Privacy Policy


Effective Date: 2025-03-04 | Last reviewed: February 2026

1. Introduction

1.1 ORBICAP AB ("we," "our," "us") is committed to protecting your privacy and safeguarding your personal data.

1.2 This policy applies when we act as a data controller concerning your personal data.

1.3 Our policy complies with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.

1.4 We are required by law to inform you about your rights and our obligations regarding the processing and control of your personal data. More information about your rights under GDPR is available from the Swedish Authority for Privacy Protection (IMY): www.imy.se.

1.5 In this policy, references to "we," "us," and "our" refer to ORBICAP AB. For more information, see Section 11.

2. The Personal Data We Process

We may collect, use, store, and transfer different types of personal data, categorised as follows:

  • Identity Data – First name, last name, title, and other identifiers.

  • Contact Data – Email address, telephone number(s), and mailing address.

  • Personal Profile Data – Purchases, interests, preferences, feedback, and survey responses.

  • Financial Data – Bank details and payment information for service transactions.

  • Technical Data – IP address, browser type, time zone, and device information.

  • Marketing Data – Preferences for receiving direct communications (e.g. newsletters), if applicable.

  • Training Data – Recordings, chat logs, and attendance information from online training sessions.

  • Anonymous Data – Aggregated data that does not identify individuals.

We do not collect sensitive personal data (e.g., race, health status, religious beliefs).

Failure to provide the required personal data may prevent us from delivering our services.

3. Purposes of Processing Data and Legal Bases

We process personal data for the following purposes:

3.1 Operations

  • Purpose: Website operation, order processing, and business administration.

  • Legal Basis: Legitimate Interests.

3.2 Contractual Obligations

  • Purpose: Fulfilling contracts for consulting and training services.

  • Legal Basis: Contractual Necessity.

3.3 Communication

  • Purpose: Responding to inquiries and tracking communication.

  • Legal Basis: Legitimate Interests.

3.4 Training Services

  • Purpose: Conducting online training, issuing certificates, and collecting feedback.

  • Legal Basis: Contractual Necessity and Legitimate Interests.

3.5 Consent

  • Purpose: Marketing activities, including newsletters and promotions.

  • Legal Basis: Consent.

3.6 Legal Obligation

  • Purpose: Compliance with legal and regulatory requirements.

  • Legal Basis: Legal Obligation.

3.7 Use of AI and Automated Tools

ORBICAP AB may use digital tools, including AI-supported and automated systems, to support internal analysis, documentation, and quality assurance activities. Such tools are used in a controlled manner and do not replace professional judgment or decision-making.

Where personal data is processed using AI-supported tools, processing is carried out in accordance with GDPR principles, including lawfulness, transparency, data minimisation, and purpose limitation.

ORBICAP AB does not use AI systems to make fully automated decisions producing legal or similarly significant effects on individuals within the meaning of Article 22 GDPR.

4. Data Retention Periods

We retain personal data only as long as necessary for the stated purposes. Client project data is retained for five years after project completion. Training registration data is retained for three years after the training session. Financial data is retained for seven years for accounting and legal purposes. Marketing data is retained until consent is withdrawn. Communication data is retained for two years after the last interaction. Training session data is retained for one year after session completion. Retention periods may be modified due to legal, contractual, or business requirements.

5. Sharing Your Personal Data

These providers act as data processors on our behalf and are subject to data processing agreements.

  • Google Meet for online training sessions.

  • Squarespace for website hosting and analytics.

  • Payment Processors for handling transactions.

  • Legal Authorities, if required by law.

We ensure that all third parties adhere to strict data protection standards.

6. Cookies

Our website uses cookies. Our Cookie Policy details how we use cookies and how you can manage your preferences.

7. Data Security

7.1 We implement SSL encryption and other security measures to protect your data.

7.2 We ensure that online training sessions are secure and that recordings are stored safely.

8. Your Rights

You have the following rights under GDPR:

  • Access – Request a copy of your personal data.

  • Rectification – Correct inaccuracies in your data.

  • Erasure – Request deletion of your data (“right to be forgotten”).

  • Restriction – Request a limitation on how your data is processed.

  • Objection – Object to our processing of your data.

  • Portability – Request the transfer of your data.

  • Withdraw Consent – Revoke consent for processing.

To exercise your rights, contact us at info@orbicap.com.

9. International Data Transfers

9.1 If we transfer your data outside the EU, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs).

  • Data Protection Agreements (DPAs) with third-party service providers.

Where applicable, transfers are limited to what is necessary for service delivery.

10. Complaints

10.1 If you have concerns about our data practices, contact us at info@orbicap.com.

10.2 You may also file a complaint with the Swedish Authority for Privacy Protection (IMY):

  • Website: www.imy.se

  • Email: imy@imy.se

11. Contact Information

  • Company Name: ORBICAP AB

  • Registered Address: Hjortrongränd 10, 182 45 Enebyberg, Sweden

  • Company Registration Number: 559513-0401

  • Email: info@orbicap.com

  • Website: www.orbicap.com

Note: Further information on ORBICAP’s approach to data protection, information security, and the responsible use of AI is available in internal policies provided to clients and partners upon request.

This policy was last updated in February 2026.

We may update the Privacy Policy periodically. The most recent version will always be available on this page, with the update date clearly indicated. Where changes materially affect how we process personal data, we will provide appropriate notice.