OrbitMI, Inc. is a global company based in New York City, New York, USA. We provide vessel performance management & maritime intelligence software as a service that helps maritime companies manage their fleet more efficiently, profitably and sustainably.
This Privacy Policy details OrbitMI's information security practices related to the Orbit Web & Mobile Applications, as well as the company website located at OrbitMI.com.
Contacting Us
Please feel free to contact us at any time in regards to this Policy by emailing privacy@orbitmi.com
Changes to our Privacy Policy
In general, changes will be made to this Privacy Policy to address new or modified laws, changes to ‘EU-US Privacy Shield Framework’ and/or new or modified business procedures. However, we may update this Privacy Policy at any time, with or without advance notice, so please review it periodically.
We may provide you additional forms of notice of modifications and/or updates as appropriate under the circumstances. Your continued use of the App & Website after any modification to this Privacy Policy will constitute your acceptance of such modifications and/or updates.
I. Data Collection
Personal Data
“Personal Data” is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. We may ask for certain Personal Data from you for the purpose of providing you content and/or services that you request.
We collect Personal Data such as your:
By subscribing to our blog or otherwise submitting your personal information via a form on Orbitmi.com, you are authorizing us to collect, store and use your email address, and other such information you provide, in accordance with this Privacy Notice.
Once you submit your information, you have opted in to receive electronic communications from OrbitMI.
Non-Personal Information
“Non-Personal Information” is general user information that does not contain personally identifiable information, which is collected on an aggregate basis as you use our App or Website. We collect Non-Personal Information such as:
Cookies
We use cookies and web log files to track usage and trends, to improve the quality of our Service and to customize your experience. A “cookie” is a tiny data file that resides on your computer, mobile phone, or other device, and allows OrbitMI to recognize you as a user when you return to our Website using the same computer and web browser. Information gathered through cookies may include: the date and time of visits, the pages viewed, and time spent at our Website. You can remove or block cookies using the settings in your browser, but in some cases that may impact your ability to use our Website. Sending a cookie to a user’s browser enables us to collect Non-Personal information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. For example, the Company may use cookies to store the following information: session data, email address, username, and other preferences. OrbitMI may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.
Usage Data (Product Interaction)
We use third-party analytics services to help analyze how users use the Orbit App & Website. These analytics services collect information such as how often users visit the Website or use the App and are used to improve the services we provide. The analytics services’ ability to use and share information collected by them is restricted by their terms of use and Privacy Policy, which you should refer to for more information about how these entities use this information. If third-party services collect information, they do so anonymously without identifying individual visitors. However, we may link the information we record using tracking technology to Personal Information we collect.
Diagnostics (Device Data & Crash Data)
We use device data, which is information concerning a device you use to access, use, and/or interact with the App or Website, such as operating system type and/or mobile device model, browser type, domain, and other system settings, the language your system uses and the country and time zone of your device, geo-location, unique device identifier and/or other device identifier, mobile phone carrier identification, and device software platform and firmware information. We use crash data, such as crash logs, to analyze critical issues that users encounter in the App.
Aggregate
We may collect non-identifying and statistical information about the use of our Website, such as how many visitors visit a specific page, how long they stay on that page and which links, if any, they click on. This information represents a generic overview of our users, including their collective habits. Information collected in the aggregate is not associated with you as an individual. We may share user information in the aggregate with third parties.
Other Tracking Technologies: We may supplement information you provide to us with information from other sources, such as information to validate and/or update your address and/or other demographic information. This information is used to maintain the accuracy of information on our Website and for internal analysis.
II. Purposes of Processing
General Use
We may share your Personal Data to fulfill the purposes for which you provide it, for any other purposes disclosed by us when you provide the Personal Data, with your consent, and/or to third parties designated by you.
We do not sell, trade, rent or otherwise share for marketing purposes your Personal Data with third parties without your consent. For example, we may use your Personal Data to:
The information collected in the aggregate enables OrbitMI to better understand your use of the App or Website and to enhance your enjoyment. If you use the Website, you agree to receive certain communications from us including but not limited to Newsletters and Company Updates. We will occasionally send you information on products, events, and newsletters. You can sign up for these emails from us at any time on our website. Out of respect for your privacy, you may elect not to receive these types of communications by changing your account setting through the Website.
Customer Service
Based upon the personally identifiable information you provide us, we will communicate with you in response to your inquiries, to provide the services you request and to manage your account. We will communicate with you by responding via email to the support request.
III. Legal Basis of Processing
We rely on a variety of bases for processing your personal data in a fair and legal manner. We will not rely on a single basis. We will use any of the following bases, depending on how we use your personal data:
IV. Recipients or Categories of Recipients of Data
We may share Personal Data and User Content with:
We may rely upon vendors, contractors, or agents (collectively, “Service Providers”) to provide servers for our e-mail communications which we use to communicate with you. We may also use Service Providers to help us authenticate systems and detect fraud.
Our Service Providers will be given access to your Personal Data as is reasonably necessary to provide the Website and related products and/or services.
