Privacy Policy

Data Controller Information

ourion B.V. is the data controller for the personal information we collect. Our company is registered in the Netherlands with registration number 63581927 and VAT number NL879324516B01. Our registered address is Nieuwstraat 150, 9719 RJ Groningen, Netherlands.

Data We Collect

The data we collect depends on how you interact with our services. We collect the following categories of personal information:

• Contact Information: Name, email address, phone number, company name, and business address when you contact us or register for our services
• Account Information: Username, password, and account preferences for our SaaS platform
• Usage Data: Information about how you use our platform, including access logs, feature usage, and performance metrics
• Technical Information: IP address, browser type, device information, and cookies for website functionality and analytics
• Communication Data: Records of communications between you and ourion, including support tickets and enquiries
• Payment Information: Billing details and payment history (payment card information is processed securely by our payment processors)

How We Use Your Information

We use your personal information for the following purposes, based on legitimate business interests and legal obligations:

• Service Provision: To provide, maintain, and improve our SaaS platform services
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Communication: To respond to your enquiries, send service updates, and provide technical support
• Platform Optimisation: To analyse usage patterns and improve platform performance and functionality
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To protect our platform and users from security threats and fraudulent activity
• Business Operations: To manage billing, payments, and business analytics

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: (a) Contractual necessity for providing our services, (b) Legitimate interests in operating and improving our business, (c) Legal obligations under applicable laws, and (d) Your explicit consent where required. You have the right to withdraw consent at any time where processing is based on consent.

Data Sharing and Disclosure

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party vendors who provide services on our behalf, such as cloud hosting, payment processing, and analytics
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations
• Protection of Rights: To protect the rights, property, or safety of ourion, our users, or others

Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. Account information is typically retained for the duration of your relationship with us and for a reasonable period thereafter for business and legal purposes. Usage data and analytics information may be retained for up to 3 years. You can request deletion of your personal data by contacting us at privacy@ourion.world.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal information:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your personal data
• Right to Data Portability: Receive your personal data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent where processing is based on your consent

International Data Transfers

As a company based in the Netherlands, we primarily process data within the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission. We work only with service providers that demonstrate adequate data protection measures.

Data Security

We implement comprehensive technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and employee training. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and platform. For detailed information about our use of cookies, including types of cookies, purposes, and how to manage your preferences, please refer to our Cookie Policy.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal data, please reach out to us using the following contact information:

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local data protection authority in the EU.