Skip to main content

Privacy Policy

Policy Quick Links:
Terms and Conditions
Data Protection Addendum
Privacy Policy
Orlo Service Level Agreement
Website Cookie Policy
Orlo Platform Information Collection and Cookies

This is the Privacy Notice for SocialSignIn T/A Orlo.

This privacy notice is not something for you to agree, nor does it form part of our terms and conditions. It is to simply tell you what we do with your personal data and be as transparent as possible.

Who are we?

Our company is called SocialSignIn, but we are more commonly known as Orlo. We are registered with Companies House under registration 08237170, and with the ICO under registration ZA181887

Our registered address is 5 – 7A, Centre City, Hill street, Birmingham, B5 4AU.

What data do we process?

If you are a customer of Orlo, we will hold the following information about you:

  • Your name and contact information
  • Social media URLs
  • Your organisation’s name and address
  • Information about your business activities
  • Information and documentation about your matters or enquiries, including communications with you
  • Billing and payment information

As a potential customer, we will hold the following:

  • Your name, and contact information
  • Information and documentation relating to your business and sector, from yourself, websites,
  • Companies House, social media and our marketing partners.

Because we use your data to engage you in a contract, if you fail to provide some or all that data, we will not be able to enter a commercial relationship with you.

Please note that we use YouTube API services. By using Orlo to manage your YouTube account you are agreeing to be bound by their terms of service, available to view here (https://www.youtube.com/t/terms). You can also view Google’s Privacy Policy here and revoke access at any time through the Google Security Settings page.

Explaining the lawful basis

Reference to the basis of processing (e.g., “(Basis is Article. 6.1.f)”) is a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question. This will usually be an Article 6 lawful basis as we do not process special category (Article 9) data.

Engaging you in and continuing our commercial relationship

We use the information we hold about you and your business, both personal and otherwise, to give you the best product and service we can.

We will add your details to our email address book and customer relationship management platform. We also use your information to send contracts, bill you, and keep track of payments that you make, as well as to keep in contact throughout our relationship.

The basis for this is Article 6.1.b – ‘performance of a contract’, as this is necessary to deliver the product and service to you.

We will retain your personal data until our contract expires or is terminated, at which point, we will delete your data from our live systems. Our back up files are overwritten every 4 weeks. Contracts and email correspondence will be retained for 7 years before deletion.

We will continue to send electronic marketing to you until you opt out.

Sending email direct marketing to prospective and existing business clients

If you are from a corporate or public sector organisation and we have met at a conference or networking event, you have asked for information on internet forums, contacted us via our website or email and we feel that you could be a suitable customer, we will perform due diligence checks to ensure that we would be a compatible company for you. The information from these checks is used to contact you and to explore business opportunities. We will also proactively identify suitable prospective customers and send email marketing direct to the appropriate representative of the organisation to facilitate an introduction.

If you are an existing customer, we will send you appropriate information and updates on our product and services.

The basis for our electronic marketing activity is Article 6.1.f – ‘Legitimate Interest’, we have a legitimate interest to perform basic due diligence on prospective clients, and to market our services to current and prospective business to business customers.

If at any time, you want to stop receiving emails from us, simply let us know by using the unsubscribe link on our emails or contact us direct, and we will stop.

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission, but there are some exceptions to this:

  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. The lawful basis is Article 6.1.c – ‘Legal Obligation’
  • We use an accountancy service which have limited visibility of your personal business data for the administration of company financial affairs. The basis for this is Article 6.1.f, we have a legitimate interest to allow our accountant to have limited access to our client personal data to manage our accounts.
  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Our lawful basis for this activity (although we are sure we will not need to) is Article 6.1.f, we have a legitimate interest to pursue money owed to us

We do use other organisations to process your data on our behalf, these are software services hosted in the ‘cloud’. These services are used to manage our contact with you, such as our customer relationship management system; to store data, provide email functionality and online collaboration tools.

We only engage with those data processors which can provide us reassurances of their ability to keep your data safe and secure. We ensure that they have the right technical and organisational measures in place and that our agreement is covered by the appropriate contractual arrangements as required by the UK GDPR.

