This Privacy Policy explains how Orbid OÜ processes personal data in connection with its marketing website. It is written to comply with the EU General Data Protection Regulation (GDPR) and applicable Estonian law.
Scope. This policy covers only the ORBID marketing website. The ORBID platform (the business-to-business marketplace and tendering application, accessed through a separate login) is governed by its own separate privacy policy. If you use the platform, please refer to that policy.
1. Controller
The controller responsible for the processing of personal data described in this policy is:
Orbid OÜ, Tuukri tn 19-202, 10120 Tallinn, Estonia. Registry code 17395333. Email: info@orbid.one.
2. What data we process and why
We have deliberately kept the marketing website low on data collection. We do not use analytics cookies or tracking technologies on the marketing website, and we do not display advertising or use advertising pixels.
a) Server log data. When you visit the website, our hosting provider automatically processes technical information that your browser transmits, including your IP address, browser type and version, operating system, the page visited, and the date and time of access. This data is processed to deliver the website securely and reliably and to detect and prevent technical faults and misuse.
Legal basis: our legitimate interest in operating a secure and functional website (Article 6(1)(f) GDPR).
b) Contact by email. If you contact us by email (for example at info@orbid.one), we process the data you provide — your email address, your name if given, and the content of your message — in order to handle your enquiry and respond to you.
Legal basis: our legitimate interest in responding to enquiries (Article 6(1)(f) GDPR) and, where your enquiry relates to a potential or existing business relationship, the performance of pre-contractual or contractual steps (Article 6(1)(b) GDPR).
c) Booking a call. Our website links to an external scheduling service, Cal.com, where you can book a call with us. If you follow that link and book a call, you leave our website and provide your data directly to Cal.com, which acts as the controller for that booking process on its own platform. The data you submit (such as your name, email address and chosen time) is processed by Cal.com under its own privacy policy. We receive the booking details in order to attend the call you have scheduled.
Legal basis: our legitimate interest in arranging requested meetings and taking pre-contractual steps (Article 6(1)(b) and (f) GDPR).
3. Service providers (processors)
We use the following service providers to operate the marketing website. They process personal data on our behalf as processors under data-processing agreements, or, where indicated, act as independent controllers.
Netlify (website hosting). Provided by Netlify, Inc. Hosting infrastructure may involve processing in the United States; such transfers are safeguarded by the EU Standard Contractual Clauses.
IONOS (email and domain services). Provided by IONOS SE, Germany (EU). Used for our email communications and domain.
Webflow (website builder/content delivery). Provided by Webflow, Inc. May involve processing in the United States, safeguarded by the EU Standard Contractual Clauses.
Cal.com (call scheduling, via external link). Acts as an independent controller for bookings made on its own platform, under its own privacy policy.
4. International transfers
Some of our service providers are established outside the European Economic Area or process data outside it. Where personal data is transferred outside the EEA, we rely on appropriate safeguards, primarily the European Commission's Standard Contractual Clauses, to ensure an adequate level of protection. You may request a copy of the relevant safeguards by contacting us at info@orbid.one.
5. How long we keep data
We keep server log data only for as long as necessary for security and operational purposes and then delete or anonymise it. We keep email correspondence for as long as necessary to handle your enquiry and, where it relates to a business relationship, for the period required to manage that relationship and to comply with applicable legal retention obligations. We do not keep personal data longer than necessary for the purposes for which it was collected.
6. Your rights
Under the GDPR, you have the right to:
access the personal data we hold about you;
request rectification of inaccurate data, or completion of incomplete data;
request erasure of your data;
request restriction of processing, or object to processing based on our legitimate interests;
data portability, where applicable; and
withdraw any consent you have given, at any time, without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at info@orbid.one. You also have the right to lodge a complaint with a data protection supervisory authority, in particular the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, Estonia, www.aki.ee, or the authority in your country of residence.
7. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The current version is indicated by the version date at the bottom of this policy.
8. Contact
For any questions about this Privacy Policy or about how we process your personal data, contact us at info@orbid.one.
Last updated: 25 May 2026