Orca Security Privacy Policy

Last updated: January, 2023

Orca Security Ltd., together with our affiliates and subsidiaries (together, “Orca” “we”, “our” or “us”) welcomes you to our website, at: orca.security (the “Website”), and any other website, portal, webinar or other services we may offer you from time to time, in connection with our support or marketing activities (collectively, the “Sites“).

We respect your privacy, therefore we make every effort to ensure that our Sites adhere to the highest privacy standards. This Privacy Policy (the “Policy”) details how we may access, collect, use, store and share Personal Data (defined below) about you (“Visitor”, “User”, “you”), when you visit or interact with any of our Sites. Please read this Policy carefully, so you can fully understand:

  • What information we collect about you
  • How we use information we collect
  • How we share information we collect
  • How we store, retain and secure information we collect
  • How you can access and control your information
  • How we transfer information we collect internationally
  • Other important privacy information

This Policy compliments and should be read in conjunction with our Website Terms of Use (the “Terms of Use”) and our Cookie Policy (the “Cookie Policy”). Any capitalized terms not defined herein shall have the meaning assigned to them in our Terms of Use and/or Cookie Policy. If you use Orca’s products and services, other privacy disclosures and information may apply. Nothing in this Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.

What information do we collect about you?

Personal Data or Personally Identifiable Information (PII), means information that identifies an individual or may, with reasonable efforts, enable the identification of an individual, or as otherwise defined by applicable laws.

We collect Personal Data from you and any device you may use, in the following scenarios: (i) when you actively and voluntarily provide it to us, (ii) when you interact with our Sites, and (iii) when other third parties provide it to us, as further described below.

I. Personal Data Actively Provided by You

We collect Personal Data about you when you actively share it with us through our Sites, such as:

  • Contact details: We collect contact details such as your full name, company, professional title, email and phone number when you actively submit such information through an online form on our Sites, such as the “Contact Us” or “Request a Demo” forms on our Website.
  • Content, Comments & Feedback: We collect comments and feedback, you provide us through our Sites and any social media websites, platforms or apps, and through events operated by us. For example, you may provide us content when you participate in our events.
  • Marketing Information: We collect your preferences for receiving communications about our events, newsletters, webinars, etc., including details about how you engage with our marketing communications.
  • Job Candidate Information: We welcome qualified candidates to apply to any of the open positions posted on our Website or other social platforms by sending us contact details and CVs (“Candidate Information”). We are committed to keep Candidate Information private and will use it solely for our internal recruitment purposes, which we manage on a third-party recruitment platform.

II. Personal Data that We Collect Automatically When You Use our Sites

We collect information about you and any devices you use while browsing and interacting with our Sites.          

  • Usage Information: We may collect data about how you interact with and use features in our Sites. This information may include what links you have clicked on and what videos you have watched, etc.. When we collect user analytics, we use techniques that hash, filter or otherwise scrub Personal Data in order to exclude information that might identify you or your organization.
  • Device and Connectivity Information: We may collect information about the devices you use to access the Sites. This device information may include your connection type and settings, your operating system, browser type, IP address, URLs of referring/exit pages and device identifiers.
  • Cookies and Other Tracking Technologies: Orca and our third-party service providers, such as our analytics vendors, use cookies and other tracking technologies such as web beacons, device identifiers and pixels, to provide service functionality and to authenticate you across different services and devices. Please see our Cookie Policy, which includes information on how to control or opt-out of these cookies and tracking technologies.

III. Personal Data that We Receive from Third-Parties

We may receive your information from other Visitors, Users, third-party services, social media and public databases.

  • Information Referrals Provide About You: We may receive your name, company and email address from a referral, when they have the opportunity to refer a friend, a contact, or otherwise when you are being invited by your employer to participate in one of our events.
  • Third Party Service Providers: Subject to applicable laws, we may receive information about you from third-party service providers of marketing, advertising, business information and social media, such as your job title, email, phone number, social media profile, for the purposes of advertising our services, personalized communications and event promotion.

