Privacy Policy for OrbitalWP

Effective Date: November 1, 2025
Last Updated: November 1, 2025

1. Introduction and Overview

Welcome to OrbitalWP (“we,” “us,” or “our”). We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website at https://orbitalwp.com (the “Website”) and use our WordPress project management plugin and services.

The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please read this Privacy Policy carefully.

Your access to or use of the Website and our services is conditional upon your acceptance of and compliance with this Privacy Policy. By accessing or using the Website, you agree to be bound by this Privacy Policy. If you disagree with any part of this Privacy Policy, you do not have permission to access or use the Website or our services.

2. Information About the Controller

The data processing controller for this website and services is:

OrbitalWP
Ohio, United States

Email:[email protected]

Phone: 216-264-9114

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, email addresses, payment information, etc.).

3. What Information We Collect and Store

We collect and store information that you provide to us directly and information collected automatically through your use of our Website and services.

3.1 Information You Provide to Us

Identifying Information – Name

• What we collect: Your full name
• Where we get it: Information you submit through registration forms, contact forms, or account creation
• Legal basis: User consent (GDPR Art. 6(1)(a)), contract performance (GDPR Art. 6(1)(b)), pre-contractual measures
• How we use it:
  • Creating and managing your account
  • Processing orders and transactions
  • Providing customer service
  • Sending service-related communications
  • Marketing and advertising (with consent)
  • Enforcing our Terms of Service
  • Analytics and service improvement
• What happens without it: We cannot create your account, process transactions, or provide personalized services

Identifying Information – Email Address

• What we collect: Your email address
• Where we get it: Information you submit during registration, checkout, or contact forms; automatically via cookies
• Legal basis: User consent (GDPR Art. 6(1)(a)), contract performance (GDPR Art. 6(1)(b)), legitimate interests (GDPR Art. 6(1)(f))
• How we use it:
  • Account authentication and management
  • Order confirmations and receipts
  • Customer support communications
  • Service updates and notifications
  • Marketing communications (with consent)
  • Password resets and security alerts
  • Newsletter delivery (with consent)
  • Enforcing our Terms of Service
• What happens without it: We cannot create your account, send important service communications, or provide support

Identifying Information – Billing Address

• What we collect: Your billing address (street, city, state/province, postal code, country)
• Where we get it: Information you submit during checkout
• Legal basis: Contract performance (GDPR Art. 6(1)(b)), legal obligations (GDPR Art. 6(1)(c))
• How we use it:
  • Processing payments and transactions
  • Verifying your identity
  • Calculating applicable taxes
  • Preventing fraud
  • Complying with legal and regulatory requirements
• What happens without it: We cannot process purchases or verify payment information

Identifying Information – Phone Number

• What we collect: Your phone number (optional in most cases)
• Where we get it: Information you submit during registration or checkout
• Legal basis: User consent (GDPR Art. 6(1)(a)), contract performance (GDPR Art. 6(1)(b))
• How we use it:
  • Verifying your identity
  • Customer support communications
  • Order-related communications
  • Two-factor authentication (if enabled)
  • Fraud prevention
• What happens without it: Some verification features may not be available; otherwise services remain accessible

Identifying Information – IP Address

• What we collect: Your IP address
• Where we get it: Automatically collected when you access our Website; tracking pixels; cookies
• Legal basis: Legitimate interests (GDPR Art. 6(1)(f)), user consent (GDPR Art. 6(1)(a))
• How we use it:
  • Security and fraud prevention
  • Analytics and usage statistics
  • Geographic location approximation for service optimization
  • Enforcing Terms of Service
  • Troubleshooting technical issues
  • Preventing abuse and unauthorized access
• What happens without it: Security measures and analytics would be compromised

Identifying Information – Device Identifier

• What we collect: Device type, browser type, operating system, device identifiers
• Where we get it: Automatically collected via cookies and tracking technologies
• Legal basis: User consent (GDPR Art. 6(1)(a)), legitimate interests (GDPR Art. 6(1)(f))
• How we use it:
  • Optimizing Website performance for your device
  • Analytics and usage patterns
  • Security monitoring
  • Providing technical support
  • Improving user experience
• What happens without it: Website experience may not be optimized for your device

