Your Location

Orbas collects personal data to enable the delivery of platform services, enhance user experience, and meet legal obligations. This section explains the categories of data we collect, how we collect it, and from where.

We aim to be transparent in how personal information is handled and to give users meaningful control over their data. The data collected varies depending on the user’s role (e.g., client, provider, partner) and activity on the platform.

2.1. Categories of Data Collected
We may collect the following types of personal data:

• Identity Data – such as your name, date of birth, government-issued ID, and verification documents.
  
  
• Contact Data – including your email address, telephone number, and physical address.
  
  
• Financial Data – covering payment account information, withdrawal preferences, and VAT registration details.
  
  
• Technical Data – such as IP address, browser type, device identifiers, and operating system.
  
  
• Usage Data – including session activity, page visits, service interactions, and referral sources.
  
  
• Profile Data – including your account settings, reviews, communication logs, and service history.
  
  
• Marketing and Communications Data – including your newsletter subscriptions, campaign responses, and promotional preferences.
  
  

These categories enable Orbas to provide personalised services, ensure platform safety, fulfil contractual obligations, and comply with legal requirements.

2.2. Data You Provide to Us
We collect personal data that you actively provide during your interactions with the platform. This includes actions such as:

• Registering an account or creating a user profile.
  
  
• Listing a service, enrolling in a course, or booking a freelancer.
  
  
• Sending messages through the platform’s chat interface.
  
  
• Submitting feedback, support requests, or helpdesk tickets.
  
  
• Participating in marketing promotions or user surveys.
  
  

We treat all user-provided data with confidentiality and process it only for legitimate purposes in line with user expectations and consent.

Users are responsible for ensuring all submitted data is accurate and up to date. Inaccurate data may hinder access to platform features or lead to regulatory compliance issues.

2.3. Data We Collect Automatically
When you use Orbas, we automatically collect certain types of data through built-in analytics and third-party tools. This data includes:

• Cookies and Tracking Tools – used for authentication, load balancing, and remembering user sessions.
  
  
• Device and Location Data – such as approximate geolocation, browser version, and device model.
  
  
• Behavioural Data – including pages visited, clicks, time spent, and interaction history.
  
  
• Error Logs and Diagnostics – which help us monitor performance and troubleshoot bugs or service interruptions.
  
  

Automatically collected data allows us to optimise the platform experience, detect unusual activity, and improve services through aggregate analysis.

2.4. Data from Third Parties
We may also obtain personal data from external sources in accordance with this Privacy Policy and relevant legal bases. These sources include:

• Identity verification and fraud prevention services.
  
  
• Affiliate marketers and advertising partners.
  
  
• Public records or regulatory databases.
  
  
• Social platforms (if users link accounts or use federated login options).
  
  

This data helps us confirm eligibility, improve onboarding efficiency, and strengthen user identity assurance.

2.5. Cookies and Tracking Technologies
Orbas uses cookies and related technologies for several reasons:

• Essential Platform Operations – enabling login persistence, session continuity, and security.
  
  
• User Experience Enhancement – such as remembering language settings and custom layouts.
  
  
• Analytics and Performance Monitoring – measuring engagement, identifying popular features, and tracking outages.
  
  
• Marketing and Retargeting – to present relevant offers, reduce ad fatigue, and track campaign effectiveness.
  
  

Users have the right to adjust cookie preferences at any time via browser settings or the in-app cookie control panel. Please see our dedicated Cookie Policy for more detail on managing consent and setting retention periods.

Orbas processes personal data only where it has a valid legal basis under applicable data protection legislation, including the UK GDPR. The specific basis we rely on may vary depending on the type of data collected, the nature of the interaction, and the purpose of processing. This section outlines the main legal grounds upon which Orbas relies.

3.1. Consent
We may process your personal data where you have explicitly given your informed, specific, and unambiguous consent. This typically applies to:

• Receiving marketing emails or newsletters.
  
