Privacy Policy
1. Introduction
This Privacy Policy outlines the principles and guidelines governing the collection, use, storage, and protection of personal data by Carver Technologies Inc. (herein also referred to as Orbital or Organization).
We are committed to safeguarding the privacy of our customers, employees, and other individuals whose personal data we process. This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
2. Scope
This policy applies to users’ (i.e., actively subscribed customers, employees, and contractors) personal data collected, processed, and stored by Carver Technologies Inc. in connection with the Orbital product and related services. It applies to all individuals, including those in the European Economic Area (EEA) under GDPR, residents of California under CCPA, and individuals in Canada under PIPEDA.
3. Definitions
Personal Data (Personal Information): Any information relating to an identified or identifiable natural person. In Canada, this includes information that can identify an individual either directly or indirectly.
Processing: Any operation performed on personal data, such as collection, storage, use, or disclosure.
Data Subject: An individual whose personal data is being processed.
Controller: The entity that determines the purposes and means of processing personal data.
Processor: The entity that processes personal data on behalf of the controller.
Sensitive Personal Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and data concerning health or a person’s sex life or sexual orientation.
Selling: Under CCPA, selling refers to sharing, disclosing, or transferring personal data to a third party for monetary or other valuable consideration.
4. Collection of Personal Data
We collect personal data necessary for legitimate business purposes, which may include:
Customer / Employee Information: Name, email/phone, preferences or settings, and payment information
Other Data: Information provided voluntarily by individuals interacting with our services.
GDPR Basis for Processing: We collect and process personal data based on the following lawful bases:
Consent: Where you have provided explicit consent.
Contract: Where processing is necessary for the performance of a contract with you.
Legal Obligation: Where processing is necessary to comply with a legal obligation.
Legitimate Interests: Where processing is necessary for our legitimate interests, except where such interests are overridden by your rights.
PIPEDA Principles: Under PIPEDA, we follow the following principles:
Accountability: We are responsible for personal data under our control and have designated a Privacy Officer to ensure compliance with this policy.
Identifying Purposes: We identify the purposes for which personal data is collected at or before the time of collection.
Consent: We obtain the individual’s consent for the collection, use, or disclosure of personal data, except where inappropriate.
Limiting Collection: We collect personal data only for the purposes identified and limit the amount and type of personal data collected.
Limiting Use, Disclosure, and Retention: We use, disclose, and retain personal data only for the purposes for which it was collected, unless the individual consents otherwise or as required by law.
Accuracy: We maintain personal data as accurate, complete, and up-to-date as necessary.
Safeguards: We protect personal data with security safeguards appropriate to the sensitivity of the information.
Openness: We make our policies and practices relating to the management of personal data readily available.
Individual Access: Upon request, individuals can access their personal data and challenge its accuracy and completeness.
Challenging Compliance: Individuals may address concerns regarding our compliance with PIPEDA to our Privacy Officer.
CCPA Notice: We do not sell users’ personal data. We only use users’ personal data for business purposes as defined in the CCPA.
5. Use of Users’ Personal Data
Users’ personal data is used for the purposes for which it was collected, including but not limited to:
Providing products and services.
Managing customer relationships.
Complying with legal and regulatory requirements.
Enhancing our products, services, and customer experience.
Human resources management.
6. Data Sharing and Disclosure
We do not share personal data with third parties, except:
Service Providers: With service providers who perform functions on our behalf and under our instructions.
Data Processors: With data processors or subprocessors that are handling data and performing functions on our behalf under our instructions.
Legal Requirements: When required by law or in response to legal requests.
Business Transfers: In connection with a merger, acquisition, or sale of assets, where personal data may be transferred as part of the transaction.
CCPA Personal Data Sales Opt-Out and Opt-In: We will not sell your Personal Data, and have not done so over the last 12 months. To our knowledge, we do not sell the Personal Data of minors under 16 years of age.
7. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
Data encryption.
Access controls.
Regular security assessments.
Employee training on data protection practices.
8. Data Retention
Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law. Once no longer needed, personal data will be securely deleted or anonymized.
9. Data Subject Rights
Data subjects have the following rights concerning their personal data:
Under GDPR:
Access: To request a copy of the personal data we hold.
Correction: To request correction of inaccurate or incomplete data.
Deletion: To request the deletion of their personal data under certain conditions.
Restriction: To request a restriction on the processing of their data.
Objection: To object to the processing of their data on certain grounds, including direct marketing.
Portability: To request the transfer of their data to another organization in a structured, commonly used, and machine-readable format.
Withdrawal of Consent: To withdraw consent where we are relying on consent to process your data.
Under CCPA:
Right to Know: To request information about the categories and specific pieces of personal data we have collected about you, the categories of sources from which the personal data was collected, the purpose for collecting the personal data, and the categories of third parties with whom we share personal data.
Right to Delete: To request the deletion of personal data, subject to certain exceptions.
Right to Opt-Out: To opt-out of the sale of personal data. (Note: We do not sell personal data.)
Right to Non-Discrimination: To not receive discriminatory treatment for exercising your CCPA rights.
Under PIPEDA:
Access: Individuals have the right to request access to their personal data, including information about how it is being used and to whom it has been disclosed.
Correction: Individuals have the right to request corrections to inaccurate or incomplete personal data.
Withdrawal of Consent: Individuals may withdraw consent to the processing of their personal data at any time, subject to legal or contractual restrictions and reasonable notice.
Challenging Compliance: Individuals have the right to challenge our compliance with PIPEDA by contacting our Privacy Officer.
These rights can be exercised by emailing us at security@withorbital.com or by filling out this form.
