Privacy Policy

1. Introduction

Orion Labs (Pty) Ltd (“we,” “us,” “our,” or “Orion Labs”) is committed to protecting your privacy and ensuring the security of your personal information.

This document explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us as a software development and DevOps consultancy.

This policy applies to all visitors, clients, and users of our services, whether accessed through our website at https://orionlabs.co.za or through direct business interactions with our company.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

Contact Information: Name, email address, phone number, company name, job title
Business Information: Company details, project requirements, technical specifications
Communication Data: Messages, feedback, support requests, and other communications
Account Information: Username, password, and account preferences (if applicable)

2.2 Technical Information

We automatically collect certain technical information when you visit our website:

Device Information: IP address, browser type, operating system, device identifiers
Usage Data: Pages visited, time spent on pages, click patterns, referring websites
Cookies and Similar Technologies: Information stored on your device to enhance your browsing experience

2.3 Third-Party Services

We may collect information from third-party services such as:

Analytics providers (Google Analytics, etc.)
Social media platforms
Business directories and professional networks
Payment processors (for invoicing and payments)

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

Providing software development and DevOps consulting services
Managing client relationships and project delivery
Responding to inquiries and support requests
Processing payments and invoicing

3.2 Communication

Sending project updates and status reports
Responding to your questions and concerns
Providing technical support and guidance
Sending important service announcements

3.3 Business Operations

Improving our services and website functionality
Conducting market research and analysis
Developing new service offerings
Ensuring compliance with legal obligations

Sending newsletters and industry insights
Promoting relevant services and solutions
Inviting you to events and webinars
Sharing case studies and success stories

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Contract Performance: To fulfill our contractual obligations and provide services
Legitimate Interest: To improve our services and conduct business operations
Consent: For marketing communications and optional services
Legal Obligation: To comply with applicable laws and regulations, including the Protection of Personal Information Act, 2013 (POPIA)

POPIA Compliance: As a South African business, we are fully compliant with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013), which regulates the processing of personal information in South Africa.

We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in:

Website hosting and maintenance
Email and communication services
Analytics and marketing tools
Payment processing
Cloud infrastructure and development tools

5.2 Legal Requirements

We may disclose your information when required by law, including:

Court orders or legal proceedings
Government investigations
Regulatory compliance requirements
Protection of our rights and property

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

6.1 Security Measures

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication systems
Secure development practices and code reviews
Employee training on data protection

6.2 Data Breach Response

In the unlikely event of a data breach, we will:

Notify affected individuals within 72 hours
Report to relevant authorities as required
Take immediate steps to contain and remediate the breach
Provide guidance on protective measures

7. Data Retention

We retain your personal information only for as long as necessary:

7.1 Retention Periods

Active Clients: Duration of service relationship plus 7 years for legal compliance
Prospects: 2 years from last contact
Website Visitors: 26 months for analytics data
Marketing Contacts: Until consent withdrawal or 3 years of inactivity

7.2 Data Disposal

When data is no longer needed, we securely delete or anonymize it using industry-standard methods.

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 Access and Control

Access: Request a copy of your personal information
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal information
Portability: Receive your data in a structured, machine-readable format

8.2 Marketing Preferences

Opt-out: Unsubscribe from marketing communications
Consent Management: Withdraw consent for specific processing activities
Preferences: Update your communication preferences

8.3 Data Processing Restrictions

Objection: Object to certain types of processing
Restriction: Limit how we use your information
Automated Decisions: Request human review of automated decisions

9. International Data Transfers

As a global consultancy, we may transfer your information internationally:

9.1 Transfer Safeguards

We ensure adequate protection through appropriate safeguards
We use standard contractual clauses for international transfers
We comply with applicable data protection laws and regulations

9.2 Your Location

South African Residents: Your rights under POPIA are fully protected
EU/EEA Residents: Your rights under GDPR are also protected where applicable
Other Jurisdictions: We comply with local privacy laws and regulations
International Clients: We adapt our practices to meet local requirements while maintaining POPIA compliance

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

10.1 Types of Cookies

Essential Cookies: Required for website functionality
Analytics Cookies: Help us understand website usage
Marketing Cookies: Enable personalized content and advertising
Preference Cookies: Remember your settings and choices

You can control cookies through your browser settings:

Block or delete cookies
Set cookie preferences
Opt-out of tracking technologies

11. Children’s Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

12. Third-Party Links and Services

Our website may contain links to third-party websites and services:

12.1 External Links

We are not responsible for the privacy practices of third-party sites
We encourage you to review their privacy policies
We do not endorse or control third-party content

12.2 Integrated Services

We may integrate with third-party tools and platforms
These integrations are subject to their respective privacy policies
We ensure appropriate data protection agreements are in place

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time:

13.1 Notification of Changes

We will notify you of material changes via email or website notice
Changes become effective 30 days after posting
Continued use of our services constitutes acceptance of changes

13.2 Policy History

Previous versions are archived and available upon request
We maintain a record of policy changes and their effective dates

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

14.1 Data Protection Officer

Email: privacy@orionlabs.co.za
Phone: +27 82 539 4422
Address: 42 Price Drive, Constantia, Cape Town, 7800

14.2 General Inquiries

Email: info@orionlabs.co.za
Phone: +27 82 539 4422
Website: https://orionlabs.co.za

14.3 Complaints

If you believe we have not addressed your concerns adequately, you have the right to:

South African Residents: Contact the Information Regulator (South Africa’s data protection authority)
EU/EEA Residents: Contact your local data protection authority
Other Jurisdictions: Contact your local data protection authority
General: File a complaint with relevant regulatory bodies or seek legal counsel regarding your rights

Information Regulator Contact Details:

Website: https://www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Phone: +27 10 023 5200

15. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Republic of South Africa. Any disputes arising from this policy will be resolved in the courts of South Africa, with the Western Cape High Court in Cape Town having jurisdiction for matters related to our business operations, unless otherwise required by applicable law or mutually agreed upon by the parties.

Applicable Legislation: This policy is subject to and complies with:

The Protection of Personal Information Act, 2013 (Act No. 4 of 2013) - POPIA
The Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)
Other applicable South African legislation and regulations

Last Updated: 14 August 2025 Version: 1.0

This Privacy Policy is effective as of the date listed above and applies to all users of our services.