  
• Participating in surveys or competitions.
  
  
• Using optional features like AI-powered suggestions or third-party integrations.
  
  

You may withdraw your consent at any time by updating your preferences in your account dashboard or by contacting us directly. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal.

3.2. Contractual Necessity
We process data when it is necessary to perform or enter into a contract with you. This includes:

• Registering your account and managing your user profile.
  
  
• Facilitating bookings, job matches, or course enrolments.
  
  
• Processing payments and withdrawals.
  
  
• Providing customer support and dispute resolution services.
  
  

Without this data, Orbas would be unable to provide its core platform services effectively.

3.3. Legitimate Interests
We process certain data under our legitimate business interests, provided these are not overridden by your rights or freedoms. This includes:

• Analysing usage patterns to improve platform functionality.
  
  
• Preventing fraud and protecting the security of users.
  
  
• Sending notifications about account activity or service changes.
  
  
• Maintaining business continuity and operational efficiency.
  
  

Where required, we conduct legitimate interest assessments to ensure the balance of interests is fair and lawful.

3.4. Legal Obligation
Orbas may process or retain certain data to comply with legal and regulatory requirements. Examples include:

• Fulfilling tax reporting obligations.
  
  
• Responding to valid legal requests from regulatory bodies.
  
  
• Complying with financial and anti-money laundering laws.
  
  
• Maintaining records for audit and compliance purposes.
  
  

In such cases, the processing is necessary to meet our legal duties and may override objections or deletion requests.

3.5. Vital Interests and Public Task
Although rare, we may process personal data to protect someone’s life or in the public interest. Scenarios might include:

• Assisting emergency services with urgent user location data.
  
  
• Preventing imminent harm to users or the public.
  
  

Such processing is strictly limited to exceptional cases and follows regulatory guidelines to safeguard user rights.

Orbas uses the personal data it collects to provide, maintain, and enhance the platform, ensuring a safe and optimised experience for all users. This section outlines the key purposes for which data is processed.

4.1. Service Provision and User Account Management
We use your personal data to operate the platform and deliver core functionalities. This includes:

• Creating and managing your user profile and dashboard.
  
  
• Enabling you to publish services, apply for jobs, or enrol in courses.
  
  
• Providing visibility to relevant matches based on your preferences or offerings.
  
  
• Customising your user experience through saved settings, preferences, and past activity.
  
  

Without this data, we would not be able to maintain your account or deliver essential platform services.

4.2. Transaction Processing and Support
We use personal and financial data to enable secure transactions and support interactions, including:

• Processing bookings, job payments, subscriptions, and withdrawal requests.
  
  
• Verifying identity and conducting anti-fraud checks before funds are released.
  
  
• Managing billing details and tax documentation.
  
  
• Providing support for refunds, complaints, or customer service requests.
  
  

All financial information is handled in compliance with applicable payment regulations and standards.

4.3. Communication and Marketing
Your contact and interaction data may be used to:

• Send service-related updates (e.g., booking confirmations, system alerts, or policy changes).
  
  
• Notify you of relevant opportunities, features, or promotions.
  
  
• Deliver newsletters and marketing messages (only where you have opted in).
  
  
• Conduct satisfaction surveys or invite participation in feedback campaigns.
  
  

You may opt out of non-essential communications at any time through your account settings or unsubscribe links.

4.4. Security and Fraud Prevention
We process user data to maintain a safe and trustworthy platform environment. This includes:

• Monitoring for suspicious activity, impersonation, or abusive behaviour.
  
  
• Preventing, detecting, and investigating fraud or platform misuse.
  
  
• Conducting identity verification or Know Your Customer (KYC) checks.
  
  
• Protecting user accounts, communications, and transactions from unauthorised access.
  
  

Security systems are designed to balance risk detection with minimal intrusion on user privacy.

4.5. Analytics and Platform Improvement
We analyse aggregated and anonymised data to:

• Measure platform performance and identify areas for optimisation.
  
