Privacy Policy
Last updated: 12 December 2025
Who we are
This Privacy Policy explains how the ORBCOM Group processes your personal data when you visit our websites, complete forms, apply for opportunities, register for events/webinars or request support.
For the purposes of this Policy, “ORBCOM Group” refers to the brands and websites owned and/or managed by ORBCOM and its group brands (for example, corporate websites and product websites).
Data Controller and contact details
The Data Controller is:
ORBCOM – Equipamentos e Serviços de Informática, Lda.
Tax ID (NIF): 506 172 813
Registered office: Alameda Futebol Clube de Infesta, no. 47, 4465-141 Matosinhos, Portugal
Email (privacy/GDPR): rgpd@orbcom.pt
Data Protection Officer (DPO):
Vitorino Gouveia
Email: dpo@orbcom.pt
Who this policy applies to
This Policy applies in particular to:
- Website visitors to Orcom Group websites;
- Professional contacts (leads/prospects) and customers;
- Participants in events and webinars organised/managed by Orbcom;
- Applicants (job applications and CV submissions);
- Users who request support.
What personal data we collect
Depending on how you interact with us, we may collect:
- Contact details and professional identification data
- Name, email, phone number, company, job title, area, country/city and message content.
- Job application-related data
- CV data, experience, education, contact details, portfolio (where applicable) and information provided by the candidate.
- Event/webinar registration data
- Name, email, phone number (where applicable), company/job title, submitted preferences/questions, attendance/participation.
- Support data
- Identification, contact details, request context, ticket history and technical information necessary for resolution.
- Technical and website usage data
- IP address, online identifiers (cookies/IDs), device and browser type, pages visited, dates/times, interactions with the site and performance/security data.
Note: As a rule, we do not request special category data (e.g. health, religion, biometric data). If you nevertheless send us such data, we ask that you avoid doing so and/or contact the DPO for guidance.
How we collect data
We mainly collect personal data through:
- Website forms (contact, application, event/webinar registration, support);
- Direct contact via email/phone;
- Chat tools (when used);
- Cookies and similar technologies, where authorised in the cookies banner.
Purposes and lawful bases
We process your data only where there is a legal basis to do so, namely:
a) Responding to contact and information requests
Purpose: to respond to questions, proposal requests, meeting requests or general enquiries.
Lawful basis: pre-contractual steps and/or legitimate interest in responding to professional contacts.
b) Managing event and webinar registrations
Purpose: to manage registrations, confirmations, reminders, access, operational communications and sending related materials.
Lawful basis: performance of pre-contractual/contractual steps (event management) and/or consent where applicable.
c) Recruitment and application management
Purpose: to review applications, contact candidates and run selection processes.
Lawful basis: pre-contractual steps (at the data subject’s request) and legitimate interest in managing recruitment processes.
d) Providing support
Purpose: triage, diagnosis and resolution of support requests.
Lawful basis: contractual performance and/or legitimate interest in ensuring support and service quality.
e) Marketing and communications
Purpose: to send communications about events/webinars, news, content, products and services of the Orbcom Group.
Lawful basis: consent (where required) and/or legitimate interest in B2B communications, where legally permitted.
You may at any time object to marketing communications or withdraw your consent via the unsubscribe link (where available) or by emailing dpo@orbcom.pt
.
f) Analytics, website improvement and security
Purpose: to measure traffic and performance, detect errors, improve the experience and strengthen security.
Lawful basis: consent for non-essential cookies; legitimate interest for strictly necessary security and operational measures.
Cookies and similar technologies
We use cookies and similar technologies to:
- Ensure the website functions properly (strictly necessary cookies);
- Measure statistics and performance (analytics);
- Support advertising campaigns and measurement (where applicable).
Non-essential cookies (for example, analytics and advertising) are only used with your consent via the cookies banner/manager. For more details, please see our Cookies Policy.
Tools and processors (who may process data on our behalf)
We may use service providers (processors) that process personal data on behalf of and under instructions from the Orbcom Group, including, among others:
- Website hosting: Bluehost;
- Email marketing and automation: ActiveCampaign;
- CRM and commercial management: Salesforce;
- Analytics: Google Analytics (including integrations via plugins);
- Advertising/remarketing and measurement: Google Ads, LinkedIn;
- Chat: LiveChat;
- WordPress and operational/SEO/performance plugins (for example, Elementor/Elementor Pro, MonsterInsights, Jetpack, Yoast SEO, Autoptimize, among others).
We ensure that processors are subject to confidentiality and security obligations and that they only access what is strictly necessary to provide the service.
International data transfers
Whenever a tool/provider processes data outside the European Economic Area (EEA), the Orbcom Group ensures appropriate legal safeguards are in place, such as Standard Contractual Clauses (SCCs) and/or other safeguards provided under the GDPR.
How long we keep your data
We retain data only for as long as necessary for the purposes described, or for longer periods where there is a legal obligation to do so.
Indicative retention periods:
- Contact requests/leads: up to 5 years after the last relevant contact/interaction, or until a deletion request. If you ask not to be contacted, we may keep a minimal record (suppression list) to respect your request.
- Event/webinar registrations: up to 5 years after the event, for operational management and record-keeping, unless different legal obligations apply or deletion is requested where applicable.
- Support: up to 5 years after the request is closed, for history and service improvement (unless a different obligation/need applies).
- Recruitment/CVs: up to 5 years after receipt/closure of the process, unless you request deletion or there is a legal retention obligation.
- Contractual relationships and invoicing data: for the applicable legal period (namely accounting/tax obligations).
Your rights
Under the GDPR, you have the right to:
- Access your data;
- Rectify inaccurate data;
- Request erasure (where applicable);
- Request restriction of processing (where applicable);
- Object to processing (particularly for marketing);
- Withdraw consent (where processing is based on consent);
- Data portability (where applicable).
- Access your data;
To exercise your rights, contact: dpo@orbcom.pt
We may request additional information to confirm your identity.
Security
We implement appropriate technical and organisational measures to protect personal data, including access controls, encrypted communications (HTTPS), systems protection and internal security procedures. However, no system is 100% secure.
Links to third-party websites
Our websites may contain links to third-party websites. ORBCOM is not responsible for the privacy policies of those sites. We recommend that you read their policies.
Complaints
Without prejudice to other remedies, you have the right to lodge a complaint with the supervisory authority in Portugal (CNPD).
Changes to this policy
We may update this Policy at any time. The current version will always be published on our website(s), with the date of the last update.