Privacy Policy

1. Introduction

Orca, a leading consultancy based in Germany, is committed to protecting the privacy and security of your personal data. This Privacy Policy outlines how we collect, use, process, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Who We Are (Controller)

Orca

[Your Full Company Name]

[Your Full Company Address]

Germany

[Your Email Address]

[Your Phone Number]

We are the data controller responsible for the processing of your personal data as described in this Privacy Policy.

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Contact Information: Name, email address, phone number, postal address, company name, job title. This is typically collected when you contact us through our website, email, phone, or during business interactions.

  • Website Usage Data: IP address, browser type, operating system, referring website, pages visited, date and time of access, and other usage data collected through cookies and similar technologies. Please refer to our Cookie Policy for more information.

  • Communication Data: Records of our correspondence with you, including emails, chat logs, and notes from phone calls or meetings.

  • Client Data: If you are a client, we may collect and process personal data of your employees or representatives necessary for the provision of our consulting services, as outlined in our client agreements.

  • Marketing Data: If you have consented to receive marketing communications, we may collect your name and email address for this purpose.

  • Recruitment Data: If you apply for a job at Orca, we will collect and process the personal data you provide in your application, such as your CV, cover letter, and qualifications.

  • Event Data: If you register for or attend our events, we may collect your name, contact details, and dietary preferences (if applicable).

4. How We Collect Your Personal Data

We collect your personal data through various means, including:

  • Direct Interactions: When you provide information to us directly, such as when you contact us via our website forms, email, phone, or during meetings.

  • Automated Technologies: When you interact with our website, we may collect certain data automatically using cookies and similar tracking technologies.

  • Third Parties: We may receive personal data from third parties, such as publicly available sources (e.g., LinkedIn), event organizers, or referrals, but only when lawful to do so.

5. Purposes of Processing Your Personal Data

We process your personal data for the following purposes:

  • To Respond to Your Inquiries: To communicate with you and address your requests or questions.

  • To Provide Our Services: To deliver our consulting services to clients, manage our client relationships, and fulfill our contractual obligations.

  • To Improve Our Website and Services: To analyze website usage data and feedback to enhance our online presence and service offerings.

  • For Marketing Purposes: To send you information about our services, events, and industry insights, where you have provided your consent to receive such communications. You have the right to withdraw your consent at any time.

  • For Recruitment Purposes: To evaluate job applications and manage the recruitment process.

  • To Organize and Manage Events: To register attendees, communicate event details, and cater to any specific needs.

  • To Comply with Legal Obligations: To meet our legal and regulatory requirements.

  • For Legitimate Interests: We may process your personal data for our legitimate business interests, such as network and information security, fraud prevention, and internal administrative purposes, provided that your rights and freedoms do not override these interests.

6. Legal Basis for Processing Your Personal Data

Our legal basis for processing your personal data depends on the specific purpose:

  • Consent: We rely on your explicit consent for certain processing activities, such as direct marketing communications.

  • Contract: Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract4 (e.g., providing a proposal).

  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided6 that your rights and freedoms do not override these interests.

7. Sharing Your Personal Data

We may share your personal data with the following categories of recipients:

  • Service Providers: Third-party service providers who assist us in operating our website, conducting our business, or providing services to you (e.g., IT support, hosting providers, marketing platforms). These providers are contractually obligated to protect your data and process it only according to our instructions.

  • Business Partners: In some cases, we may share your data with trusted business partners to deliver joint services or for collaborative marketing efforts (only with your consent where required).

  • Legal Authorities: We may disclose your personal data to legal authorities, courts, or other governmental bodies when required by law or to protect our legal rights.

  • Within Our Company: Your personal data may be shared within Orca for internal administrative purposes and to ensure consistent service delivery.

8. International Data Transfers

If we transfer your personal data to countries outside the European Economic Area (EEA), we will9 ensure that appropriate safeguards are in place to protect your data in accordance with the GDPR. These safeguards may include:

  • Transferring to countries recognized by the European Commission as providing an adequate level of data protection.

  • Implementing Standard Contractual Clauses approved by the European Commission.

  • Relying on other legally recognized transfer mechanisms.

9. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption of data at rest and in transit.

  • Firewalls and intrusion detection systems.

  • Access controls and authorization procedures.

  • Regular security assessments and updates.

  • Employee training on data protection practices.

10. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period will vary depending on the type of data and the specific processing purpose.

11. Your Rights Under the GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request access to the personal data we hold about you16 and to receive a copy of it.

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

  • Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances.

  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal19 data under certain circumstances.

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

  • Right to Object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing and processing based on our legitimate interests.

  • Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless there is a legal basis for such processing.

  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a data protection supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The relevant supervisory authority for Germany is:

    Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

    Graurheindorfer Straße 153

    53117 Bonn, Germany

    Website: [Insert BfDI Website Address

12. Cookies and Similar Technologies

Our website uses cookies and similar technologies to collect information about your browsing activities. Please refer to our separate Cookie Policy for detailed information about the types of cookies we use, their purposes, and how you can manage your cookie preferences.

13. Links to Other Websites

Our website may contain links to other websites that are not operated by us. We are not responsible for the privacy practices of these third-party websites. We encourage you to review the privacy policies of any website you visit.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any changes on our website and, where appropriate, notify you by other means. The date of the latest update will be indicated at the top of this policy.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or our data processing practices, or if you wish to exercise your rights under the GDPR, please contact us at the details provided in Section 2.

Important Considerations:

  • Legal Review: As emphasized, a legal professional specializing in GDPR and German data protection law must review and adapt this template to your specific business practices and ensure full legal compliance.

  • Cookie Policy: You will need a separate and detailed Cookie Policy if you use cookies or similar tracking technologies on your website.

  • Specific Processing Activities: Ensure all your specific data processing activities are accurately described.

  • Data Transfer Mechanisms: If you transfer data internationally, clearly state the mechanisms you use.

  • Website Integration: Make sure this Privacy Policy is easily accessible on your website, typically in the footer.

This template provides a solid foundation, but legal counsel is crucial for ensuring your Privacy Policy is comprehensive and legally sound.

Innovate

Empowering businesses with tailored AI solutions.

Transform

Consult

contact@orca-consulting.de

+49 152 2826 5062

© 2024. All rights reserved.

Privacy Policy
Refund Policy
Terms and Conditions