Privacy Policy

At Inbound Orbit (“IO,” “we,” “us,” “our”), we adhere to the highest standards of data protection and privacy. We understand that safeguarding your personal data is crucial. This Privacy Policy explains how we collect, use, store, and disclose your personal data when you use our services, visit our website at https://www.inboundorbit.co.uk/ (the “Platform”), or otherwise engage with us.

This Privacy Policy has been compiled to address compliance requirements under both South African data protection law (POPIA) and UK data protection law (UK GDPR). By accessing or using our Platform or services, or otherwise providing us with personal data, you confirm that you have read and understood this Privacy Policy. If you do not agree with any part of this Privacy Policy, you should refrain from using our Platform or services.

Note: This Privacy Policy supplements any other privacy notices or fair processing notices we may provide on specific occasions. It is not intended to override them.

1. Important Information and Who We Are

1.1 Purpose of This Privacy Policy

This Privacy Policy gives you information on how we collect and process your personal data through any form of engagement with us—whether you use our Platform, engage our services, or otherwise interact with our business. If you have any questions regarding how we use your personal data, please contact us (see 1.3 Our Contact Details below).

We do not intentionally process the data of minors or special categories of personal data (such as health data), and we request that you do not provide such information to us. Doing so may constitute a breach of this Privacy Policy.

1.2 Controller and Processor

For the purposes of POPIA (South Africa) and UK GDPR, IO is typically the “Controller” of personal data, determining the means and purposes of processing.
In certain circumstances, we may also act as a “Processor” on behalf of third parties (such as partners or service providers who offer their services via our Platform).

1.3 Our Contact Details

Name of Information Officer/Data Protection Contact: Phillip Kent
Email Address: phillip@inboundorbit.co.uk

You have the right to lodge a complaint with the Information Regulator’s Office of South Africa, the Information Commissioner’s Office (ICO) in the UK, or another relevant supervisory authority if you believe we are mishandling your personal data. However, we would appreciate the opportunity to address your concerns before you approach any regulator, so please contact us first.

1.4 Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy from time to time. Any changes will become effective upon posting the revised version on our Platform. Your continued access or use of our services after these changes become effective indicates your acceptance of the revised Policy.

1.5 Third-Party Links

Our Platform may include links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party platforms and are not responsible for their privacy statements or practices. We encourage you to read the privacy policies of every third-party service or website you engage with.

2. What We Collect About You

“You” refers to individuals or entities who use our services, contribute content, or otherwise engage with IO, including visitors to our Platform.

Personal data means any information relating to an identified or identifiable natural person (or, in some instances, identifiable juristic persons, under POPIA). It does not include data where the identity has been removed (anonymous data).

We may collect, use, store, and transfer different kinds of personal data, including but not limited to:

Identity Data: Full name, professional designation, company registration details.
Contact Data: Email address, physical addresses, telephone numbers.
Account Data: Login credentials, user-submitted information, communications, payments, profile details on our Platform.
Financial Data: Bank account details or third-party payment provider information (usually processed by the payment provider on our instructions).
Transaction Data: Details about payments, contracts, invoices, subscriptions, and other transactions.
Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting, device type, operating system, mobile network data, cookie data, and other technology details.
Usage Data: Information about how you use our Platform and services (including surveys).
Marketing and Communications Data: Your preferences in receiving marketing from us or third parties, your communication preferences, and records of communications sent to you.
Support Data: Logs of support queries or complaints you raise.

We also collect, use, and share Aggregated Data (such as statistical or demographic data). Aggregated Data is not considered personal data unless it can identify you directly or indirectly. If we ever combine Aggregated Data with your personal data in a way that identifies you, we will treat the combined data as personal data.

Important: If you fail to provide personal data where required by law or where we need it to perform a contract with you, we may be unable to provide or continue to provide our services.

Please do not provide us with third-party personal data without having a lawful basis (e.g., consent). By submitting third-party personal data, you confirm you have the legal right to do so and indemnify us against any liability arising from your unauthorised disclosure.

3. How Is Your Personal Data Collected?

We use a variety of methods to collect personal data:

Direct Interactions
You may provide personal data directly by using our services, signing up for our Platform, entering into a contract with us, filling in forms, or corresponding with us by email, phone, or otherwise.
Automated Technologies/Interactions
As you interact with our Platform, we may automatically collect Technical Data (e.g., via cookies, server logs, and similar technologies). If you visit other websites or platforms employing our cookies, we may also receive data about you from them.
Third Parties
- Analytics providers, marketing platforms, and payment gateway providers.
- Social media or messaging platforms (e.g., WhatsApp).
- Publicly available sources, such as company registries.

4. How We Use Your Personal Data

We only use your personal data where the law allows us to. Common lawful bases under the UK GDPR and POPIA include:

Consent: You have given clear, explicit permission for us to process your data for a specific purpose.
Contract: Processing is necessary for performing a contract with you or to take steps at your request before entering into a contract.
Legitimate Interests: Processing is necessary for our legitimate business interests (or those of a third party), except where overridden by your interests or fundamental rights.
Legal or Regulatory Obligation: Processing is necessary for us to comply with the law.