10. International Data Transfers
If personal data is transferred outside of the jurisdiction in which it was collected, we ensure that appropriate safeguards are in place to protect the data, in accordance with applicable data protection laws. This includes transfers to countries outside the EEA under GDPR, where we will rely on legally recognized transfer mechanisms, such as standard contractual clauses or Privacy Shield certification (where applicable).
11. Children’s Privacy
We do not knowingly collect personal data from children under the age of 16. If we become aware that we have inadvertently collected personal data from a child under the age of 16, we will take steps to delete such data as soon as possible.
12. Cookie Policy
We use cookies and similar tracking technologies on our websites and online services. This Cookie Policy explains what cookies are, how we use them, and your choices regarding their use.
12.1 What Are Cookies?
Cookies are small text files that are placed on your device (computer, smartphone, or other electronic devices) when you visit a website. Cookies can store information about your browsing activities and preferences.
12.2 Types of Cookies We Use
Essential Cookies: These cookies are necessary for the proper functioning of our website. Without these cookies, certain features and services may not be available.
Analytical/Performance Cookies: These cookies allow us to recognize and count the number of visitors and to see how visitors move around our website. This helps us improve the way our website works.
Functionality Cookies: These cookies are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
Targeting/Advertising Cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed. We use this information to make our website and the advertising displayed on it more relevant to your interests.
12.3 Third-Party Cookies
In addition to our own cookies, we may also use third-party cookies to report usage statistics of the website, deliver advertisements on and through the website, and so on. These third-party cookies are set by domains other than the one you are visiting and are used by third-party organizations that provide services for us.
12.4 How We Use Cookies
We use cookies to:
Improve User Experience: Cookies help us remember your preferences and tailor our websites and services to better match your interests and needs.
Analyze Website Performance: Cookies allow us to collect information on how users interact with our website, enabling us to make improvements.
Personalize Content: Cookies allow us to show you content that is more relevant to you based on your past interactions with our website.
Deliver Targeted Advertising: Cookies help us deliver more relevant ads to you, both on our website and on third-party websites.
12.5 Your Choices Regarding Cookies
You have the right to choose whether or not to accept cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, some parts of our website may not function properly.
Cookie Management Tools: You can manage or delete cookies through your browser settings. To learn more about how to manage cookies on popular browsers, visit:
Google Chrome
Opting Out of Targeted Advertising: You can opt out of targeted advertising by visiting YourAdChoices or the Network Advertising Initiative.
13. Marketing Content & User Data
We are committed to respecting your privacy and ensuring that you understand how your personal data is used for marketing purposes. This section outlines how we collect, use, and manage personal data for marketing activities.
13.1 Collection of Data for Marketing Purposes
We may collect personal data for marketing purposes in the following ways:
Direct Collection: When you provide your information directly to us, such as when you subscribe to our newsletter, download a whitepaper, or fill out a contact form.
Indirect Collection: When we obtain your data through your interactions with our website, social media channels, or third-party sources.
13.2 Types of Data Collected
For marketing purposes, we may collect the following types of data:
Contact Information: Name, email address, phone number, and mailing address.
Behavioral Data: Information about your interactions with our emails, website, and advertisements.
Preferences: Information about your preferences for receiving marketing communications.
13.3 How We Use Your Data for Marketing
We use your personal data to:
Send Marketing Communications: This includes newsletters, promotional offers, event invitations, and other content that may be of interest to you.
Personalize Content: We tailor the content of our marketing communications based on your interests and preferences.
Analyze Marketing Campaigns: We analyze how you interact with our marketing communications to improve their effectiveness.
Provide Relevant Advertising: We may use your data to display targeted ads that match your interests on our website or third-party websites.
13.4 Opting In and Out
Consent: We will only send you marketing communications if you have explicitly opted in to receive them or if you registered to use our proudcts and services. You can opt in by subscribing to our newsletters or other communications.
Opting Out: You can opt out of receiving marketing communications at any time by:
Clicking the "unsubscribe" link in any marketing email you receive from us.
Updating your preferences in your account settings on our website.
Contacting us directly at securituy@withorbital.com.
13.5 Third-Party Marketing
We do not share your personal data with third parties for their marketing purposes unless you have explicitly consented to such sharing.
13.6 Data Protection and Privacy
We are committed to protecting your data and ensuring your privacy rights are respected in all our marketing activities. Your data will be processed in accordance with this Privacy Policy and applicable data protection laws, including GDPR, CCPA, and PIPEDA.
13.7 Changes to Marketing Preferences
You can update your marketing preferences at any time by contacting us at security@withorbital.com or by accessing your account settings on our website.
12. Compliance and Accountability
Carver Technologies Inc. is committed to complying with all applicable data protection laws and regulations, including GDPR, CCPA, and PIPEDA. We have appointed a Data Protection Officer (DPO) responsible for overseeing data protection strategy and implementation. We also regularly review and update our data protection practices to ensure compliance and protect the rights of data subjects.
13. Policy Updates
This policy may be updated periodically to reflect changes in our practices or legal requirements. We reserve the right to make changes to this Privacy Policy at any time. When we do, we will revise the “Last Updated” date at the bottom of this page.
Where required by law, we will notify data subjects of significant changes to this policy, and additionally where required by law, we will seek your consent for such changes.
Continued use of our services following the posting of changes constitutes your acceptance of those changes. We encourage you to review this policy periodically to stay informed about how we are protecting your information.
14. Contact Information
For questions or concerns regarding this policy or the handling of personal data, please contact:
Data Protection Officer (DPO)
Carver Technologies Inc.
2261 Market St. Suite 4461 San Francisco, CA 94114
Last Updated January 15, 2024.
For questions regarding privacy or security, please reach out to Orbital’s Security & Privacy team at security@withorbital.com.