3.2 Financial Information

Credit Card or Debit Card Number

• What we collect: Credit/debit card number (processed securely through payment processors)
• Where we get it: Information you submit during checkout
• Legal basis: Contract performance (GDPR Art. 6(1)(b)), legal obligations (GDPR Art. 6(1)(c))
• How we use it: Processing payments for products and services
• Storage: We do NOT store complete card numbers on our servers. Payment card data is processed and stored by our PCI-DSS compliant payment processors (Stripe and PayPal)
• What happens without it: We cannot process your payment or complete your purchase

Card Expiration Date and CVV

• What we collect: Card expiration date and security code (CVV)
• Where we get it: Information you submit during checkout
• Legal basis: Contract performance (GDPR Art. 6(1)(b)), legal obligations (GDPR Art. 6(1)(c))
• How we use it: Verifying and processing payments
• Storage: This information is NOT stored on our servers and is only transmitted securely to our payment processors
• What happens without it: Payment processing cannot be completed

3.3 Technical Information Collected Automatically

When you access our Website, the following technical information is recorded automatically:

• Web browser type and version
• Operating system
• Referring website
• Pages visited on our Website
• Date and time of access
• Time spent on pages
• Plugin usage data (for OrbitalWP plugin users)
• Error logs and debugging information

Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) for website operation and improvement

Purpose: To ensure error-free provision of the Website, optimize performance, maintain security, and improve our services

4. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: Creating and managing your account, delivering our WordPress plugin and services
• Transaction Processing: Processing orders, payments, refunds, and maintaining transaction records
• Customer Support: Responding to inquiries, troubleshooting issues, providing technical assistance
• Communication: Sending transactional emails, service updates, security alerts, and administrative messages
• Analytics: Understanding how users interact with our Website and plugin to improve functionality and user experience
• Marketing: Sending promotional emails and newsletters (only with your explicit consent; you may opt out at any time)
• Security: Protecting against fraud, unauthorized access, and other security threats
• Legal Compliance: Meeting legal and regulatory obligations, enforcing our Terms of Service
• Product Development: Improving existing features and developing new functionality based on usage patterns

5. With Whom We Share Your Personal Information

We share your personal information with the following categories of third parties for the specified purposes:

5.1 Payment Processors

Information Shared: Name, email address, billing address, payment card information, IP address, transaction details

Third Parties: Stripe, PayPal

Purpose:

• Processing payments and transactions
• Fraud prevention and detection
• Refund processing
• Payment verification
• Compliance with financial regulations

5.2 Analytics Providers

Information Shared: IP address (anonymized when possible), device identifiers, usage data, page views

Third Parties: Google Analytics, Fathom Analytics

Purpose:

• Analyzing website traffic and user behavior
• Understanding feature usage
• Improving user experience
• Service optimization

5.3 Email Service Providers

Information Shared: Name, email address

Third Parties: Email marketing platforms (when implemented)

Purpose:

• Sending transactional emails
• Delivering newsletters (with consent)
• Marketing communications (with consent)
• Service announcements

5.4 Customer Support and Management Systems

Information Shared: Name, email address, phone number, support history, account information

Third Parties: Customer relationship management (CRM) and support ticket systems

Purpose:

• Managing customer inquiries and support tickets
• Tracking customer interactions
• Improving customer service quality
• Maintaining support history

5.5 Hosting and Infrastructure Providers

Information Shared: All data stored on our servers

Third Parties: Self-hosted infrastructure maintained by OrbitalWP

Purpose:

• Storing and processing your data
• Ensuring website availability and performance
• Maintaining data backups
• Technical infrastructure maintenance

Note: Since we self-host our services, we maintain direct control over data storage and security. We have implemented appropriate technical and organizational measures to protect your data.

5.6 Legal and Compliance

We may share your information when required by law, court order, or legal process, or when necessary to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security threats
• Protect the safety of users or the public

Important: All third parties with whom we share your personal information are required to protect your data in accordance with applicable data protection laws. These third parties will store and process your personal information according to their own privacy policies.

6. Data Processing Agreements

We have concluded Data Processing Agreements (DPAs) with third-party service providers who process personal data on our behalf. These contracts are mandated by data privacy laws and guarantee that these providers:

• Process personal data only based on our instructions
• Comply with GDPR and other applicable data protection regulations
• Implement appropriate technical and organizational security measures
• Maintain confidentiality of personal data

7. How We Protect Your Personal Information

We take the security of your personal data very seriously and have implemented multiple layers of protection:

7.1 Technical Safeguards

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols. You can verify encryption by checking for “https://” in the address bar and the lock icon in your browser.
• Secure Data Storage: Personal data is stored on secure servers with restricted access
• Firewall Protection: Network-level security to prevent unauthorized access
• Regular Security Updates: Maintaining up-to-date software, security patches, and safeguards
• Intrusion Detection: Monitoring systems to detect and prevent unauthorized access attempts
• Anti-Malware Protection: Regular scanning and protection against malicious software
• Database Encryption: Sensitive data is encrypted at rest in our databases
• Secure Backup Systems: Regular encrypted backups stored securely

7.2 Organizational Safeguards

• Data Minimization: Collecting only the personal information strictly necessary for our services
• Access Controls: Limiting access to personal data to authorized personnel only
• Employee Training: Regular training on data protection best practices and security procedures
• Background Screening: Vetting employees with access to personal information
• Confidentiality Agreements: All personnel with data access sign confidentiality agreements
• Regular Security Audits: Periodic reviews of our security measures and practices
• Incident Response Plan: Procedures in place to respond to potential data breaches
• Data Retention Policies: Destroying or deleting personal information when no longer needed

7.3 Payment Security

• PCI-DSS Compliance: Our payment processors (Stripe and PayPal) are PCI-DSS compliant
• No Card Storage: We do not store complete payment card information on our servers
• Tokenization: Payment information is tokenized for secure processing
• Secure Payment Forms: Payment data is collected through secure, encrypted forms

Important Notice: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your personal data using industry best practices.

8. Data Retention and Storage Duration

8.1 General Retention Policy

Unless a more specific storage period is specified below, your personal data will remain with us until the purpose for which it was collected no longer applies. Once the data is no longer necessary, we will delete or anonymize it in accordance with applicable laws.

8.2 Specific Retention Periods

• Account Information: Retained while your account is active and for up to 3 years after account closure for legal and business purposes
• Transaction Records: Retained for 7 years to comply with tax and financial record-keeping requirements
• Payment Information: Processed and stored by payment processors according to their retention policies; we retain only transaction confirmations and non-sensitive payment metadata
• Support Communications: Retained for 3 years after the last interaction for quality assurance and dispute resolution
• Analytics Data: Aggregated analytics data may be retained indefinitely; individual user data is retained for 26 months
• Marketing Communications: Retained until you unsubscribe or withdraw consent, after which your email is moved to a suppression list to prevent future mailings
• Legal Hold: Data may be retained longer if required by legal obligations, disputes, or investigations

8.3 Deletion Requests

If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data, such as:

• Tax or commercial law retention periods
• Legal obligations or ongoing legal proceedings
• Fraud prevention and security
• Defending legal claims

After these legal obligations cease to apply, your data will be permanently deleted.

9. Cookies and Tracking Technologies

This Website uses cookies and similar tracking technologies. A cookie is a small text file that is stored on your device by your web browser when you visit our Website.

9.1 Types of Cookies We Use

• Essential Cookies: Necessary for the Website to function properly (e.g., session management, security)
• Analytics Cookies: Help us understand how visitors use our Website (Google Analytics, Fathom Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track visitors across websites to display relevant advertisements (only with consent)

9.2 Cookie Management

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View cookies stored on your device
• Delete cookies
• Block cookies from specific websites
• Block all cookies
• Delete cookies when you close your browser

Note: Blocking or deleting essential cookies may affect Website functionality and your user experience.

9.3 Analytics Opt-Out

• Google Analytics: Visit https://tools.google.com/dlpage/gaoptout/ to opt out
• Fathom Analytics: Fathom is privacy-focused and does not use cookies or collect personal data; no opt-out is necessary

For detailed information about our cookie practices, please refer to our Cookie Policy [link to separate Cookie Policy if you create one].

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

10.1 Right to Access

Applies to: Residents of the UK, EU, Canada, Australia, and California

You have the right to request confirmation of whether we process your personal data and to receive a copy of the personal data we hold about you.