  
• Improve user journeys by understanding navigation trends.
  
  
• Test new features and assess their adoption.
  
  
• Generate internal reports to support business decisions and strategic planning.
  
  

All analytical processing is governed by data minimisation principles and conducted using secure tools.

1. Commitment to Information Security

   • We take reasonable measures to protect the information we collect.
   • Our efforts include safeguarding against loss, misuse, and unauthorized access.
   • Despite our measures, no security system is infallible.
   • We cannot guarantee complete security of your information.

Orbas operates in a global digital environment and, as such, your personal data may be stored or processed in countries outside of your country of residence. We are committed to ensuring that all international data transfers are conducted in a manner that safeguards your rights and complies with applicable data protection laws.

6.1. Hosting and Storage Locations
Your personal data may be hosted or processed in secure data centres located in the United Kingdom, the European Economic Area (EEA), or other jurisdictions where Orbas or its third-party service providers maintain operations. These facilities are selected based on their adherence to strict data security standards and regulatory compliance.

We make every effort to ensure that storage providers offer high standards of physical, technical, and organisational security aligned with the UK GDPR.

6.2. Transfers Outside the UK/EU
Where personal data is transferred outside the UK or EEA to a country that has not been deemed to provide an adequate level of data protection by the UK government or European Commission, we implement appropriate safeguards to protect your information. These may include:

• Contracts that incorporate the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs);
  
  
• Technical encryption and pseudonymisation measures;
  
  
• Onward transfer restrictions and audit rights.
  
  

Such transfers are limited to what is necessary for platform functionality, support services, fraud monitoring, and data analytics.

6.3. Safeguards and Standard Contractual Clauses
We enter into binding agreements with any third-party data processors located outside of the UK or EEA. These agreements include:

• UK IDTA or EU-approved SCCs where required by law;
  
  
• Supplementary measures to enhance protection, such as encryption and access controls;
  
  
• Ongoing monitoring of data access, processing behaviour, and data minimisation compliance.
  
  

If you would like to receive a copy of the relevant safeguards for international transfers, you may contact us using the details in Section 13 of this Policy.

Orbas retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, or reporting requirements. This section outlines the principles we apply to determine appropriate retention periods and our practices for secure deletion or anonymisation.

7.1. Retention Periods by Category
We apply varying retention periods depending on the type of personal data and the purpose of processing. For example:

• User Account Information – retained for the duration of your account's activity and up to 6 years following account closure for compliance and auditing purposes.
  
  
• Financial and Transactional Data – retained for at least 6 years to meet tax and anti-fraud requirements.
  
  
• Support Tickets and Communication Logs – retained for up to 3 years after resolution to monitor service quality.
  
  
• Marketing Preferences and Consent Records – retained until you withdraw consent or for 2 years following your last interaction with marketing communications.
  
  

7.2. Criteria for Retention
Retention periods are determined based on several factors, including:

• The nature and sensitivity of the data.
  
  
• The legal or regulatory obligations applicable to Orbas.
  
  
• The risk of harm from unauthorised use or disclosure.
  
  
• Contractual commitments to partners, providers, or customers.
  
  
• Whether the data is necessary for dispute resolution or the exercise/defence of legal claims.
  
  

We conduct periodic reviews of our data processing and retention practices to ensure continued compliance.

7.3. Data Deletion and Anonymisation
Once the applicable retention period expires, we take appropriate steps to:

• Securely delete or destroy personal data using industry-standard methods.
  
  
• Anonymise data for future use in statistical analysis, product development, or research, ensuring it can no longer be linked to any identifiable individual.
  
  

Users may also request deletion of their personal data by contacting our support team or exercising their rights under Section 8 of this Policy. Please note that some data may be retained where necessary to comply with legal obligations or resolve disputes.

Orbas respects and upholds the data rights of all individuals whose personal data it processes. These rights are granted under the UK General Data Protection Regulation (UK GDPR) and are exercisable in accordance with the law. This section sets out the rights available to you and how you may exercise them.