We may combine the information we collect through the different means described above, in order to update and improve our records, identify new customers and suggest services that may be of interest to you.

How we use information we collect and our legal basis for Personal Data processing

The use of the information we collect depends on which Sites you use, how you use them, how you interact with us, and any preferences you have communicated to us. Under applicable data protection laws (such as the GDPR), companies must have a legal basis to process Personal Data. We rely on different legal bases to process your Personal Data for various purposes, as described below:

I. Processing necessary to perform our contract with you

We process Personal Data as necessary to conclude and perform our contract with you which is our  Sites’ Terms of Use. The categories of Personal Data used and why and how they are processed is set out below:

Why and How we Process Your Personal Data

  • To generally operate the Sites, customize and improve your experience, we:
    • collect information for troubleshooting, diagnostics and debugging.
    • collect and aggregate metrics to monitor Site performance, reliability, and efficiency.
    • test out new Site features to see if they work and undertake experimentation to evaluate the impact of new features.
  • To ensure the safety, security, and integrity of our Sites, we:
    • verify visitors activity to detect, prevent, and respond to potential or actual security incidents.
    • investigate and address any deceptive, fraudulent or illegal activity, including violations of our Sites policies.
  • Provide support and respond to your requests, by:
    • processing requests for support.
    • responding to your requests, such as when you submit a request to schedule a demo.
    • responding to messages that you submit through our Sites.
Data Categories Used
  • Contact details
  • Content, Comments & Feedback
  • Your use of the Sites
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

II. Your Consent

We process Personal Data for the purposes described below when you have given us your consent. The categories of Personal Data used, why and how it’s processed are set out below:

Why and How we Process Your Personal Data

  • Place customer case studies on our Sites:
    • We may publish customer case studies to promote our Services and our Sites, subject to your permission.
  • To market, promote and drive engagement with the Sites:
    • We, our service providers and third-party advertising partners may use your contact and usage information (such as cookies) to send promotional communications that may be of specific interest to you, including by email and by displaying Orca ads on other companies’ websites and applications.  You can control whether you receive direct communications as described below under “Unsubscribe from communications.”

Data Categories Used

  • Contact details
  • Content, Comments & Feedback
  • Contact details
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

If you have consented to our use of information about you for a specific purpose, you have the right to withdraw your consent any time, but this will not affect any processing that has already taken place. To exercise your rights, see the “How you can access and control your personal data” section below.

III. Compliance With A Legal Obligation

We process Personal Data to comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request. Please note that new laws may be enacted or other obligations may become binding on our processing.

Why and How we Process Your Personal Data

  • Compliance with Enforcement Requests and Applicable Laws
    • In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others.

Data Categories Used

  • Contact details
  • Content, Comments & Feedback
  • Your use of the Sites
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

IV. Protection of Your Vital Interests Or Those Of Another Person

Why and How we Process Your Personal Data

  • For protecting your vital interests or those of another person.
    • We may use your Personal Data to protect our customers or the public from harm or illegal activities, or respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Data Categories Used
  • Contact details
  • Content, Comments & Feedback
  • Your use of the Sites
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

V. Legitimate Interests

We rely on our legitimate interests or the legitimate interests of a third-party, such as our users, where they are not outweighed by your interests or fundamental rights and freedoms (“legitimate interests“):

Why and How we Process Your Personal Data

  • To protect our legitimate business interests and legal rights, we:
    • use information about you in connection with legal claims, compliance, regulatory, law enforcement and audit functions, and disclosures in connection with the acquisition, merger or sale of a business. 
    • enforce our agreements, policies and terms of service, protect the security or integrity of our Sites, products and services.

Data Categories Used

  • Contact details
  • Content, Comments & Feedback
  • Your use of the Sites
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

We may anonymize and aggregate information about you, in a way that we are unable to identify you as an individual user (“Anonymous Information”). We may use Anonymous Information and/or disclose it to third parties without restrictions.