We may process your personal data for more than one lawful basis depending on the purpose. Typical examples of why we process personal data include:

To respond to enquiries or engage with you about our services.
To create and maintain your account on the Platform.
To facilitate transactions (including payment processing via third-party gateways).
To manage our contractual relationship with you (e.g., for service provision or contractor relationships).
To send you marketing or promotional communications (where permitted by law and not overridden by your preferences).
To administer and protect our business, Platform, and services (e.g., troubleshooting, data analysis, security).
To comply with legal obligations, such as responding to lawful requests by public authorities.

4.1 Marketing and Opt-Out

We aim to give you control over your personal data, including how we use it for marketing. You will receive marketing communications from us if you have requested such communications or if you have purchased services from us and opted to receive marketing.

If you wish to stop receiving marketing messages, you can follow the “unsubscribe” link in any marketing communication or contact us directly. Opting out of marketing messages will not affect personal data processed for other lawful purposes (e.g., performance of a contract).

5. Disclosures of Your Personal Data

We may share your personal data with:

Internal Third Parties: Within IO or its affiliated entities where necessary for internal administration or business operations.
External Third Parties:
- Service Providers (acting as processors) who support our business (e.g., payment gateways, hosting platforms, CRM providers, analytics providers).
- Professional Advisers (acting as processors or joint controllers) including lawyers, bankers, auditors, and insurers.
- Government/Regulatory Bodies if required by law or if necessary for compliance, fraud prevention, or legitimate business interests.
- Prospective Buyers/Merger Partners if we sell or merge our business or assets (the new owners may use your personal data in the same manner as set out in this Privacy Policy).

We require all third parties to respect the security and confidentiality of your personal data and to process it only for the purposes we specify, in compliance with the law.

6. Cookies and Similar Technologies

We use cookies to collect Technical Data and to help improve user experience. Cookies are small text files placed on your device by the web server. You can block or disable cookies via your browser settings, but doing so may limit some features on our Platform.

6.1 Cookies Policy

This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customise your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.

7. International Transfers

We are based in South Africa, and our servers or service providers may be located in the UK, the EU, or other countries. Whenever we transfer your personal data out of your country of residence:

We strive to ensure a similar degree of protection by using appropriate safeguards such as contractual clauses (e.g., Standard Contractual Clauses under UK/EU GDPR), or by transferring to jurisdictions deemed adequate in data protection by the relevant authorities.
If you would like further information about the specific mechanism we use when transferring your personal data outside of the UK or South Africa, please contact us.

8. Data Security

We have put in place appropriate technical and organisational measures to safeguard your personal data from unauthorised access, use, alteration, or disclosure. Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a legitimate business need. They are subject to a duty of confidentiality.

We also have procedures to manage any suspected personal data breach and will notify you and relevant regulators where legally required to do so.

9. Data Retention

We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

The volume, nature, and sensitivity of the personal data.
The potential risk of harm from unauthorised use or disclosure.
The purposes for which we process your personal data and whether these purposes can be achieved through other means.
Any applicable legal requirements (e.g., tax or audit obligations).

You may request deletion of your personal data or account at any time by clicking here. We will delete or anonymise your personal data unless it must be retained for legitimate business or legal reasons (e.g., outstanding payments, dispute resolution).

10. Your Legal Rights

Depending on your location and subject to the restrictions of applicable law (e.g., UK GDPR, POPIA), you may have the right to:

Request Access: To obtain a copy of your personal data held by us.
Request Correction: To correct incomplete or inaccurate personal data.
Request Erasure (“Right to be Forgotten”): To ask us to delete your personal data in certain circumstances.
Object: To object to processing based on legitimate interests or direct marketing.
Restrict Processing: To ask us to suspend the processing of your personal data.
Data Portability: To receive your personal data in a structured, commonly used format and to have it transferred to another controller, where technically feasible.
Withdraw Consent: If we are relying on your consent to process personal data, you can withdraw consent at any time (this will not affect the lawfulness of any processing carried out before withdrawal).

If you wish to exercise any of these rights, please contact us or click here for access or erasure. We may request additional information to verify your identity. We aim to respond to all legitimate requests within one month, but complex requests may take longer.

For users who are not located in South Africa, we still endeavour to respect and follow relevant data protection obligations, including the UK GDPR. If you believe we are not processing your personal data lawfully, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK).

11. Contact Us

If you have any questions or comments about this Privacy Policy, or if you wish to exercise your data protection rights, please contact our Information Officer / Data Protection Contact:

Name: Phillip Kent
Email: phillip@inboundorbit.co.uk

We appreciate the opportunity to address any concerns you may have. If you are not satisfied with our response, you may lodge a complaint with the Information Regulator in South Africa or with the Information Commissioner’s Office (ICO) in the UK.

Thank you for taking the time to read our Privacy Policy.

If you have any questions or need clarifications, please contact us at any time or click here to erase or access your data..