8.1. Right to Access
You have the right to request confirmation of whether Orbas is processing your personal data, and if so, to access that data. This includes information about the purposes of processing, categories of data held, recipients of the data, and retention periods.

Requests for access should be submitted via the contact details in Section 13. We will respond within the statutory timeframes and provide a copy of the data where applicable.

8.2. Right to Rectification
You have the right to request the correction of any inaccurate or incomplete personal data held by Orbas. We aim to keep your data accurate and up to date. You may also update certain data directly via your account dashboard.

8.3. Right to Erasure (“Right to be Forgotten”)
In certain cases, you may request that we delete your personal data, particularly where:

• The data is no longer necessary for the purpose for which it was collected.
  
  
• You withdraw consent and there is no other lawful basis for processing.
  
  
• You object to the processing and there are no overriding legitimate grounds.
  
  
• The data was unlawfully processed.
  
  

Please note that erasure may be limited by legal or contractual retention obligations.

8.4. Right to Restriction of Processing
You have the right to restrict the processing of your data in specific situations, such as:

• Where you contest the accuracy of the data (for a limited verification period).
  
  
• If the processing is unlawful and you oppose erasure.
  
  
• If you require the data for legal claims but we no longer need it for our purposes.
  
  

Restricted data will only be processed with your consent or for legal purposes.

8.5. Right to Data Portability
Where processing is based on consent or a contract, and carried out by automated means, you may request that we provide your personal data in a structured, commonly used, and machine-readable format. You may also request that this data be transmitted directly to another controller where feasible.

8.6. Right to Object
You have the right to object to the processing of your personal data where we rely on legitimate interests or public interest as the legal basis. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests.

You also have the absolute right to object to direct marketing at any time.

8.7. Right to Withdraw Consent
Where you have given consent for specific data processing activities, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

You can withdraw consent through your account preferences or by contacting us.

8.8. Right to Lodge a Complaint
If you believe your data rights have been violated or that your data has been misused, you have the right to file a complaint with the UK Information Commissioner’s Office (ICO) or the data protection authority in your jurisdiction.

We encourage you to contact us first so that we can attempt to resolve the issue directly.

Orbas is committed to maintaining the confidentiality, integrity, and availability of your personal data. We implement a range of technical and organisational measures to protect your information against unauthorised access, accidental loss, destruction, or disclosure. This section outlines our approach to data security.

9.1. Technical and Organisational Measures
We adopt industry-standard security protocols and maintain a layered security architecture to safeguard data. Our measures include:

• Encryption of data in transit (e.g. SSL/TLS protocols) and at rest.
  
  
• Firewalls, intrusion detection systems, and real-time monitoring.
  
  
• Secure access controls, including two-factor authentication for administrator accounts.
  
  
• Role-based permissions to limit data access to authorised personnel only.
  
  
• Regular security audits, vulnerability assessments, and penetration testing.
  
  
• Internal training programs to raise staff awareness of cybersecurity risks and responsibilities.
  
  

All systems are built with privacy-by-design and follow security best practices in software development.

9.2. Incident Response
Orbas maintains an incident response plan to promptly detect, assess, and address data breaches or security threats. In the event of a breach:

• Affected systems are isolated and investigated by our security team.
  
  
• Users will be notified as required by applicable data protection laws.
  
  
• The breach will be reported to relevant supervisory authorities (e.g. ICO) within legally mandated timeframes.
  
  
• Lessons learned will be used to strengthen future defences and prevent recurrence.
  
  

We strive to be transparent and proactive in our response to any security incidents.

9.3. User Responsibility for Account Security
Users are responsible for maintaining the confidentiality of their login credentials and ensuring their devices are protected. To support this:

• Do not share your password or allow others to access your account.
  
  
• Use strong, unique passwords and update them regularly.
  
  
• Log out of shared or public devices after each session.
  
