Privacy & Data Protection Policy

1. Important Information and Who We Are

Purpose of this Privacy Policy: This privacy policy aims to give you information on how Orosia Solutions collects and processes your personal data through your use of this website, including any data you may provide through this website when you book a consultation or purchase a service.

Controller vs. Processor: For the purpose of the UK General Data Protection Regulation (UK GDPR), Orosia Solutions is the data controller and responsible for your personal data when you interact with us as a prospective or active client. However, when we build automated systems for your business, Orosia Solutions may act as a data processorof your end-customers' data. In such cases, a separate Data Processing Agreement (DPA) will govern that relationship.

2. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data: includes first name, last name, and title.
• Contact Data: includes email address, telephone numbers, and business/company name.
• Financial Data: includes payment card details (processed securely by third-party payment gateways like Stripe; we do not store full card details on our servers).
• Transaction Data: includes details about payments to and from you and other details of services you have purchased from us.
• Technical Data: includes internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform.
• Usage Data: includes information about how you use our website and services.

3. How Is Your Personal Data Collected?

We use different methods to collect data from and about you including through:

• Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or video call.
• Automated technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this using cookies and similar technologies.
• Third parties: We may receive personal data about you from various third parties, such as analytics providers (e.g., Google) or booking software providers (e.g., Calendly).

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., providing automation consulting).
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., to improve our services, for marketing).
• Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., retaining financial records for HMRC).

5. Disclosures & International Transfers

We may share your personal data with external third parties such as service providers acting as processors who provide IT and system administration services (e.g., hosting providers like Vercel, CRM platforms like HubSpot, calendar booking systems like Calendly).

International Transfers: Some of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data, or we use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

6. Data Security & Breaches

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your personal data to those employees, agents, and contractors who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Data Breach Procedures: We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (such as the ICO) of a breach where we are legally required to do so.

7. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. By law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers for tax purposes.

8. Cookies & Tracking Technologies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. We use cookies primarily for essential site operations and basic analytics (e.g., Google Analytics) to understand how visitors interact with our site.

9. Third-Party Links

This website may include links to third-party websites, plug-ins, and applications (such as Calendly for booking). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

10. Your Legal Rights

Under certain circumstances, you have rights under UK data protection laws in relation to your personal data. These include the right to:

• Request access to your personal data (a "data subject access request").
• Request correction of the personal data that we hold about you.
• Request erasure of your personal data.
• Object to processing of your personal data where we are relying on a legitimate interest.
• Request restriction of processing of your personal data.
• Request the transfer of your personal data to you or to a third party.
• Withdraw consent at any time where we are relying on consent to process your personal data.