Protection of personal data
The protection of Customer personal data is one of our priorities and any processing of personal data is carried out conscientiously, legally, in good faith and in accordance with all relevant legislation.
Personal data is every information related to an identified person or a person that can be identified, whether his identity can be determined directly or indirectly, in particular on the basis of an identification number or one or more factors specific to his physical, psychological, mental, economic, cultural or social identity.
The processing of personal data entails any action or set of actions performed upon personal data, such as collecting, recording, organising, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, publishing or otherwise making available, alignment, combining, blocking, deletion or destruction and the implementation of logical, mathematical or other operations on that data.
Orioly is committed to data protection of our website Customers and Visitors. However, we do gather some personal information to improve our website, to better understand our visitors and their behaviour. This is done via cookies.
In order to become Orioly customer, Customer must register.
Our Service has a subscription model, therefore we need your private personal information, including credit card details in order to process charges.
Orioly does not store Credit Card data. All credit card information is processed by Stripe or PayPal and both provide Level 1 PCI DSS Compliant Service Provider, Level 1. Orioly is not subject to PCI obligations.
By entering personal data during and after the registration on the Service, the Customer expresses his agreement to the processing of his personal data for the stated purpose based on General Terms.
The Customer has the right to terminate the agreement at any time and request the termination of further processing of his personal data, except when it comes to processing data for statistical purposes when the aforementioned data does not allow the identification of the person to which they relate.
The Customer is responsible for the accuracy of the entered information.
In case you have any concerns about privacy or your personal information please send us an email to email@example.com with subject line “website privacy concern” and we will reply as soon as possible.
Information that may be collected
Orioly collects Customer data during the registration.
Visitor data is collected when using the website and browsing its content
Orioly will not collect and process personal data whose collection is prohibited by law, such as data relating to racial or ethnic origin, political opinions, religious or other beliefs, trade union memberships and other data the collection of which the law expressly prohibits, except under the law enumerated conditions and situations.
Customer and visitor data that is collected:
- First name
- Last name
- Company name
- IP address
- Location data
In case when a Visitor downloads marketing materials (E-books, resources, tutorials, guides), the data that may be collected and stored:
- First name
- Last name
- Job title
- Email address
- Phone number
- Company type
The purpose for which the data is collected
Orioly collects information for the sole purpose of carrying out activities which are subject of their business.
The collected data can be used for further development and improvement of the Service, to adapt and improve the content and services that Orioly provides, as well as to inform and offer the Customer other contents and services that can be used through the website, Service or other communication channels.
Consumer information (payer information, travellers and related information) can be accessed by the dedicated registered Customer, who gained access to this data by registering on the Service and implemented Orioly services in their business workflow, on their website or they use Orioly distribution channels.
Every Orioly Customer can provide a list of contents that are displayed within the booking engine using Orioly settings panel for registered Customers.
Every Consumer can select and accept consents using Orioly booking engine.
Customer can process every request received for a consumer for:
- displaying which personal Consumer information is stored
- deleting personal Consumer information
Disclosure of personal data
Orioly will not transmit any personal data to third parties, except in the manner specified in the Policy. Any transfer to third parties must comply with the regulations of the Policy and third parties are bound to comply with the regulations of the Policy regarding data handling.
Customer personal data may be transferred to affiliates, third parties that are contracted by Orioly to carry out certain activities or provide certain services and in the case of ownership, organisational and status changes regarding Orioly, as well as when such an obligation is expressly stipulated by law.
In particular, we provide a limited amount of your information (such as your email and address, country) to:
- Stripe or PayPal when processing credit card payments
- Intercom, Inc to bring you personalised support experience
- HubSpot to send emails
Orioly Customer can or may share Consumer information needed to ensure proper product service, e.g. providing minimum personal information so that an agent can ensure the tour to the Consumer. Providing personal information to the Customer partner is managed fully by Orioly Customer and Orioly is not responsible for that process.
Storing personal data
Orioly approaches the storing of personal data conscientiously and with all due care, taking the utmost effort that the data is adequately protected from any form of accidental or deliberate abuse, destruction, loss, unauthorised alteration, disclosure or access.
Personal data transmission takes place via the internet and is, in spite of all efforts, never truly secure, therefore Orioly does not guarantee the safety of such a transfer and the Customer / Consumer performs it at their own risk.
After receiving the information from the Customer or Consumer, Orioly will take all necessary measures in order to prevent any misuse of the data.
Personal data can be transferred and stored outside of the United States in countries that provide adequate protection of personal data, as well as in countries located outside of the European Union in which the protection of personal data is possibly not regulated in accordance with the relevant EU legislation and does not provide the adequate level of protection in accordance with relevant EU legislation. By submitting their personal information the Customer agrees to the previously described transmission, storage and use of data.
Some of the data is being provided to partners like Stripe, Intercom or HubSpot. Orioly provides its customers with the highest level of data security and compliance, and in accordance with that conducts business only with companies that can provide the same level of security. Stripe, Intercom and HubSpot provide EU General Data Protection Regulation (GDPR) compliance.
Customers data is stored in multi-tenant data-stores, we do not have individual data-stores for each customer. However strict privacy controls exist in our application code to ensure data privacy and prevent one customer from accessing another customers data. We have many units and integration tests in place to ensure these privacy controls work as expected. These tests are run every time our code base is updated and even one single test failing will prevent new code being shipped to production.
All data sent to or from Orioly is encrypted in transit using 256-bit encryption. Orioly Service is served 100% over HTTPS.
Right to access and change information
Your personal information will be retained until it is deleted. Your personal information will be deleted on one of the following occurrences:
- deletion of your personal information by you,
Each deletion request must be sent to the email address firstname.lastname@example.org. After the request is validated and verified, the data will be deleted or obfuscated, based on laws and rules that must be applied.
Data Protection Officer
We have a dedicated Data Protection Officer to help you with any requests or questions you have about your data. You can reach out to us by emailing email@example.com.