Privacy Policy

1. Who We Are

Orion AI Group Ltd ("Orion", "we", "us", "our"), trading as Orion Automation, is a company registered in England and Wales (Company No. 17100141). Our registered address is 100 Bishopsgate, London, EC2N 4AG. We are the data controller for personal data processed through our website and services.

For data protection enquiries, contact us at: info@orion-ai.co.uk

2. What Data We Collect

We may collect and process the following personal data:

• Contact information: Name, email address, phone number, job title, and company name provided via our contact forms or email correspondence.
• Technical data: IP address, browser type and version, time zone setting, operating system, and platform when you visit our website.
• Usage data: Information about how you use our website, including pages visited, time spent, and navigation patterns.
• Client data: Business data provided during the delivery of our AI automation services, as governed by our Service Agreement and Data Processing Agreement.

3. How We Use Your Data

We use personal data for the following purposes:

Purpose	Legal Basis (UK GDPR)
To respond to your enquiries and provide quotes	Legitimate interest
To deliver contracted AI automation services	Performance of a contract
To send relevant service updates and insights	Legitimate interest (with opt-out)
To improve our website and services	Legitimate interest
To comply with legal obligations	Legal obligation

4. Data Sharing

We do not sell your personal data. We may share data with the following categories of third parties, only to the extent necessary to deliver our services:

• Technology providers: Anthropic (AI processing), Make.com (workflow automation), Vapi.ai (voice agents), Google Workspace (communications), Stripe (payment processing).
• Professional advisors: Accountants, legal counsel, and auditors bound by professional confidentiality obligations.
• Regulatory authorities: Where required by law, court order, or regulation.

All third-party processors are bound by data processing agreements compliant with UK GDPR Article 28.

5. International Transfers

Some of our technology providers are based outside the UK and EEA. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO).

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Enquiry data is retained for 24 months. Client data is retained for the duration of the service agreement plus 12 months, unless a longer retention period is required by law. You may request earlier deletion at any time.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of your personal data.
• Right to rectification — request correction of inaccurate data.
• Right to erasure — request deletion of your data ("right to be forgotten").
• Right to restrict processing — request limitation of how we use your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interest, including direct marketing.

To exercise any of these rights, contact us at info@orion-ai.co.uk. We will respond within 30 days.

8. Cookies

Our website uses minimal cookies. For full details, please see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS), access controls, and regular security reviews.

10. Complaints

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.