1. Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, company name
• Account Information: Username, password, profile preferences
• Purchase Information: Dataset orders, payment details, billing address
• Communication Data: Dataset inquiries, support requests, feedback
• Newsletter Subscriptions: Email preferences, areas of data interest

Automatically Collected Information

When you visit our website or use our services, we automatically collect certain information:

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, datasets viewed, time spent, links clicked
• Location Data: General location (city/country level)
• Cookies and Similar Technologies: Session data, preferences

Third-Party Information

We may receive information from third-party sources:

• Analytics Services: Website usage statistics
• Payment Processors: Transaction confirmation data
• Social Media: Public profile information (if you connect accounts)

2. How We Use Your Information

We use the collected information for various purposes to provide and improve our health data marketplace:

Service Provision

• Process dataset orders and deliver purchased data
• Provide API access and manage usage quotas
• Respond to dataset inquiries and support requests
• Send order confirmations, delivery notifications, and receipts
• Maintain and improve our health data marketplace

Communication

• Send important service updates and notifications
• Respond to your inquiries and feedback
• Send marketing communications about new health datasets (with your consent)
• Notify you about new datasets, features, and data categories

Analytics and Improvement

• Analyze website usage and dataset popularity
• Identify trending data categories and user needs
• Improve our data quality and platform experience
• Develop new health datasets and features based on demand

Legal and Security

• Comply with applicable laws and regulations
• Protect against fraud, unauthorized access, and security threats
• Enforce our Terms of Use and dataset licence agreements
• Resolve disputes and handle complaints

3. Information Sharing and Disclosure

We are committed to protecting your privacy and do not sell, trade, or rent your personal information to third parties for their marketing purposes.

When We May Share Information

• Service Providers: With trusted third-party vendors who help us operate our platform, process payments, and deliver datasets
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Consent: When you explicitly give us permission to share your information

What We Never Share

• Your personal contact information with advertisers
• Your purchase history or dataset usage with third-party marketers
• Your account credentials with anyone
• Your private communications without consent

4. Datasets We Sell — Privacy Compliance

The datasets available on our marketplace are ethically sourced and comply with applicable data protection regulations.

• We do not sell datasets containing personally identifiable information (PII) without proper consent and legal basis
• All datasets are reviewed for compliance before listing on our platform
• We clearly document the source and scope of each dataset
• Purchasers are responsible for using datasets in compliance with applicable laws

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience and provide personalised content.

Types of Cookies We Use

• Essential Cookies: Required for basic website functionality and dataset purchases
• Performance Cookies: Help us understand how visitors use our site
• Functional Cookies: Remember your preferences, filters, and settings
• Targeting Cookies: Deliver relevant advertisements and content

Managing Cookies

You can control and manage cookies through your browser settings:

• Delete existing cookies
• Block cookies from specific websites
• Set preferences for cookie acceptance
• Opt out of third-party tracking

Note: Disabling certain cookies may affect website functionality and your user experience.

6. Data Security and Protection

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

Security Measures

• Encryption: Data transmitted using SSL/TLS encryption
• Access Controls: Limited access to personal information and purchased datasets
• Secure Storage: Dataset files stored on encrypted cloud infrastructure
• Regular Audits: Security assessments and vulnerability testing
• Incident Response: Procedures for handling security breaches

Data Retention

We retain your personal information only as long as necessary to:

• Provide our services and fulfil dataset orders
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Improve our services

When we no longer need your information, we securely delete or anonymise it.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Access and Control

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Restriction: Limit how we use your information

Communication Preferences

• Opt out of marketing emails and newsletters
• Unsubscribe from dataset update alerts
• Manage account preferences

How to Exercise Your Rights

To exercise any of these rights, please contact us. We will respond to your request within 30 days.

8. Third-Party Services and Links

Our website may contain links to third-party websites and integrate with external services. We are not responsible for the privacy practices of these third parties.

Third-Party Services We Use

• Analytics: Google Analytics for website usage statistics
• Advertising: Google Ads
• Cloud Storage: AWS for secure dataset storage and delivery
• Payment Processing: Secure payment gateways for dataset purchases

External Links

When you click on links to external websites:

• You leave our website and privacy policy
• Third-party sites have their own privacy policies
• We recommend reviewing their privacy practices
• We are not responsible for their data handling

9. AI and Automated Processing

We may use automated systems, including artificial intelligence (AI) and machine learning, to operate our website, improve user experience, or process content. This section describes how we handle data in connection with AI and automated processing.

How We Use AI and Automation

• Service operation: We may use AI or automated tools to deliver, personalise, or improve our services
• Content and support: Some content or responses may be created or assisted by AI; such content is for convenience and may not be error-free
• Analytics: Automated systems may analyse usage patterns to improve our platform

Your Data and AI

• Data processed by such systems is handled in accordance with this Privacy Policy
• We do not use your personal information to train third-party AI models for purposes unrelated to providing our services, without your consent
• Where we use third-party AI services, their use of data is governed by their respective privacy policies

AI disclaimer: Where required by law, we disclose that certain content or functionality may be produced or assisted by AI. We do not guarantee the accuracy or reliability of AI-generated or AI-assisted content.

10. Children's Privacy

Orbitrock is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian:

• Please supervise your child's online activities
• Contact us if you believe we have collected information from a child under 13
• We will promptly delete such information

11. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data.

Data Protection Standards

• We comply with applicable data protection laws including GDPR
• We use standard contractual clauses for international transfers
• We ensure third-party processors meet our security standards
• We monitor and audit data handling practices

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws.

How We Notify You

• Post updated policy on our website
• Update the "Last updated" date
• Send email notifications for significant changes
• Display prominent notices on our website

Your continued use of Orbitrock after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: