Orbita Privacy Policy

Updated March 2023

PURPOSE

Orbita, Inc. (“Orbita”) respects the privacy of its Customers, suppliers, business partners, and individuals that entrust us with their personal information. Orbita on behalf of our Customers, may collect personal information in accordance with the laws and regulations of the countries in which the information is collected, used, and managed.

Orbita complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield.  Orbita has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information.  If there is any conflict between the terms in this Privacy Shield policy (“Privacy Policy”) and the Privacy Shield Principles, the Privacy Shield Principles (“Principles”) shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

SCOPE

Orbita is committed to ensure that all Personal Data received from the European Union is handled with compliance to the Privacy Shield to the Privacy Shield Principles. This Privacy Shield Policy effective June 30th, 2022, outlines Orbita’s commitment to the Privacy Shield Principles and Orbita’s practices for implementing the Principles. This Privacy Policy applies to all such data as described herein.

DEFINITIONS

“Customer” means any entity that purchases the Service.

“Personal Data” means data about a living individual who can be identified from those data (or from those and other information either in Orbita’s possession or likely to come into Orbita’s possession).

“Service” means any Orbita branded software, service, application, or device that is provided by Orbita to Customers.

USE OF DATA

Orbita collects and uses Personal Data for the purposes described in this Privacy Policy.  Personal Data covered by this Privacy Policy is collected and processed in compliance to the Privacy Shield Principles.

Orbita’s legal basis for collecting and using Personal Data of citizens of the European Economic Area (EEA), described in this Privacy Policy depends on the Data we collect and the specific context in which we collect it.

Orbita may process your Personal Data because:

• The owner of the Personal Data has given us permission to do so
• Orbita is contractually obligated to provide a Service that processes Personal Data
• The processing is in Orbita’s legitimate interests and is not overridden by Personal Data protection rights
• For payment processing purposes
• To comply with laws and regulations

For Services

Orbita provides Services to its Customers to operate and manage an information system supporting their businesses. Orbita Services include digital information systems that collect, store, and manage data on behalf of our Customers.

While Orbita Customers ultimately decide what data will be used within Orbita Services, it may include information about their users, customer, and in some cases, their patients. Information may include medical, health, healthcare, medication, treatment, contact, or other information related to people, groups, conditions, or clinical research.

In addition, Orbita provides optional consulting services to assist Orbita Customers with their implementation and use of Orbita services at various stages within their project management process as well as varying levels of assistance.  Information may be shared as required by the project and at the discretion and control of the Customers to limit and request any special handling requirements.

For Marketing

Orbita collects and uses information gathered on our website for marketing purposes to provide further information regarding our services and solutions. As addressed and detailed within our privacy statement, our processing activities are accurate to the stated purposes and all such information is secured with technical and organizational measures to ensure protection for confidentiality, integrity, and availability.

For Business Operation Use

Orbita collects Personal Data for billing and operations in support of its business. Contact information from Customers is used to perform business operations related to proposals, agreements, billing, invoicing, and for tax reporting purposes.

DATA RETENTION

We store the information we collect for as long as is necessary for the purpose(s) for which we originally collected it. We may retain certain information for legitimate business purposes and as required by law.

Data that is no longer needed for the purposes defined in this Privacy Policy is destroyed, or where applicable, pseudonymized.

LEGAL DISCLOSURES

Under certain circumstances, Orbita may be required to disclose Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Orbita may disclose Personal Data in the good faith belief that such action is necessary to comply with legal obligations including:

• To protect and defend the rights or property of Orbita
• To prevent or investigate possible wrongdoing in connection with the Service
• To protect the personal safety of users of the Service or the public
• To protect against legal liability

ONWARD DATA TRANSFERS

Orbita may transfer the Personal Data of Customers located outside the United States to the United States and process it there. Reasonably necessary steps are taken to ensure that such data is treated securely and in accordance with this Privacy Policy and that no transfer of Personal Data will take place to an Orbita affiliated agent (Third-Party) or a country unless there are adequate controls in place. As appropriate, Orbita will only disclose Personal Data with a Third-Party provided contractual assurances are in place with at least the same level of privacy protection as is required by this Policy and the Principles and that they will process Personal Data for limited and specific purposes consistent with any consent provided by the Customer.