We strive to use appropriate technical and organizational measures to protect your Personal Data. If Service Providers acquire confidential or proprietary information belonging to OrbitMI or its customers, such information is required to be handled in confidence and may not be disclosed to unauthorized third parties.
Our Service Providers are contractually obligated to use your Personal Data only at our direction and in accordance with our Privacy Notice.
Service Providers who violate our security and safe maintenance of data policies are subject to appropriate discipline including, but not limited to, termination. Certain Service Providers will automatically collect non-identifying information about your use of our Website by using cookies and other technologies as similarly used by OrbitMI.
We also may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
For example, we will disclose your Personal Information in the following circumstances: (i) to investigate and defend OrbitMI members against any third- party claims and/or allegations and/or otherwise to protect OrbitMI from liability, (ii) to investigate, prevent and/or take action regarding suspected and/or actual illegal activities, (iii) to assist government enforcement agencies, respond to a legal process and/or comply with the law, (iv) to exercise or protect the rights, property and/or personal safety of the users of the Website, and/or (v) to protect the security and/or integrity of the Service.
In response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorize us to) disclose your name, city, state, telephone number, email address, user ID history, fraud complaints, and usage history, without a subpoena, in connection with an investigation of fraud, intellectual property infringement, piracy, and/or other unlawful activity.
International Data Transfers
Our company operates globally and has a global infrastructure. We utilize cloud computing which means your Personal Data may be transferred to a country with data protection laws not as strong as where you reside.
We will transfer your Personal Data to countries deemed having adequate levels of data protection as determined by the European Commission. For those countries that do not have adequate levels of protection as determined by the European Commission, we will rely on a variety of methods for lawful cross-border transfers.
We may utilize Standard Contractual Clauses (or Model Clauses) in contracts with third-parties in these countries. Standard Contractual Clauses provide additional contractual guarantees around transfers of Personal Data.
In addition to our commitments under the Standard Contractual Clauses and other Model Clauses, we are certified to the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU to the United States. Our participation in the Privacy Shield applies to Personal Data that is received from the EU, European Economic Area, and Switzerland. We also abide by Swiss data protection law regarding the processing of personal data from the European Economic Area and Switzerland. OrbitMI has certified that it adheres to the ‘EU-US and Swiss-US Privacy Shield Principles’ of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability as set forth by the US Department of Commerce.
On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Schrems II). We anticipate receiving further guidance from the EU supervisory authorities on how to comply with the new data transfer regime after the Schrems II decision, including what supplementary measures may become necessary. We will continue to monitor forthcoming announcements to stay up to date.
To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
V. Security
We implement security measures designed to protect your Personal Data from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your Personal Data safe by not disclosing your password and by logging out of your account after each use.
We periodically review our information collection, storage and processing practices, including technical and organizational measures, to guard against unauthorized access to systems.
We further protect your Personal Data from potential personal data breaches by implementing certain technological measures including encryption, firewalls, and secure socket layer technology.
Because the internet is not a completely secure environment, OrbitMI cannot warrant the security of any information you transmit to OrbitMI or guarantee that information on the Website may not be accessed, disclosed, altered and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. In addition, while we take reasonable measure to ensure that Service Providers keep your information confidential and secure, such Service Provider’s practices are ultimately beyond our control.
We are not responsible for the functionality, privacy and/or security measures of any other organization. By using our Website, you acknowledge that you understand and agree to assume these risks.
You may ask for a list of technical and organizational measures taken to protect your personal data by e-mailing us at: privacy@OrbitMI.com.
Data Retention
We will retain Personal Data we process on behalf of our customers as needed to provide the services they request. Also, we will retain this Personal Data only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
VI. Data Subject Access Rights
Under the GDPR, EU residents have the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability.
We will do this in a timely manner as specified by the GDPR. If we need more time to fulfill your request, we will let you know in advance. We will not exceed the legally specified time limit under any circumstance.
You may exercise these rights by contacting us as follows:
E-mail: privacy@OrbitMI.com
Automated Decision Making and Profiling
Our company does not use your personal data for automated decision making or profiling. For example, when you apply for a bank loan, some companies may use an algorithm or automated process to decide details of your loan. This type of practice does not apply to Orbit, as we do not and will not utilize data in this way.
Children and Minors
OrbitMI does not knowingly collect Personal Data from children under the age of thirteen (13). If we learn that we have collected Personal Information from a child under age thirteen (13), we will delete such information as quickly as possible. If you believe that a child under the age of thirteen (13) may have provided us Personal Information, please contact us at: privacy@OrbitMI.com.
By using the Website, you represent that you are at least eighteen (18) years old and understand that you must be at least eighteen (18) years old in order to create an account and/or purchase the goods and/or services through the Website.
VII. Third-Party Websites and Services
We are not responsible for the practices employed by any websites and/or services linked to and/or from our Website, including the information and/or content contained therein. Please remember that when you use a link to go from our Website to another website and/or service, our Privacy Policy does not apply to such third-party websites and/or services. Your browsing and interaction on any third-party website and/or service, including those that have a link on our Website, are subject to such third-party’s own rules and policies. In addition, you agree that we are not responsible and do not have control over any third-parties that you authorize to access your Personal Data. If you are using a third-party website and/or service and you allow them to access your Personal Data, you do so at your own risk.