10.2 Right to Rectification

Applies to: Residents of the UK, EU, Canada, Australia, and California

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

10.3 Right to Erasure (Right to be Forgotten)

Applies to: Residents of the UK, EU, and California

You have the right to request deletion of your personal data under certain circumstances, such as:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed
• The data must be erased to comply with a legal obligation

Note: We may retain certain information if required by law or for legitimate business purposes (e.g., fraud prevention, financial records).

10.4 Right to Data Portability

Applies to: Residents of the UK, EU, and California

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.

10.5 Right to Restrict Processing

Applies to: Residents of the UK and EU

You have the right to request restriction of processing your personal data in certain circumstances, such as:

• You contest the accuracy of the data (during verification)
• Processing is unlawful and you oppose erasure
• We no longer need the data, but you need it for legal claims
• You have objected to processing pending verification of legitimate grounds

10.6 Right to Object

Applies to: Residents of the UK, EU, and California

You have the right to object to processing of your personal data when:

• Processing is based on legitimate interests (Art. 6(1)(f) GDPR)
• Processing is for direct marketing purposes (including profiling)
• Processing is for scientific, historical research, or statistical purposes

10.7 Right to Withdraw Consent

Applies to: All users

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

10.8 Right to Opt-Out of Marketing

Applies to: All users

You have the right to opt out of receiving marketing communications at any time by:

• Clicking the “unsubscribe” link in any marketing email
• Adjusting your account preferences
• Contacting us directly

10.9 Right to Opt-Out of Sale of Personal Information

Applies to: Residents of California and Nevada

We do not sell your personal information. If this practice changes in the future, we will update this Privacy Policy and provide you with opt-out mechanisms as required by law.

10.10 Right to Non-Discrimination

Applies to: Residents of California

You have the right not to receive discriminatory treatment for exercising your privacy rights.

10.11 Right to Lodge a Complaint

Applies to: Residents of the UK, EU, Canada, and Australia

You have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data violates applicable law.

Supervisory Authorities:

• UK: Information Commissioner’s Office (ICO) – https://ico.org.uk
• EU: Your local Data Protection Authority
• Canada: Office of the Privacy Commissioner of Canada – https://www.priv.gc.ca
• Australia: Office of the Australian Information Commissioner – https://www.oaic.gov.au

11. Exercising Your Privacy Rights

11.1 How to Submit a Request

You may exercise your privacy rights by submitting a request to:

OrbitalWP
Email: [email protected]
Phone: 216-264-9114
Address: Ohio, United States

11.2 Verification Requirements

To protect your privacy and security, we must verify your identity before processing your request. Please provide the following information with your request:

• Full name
• Email address associated with your account
• Account username (if applicable)
• Description of your relationship with OrbitalWP (customer, website visitor, etc.)

Important: We may request additional information if necessary to verify your identity. We may be unable to process your request if you do not provide adequate verification information.

11.3 Authorized Agents

Residents of California and other applicable jurisdictions may designate an authorized agent to submit requests on their behalf. The authorized agent must provide:

• Written authorization signed by you
• Proof of their identity
• Verification of your identity

11.4 Response Timeline

• We will acknowledge receipt of your request within 5 business days
• We will respond to most requests within 30 days of receipt
• Complex requests may require up to 45-60 days (UK/EU) or 90 days (California) – we will notify you if additional time is needed
• We will provide the reasons if we deny your request

11.5 Fees

We do not charge a fee to process your privacy rights requests. However, if requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee or refuse to act on the request.

12. International Data Transfers

12.1 Data Processing Location

Your personal data is primarily processed and stored in the United States. Our self-hosted infrastructure is located in Ohio, United States.

12.2 Cross-Border Transfers

If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

12.3 Safeguards for International Transfers

For data transfers from the EU, UK, or other regions with data protection laws, we rely on:

• Standard Contractual Clauses (SCCs): EU Commission-approved model contracts
• Adequacy Decisions: Where the destination country has been deemed to provide adequate protection
• Your Explicit Consent: For specific transfers where required
• Additional Safeguards: Technical and organizational measures to protect transferred data

12.4 Access by Authorities

Personal data transferred to the United States may be accessible to law enforcement and national security authorities in accordance with U.S. law. We will cooperate with lawful requests while taking steps to protect your rights.

13. Children’s Privacy

13.1 Age Restrictions

Our Website and services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

13.2 Parental Notice

If we learn that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected].

13.3 Age Verification

By using our services, you represent that you are at least 18 years old or have reached the age of majority in your jurisdiction.

