Privacy Statement for Orbit
We take your privacy seriously. We are responsible for processing and are responsible for ensuring that the information we have about you is used in accordance with privacy legislation.

In this privacy statement, we provide you with information about how we use and protect your personal information and what rights you have. Personal information is all information that can be linked to you as an individual.

Anyone who requests it has the right to know what information is stored and the security measures that have been implemented to protect the information - as long as access to this does not impair security.
Our role as data controller
Unless otherwise stated, we are responsible for processing when personal information is collected directly from you as registered. A data controller is a person who decides the purpose of the processing of personal data and the funds to be used during such processing. It is the data controller who has the overall responsibility for the processing of your personal data.

We are also an independent data controller when we receive your personal information from another data controller (eg your employer) who is either a customer or a partner of ours. In these cases, our role as the controller of personal data received from such processors shall be limited to the purposes described in this privacy statement. Please note that our customers and partners are separate processors with regard to the processing of your personal data through our services and otherwise. We encourage you to read their privacy statements and any terms and conditions for customers and partners who process your personal information.
What information we have about you
By using our products and services, we collect the following information about you, for example:

- Contact information: name, e-mail address and telephone number.Identity information: registered address, name and date of birth.

- Means of identification, i.e. information used to verify your identity and your right to enter into an agreement with Orbit such as Bank ID, passport, driver's license, authorizations, etc.

- Communication, including SMS, chat and email we have directly with you.

- Technical information such as type of PC / mobile, internet connection, operating system, browser and IP address. We collect this information through the use of cookies. See our cookie policy.

- Access and usage information, i.e. information about crossings when using an app or card in buildings and locations connected to Orbit

- Location data to handle access to buildings and locations associated with Orbit.

- Account information such as payment transactions and other use of the account, such as login through the Orbit app or website.

- Product information, i.e. information about which of Orbit's products and services you use, such as which agreements you have entered into with Orbit.
Where we collect information from
We collect the information we process about you from accounting systems, credit information agencies, the population register and the Brønnøysund registers. We also collect information that you have explicitly given us access to via Orbit, either directly or via a third party (eg your employer).
How we use the information
Here are the main purposes for which we use the information:

1) To verify your identity
We need to process your personal information in order to verify your identity so that we can meet legally required requirements and otherwise manage your access to our buildings and locations associated with Orbit. For this purpose, we use contact information, identity information and means of identification.

2) To ensure proper access to property, people and assets
Orbit will process personal data for the purpose of handling accidents, damage and other undesirable actions, as well as to fulfill the duty to investigate and report suspicious transactions and access. For this purpose, we use means of identification, identity information, access and use information, location and technical information.

3) To deliver our products and services
For this purpose, we use contact information, identity information, credit information, communications, account information and product information.

4) Customer administration
In order to create and manage your customer profile and your purchases, we must process certain personal information. For this purpose, we use contact information, identity information, account information, access and usage information, location and product information.

5) To provide customer service
For this purpose, we use contact information and product information. If you contact customer service, we will store your name and telephone number and / or email address so that we know who you are if you contact us again. We will also save previous communication history.

6) To improve your user experience on our platforms
For this purpose, we use product information, account information and technical information.

7) To provide you with personalized customer follow-up
We will also provide you with personalized customer follow-up based on analyzes we perform based on your identity information, product information, technical information and account information (profiling). You can at any time choose to object to us using such profiling. For this purpose, we use contact information, account information and product information.

8) To improve our products and services
For this purpose, we use product information, account information and technical information.

9) To prevent fraud and loss
For this purpose, we use contact information, access and usage information, location, publicly available information and product information.

The legal basis for purposes 1, 2, 3, 4, 5 and 9 is that the processing is necessary to fulfill our agreement with you, and deliver our products and services to you, cf. the Norwegian personvernforordningen Article 6 No. 1 letter b).

In addition, we will be able to process personal data under purposes 1 and 2 in order to fulfill our statutory obligations, cf. the Norwegian personvernforordningen , Article 6, No. 1, letter c).

The legal basis for purposes 6, 7 and 8 is consent, cf. Article 6 (1) (a) of the Norwegian personvernforordningen. If we want to process the personal data for the said purpose, we will obtain a separate consent.
How long we store the information
We only store the information for as long as necessary. This typically means that we delete:

- Contact information about customers no later than 2 years after the customer relationship has ended. Customer service will store contact information from people who make contact for 1 year.

- Identity information no later than 2 years after the customer relationship has ended.

- Means of identification five years after the customer relationship has ended or a transaction has been completed in accordance with the Money Laundering Act.

- Publicly available information, no later than within 2 years.

- Communication after 2 years.

- Credit information within 1 year after the information was obtained.Technical information within six months.

- Account information within 2 years after the customer relationship has ended.

- Product information within 2 years after the customer relationship has ended.

We will store information as long as it complies with the law, and there is a special need, e.g. in the event of complaints or claims made against us or by us.
Your privacy rights
You have a number of privacy rights. You can use these by logging in to your user account with us, if you have it, or by contacting us.

Your rights include:

- Information: Further information on how we process information about you.

- Access: A copy of information we have about you.

- Correction: Correct and supplement information about you.

- Deletion: Request deletion of information as we no longer have a basis for storing it.

- Restriction: Request that we limit the use of your information.

- Data portability: Request that your information be transferred to you or to another business in a structured, commonly used and machine-readable format.

- Objection: Ask to oppose our use of your information for profiling. You can also object to being subject to individual decisions of a legal nature that are exclusively automated.

Please note that these rights are subject to legal restrictions. We will respond to your inquiry as soon as possible, and no later than 30 days.

If you believe that we process personal data unlawfully, you have the right to complain to the Norwegian Data Protection Authority. We hope that you will contact us first so that we can assess your objections and resolve any misunderstandings.
Changes to the privacy statement
We will be able to update the privacy statement from time to time. You will be notified of significant changes. You will always find the latest version of our privacy statement on the website.
Contact information
Feel free to contact us if you have questions, comments or want to make use of your rights. You can use the following contact information:

Data controller:
Orbit Technology AS
Company No. 924 790 547
Dokkveien 11, 3920 Porsgrunn, Norway
Phone number: +47 977 00 080

Orbit's CEO, Wasim Rashid, has the day - to - day responsibility for fulfilling the company's obligations under the Privacy Policy.

Orbit's privacy representative can be contacted at privacy@getorbit.com