Orbita is liable under the Principles if a Third-Party processes Personal Data covered by this Privacy Policy in a manner inconsistent with the Principles. If Orbita has knowledge that a Third-Party to which it has disclosed Personal Data covered by this Privacy Policy is processing such Personal Data in a manner inconsistent with this Privacy Policy and/or the Principles, Orbita will take reasonable and appropriate steps to prevent or stop such processing.

SECURITY

Orbita has implemented and maintains safeguards to secure Personal Data from misuse, loss, or unauthorized alteration. Additionally, safeguards are also in place to ensure that Orbita suppliers, vendors, contractors, and partners are required to keep any shared information confidential and are not permitted to use it for any other purpose than the performance of services for Orbita.

When necessary, Orbita requires and enforces encryption to be used when storing and transmitting data. Access controls are in place to ensure that restrictive limits are established and maintained with controls for authentication, authorization, and accounting. Access to Personal Data is protected with these controls and Orbita regularly monitor its systems for possible vulnerabilities and attacks.

Subprocessors

You acknowledge and agree that Orbita may retain our affiliates and other third parties to further process data on your behalf as Subprocessors in connection with the provision of the Orbita Platform. We maintain a current list of our Subprocessors here.

DATA INTEGRITY AND PURPOSE LIMITATION

Orbita limits the collection and use of Personal Data to only relevant information for the purposes of processing and will not process Personal Data in a way that is incompatible with the purposes for which the information has been collected or subsequently authorized by Orbita’s Customers. Orbita takes reasonable steps to ensure the information is accurate, complete, current, and available to the extent necessary.

DATA ACCESS AND CORRECTIONS

Orbita recognizes the Personal Data protection rights of citizens of European Economic Area (EEA) and offers the means for these individuals to correct, amend, delete or limit the use of their Personal Data within applications that are powered by Orbita Services. Orbita supports the following Personal Data protection rights for EEA citizens:

• Right of Access, Update, and Deletion: The right to access, update or delete owned Personal Data.
• Right of Rectification: The right to have owned Personal Data rectified if that information is inaccurate or incomplete.
• Right of Objection: The right to object to Orbita’s processing of owned Personal Data.
• Right of Restriction:  The right to request that that Orbita restrict the processing of owned Personal Data.
• Right of Data Portability: The right to be provided with a copy of the owned Personal Data Orbita may have in a structured, machine-readable and commonly used format.
• Right of Consent Withdrawal: The right to withdraw consent at any time where Orbita relied on such consent to process owned Personal Data.

ENFORCEMENT AND DISPUTE RESOLUTION

Orbita’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the United States Federal Trade Commission.

Orbita will investigate and attempt to resolve complaints and disputes regarding Orbita’s use and disclosure of Personal Data in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Please send all complaints to privacy@orbita.ai.

Orbita has registered with the JAMS Foundation (JAMS), a commercial dispute resolution service, to provide an independent dispute resolution alternative for Customers. In the event that Orbita fails to respond or does not resolve a complaint within forty-five (45) days, Customers seeking a resolution may contact JAMS. To learn more about JAMS dispute resolution services, including instructions for submitting a complaint, visit: eu-us-privacy-shield. If neither Orbita nor JAMS provide an adequate resolution, complainant may seek to engage in binding arbitration through the Privacy Shield Panel.

CHILDREN’S PRIVACY

Orbita Services do not address anyone under the age of 18 (“Children”). Orbita does not knowingly collect Personal Data from anyone under the age of 18. If Orbita becomes aware that Personal Data from children has been collected by an application using an Orbita Service, without parental consent, Orbita will remove that information from Orbita servers upon discovery or by way of parental request.

SALE OF YOUR PERSONAL DATA

Orbita does not rent, sell, or share your Personal Data with nonaffiliated companies for marketing purposes or otherwise, unless we have your permission.

VERIFYING, UPDATING, or DELETING YOUR PERSONAL DATA

If you wish to verify, update, or delete any of your Personal Data kept with Orbita, please send requests to: privacy@orbita.ai

 

HOW TO CONTACT ORBITA

Please send all inquiries about this Privacy Shield Policy and any of our privacy practices: privacy@orbita.ai or by mail addressed to:
Orbita, Inc.
Attn: Privacy
77 Sleeper Street
Boston, MA 02210

or by phone at: 857-574-0432

CHANGES AND UPDATES
Orbita reviews and updates this Privacy Policy from time to time and not less than annually. Changes to this Privacy Policy are effective when they are posted at this location: orbita-privacy-policy_

This Privacy Policy was last updated on: March 15, 2023.