Orb CCPA (California Consumer Privacy Act) Policy
Effective Date: 09/01/2025
1. Purpose & Scope
This policy outlines how Orb Group and affiliated entities including OneVigor Holding Inc., OneVigor Inc., Vigor Systems Inc., Orb Group Global Services AB, Orb Group Global Services Pte Ltd., comply with the California Consumer Privacy Act of 2018 (CCPA). It applies to all Orb Group operations that process personal information of California residents, including our websites, cloud platforms, and client-facing services.
Scope:
• All Orb Group employees, contractors, and subsidiaries
• All systems and services managed by Orb Group
• Personal data of California residents collected through Orb Group business activities
2. Roles & Responsibilities
• Policy Owner: Director of IT, Security & Compliance (Global Head of Information Security)
• ISMS Committee: Reviews this policy quarterly to ensure CCPA alignment
• IT & Security: Ensure technical enforcement of privacy and data protection requirements
• Legal & Compliance: Respond to consumer requests under CCPA
• All Staff: Must comply with privacy practices and report suspected data misuse
3. Policy Requirements
Definitions
• Personal Information: Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
• Sale of Personal Information: Selling, renting, releasing, disclosing,
disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to another business or third party for monetary or other valuable consideration.
Categories of Personal Information Collected
• Identifiers: name, address, email address, IP address, and similar identifiers
• Customer Records: personal information under California Customer Records statute (Cal. Civ. Code §1798.80(e))
• Commercial Information: records of products or services purchased, obtained, or considered
• Internet/Network Activity: browsing history, search history, interactions with our website or advertisements
• Geolocation Data: physical location or movements
• Inferences: profiles created from the above categories
Sources of Personal Information
• Directly from consumers
• Automatically through use of Orb Group websites and services
• Third parties such as service providers or publicly available sources
Purposes for Collecting Personal Information
• To provide and manage services
• To fulfill or meet the reason information was provided
• To improve our websites and services
• To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity
• To comply with legal obligations
Sale of Personal Information
• Orb Group does not sell personal information in the traditional sense.
• Service providers may use cookies and similar technologies to collect data for their own purposes.
• Consumers have the right to opt-out of the sale of personal information.
Disclosure of Personal Information
• Personal information may be disclosed to service providers, affiliates, and business partners.
• Orb Group does not share personal information with third parties for their direct marketing purposes without consent.
Your Rights Under the CCPA
• Right to Know: Categories of personal information collected, used, disclosed, or sold in the last 12 months
• Right to Access: Access to specific pieces of collected personal information
• Right to Deletion: Request deletion of personal information, subject to exceptions
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: No discrimination for exercising CCPA rights
Exercising Your Rights
• Submit requests through one of the following methods:
o Visit our privacy page: https://orbgroup.com/legal
o Email us at: privacy@orbgroup.com
• Orb Group may request additional information to verify identity.
Procedure for Submitting Requests
Requests must:
• Provide sufficient information to verify identity or authority
• Describe the request in sufficient detail
Orb Group cannot respond to requests if identity cannot be verified or personal
information cannot be confirmed.
Response Timing and Format
• Information disclosed free of charge within 45 days of receiving a verifiable
request
• Response period may be extended once by 45 days with notice
• Disclosures cover the preceding 12 months
• Information provided in a portable, usable format
Do Not Sell My Personal Information / Opt-Out Procedures
Consumers may:
• Opt out of ads via NAI, EDAA, or DAA platforms
• Configure mobile device settings (“Opt out of Ads Personalization” on Android; “Limit Ad Tracking” on iOS)
• Opt-out cookie must be set per browser; deleting cookies requires re-opting
out
Children’s Privacy
• Orb Group services are not directed at children under 13
• No knowing collection of children’s personal data without parental consent
• Parents may request deletion of data collected inadvertently
Additional California Rights
• Shine the Light law (§1798): Annual disclosure on data shared for
marketing
• California Business & Professions Code §22581: Rights for minors under 18
to request removal of publicly posted data
4. Compliance & Review
• Policy is reviewed annually and after major operational or legal changes
• ISMS Committee ensures ongoing CCPA compliance across Orb Group
operations
• Violations of this policy may result in disciplinary action
Contact:
• Privacy Page: https://orbgroup.com/legal
• Email: privacy@orbgroup.com
Last Updated: 09/01/2025
Orb CCPA (California Consumer Privacy Act) Policy
Effective Date: 09/01/2025
1. Purpose & Scope
This policy outlines how Orb Group and affiliated entities including OneVigor Holding Inc., OneVigor Inc., Vigor Systems Inc., Orb Group Global Services AB, Orb Group Global Services Pte Ltd., comply with the California Consumer Privacy Act of 2018 (CCPA). It applies to all Orb Group operations that process personal information of California residents, including our websites, cloud platforms, and client-facing services.
