check references/background, communicate offers or rejections

Contract pre-steps; Art 6(1)(b) & (f) GDPR / § 26 BDSG; Tex. Labor Code; consent where required

Legal & compliance

Fulfil GDPR, CCPA/CPRA, export-control or tax obligations; prevent fraud

Legal obligation

See Section 5 for EU/EEA legal-bases detail.

Data is only used for AI model training if explicit, informed consent is obtained. We do not use personally identifiable data for machine learning without permission.

4. Legal Basis for Processing

We process personal data under one or more of the following legal bases:

  • Your Consent: For example, when you agree to receive marketing communications or participate in surveys.

  • Performance of a Contract: To deliver products and services you have requested.

  • Legal Obligation: To comply with applicable laws, regulations, and lawful requests.

  • Legitimate Interests: To conduct business operations and improve our services, provided such interests are not overridden by your rights and freedoms.

5. Sharing Your Information

We may share your data with the following categories of recipients:

  • Affiliates and Subsidiaries: For internal administration and operational support.

  • Trusted Vendors and Service Providers: Including cloud storage providers, analytics platforms, communication tools, and payment processors who assist us in delivering our services.

  • Authorities and Regulators: When required by law, legal process, or to defend our rights.

  • With Your Consent: When you request or authorize us to do so.

These recipients are contractually obligated to protect your information and are only given the minimum necessary data for their function.

We do not sell personal data. Where data transfers might be interpreted as “sharing” under local laws (e.g., CCPA), we provide mechanisms for opting out.

6. International Data Transfers

Personal data collected by Orbem may be transferred to, stored in, or processed in countries other than your own. Whenever we engage in such transfers, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, or ensure the destination country is recognized as having adequate data protection under GDPR.

We work exclusively with partners and subprocessors that adhere to similar data protection principles and require contractual commitments aligned with applicable privacy laws.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, contractual, and operational obligations. Retention periods vary based on the nature of the data, the legal basis for processing, and applicable regulatory requirements.

After the applicable retention period, we either delete or anonymize the data in a secure manner.

8. Your Privacy Rights

You have the following rights under applicable data protection laws:

  • Right to Access: Obtain confirmation of whether we process your personal data and receive a copy of the data.

  • Right to Rectification: Request corrections or updates to inaccurate or incomplete information.

  • Right to Erasure: Request deletion of your data where legally permissible.

  • Right to Restrict Processing: Limit the use of your data in specific circumstances.

  • Right to Object: Oppose processing of data based on our legitimate interests.

  • Right to Data Portability: Receive your data in a structured format and transmit it to another controller.

  • Right to Withdraw Consent: Withdraw your consent at any time without affecting prior lawful processing.

To exercise any of these rights, you may contact us at [email protected]. We may require identity verification prior to processing your request.

9. Cookies and Tracking Technologies

We use cookies, web beacons, and other similar technologies for the following purposes:

  • Authentication and session management

  • Personalization of content

  • Analytics and performance monitoring

  • Marketing (only with consent)

You can manage cookie preferences via your browser settings or our website’s cookie management tool. You may also opt-out of third-party analytics and advertising cookies using available mechanisms.

10. Children’s Privacy

Orbem Products are not intended for individuals under the age of 18. We do not knowingly collect or process personal data from minors without verifiable parental consent, where required. If we learn that we have collected such data, we will take prompt action to delete it.

11. Do Not Track (DNT)

Orbem does not currently respond to DNT signals. However, we provide various ways for users to manage their data preferences, including cookie consent and privacy settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. We will notify you of significant changes through our website or by direct communication where appropriate.

The revised version becomes effective as of the published date. Continued use of Orbem Products following an update constitutes your agreement to the revised Policy.

13. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy or your personal data, please contact:

Orbem GmbH
Email: [email protected]
Website: https://orbem.ai

You may also contact your local Data Protection Authority in case of unresolved concerns.

Acknowledgment

By using Orbem Products, you confirm that you have read, understood, and accepted this Privacy Policy. If you do not agree to this Policy, please refrain from using our services.

 

 

Orbem loader logo