Legal Documentation

Your Privacy
Is Our Commitment.

At Ornetis, we believe privacy is a fundamental right, not a compliance checkbox. This policy explains clearly and transparently how we handle your personal information.

Effective Date

February 17, 2026

Last Revised

February 17, 2026

Applies To

ornetis.com & all services

Jurisdiction

Global

Section 01

Who We Are

Ornetis ("we," "us," or "our") is an IT consulting company specializing in technology strategy, infrastructure solutions, software development, cybersecurity advisory, and managed IT services. Our website is located at ornetis.com.

We act as the data controller for personal information collected through our website and business operations. This Privacy Policy applies to all visitors, prospects, clients, and partners who interact with us online or offline.

If you have any questions about this policy, you can always reach our Privacy Officer at info@ornetis.com before providing us with any personal information.

Section 02

Information We Collect

We collect information in two ways: information you provide directly to us, and information collected automatically when you use our website.

Information you provide:

→Contact details: name, email address, phone number, company name, job title
→Inquiry and project details submitted via contact or consultation forms
→Account credentials if you access a client portal or collaboration tool
→Payment and billing information processed via secure third-party providers
→Communications you send us via email, chat, or support channels
→Event registration data for webinars, workshops, or conferences

Automatically collected data:

→IP address, browser type, operating system, and device identifiers
→Pages visited, time spent, referral URLs, and click-stream data
→Cookie identifiers and similar tracking technologies (see Section 6)
→General geographic location derived from IP address

Section 03

How We Use Your Data

We use the information we collect for the following purposes:

→To respond to your inquiries, provide quotes, and deliver consulting services
→To manage client accounts, project communications, and service delivery
→To send service updates, invoices, and important operational notices
→To send marketing communications about our services (with your consent, where required)
→To improve our website, analyze traffic patterns, and enhance user experience
→To comply with legal obligations and enforce our agreements
→To detect, prevent, and investigate fraud or security incidents
→To conduct research and develop new service offerings

We do not sell your personal data to third parties. Ever. Our business model is built on trust, and monetizing your data would directly contradict that foundation.

Section 04

Legal Basis for Processing

Where applicable (e.g., under GDPR), we rely on the following legal bases to process your personal data:

•
Contract performance — processing necessary to deliver our consulting services to you
•
Legitimate interests — improving our services, marketing to business contacts, fraud prevention
•
Consent — sending marketing emails or placing non-essential cookies (you may withdraw consent at any time)
•
Legal obligation — complying with applicable laws, regulations, and court orders

Section 05

Data Sharing & Third Parties

We may share your personal information with trusted third parties only in the following circumstances:

→
Service providers — CRM, cloud hosting, email platforms, payment processors, and analytics tools operating under data processing agreements
→
Professional advisors — lawyers, accountants, and auditors under confidentiality obligations
→
Legal authorities — when required by law, regulation, or valid legal process
→
Business transfers — in connection with a merger, acquisition, or sale of assets (you will be notified in advance)
→
With your consent — in any other circumstances, only with your explicit approval

All third-party vendors are carefully vetted and contractually obligated to protect your data in accordance with this policy and applicable law.

Section 06

Cookies & Tracking Technologies

We use cookies and similar technologies to improve our website's functionality, analyze usage, and deliver relevant content. Our cookies fall into the following categories:

→
Strictly necessary — essential for the website to function (cannot be disabled)
→
Performance & analytics — help us understand how visitors use our site (e.g., Google Analytics)
→
Functional — remember your preferences (language, region)
→
Marketing — used to deliver relevant ads and measure campaign effectiveness

You can manage or withdraw consent for non-essential cookies at any time via our cookie preferences center or by adjusting your browser settings. Note that disabling certain cookies may affect website functionality.

Section 07

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Our general retention guidelines are:

•
Client and project records — 7 years after contract end (for tax and legal compliance)
•
Marketing contact data — until you unsubscribe or request deletion
•
Website analytics data — 26 months (anonymized thereafter)
•
Support and communication records — 3 years from last interaction
•
Cookie data — varies by cookie type (typically 1–24 months)

When data is no longer required, we securely delete or anonymize it in accordance with our data disposal procedures.

Section 08

Data Security

As an IT consulting company, security isn't just a policy — it's in our DNA. We implement industry-leading technical and organizational measures to protect your personal data, including:

→End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
→Multi-factor authentication for all systems that process personal data
→Regular penetration testing and vulnerability assessments
→Role-based access controls and principle of least privilege
→Security awareness training for all Ornetis staff
→Incident response plan with defined breach notification procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by law.

Section 09

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. We honor all valid requests promptly (within 30 days):

Access

Request a copy of the personal data we hold about you.

Rectification

Correct inaccurate or incomplete personal data.

Erasure

Request deletion of your data ('right to be forgotten').

Restriction

Limit how we process your data in certain circumstances.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interests.

Withdraw Consent

Revoke consent at any time without affecting prior processing.

Non-Discrimination

Exercise rights without penalty (CCPA-protected right).

To exercise any of these rights, contact us at info@ornetis.com. We may need to verify your identity before processing your request.

Section 10

International Data Transfers

Ornetis may process or store your personal data in countries outside your home jurisdiction, including countries that may not provide the same level of data protection as your home country.

When transferring data from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on the appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other valid transfer mechanisms. A copy of the relevant safeguards can be provided upon request.

Section 11

Children's Privacy

Our website and services are directed to business professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we discover that we have inadvertently collected information from a child, we will delete it immediately.

If you believe a child has provided us with personal information, please contact us at info@ornetis.com.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will:

→Update the 'Last Revised' date at the top of this page
→Display a prominent notice on our website for 30 days following the update
→Notify registered clients and subscribers via email for significant changes

Your continued use of our website after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

Section 13

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to our Privacy Officer:

Ornetis — Privacy Officer

For general privacy inquiries, data subject requests, or to report a potential security incident:

info@ornetis.com

We aim to respond to all privacy requests within 5 business days and to resolve them within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been violated.

Your PrivacyIs Our Commitment.