Scope:
• All Orb Group employees, contractors, and subsidiaries
• All systems and services managed by Orb Group
• Personal data of California residents collected through Orb Group business activities
2. Roles & Responsibilities
• Policy Owner: Director of IT, Security & Compliance (Global Head of Information Security)
• ISMS Committee: Reviews this policy quarterly to ensure CCPA alignment
• IT & Security: Ensure technical enforcement of privacy and data protection requirements
• Legal & Compliance: Respond to consumer requests under CCPA
• All Staff: Must comply with privacy practices and report suspected data misuse
3. Policy Requirements
Definitions
• Personal Information: Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
• Sale of Personal Information: Selling, renting, releasing, disclosing,
disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to another business or third party for monetary or other valuable consideration.
Categories of Personal Information Collected
• Identifiers: name, address, email address, IP address, and similar identifiers
• Customer Records: personal information under California Customer Records statute (Cal. Civ. Code §1798.80(e))
• Commercial Information: records of products or services purchased, obtained, or considered
• Internet/Network Activity: browsing history, search history, interactions with our website or advertisements
• Geolocation Data: physical location or movements
• Inferences: profiles created from the above categories
Sources of Personal Information
• Directly from consumers
• Automatically through use of Orb Group websites and services
• Third parties such as service providers or publicly available sources
Purposes for Collecting Personal Information
• To provide and manage services
• To fulfill or meet the reason information was provided
• To improve our websites and services
• To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity
• To comply with legal obligations
Sale of Personal Information
• Orb Group does not sell personal information in the traditional sense.
• Service providers may use cookies and similar technologies to collect data for their own purposes.
• Consumers have the right to opt-out of the sale of personal information.
Disclosure of Personal Information
• Personal information may be disclosed to service providers, affiliates, and business partners.
• Orb Group does not share personal information with third parties for their direct marketing purposes without consent.
Your Rights Under the CCPA
• Right to Know: Categories of personal information collected, used, disclosed, or sold in the last 12 months
• Right to Access: Access to specific pieces of collected personal information
• Right to Deletion: Request deletion of personal information, subject to exceptions
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: No discrimination for exercising CCPA rights
Exercising Your Rights
• Submit requests through one of the following methods:
o Visit our privacy page: https://orbgroup.com/legal
o Email us at: privacy@orbgroup.com
• Orb Group may request additional information to verify identity.
Procedure for Submitting Requests
Requests must:
• Provide sufficient information to verify identity or authority
• Describe the request in sufficient detail
Orb Group cannot respond to requests if identity cannot be verified or personal
information cannot be confirmed.
Response Timing and Format
• Information disclosed free of charge within 45 days of receiving a verifiable
request
• Response period may be extended once by 45 days with notice
• Disclosures cover the preceding 12 months
• Information provided in a portable, usable format
Do Not Sell My Personal Information / Opt-Out Procedures
Consumers may:
• Opt out of ads via NAI, EDAA, or DAA platforms
• Configure mobile device settings (“Opt out of Ads Personalization” on Android; “Limit Ad Tracking” on iOS)
• Opt-out cookie must be set per browser; deleting cookies requires re-opting
out
Children’s Privacy
• Orb Group services are not directed at children under 13
• No knowing collection of children’s personal data without parental consent
• Parents may request deletion of data collected inadvertently
Additional California Rights
• Shine the Light law (§1798): Annual disclosure on data shared for
marketing
• California Business & Professions Code §22581: Rights for minors under 18
to request removal of publicly posted data
4. Compliance & Review
• Policy is reviewed annually and after major operational or legal changes
• ISMS Committee ensures ongoing CCPA compliance across Orb Group
operations
• Violations of this policy may result in disciplinary action
Contact:
• Privacy Page: https://orbgroup.com/legal
• Email: privacy@orbgroup.com
Last Updated: 09/01/2025
Orb CCPA (California Consumer Privacy Act) Policy
Effective Date: 09/01/2025
1. Purpose & Scope
This policy outlines how Orb Group and affiliated entities including OneVigor Holding Inc., OneVigor Inc., Vigor Systems Inc., Orb Group Global Services AB, Orb Group Global Services Pte Ltd., comply with the California Consumer Privacy Act of 2018 (CCPA). It applies to all Orb Group operations that process personal information of California residents, including our websites, cloud platforms, and client-facing services.
Scope:
• All Orb Group employees, contractors, and subsidiaries
• All systems and services managed by Orb Group
• Personal data of California residents collected through Orb Group business activities
2. Roles & Responsibilities
• Policy Owner: Director of IT, Security & Compliance (Global Head of Information Security)
• ISMS Committee: Reviews this policy quarterly to ensure CCPA alignment
• IT & Security: Ensure technical enforcement of privacy and data protection requirements
• Legal & Compliance: Respond to consumer requests under CCPA
• All Staff: Must comply with privacy practices and report suspected data misuse
3. Policy Requirements
Definitions
• Personal Information: Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
• Sale of Personal Information: Selling, renting, releasing, disclosing,
disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to another business or third party for monetary or other valuable consideration.
Categories of Personal Information Collected
• Identifiers: name, address, email address, IP address, and similar identifiers
• Customer Records: personal information under California Customer Records statute (Cal. Civ. Code §1798.80(e))
• Commercial Information: records of products or services purchased, obtained, or considered
• Internet/Network Activity: browsing history, search history, interactions with our website or advertisements
• Geolocation Data: physical location or movements
• Inferences: profiles created from the above categories
Sources of Personal Information
• Directly from consumers
• Automatically through use of Orb Group websites and services
• Third parties such as service providers or publicly available sources
Purposes for Collecting Personal Information
• To provide and manage services
• To fulfill or meet the reason information was provided
• To improve our websites and services
• To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity
• To comply with legal obligations
Sale of Personal Information
• Orb Group does not sell personal information in the traditional sense.
• Service providers may use cookies and similar technologies to collect data for their own purposes.
• Consumers have the right to opt-out of the sale of personal information.
Disclosure of Personal Information
• Personal information may be disclosed to service providers, affiliates, and business partners.
• Orb Group does not share personal information with third parties for their direct marketing purposes without consent.
Your Rights Under the CCPA
• Right to Know: Categories of personal information collected, used, disclosed, or sold in the last 12 months
• Right to Access: Access to specific pieces of collected personal information
• Right to Deletion: Request deletion of personal information, subject to exceptions
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: No discrimination for exercising CCPA rights
Exercising Your Rights
• Submit requests through one of the following methods:
o Visit our privacy page: https://orbgroup.com/legal
o Email us at: privacy@orbgroup.com
• Orb Group may request additional information to verify identity.
Procedure for Submitting Requests
Requests must:
• Provide sufficient information to verify identity or authority
• Describe the request in sufficient detail
Orb Group cannot respond to requests if identity cannot be verified or personal
information cannot be confirmed.
Response Timing and Format
• Information disclosed free of charge within 45 days of receiving a verifiable
request
• Response period may be extended once by 45 days with notice
• Disclosures cover the preceding 12 months
• Information provided in a portable, usable format
Do Not Sell My Personal Information / Opt-Out Procedures
Consumers may:
• Opt out of ads via NAI, EDAA, or DAA platforms
• Configure mobile device settings (“Opt out of Ads Personalization” on Android; “Limit Ad Tracking” on iOS)
• Opt-out cookie must be set per browser; deleting cookies requires re-opting
out
Children’s Privacy
• Orb Group services are not directed at children under 13
• No knowing collection of children’s personal data without parental consent
• Parents may request deletion of data collected inadvertently
Additional California Rights
• Shine the Light law (§1798): Annual disclosure on data shared for
marketing
• California Business & Professions Code §22581: Rights for minors under 18
to request removal of publicly posted data
4. Compliance & Review
• Policy is reviewed annually and after major operational or legal changes
• ISMS Committee ensures ongoing CCPA compliance across Orb Group
operations
• Violations of this policy may result in disciplinary action
Contact:
• Privacy Page: https://orbgroup.com/legal
• Email: privacy@orbgroup.com
Last Updated: 09/01/2025
Orb Group GDPR (General Data Protection Regulation) Privacy Policy
Effective Date: 09/01/2025
Overview
The General Data Protection Regulation (GDPR) empowers individuals to control their personal data. Any organization that collects personal data must provide clear and transparent information about how that data will be collected, used, stored, and protected.
This Privacy Policy applies to OneVigor Holding Inc., OneVigor Inc. dba Orb Group and its subsidiaries, and Orb Group Global Services Pte Ltd., employees, applicants, clients, consultants, website visitors, and any other third parties who provide personal information to Orb Group.