VIII. California Privacy Notice Addendum
Your California Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to receive: (a) information identifying any third-party companies to whom OrbitMI may have disclosed Personal Information to for direct marketing, within the past year; and (b) a description of the categories of Personal Information disclosed. To obtain such information, please email your request to privacy@OrbitMI.com and we will provide a list of categories of Personal Information disclosed within thirty (30) days after receiving such a request. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted in ways other than those specified above.
Personal information we collect and how we collect it
We collect the type of information described in this California Privacy Notice Addendum and in the Privacy Notice, which includes Personal Information, in the manner described herein and in the Privacy Notice. “Personal Information” means information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident, including without limitation information that identifies or could reasonably be linked, directly or indirectly, with a particular consumer or device. Personal Information does not include (i) publicly available information from government records; (ii) deidentified or aggregated consumer information; or (iii) information excluded from CCPA’s scope such as health and medical information. If you do not provide the information that we ask for, we may not be able to provide you with the requested services.
Personal Information may be collected from you (directly or indirectly) or you may provide such Personal Information when you contact us, visit our website, and/or engage us to provide services. This California Privacy Notice Addendum and the Privacy Notice explain our practices for collecting, using, sharing, maintaining, protecting, and disclosing such information.
We have collected the following categories of Personal Information within the last twelve (12) months:
Category | Information |
Identifiers | First name, last name, postal address, unique personal identifier, online identifier, internet protocol address, email address, email data, website usage data or other similar identifiers |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | First name, last name, postal address, unique personal identifier, online identifier, internet protocol address, email address, email data, website usage data, or other similar identifiers |
Internet or other similar network activity | Information about a visitor's interaction with our website |
Geolocation data | Physical location via internet protocol address |
User Content | Customer support data generated by a user during the customer support request |
Usage Data | Product interaction data |
Diagnostics | Crash data such as crash logs |
Professional or employment-related information | Company and Job Title information that has been submitted by a visitor on our website, in order for us to provide a better context for discussion |
Use of personal information
For more information about how the Personal Information (as defined in the Privacy Notice) we collect and how we collect it, please see the “Information We Collect” and “How We Use and Share Information” sections of our Privacy Notice.
Sharing personal information
We share Personal Information as further described in the “How We Use and Share Information” section of the Privacy Notice. We also disclose the categories of third-parties to whom we disclosed Personal Information for business purposes is described in the “Whom We Share Your Information With” of the Privacy Notice.
Rights of California residents
The CCPA provides California residents with specific rights regarding their Personal Information. You have the following rights that may be exercised as further described below:
Access and data portability rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. You may make such request for access or data portability twice within twelve (12) month period. Once we receive and confirm your verifiable consumer request, we will disclose the following to you: (i) the categories of Personal Information we collected about you; (ii) the categories of sources for the Personal Information we collected about you; (iii) the business purpose for collecting (or selling, if applicable) the Personal Information; (iv) the categories of third parties with whom we share such Personal Information; and (v) the specific information we collected about you.
Request for information
Pursuant to Section 1798.83 of the California Civil Code (California’s “Shine the Light” law), residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third-parties for such third-parties’ direct marketing purposes and the identities of the third-parties with whom the business has shared such information during the immediately preceding twelve (12) month period.
Deletion requests
Pursuant to the CCPA, you have the right to request that we delete any of your Personal Information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete and will direct our service providers to delete your Personal Information from our records, unless an exception applies. Keep in mind, we may deny your request if it is necessary for us or our service providers to: (i) complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform services pursuant to our contract with you; (ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (iii) debug our website and/or identify and repair errors that impair existing intended functionality; (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (v) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.); (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (vii) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (viii) make other internal and lawful uses of that information that are compatible with the context in which you provided it; or (xi) comply with a legal obligation.
Opt-out and opt-in rights for sale of personal information
In the past twelve (12) months we have not sold Personal Information to a third-party for monetary or other valuable consideration. OrbitMI, Inc. does not sell Personal Information to any third-party.
Verification on consumer request and timeline
It is imperative that we verify the consumer request and so you must provide information that allows us to reasonably verify you are the person about whom we collected the Personal Information or an authorized representative. If you make a request on behalf of another individual, we will need to verify that you have the authority to do so. You must also describe your request with sufficient detail that allows us to properly understand, evaluate and respond to such request. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will not honor your request if an exception to the law applies.
We will try and respond to requests within forty-five (45) days after our receipt of such verifiable request (or within such other time as required by applicable law). If we need additional time, we will notify you in writing and inform you of the reason for the extension of time. For the avoidance of doubt, any such requests for Personal Information will cover the twelve (12) month period immediately preceding the date of such verifiable request. We will provide such information in a commonly used format. We will not discriminate against you for exercising your rights under the CCPA. For more information about requests, please see the “Your rights and controlling your personal information” section of the Privacy Policy.