You can request further information at any time about what personal information we are holding and how it is being used; you can ask for electronic copies of your personal information to be sent to you, and you can request that we erase your personal data.
We’ll keep this page updated to show you what we do with your personal data. This policy applies to you if you visit our website, use any of our services, email us, contact us or visit our premises.
We are limited to using your data under the following conditions: where you have consented to it, where we need to do so in order to fulfil our contract with you, or in certain special circumstances, such as compliance with legal obligations,or for other legitimate purposes.
We will never sell your personal data and we will only share it with other organisations we work with to deliver the services we provide where they have shown they’ll respect your privacy and security.
We have adopted a "Privacy by Design" approach to your personal information, meaning that, to the best of our ability, we will employ state of the art means of collecting, storing and transmitting your data, with a view to promoting privacy and data protection from the outset.
Who are we?
Throughout this document when you see the words "us", "we" and "our" this is referring to Orbit Communications (PR and Public Affairs) Ltd, trading as Orbit.
We are a limited company, registered in Scotland, our registration number is SC395892 and our registered office is 1 George Square, Castle Brae, Dunfermline, Fife KY11 8QF. Our place of business is 4 Queen Street, Edinburgh, Scotland, EH2 1JE.
We are an integrated PR, public affairs and design agency. We collect personal data to allow us to maintain our own records and accounts and to also support our staff.
What personal data do we collect?
Personal data is any data which may identify you, or be identified as relating to you. For example, your name, address, phone number and email address. We will sometimes need to collect this information. We will only collect the personal data we need.
We collect data in connection with projects we might be working on, services you have hired us to deliver or projects we are working on with others.
You can give us personal data in various ways. You can submit personal data through forms on our website, in person, by phone, by email or you can visit our premises.
This personal data may include name, title, address, date of birth, age, gender, employment status, email address, phone numbers, personal description, photographs, usernames, passwords, databases.
Personal data that is provided by you
This data includes information you give us when interacting with us, for example, you emailing us, filling out a contact form, registering as a client with us, placing an order or communicating with us. For example:
- Personal details – name, address, phone number, email address and so on.
- Financial details – bank name, bank address, bank account number and SORT code.
- Technical information used in projects – usernames, passwords, databases, concepts, logos, documents, spreadsheets and so on.
- Personal Data created by your involvement with us.
Your activities and involvement with us will generate personal data being created. This could include project details, documentation and so on.
During the course of delivering our communications services, we will generate a great deal of personal data. Depending on the project, we may be generating company branding, personas, designs, websites, login systems, membership platforms, e-commerce systems, database systems and content management systems.
How we use your personal data
We will only use your personal data on relevant lawful grounds, as permitted by the EU General Data Protection Regulations/UK Data Protection Act 2018 and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purposes of carrying out our business as a communications company, in a transparent manner, in accordance with any preferences you express.
Below we have listed the main uses of the data we collect from you:
- Projects – We deliver communication services. If you have hired us to provide these services, we will need to collect personal data from you to carry out these services. This may include name, address and phone number, but also more technical data like databases, usernames and passwords.
- Accounting – We are required by law to keep accurate and up to date accounts of our business transactions. When you interact with us you may be added to our accounting system.
- Marketing – We occasionally run marketing campaigns and have a mailing list, which you can sign up to from our website. Through this we may send you information to keep you informed about our services and relevant client campaigns, events and promotions. If you wish to change your email preferences or unsubscribe from the mailing list, you can do so by clicking on the "update preferences" or "unsubscribe" links in any newsletter we send you, or by contacting us using the methods described below.
- Recruitment and Employment – If you become employed by us, we will ask you for personal data, perhaps including ‘sensitive personal data’. Such data may include but is not limited to health information or information relating to criminal convictions. As employers we have sets of responsibilities to your data. We have contractual responsibilities which arise from our contract of employment with you, outlining data relating to payroll, bank details, addresses, sickness and absence. We also have statutory responsibilities imposed upon us by law relating to tax, national insurance, work permits and equal opportunities monitoring. Internally, we also have management responsibilities, which are necessary for the functioning of the business. This includes data relating to employment, training, absence, disciplinary matters, email and phone number.