Key GDPR Principles
• Transparency and Access: Individuals have the right to clear, accessible information on how their data is processed.
• Right to Erasure (“Right to be Forgotten”): Data will be erased when requested, provided there are no overriding legal or contractual grounds for retention.
• Data Breach Notification: Orb Group will notify the appropriate supervisory authority and affected individuals of serious data breaches without undue delay.
Categories of Data Collected
Orb Group may collect the following personal information:
• Identifiers (e.g., name, email, phone number, address, IP address)
• Employment-related data (e.g., CV details, background check information, medical details if required by law)
• Commercial information (e.g., client contracts, services purchased)
• Usage data (e.g., website browsing activity, log data, time and date of visits)
Purpose of Data Collection
Personal data may be collected and used for:
• Delivering and managing services, contracts, and agreements with clients and partners
• Managing user accounts, authentication, and access to company systems
• Fulfilling employment, payroll, and other HR-related obligations
• Communicating regarding services, updates, legal notices, or other relevant information
• Supporting marketing, promotions, events, or client outreach (where consent has been provided)
• Responding to individual requests or inquiries
• Ensuring compliance with legal and regulatory obligations
• Protecting company rights, property, and security, including fraud prevention and risk management
• Supporting business transfers such as mergers, acquisitions, or restructuring
• Processing payments and maintaining financial records
• Conducting internal analysis, reporting, and operational improvement
Lawful Basis for Processing
Orb Group processes personal data only where a lawful basis applies, as defined under Article 6 of the GDPR. Depending on the purpose, we rely on one or more of the following bases:
• Contractual necessity, to perform and deliver our services or fulfill employment obligations.
• Legal obligation, to comply with applicable laws and regulations.
• Legitimate interests, where processing is necessary for our business operations and balanced against the rights of individuals.
• Consent, where the individual has clearly agreed to the processing for specific purposes such as marketing or events.
• Vital interests, in rare cases to protect life or safety.
Records of processing activities and corresponding lawful bases are maintained as
part of Orb Group’s Data Processing Register.
Sharing of Personal Information
Orb Group may share personal data under the following circumstances:
• With service providers that support business operations, such as analytics, payments, hosting, monitoring, or communications
• With business partners for legitimate collaboration, service delivery, promotions, or client support
• With government, regulatory, or judicial authorities when required by law or to protect legal rights
• As part of mergers, acquisitions, financing, or corporate restructuring processes
• With consent, for specific purposes authorized by the individual
• With other users or the public where information is shared voluntarily in forums, events, or platforms operated by Orb Group
International Data Transfers
Personal Data may be processed at Orb Group’s operating offices and other processing locations, including transfers outside an individual's state, province, country, or jurisdiction with differing data protection laws. The Company ensures adequate controls for secure data transfer and treatment per this GDPR Privacy Policy.
Orb Group relies on Standard Contractual Clauses (SCCs) and equivalent safeguards for all international transfers in accordance with GDPR Articles 44–49.
Cookies
Our website uses cookies and similar technologies to improve user experience and analyze website activity. Users may adjust cookie preferences through their browser settings.
Data Security
Orb Group uses commercially reasonable safeguards to protect personal data. However, no method of electronic storage or transmission is fully secure, and absolute data security cannot be guaranteed.
Data Subject Rights
Under GDPR, individuals have the right to:
• Request access to their personal data
• Request a copy of their personal data
• Update, correct, or delete their personal data
• Object to or restrict processing
• Request data portability
• Withdraw consent at any time
Procedure for Submitting Requests
Your request to us must:
• Contact privacy@orbgroup.com and provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly
understand, evaluate, and respond to it.
We cannot respond to your request or provide you with the required information if we cannot:
• Verify your identity or authority to make the request.
• Confirm that the personal information relates to you.
Complaints
If you believe Orb Group has not handled your data in compliance with GDPR, we encourage you to contact our Director of IT and security at privacy@orbgroup.com. If you prefer not to reach out to us directly, you may file a complaint with your local Data Protection Authority.
Data Breach Notification
In the event of a personal data breach, Orb Group will notify the appropriate authorities and impacted individuals promptly, in line with GDPR obligations.
Children’s Privacy
Our service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under 13. If you are a parentor guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from
anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.
If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.
Links to Third-Party Websites
Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Data Protection Officer
For questions or concerns regarding GDPR and this Privacy Policy, please contact:
Asif Hemani
Director of IT, Security & Compliance
Email: privacy@orbgroup.com