Where do we keep your data?

For clarity, all personal data that is processed by the Orlo platform, is stored in UK based, accredited data centres.

For our own commercial purposes, if you are a customer or prospective customer, we use software services (such as Google, HubSpot, and Xero) that may store your personal data in secure data centres outside the UK or EEA.

Where possible, we keep data in the UK or EEA. For transfers outside these areas, we (or our providers) use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU standard contractual clauses. We ensure, via a data protection test (transfer risk assessment), that the level of protection for your data remains not materially lower than under UK law.

Security

The UK GDPR requires us to implement appropriate technical and organisational measures to protect data. We have in place technical measures, such as anti-virus, anti-malware, strong passwords, and authentication protocols. Information passed over the internet to our software services is protected by Transport Layer Security (TLS) encryption. We have organisational measures in place which include policies and procedures to protect your data and access your rights, and we provide training to our staff.

Data Breaches

If a breach risks your rights/freedoms, we will notify the ICO within 72 hours and inform you without undue delay where required.

Your rights

Under the UK GDPR (as amended by the Data (Use and Access) Act 2025) you have the following rights:

  • Get access to your personal data and information about our processing of it. You can request a copy of your data from us and we will conduct reasonable and proportionate searches to find this information. We may require proof of your identity before releasing any data to ensure we are protecting your privacy.
  • In some circumstances, restrict our processing of your data and compel us to delete the bits we do not use for legal purposes
  • Object to our processing for business to business marketing. You can also object to processing based on our legitimate interests.
  • Ask us to rectify any inaccurate information we may inadvertently hold
  • Request deletion of your information, in certain circumstances.
  • Where we rely on consent (e.g., for marketing), you can withdraw it at any time.

If you want to exercise any of these rights, you can contact us at the address at the top of this page, or email us at hello@orlo.tech

We typically respond to all requests within one calendar month. If your request is particularly complex or you have made several requests, it may take us up to two additional months. We will notify you if an extension is necessary.

Data Deletion Instructions for Meta Users

If you have used Facebook Login or otherwise connected your Meta account (e.g. Facebook, Instagram, Threads, WhatsApp) to Orlo, you may request the deletion of any data that our application has received from Meta.

You can request deletion in one of the following ways:

Option 1: Self‑Service Deletion

Log into your Facebook account.
Go to Settings & Privacy → Settings → Apps and Websites.
Find Orlo in your list of connected apps.
Select Remove.
This will delete the app’s access to your data and trigger Meta’s automated data‑deletion request to us.

Option 2: Direct Request to Orlo
You may also request deletion of Facebook‑related data by contacting us at: hello@orlo.tech
Include the subject line: “Facebook Data Deletion Request” and the email address you used with Facebook Login.
We will delete all Facebook‑provided data associated with your account within 30 days of receiving your request. Once the data has been deleted, we will provide you with a confirmation notification via email.

Your right to complain

You have the right to make a complaint at any time, if you wish to do so, please contact us at hello@orlo.tech

We will acknowledge your complaint within 30 days and respond without undue delay, making appropriate enquiries and keeping you informed of progress. We are committed to addressing your data protection concerns. You should raise your complaint directly with us first.

You may escalate unresolved complaints to the Information Commissioner’s Office (ICO – the UK supervisory authority for data protection issues) here: https://ico.org.uk/make-a-complaint

By post:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

We reserve the right to update this privacy notice at any time to maintain alignment with current UK data protection legislation.

We encourage you to review this page periodically to stay informed.

 

This privacy notice was last updated in April 2026.

See Orlo in action.

Join 400+ public sector organisations already building trust with Orlo.

The only community engagement platform designed for the public sector

The only social media management platform designed for the public sector

Copyright © 2026 Orlo. All rights reserved.

Terms & Conditions

Privacy Policy

Accessibility

We’re social

Copyright © 2026 Orlo. All rights reserved.

Terms & ConditionsPrivacy Policy | Accessibility