Technical uses of your information
Our website collects data about visits to the site in order to optimise our website, as well as to promote security by checking for unusual activity, hacking attempts, and other potential threats. The data that is collected also facilitates internal operations such as troubleshooting, data analytics, and research and testing. Data about visits to the site are generally anonymous or pseudonyms.
Information collected for technical purposes may include which pages you have visited (including the date and time), which services and pages you viewed or searched for, page time responses, download errors, files downloaded, lengths of visits to certain pages, page interaction information (such as scrolling , clicks and mouse-overs), methods used to browse away from a page, and other metrics related to your visit to our site.
We use Google Analytics to track visits to the site. More information about Google Analytics can be found on the Google Analytics website.
Disclosure of personal data to other bodies
In order to carry out the day-to-day running of our business and fulfil the requirements of the projects we work on, we sometimes need to disclose your data to other bodies or third party suppliers. When we are sharing the data, we will always do so in such a way that access can be revoked again.
These parties may include:
- Our employees
- Contractors we work with
- Service providers providing services to us
We may also disclose your information to third parties if we are compelled to by law or to comply with any legal obligation.
On many of the pages on our website you will see "social feeds" for services such as Twitter and Facebook. These services enable you to share, comment, or bookmark pages on our website. Some pages may also include embedded content e.g. videos, images and articles. Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website directly.
You should be aware that all of these sites and services are likely to be collecting information about what you are doing all around the internet, including on our site. We recommend that you check the respective policies of each of these sites to see how exactly they use your personal information and how to opt out, or delete, such personal information if you wish to do so at any time.
How can I change my preferences?
You can contact us at any time to change or discuss your privacy preferences. Contact us using the details below.
You have the right to determine how your data is collected and used by us. In particular:
- Your personal information can only be held on valid bases, such as your consent, and our contractual obligation to provide services to you.
- You have the right to know whether or not we are processing your personal information.
- You can request that your personal information be sent to you in electronic format.
- You have the right to restrict the purposes for which we may use your personal information.
- You have the right to request that incorrect information about you be rectified.
- You have the right to request that your personal information be erased, also known as the "right to be forgotten", subject only to imperatives of public policy specified in the GDPR (Art. 17.3), or to our own specific needs concerning legal obligations or claims.
You can exercise your rights at any time by contacting us, as outlined below. If you consented to us collecting and/or processing your personal information but change your mind, you can get in touch with us to request that we erase the personal information that we hold about you.
What to do if you’re not happy
Please contact us in the first instance if you feel unhappy regarding any issues around the use of your personal data. We would welcome the opportunity to resolve any problem or query you have. You also have the right to contact the Information Commissioners Office (ICO). You can contact them via their website here: https://ico.org.uk.
Keeping your information
We keep email data and project files no longer than is necessary for a legitimate purpose, in line with the provision of the EU General Data Protection Regulations and Data Protection Act 2018. You can read more about how we store your personal data by viewing our Data Retention Policy below.
How we secure your data
Information systems and data security is imperative to us to ensure that we are keeping your data safe. We operate and implement robust procedures for managing your data, the hardware it is present on. We only host your personal data with suppliers who have confirmed that they take your personal data security as a priority and we regularly assess these suppliers as the threat landscape changes.
Storage of information
Our site is hosted with a registered UK supplier and delivered through a secure content delivery network. We do not collect or store payment information and we do not transmit your data outside the European Union.
Changes to this policy
Data Retention Policy
This policy sets out clear information on how long data and documentation is retained for by Orbit. We collect personal data to allow us to maintain our own records and accounts and to also support our staff.
Orbit collects personal data to carry out business as an organisation. The administration of this data is overseen by the organisation. Any data collected will only be used for the purpose it was gathered for.
We keep email data and project files no longer than is necessary for a legitimate purpose, in line with the provision of the EU General Data Protection Regulations and Data Protection Act 2018.
If you have any questions regarding any aspects of this policy, wish to find out what data we hold about you, or would like to request the erasure of your personal data, please contact us using one of the methods outlined below:
Call us: 0131 603 8996 (hours are 9.00am to 5.30pm Monday to Thursday and 9.00am to 5.00pm on Friday).
Write to us: Data Protection Officer, Orbit, 4 Queen Street, Edinburgh EH2 1JE.
Email us: firstname.lastname@example.org.