How we share your Personal Data

Sharing with third parties

We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Sites.

  • Service Providers: We work with third-party service providers to provide Sites development, hosting, maintenance, backup, storage, analysis and other services for us, which may require them to access or use information about you.  If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including appropriate security and confidentiality procedures.
  • Links to Third Party Sites: The Sites may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third-party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.
  • Third Party Widgets: Some of our Sites contain widgets and social media features, such as the Twitter “tweet” button or Facebook “like” button. These widgets and features may collect your IP address, which page you are visiting on the Sites, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third-party or hosted directly on our Sites. You should always check the privacy settings and notices in these third-party services to understand how those third-parties may use your information.  To learn more please refer to our Cookie policy.
  • With your consent: We share information about you with third parties when you give us consent to do so.  For example, we often display case studies and testimonials of satisfied customers on our Website. With your consent, we may post your name alongside the testimonial.

Sharing with affiliated companies

We share information we collect with affiliated companies and, in some cases, with prospective affiliates.  Affiliated companies are companies owned or operated by us.  The protections of this privacy policy apply to the information we share in these circumstances.

  • Orca Security Companies: We share information we have about you with other Orca Security corporate affiliates in order to operate and improve the Sites, products and services and to offer other Orca affiliated services to you.
  • Business Transfers: We may share or transfer information we collect under this privacy policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.

How we store, secure and retain Personal Data

Information storage and security

We use industry standard technical and organizational measures to secure the information we store. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers.

How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below.  After such time, we will either delete or de-identify your information.

  • Marketing Information: We retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last responded to an email from us or submitted an online form.  We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created (read more in our Cookie policy). 
  • Job Candidate Information: We retain Candidate Information so we could re-consider candidates for other suitable positions and opportunities at Orca; so we can use the Candidate Information as a reference for future applications; and in case the candidate is hired, for additional employment and business purposes related to their employment with us.

Please note, in some circumstances we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually.

How we transfer information we collect internationally

  • Internal transfers: Transfers within the Orca affiliates will be covered by an internal processing agreement entered into by members of the Orca group (an intra-group agreement) which contractually obligates each member to ensure that Personal Data receives an adequate and consistent level of protection when transferred.
  • Access from Israel: Access to Personal Data from Israel is covered by the European Commission’s Adequacy Decision regarding Israel. You can read more here: Adequacy decisions | European Commission.
  • External transfers: When we transfer your Personal Data outside of EU/EEA, for example, to third parties who help us provide our products and services, we will obtain adequate contractual commitments from them to protect your Personal Data.

When we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Data is disclosed.

How you can access and control your Personal Data

Privacy rights. Depending on your location, you could be entitled to submit the following requests about your Personal Data:

  • Access and update your information: You may request that we provide you with information about our processing of your Personal Data and give you access to your Personal Data. You may request that we update or correct inaccuracies in your personal information.
  • Data portability: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another.  Depending on the context, this may apply to information that you submit on our Sites.
  • Request that we stop the use of your information: In some cases, you may request that we restrict the processing (including sharing) of your personal information.
  • Opt out of marketing communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database.  Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages and other non-marketing communications from us regarding our Services.
  • Send “Do Not Track” Signals: Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep.  Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

How do we protect children’s privacy

We do not offer our Sites, products or services for use by children and, therefore, we do not knowingly collect personal data from, and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any personal data to us without involvement of a parent or a guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. In the event that we become aware that you provide personal data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@orca.security.

General Information

Updates to this Privacy Policy

This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. We will provide notice of substantial changes of this Privacy Policy on the homepage of the Services and/or we will send you an email regarding such changes to the email address that you may have provided to us. Such substantial changes will take effect seven (7) days after such notice was provided on our Services or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Services after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes

If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at: privacy@orca.security.