14. Direct Marketing

14.1 Marketing Communications

We may use your information for direct marketing purposes, including:

• Email newsletters about our products and services
• Promotional offers and discounts
• Feature updates and product announcements
• Educational content and resources

14.2 Consent

We will only send you marketing communications if:

• You have explicitly opted in to receive them
• We have another lawful basis (such as legitimate interest, where permitted)

14.3 Opt-Out

You may opt out of marketing communications at any time by:

• Clicking the “unsubscribe” link in any marketing email
• Logging into your account and updating your communication preferences
• Contacting us at [email protected]
• Replying “STOP” to SMS messages (if applicable)

Note: Even if you opt out of marketing communications, we will still send you transactional and service-related emails necessary for your use of our services (e.g., order confirmations, password resets, security alerts).

14.4 Suppression List

After you unsubscribe, your email address will be added to our suppression list to prevent future marketing emails. This information is retained indefinitely to honor your opt-out request and comply with anti-spam regulations.

15. Third-Party Websites and Services

15.1 External Links

Our Website may contain links to third-party websites, plugins, or services that are not operated by us. These links are provided for your convenience and reference only.

We do not control these third-party websites and are not responsible for:

• Their content
• Privacy practices
• Terms of service
• Security measures

15.2 Your Responsibility

When you click on third-party links and leave our Website, you should read and understand the privacy policies of those websites. Our inclusion of links does not imply endorsement of those websites or their operators.

15.3 Third-Party Plugins and Integrations

If you use the OrbitalWP plugin with third-party WordPress plugins or services, those third parties may collect data according to their own privacy policies. We are not responsible for the privacy practices of third-party plugin developers.

16. Do Not Track (DNT) Signals

16.1 DNT Disclosure

Do Not Track (DNT) is a privacy preference you can set in your web browser to inform websites that you do not want to be tracked.

Currently, we do not respond to DNT signals because there is no industry-wide standard for how to interpret and respond to DNT signals.

16.2 Browser Settings

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. However, enabling DNT will not change how our Website collects or uses your information.

16.3 Alternative Privacy Controls

Instead of DNT, we recommend:

• Managing cookie preferences through our cookie consent banner
• Using browser privacy extensions
• Opting out of analytics (Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout/)
• Adjusting your account privacy settings

17. Data Breach Notification

17.1 Our Commitment

We take data security seriously and have implemented measures to prevent unauthorized access, use, or disclosure of your personal information.

17.2 Breach Response

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Investigate the breach promptly
• Take immediate steps to contain and mitigate the breach
• Notify affected individuals without undue delay (within 72 hours where required by law)
• Notify relevant supervisory authorities as required by applicable law
• Provide information about the nature of the breach, potential consequences, and measures taken

17.3 What We’ll Tell You

If we notify you of a breach, we will provide:

• Description of what happened
• Types of data potentially affected
• Steps we’re taking to address the breach
• Recommended actions you can take to protect yourself
• Contact information for questions

18. Automated Decision-Making and Profiling

18.1 Automated Processing

We may use automated processing and algorithms to:

• Detect fraudulent transactions
• Analyze usage patterns for service improvement
• Personalize user experience
• Optimize website performance

18.2 No Solely Automated Decisions

We do not make decisions that produce legal or similarly significant effects concerning you based solely on automated processing, including profiling.

18.3 Your Rights

If you are subject to automated decision-making, you have the right to:

• Obtain human intervention
• Express your point of view
• Contest the decision
• Request an explanation of the decision

19. California Privacy Rights (CCPA/CPRA)

19.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, IP address, device identifiers
• Commercial Information: Purchase history, transaction records
• Financial Information: Payment card information (processed by payment processors)
• Internet Activity: Browsing history, interaction with our Website
• Geolocation Data: Approximate location based on IP address

19.2 Business Purposes for Collection

We collect personal information for the business purposes described in Section 4 of this Privacy Policy.

19.3 Categories of Third Parties

We share personal information with the categories of third parties described in Section 5 of this Privacy Policy.

19.4 No Sale of Personal Information

We do not sell personal information and have not sold personal information in the past 12 months.

19.5 No Sharing for Cross-Context Behavioral Advertising

We do not share personal information for cross-context behavioral advertising purposes.