  
• Report any suspicious activity or unauthorised access to our support team immediately.
  
  

While we take extensive measures to protect your data, your vigilance as a user is equally important in maintaining platform security.

Orbas may use automated systems, including artificial intelligence (AI), to assist in delivering personalised services, enhance operational efficiency, and improve user outcomes. However, we ensure that such decisions do not adversely affect your rights or freedoms without meaningful human oversight. This section outlines our use of automated decision-making tools and your associated rights.

10.1. AI-Powered Profiling
We may use AI-powered algorithms to:

• Match users with suitable service providers or job listings based on preferences and behaviour.
  
  
• Prioritise or recommend featured services, courses, or candidates.
  
  
• Detect potentially fraudulent or abusive activity on the platform.
  
  

These profiling systems operate on a logic designed to maximise user relevance, quality, and platform integrity. Where AI is involved, its outputs are monitored and refined to reduce bias and improve transparency.

10.2. User Impact and Right to Human Review
Where an automated decision produces legal effects or significantly affects you (e.g., denial of access, rating downgrades, restricted visibility), you have the right to:

• Request human intervention in the decision-making process.
  
  
• Express your point of view and contest the decision.
  
  
• Obtain an explanation of the logic involved and its potential consequences.
  
  

We are committed to ensuring fairness and accountability in all automated processing and will provide accessible means to challenge or override decisions when required.

Orbas may provide links to external websites or integrate with third-party services for enhanced functionality. While we take care to partner with reputable providers, we do not control how third parties operate or handle your data once you leave our platform. This section outlines the scope and limitations of our responsibility for third-party content and services.

11.1. External Sites and Services
Our platform may contain links to external websites, plug-ins, widgets, or services (such as payment processors, identity verification tools, and learning content providers). When you interact with these third-party platforms:

• You may be providing data directly to the third party and not to Orbas.
  
  
• Their own privacy policies and terms of service will apply.
  
  
• We encourage you to review those policies before engaging with external services.
  
  

Examples include logging in through social media, watching embedded video content, or making secure payments via trusted gateways.

11.2. Responsibility Disclaimer
Orbas is not responsible for the content, privacy practices, or data processing activities of third-party websites or services not controlled by us. We do not:

• Endorse or make representations about third-party accuracy, reliability, or security.
  
  
• Control the cookies or tracking tools used on external platforms.
  
  
• Accept liability for losses, damages, or misuse of data arising from third-party use.
  
  

Your interactions with such services are at your own risk, and your data will be governed by their respective policies. Where possible, we will provide clear notice when you are leaving our environment.

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or enhancements to our services. We are committed to keeping users informed of material changes and maintaining transparency in how we use your data.

12.1. Notice of Changes
Whenever we make significant amendments to this Policy:

• We will post an updated version on the platform, indicating the date of revision.
  
  
• Where changes materially affect your rights or how we use your data, we will notify you via email or in-platform notification.
  
  
• You are encouraged to review the Policy periodically to stay informed about how your personal data is handled.
  
  

12.2. Effective Date
Each version of the Privacy Policy will include an effective date, clearly shown at the top of the document. Changes take effect on the date specified, unless otherwise communicated in the notice.

12.3. Continued Use as Acceptance
By continuing to use the Orbas platform after the revised Privacy Policy takes effect, you acknowledge and agree to the terms of the updated Policy. If you do not agree with any aspect of the revised version, you should discontinue use of the platform and may request deletion of your account and data as outlined in Section 8.

If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, you may contact us or our appointed Data Protection Officer (DPO) directly. We are committed to responding promptly and transparently to all privacy-related inquiries.

13.1. Contact for Privacy Queries
For general privacy questions, account-related data requests, or to exercise any of your rights under Section 8 of this Policy, please contact:

Email: privacy@orbas.io
Address:61 Bridge Street, Hertfordshire, HR5 3DJ

Please include sufficient details to verify your identity and the nature of your request.