Privacy Policy

Policy Quick Links:
Terms and Conditions
Data Protection Addendum
Privacy Policy
Orlo Service Level Agreement
Website Cookie Policy
Orlo Platform Information Collection and Cookies

This is the Privacy Notice for SocialSignIn T/A Orlo.

This privacy notice is not something for you to agree, nor does it form part of our terms and conditions. It is to simply tell you what we do with your personal data and be as transparent as possible.

Who are we?

Our company is called SocialSignIn, but we are more commonly known as Orlo. We are registered with Companies House under registration 08237170, and with the ICO under registration ZA181887

Our registered address is 5 – 7c, Centre City, Hill street, Birmingham, B5 4AU.

What data do we process?

If you are a customer of Orlo, we will hold the following information about you:

Explaining the lawful basis

Reference to the basis of processing (e.g., “(Basis is Article. 6.1.f)”) is a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question. This will usually be an Article 6 lawful basis as we do not process special category (Article 9) data.

Engaging you in and continuing our commercial relationship

We use the information we hold about you and your business, both personal and otherwise, to give you the best product and service we can.

We will add your details to our email address book and customer relationship management platform. We also use your information to send contracts, bill you, and keep track of payments that you make, as well as to keep in contact throughout our relationship.

The basis for this is Article 6.1.b – ‘performance of a contract’, as this is necessary to deliver the product and service to you.

We will retain your personal data until our contract expires or is terminated, at which point, we will delete your data from our live systems. Our back up files are overwritten every 4 weeks. Contracts and email correspondence will be retained for 7 years before deletion.

We will continue to send electronic marketing to you until you opt out, or if we have no further engagement from you, we will delete your data after 6 months.

Sending email direct marketing to prospective and existing business clients

If you are from a corporate or public sector organisation and we have met at a conference or networking event, you have asked for information on internet forums, contacted us via our website or email and we feel that you could be a suitable customer, we will perform due diligence checks to ensure that we would be a compatible company for you. The information from these checks is used to contact you and to explore business opportunities. We will also proactively identify suitable prospective customers and send email marketing direct to the appropriate representative of the organisation to facilitate an introduction.

If you are an existing customer, we will send you appropriate information and updates on our product and services.

The basis for our electronic marketing activity is Article 6.1.f – ‘Legitimate Interest’, we have a legitimate interest to perform basic due diligence on prospective clients, and to market our services to current and prospective business to business customers.

If at any time, you want to stop receiving emails from us, simply let us know by using the unsubscribe link on our emails or contact us direct, and we will stop.

We will delete your data if after 6 months we have no engagement from you. If we have engaged initially but we lost touch, we will delete your data after 7 months.

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission, but there are some exceptions to this:

We do use other organisations to process your data on our behalf, these are software services hosted in the ‘cloud’. These services are used to manage our contact with you, such as our customer relationship management system; to store data, provide email functionality and online collaboration tools.

We only engage with those data processors which can provide us reassurances of their ability to keep your data safe and secure. We ensure that they have the right technical and organisational measures in place and that our agreement is covered by the appropriate contractual arrangements as required by the UK GDPR.

Where do we keep your data?

For clarity, all personal data that is processed by the Orlo platform, is stored in UK based, accredited data centres.

For our own commercial purposes, if you are a customer or prospective customer, the software services we use to manage your personal data (such as Google, HubSpot and Xero accounting), store your data in their secure data centres. Where we are able, we specify UK based storage, but where data must be transferred out of the UK, our providers have put in place Standard Contractual Clauses as an authorised transfer mechanism. Should any other need arise to transfer your data outside of the UK, we will ensure adequate protections are in place.

Security

The UK GDPR requires us to implement appropriate technical and organisational measures to protect data. We have in place technical measures, such as anti-virus, anti-malware, strong passwords, and authentication protocols. Information passed over the internet to our software services is protected by Transport Layer Security (TLS) encryption. We have organisational measures in place which include policies and procedures to protect your data and access your rights, and we provide training to our staff.

Your rights

The UK GDPR provides you as data subjects with rights over your data. The relevant rights are: