Privacy Policy
Transparent data practices and strong privacy protections
Introduction
At Orizon Comply (“we”, “our”, or “us”), we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our third-party risk management platform.
This policy applies to all users of our services, including visitors to our website, customers using our platform, and individuals whose data may be processed as part of our services.
Information We Collect
Types of personal data we collect and how we collect it
Account Information
Name, email address, company details, job title, and contact information
Usage Data
How you interact with our platform, features used, and system performance
Technical Data
IP addresses, browser type, device information, and access logs
Communications
Support requests, feedback, and correspondence with our team
How We Collect Information:
- Directly from you: When you create an account, contact us, or use our services
- Automatically: Through cookies, analytics tools, and platform usage
- From third parties: Business contacts, vendors, and integration partners
- Public sources: Publicly available business information for vendor profiles
How We Use Your Data
Legal bases and purposes for processing your personal data
Service Provision
- • Provide access to our platform
- • Process risk assessments
- • Generate compliance reports
- • Maintain vendor databases
Communication
- • Respond to inquiries
- • Send service notifications
- • Provide customer support
- • Share product updates
Improvement
- • Analyze platform usage
- • Enhance security features
- • Develop new capabilities
- • Optimize performance
Legal Compliance
- • Meet regulatory requirements
- • Respond to legal requests
- • Maintain audit trails
- • Prevent fraud and abuse
Data Sharing and Disclosure
When and how we share your personal data with third parties
We do not sell, trade, or rent your personal data. We may share your information only in these limited circumstances:
Service Providers
Cloud hosting, analytics, customer support, and security services under strict confidentiality agreements
Legal Requirements
When required by law, regulation, legal process, or governmental request
Business Transfers
In connection with mergers, acquisitions, or sale of assets (with user notification)
Consent
With your explicit consent for specific purposes
Your Privacy Rights
Rights available to you regarding your personal data
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data in certain circumstances
Right to Portability
Receive your personal data in a machine-readable format
Right to Restriction
Limit how we process your personal data
Right to Objection
Object to processing based on legitimate interests
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected] or use the contact form below. We will respond within 30 days (or as required by applicable law).
Data Security
How we protect your personal data
Technical Safeguards
- • AES-256 encryption at rest
- • TLS 1.3 encryption in transit
- • Multi-factor authentication
- • Regular security audits
- • Intrusion detection systems
Organizational Measures
- • Role-based access controls
- • Employee security training
- • Incident response procedures
- • Vendor security assessments
- • Regular penetration testing
Security Certifications
SOC 2 Type II certified, ISO 27001 compliant, and regularly audited by independent security firms.
International Data Transfers
How we handle cross-border data transfers
We operate globally and may transfer your personal data to countries outside your jurisdiction. All international transfers are protected by appropriate safeguards:
- Adequacy Decisions: Transfers to countries with adequate data protection laws
- Standard Contractual Clauses: EU-approved contracts for data protection
- Binding Corporate Rules: Internal policies ensuring consistent protection
- Consent: Your explicit consent where legally required
Our primary data centers are located in the United States and European Union, with backup facilities in secure, compliant jurisdictions.
Cookies and Tracking Technologies
How we use cookies and similar technologies
We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. For detailed information about our cookie practices, please see our Cookie Policy.
Essential
Required for platform functionality
Analytics
Help us improve our services
Marketing
Deliver relevant content
Policy Updates
How we communicate changes to this privacy policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will notify you via email or platform notification
- We will post the updated policy on our website
- We will update the “Last Updated” date
- For significant changes, we may seek your consent
We encourage you to review this policy regularly to stay informed about our privacy practices.
Contact Us
Get in touch with our privacy team
If you have questions about this Privacy Policy or our data practices, please contact our Data Protection Officer:
Orizon Comply
Attn: Data Protection Officer
123 Market Street, Suite 500
San Francisco, CA 94105
EU Representative
Orizon Comply Europe Ltd.
789 Canary Wharf, Level 8
London E14 5AB, UK
[email protected]