19.6 Sensitive Personal Information

We do not collect or process sensitive personal information as defined by the CCPA/CPRA.

19.7 California Consumer Rights

California residents have specific rights under the CCPA/CPRA. Please see Section 10 (Your Privacy Rights) for detailed information on how to exercise these rights.

19.8 Shine the Light Law

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

20. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that information.

We do not sell your personal information as defined by Nevada law. If you are a Nevada resident and would like to make such a request, please contact us at [email protected].

21. Complaints and Concerns

21.1 Contact Us First

If you have any complaints, concerns, or questions about our privacy practices, please contact us first:

OrbitalWP
Email: [email protected]
Phone: 216-264-9114
Address: Ohio, United States

21.2 Our Response Process

• We will acknowledge your complaint within 5 business days
• We will investigate your concern thoroughly
• We will respond with our findings and any actions taken within 30 days
• We will work with you to resolve the issue to your satisfaction

21.3 Supervisory Authority Complaints

If you are not satisfied with our response, you may lodge a complaint with your local data protection supervisory authority:

United Kingdom:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

European Union:
Your local Data Protection Authority
Find your authority: https://edpb.europa.eu/about-edpb/board/members_en

Canada:
Office of the Privacy Commissioner of Canada
Website: https://www.priv.gc.ca
Phone: 1-800-282-1376
Complaint form: https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/

Australia:
Office of the Australian Information Commissioner (OAIC)
Website: https://www.oaic.gov.au
Phone: 1300 363 992
Complaint form: https://www.oaic.gov.au/privacy/privacy-complaints

21.4 Required Pre-Complaint Notice

For Australian residents: As required by the Australian Privacy Act 1988 S 40(1A), you must first address complaints to us in writing before lodging a complaint with the OAIC.

22. Accountability

22.1 Responsible Person

The following person is accountable and responsible for our privacy practices and procedures:

Support
OrbitalWP
Email: [email protected]
Phone: 216-264-9114
Address: Ohio, United States

22.2 Data Protection Officer

For inquiries specifically related to data protection and privacy compliance, you may contact our designated privacy contact at [email protected].

23. Changes to This Privacy Policy

23.1 Right to Modify

We reserve the right to modify, update, or change this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations.

23.2 Notification of Changes

When we make changes to this Privacy Policy:

• We will update the “Last Updated” date at the top of this document
• For material changes, we will notify you by:
  • Email (to the address associated with your account)
  • Prominent notice on our Website
  • In-app notification (for plugin users)
• We will provide notification at least 30 days before material changes take effect

23.3 Continued Use

Your continued use of our Website and services after changes to this Privacy Policy constitutes your acceptance of the updated policy.

23.4 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

24. Legal Basis Summary

For users in the European Union, United Kingdom, and other regions requiring specification of legal basis for processing, we process your personal data under the following legal grounds:

Processing Activity	Legal Basis
Account creation and management	Contract performance (Art. 6(1)(b) GDPR)
Order processing and fulfillment	Contract performance (Art. 6(1)(b) GDPR)
Payment processing	Contract performance (Art. 6(1)(b) GDPR), Legal obligation (Art. 6(1)(c) GDPR)
Customer support	Contract performance (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR)
Marketing communications	Consent (Art. 6(1)(a) GDPR)
Analytics and improvement	Legitimate interests (Art. 6(1)(f) GDPR)
Fraud prevention	Legitimate interests (Art. 6(1)(f) GDPR)
Legal compliance	Legal obligation (Art. 6(1)(c) GDPR)
Cookie usage	Consent (Art. 6(1)(a) GDPR, § 25(1) TTDSG)

25. Glossary of Terms

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Controller: The entity that determines the purposes and means of processing personal data.

Processor: An entity that processes personal data on behalf of the controller.

Data Subject: The individual to whom personal data relates.

Consent: Freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.

GDPR: General Data Protection Regulation (EU Regulation 2016/679)

CCPA: California Consumer Privacy Act

CPRA: California Privacy Rights Act

DPA: Data Processing Agreement

PCI-DSS: Payment Card Industry Data Security Standard

26. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

OrbitalWP
Email: [email protected]

Phone: 216-264-9114
Website: https://orbitalwp.com
Address: Ohio, United States

For privacy-specific inquiries: [email protected]

For data subject access requests: [email protected]