1. Introduction

This Privacy Policy outlines the principles and guidelines governing the collection, use, storage, and protection of personal data by Carver Technologies Inc. (Orbital or Organization). We are committed to safeguarding the privacy of our customers, employees, and other individuals whose personal data we process. This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Scope

This policy applies to users’ (actively subscribed customers, employees, and contractors) personal data collected, processed, and stored by Carver Technologies Inc. in connection with the Orbital product and related services. It applies to all individuals, including those in the European Economic Area (EEA) under GDPR, residents of California under CCPA, and individuals in Canada under PIPEDA.

3. Definitions

Personal Data (Personal Information): Any information relating to an identified or identifiable natural person. In Canada, this includes information that can identify an individual either directly or indirectly.

• Processing: Any operation performed on personal data, such as collection, storage, use, or disclosure.

• Data Subject: An individual whose personal data is being processed.

• Controller: The entity that determines the purposes and means of processing personal data.

• Processor: The entity that processes personal data on behalf of the controller.

• Sensitive Personal Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and data concerning health or a person’s sex life or sexual orientation.

• Selling (CCPA): Sharing, disclosing, or transferring personal data to a third party for monetary or other valuable consideration.

4. Collection of Personal Data

We collect personal data necessary for legitimate business purposes, including:

• Customer/Employee Information: Name, email/phone, preferences or settings, and payment information.

• Other Data: Information provided voluntarily by individuals interacting with our services.

GDPR Basis for Processing:

• Consent: Where you have provided explicit consent.

• Contract: Where processing is necessary for the performance of a contract with you.

• Legal Obligation: Where processing is necessary to comply with a legal obligation.

• Legitimate Interests: Where processing is necessary for our legitimate interests, except where such interests are overridden by your rights.

PIPEDA Principles:

• Accountability: We are responsible for personal data under our control.

• Identifying Purposes: We identify the purposes for which personal data is collected.

• Consent: We obtain the individual’s consent for the collection, use, or disclosure of personal data.

• Limiting Collection: We collect personal data only for the purposes identified.

• Limiting Use, Disclosure, and Retention: We use, disclose, and retain personal data only for the purposes for which it was collected.

• Accuracy: We maintain personal data as accurate, complete, and up-to-date as necessary.

• Safeguards: We protect personal data with security safeguards appropriate to the sensitivity of the information.

• Openness: We make our policies and practices relating to the management of personal data readily available.

• Individual Access: Upon request, individuals can access their personal data.

• Challenging Compliance: Individuals may address concerns regarding our compliance with PIPEDA to our Privacy Officer.

CCPA Notice: We do not sell users’ personal data. We only use users’ personal data for business purposes as defined in the CCPA.

5. Use of Users’ Personal Data

Users’ personal data is used for the purposes for which it was collected, including:

• Providing products and services.

• Managing customer relationships.

• Complying with legal and regulatory requirements.

• Enhancing our products, services, and customer experience.

• Human resources management.

6. Data Sharing and Disclosure

We do not share personal data with third parties, except:

• Service Providers: Who perform functions on our behalf.

• Data Processors: Handling data and performing functions on our behalf.

• Legal Requirements: When required by law.

• Business Transfers: In connection with a merger, acquisition, or sale of assets.

  
  

  CCPA Personal Data Sales Opt-Out and Opt-In: We will not sell your Personal Data, and have not done so over the last 12 months. We do not sell the Personal Data of minors under 16 years of age.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Data encryption.

• Access controls.

• Regular security assessments.

• Employee training on data protection practices.

8. Data Retention

Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law.

9. Data Subject Rights

• GDPR:

     Access, Correction, Deletion, Restriction, Objection, Portability, Withdrawal of Consent.

• CCPA:

    Right to Know, Right to Delete, Right to Opt-Out (Note: We do not sell personal data.), Right to Non-Discrimination.

• PIPEDA:

    Access, Correction, Withdrawal of Consent, Challenging Compliance.

These rights can be exercised by emailing us at security@withorbital.com or by filling out this form.

10. International Data Transfers

We ensure appropriate safeguards are in place for international data transfers, in accordance with applicable data protection laws.

11. Children’s Privacy

We do not knowingly collect personal data from children under 16.

12. Cookie Policy

• 12.1 What Are Cookies? Small text files placed on your device.

• 12.2 Types of Cookies We Use: Essential, Analytical/Performance, Functionality, Targeting/Advertising.

• 12.3 Third-Party Cookies: Used by third-party organizations providing services for us.

• 12.4 How We Use Cookies: Improve User Experience, Analyze Website Performance, Personalize Content, Deliver Targeted Advertising.

• 12.5 Your Choices Regarding Cookies: Manage or delete cookies through browser settings, opt out of targeted advertising via YourAdChoices or the Network Advertising Initiative.

13. Marketing Content & User Data

• 13.1 Collection of Data for Marketing Purposes: Direct and Indirect collection.

• 13.2 Types of Data Collected: Contact Information, Behavioral Data, Preferences.

• 13.3 How We Use Your Data for Marketing: Send Marketing Communications, Personalize Content, Analyze Marketing Campaigns, Provide Relevant Advertising.

• 13.4 Opting In and Out: Consent, Opting Out via unsubscribe link, account settings, or contacting us.

• 13.5 Third-Party Marketing: We do not share your data without explicit consent.

• 13.6 Data Protection and Privacy: Data processed in accordance with this Privacy Policy and applicable laws.

• 13.7 Changes to Marketing Preferences: Update via contact or account settings.

14. Compliance and Accountability

We comply with GDPR, CCPA, and PIPEDA. We have a Data Protection Officer (DPO) and regularly review our practices.

15. Policy Updates

We may update this policy periodically. We will revise the “Last Updated” date and notify data subjects of significant changes where required by law.

16. Contact Information

• Data Protection Officer (DPO)

• Carver Technologies Inc.

• 2261 Market St. Suite 4461 San Francisco, CA 94114

• privacy@withorbital.com

Security & Privacy Team: security@withorbital.com