Privacy policy

1. General information

With this Privacy Policy, we want to inform You and explain how OrbyPOS protects the privacy of your personal data. We are highly motivated and firmly committed to protecting and preserving the privacy and confidentiality of the personal data of our users, employees, business partners and others who use our products and services.

This Website and the software solution is the property of One Click Pay LTD, which operates at the address Business Exchange Centre, 26-28 Hammersmith Grove, London, United Kingdom, W6 7BA (hereinafter “The Company”)

This Privacy Policy (which forms part of our Disclaimer) describes in detail how Your information is collected and used by OrbyPOS or its clients.

For the purposes of the Data Protection Act 2018 (hereinafter “the Act”), The Company is the manager of the processing of our own collected data and the executor of data processing on behalf of all our clients who use the System.

In this Privacy Policy , when the male form is used, it always refers simultaneously to female, male, and diverse individuals. Multiple designations are omitted for the sake of better readability.

2. Glossary

For the purposes of using our website and software solution, we only collect data necessary to make Your user experience easy, safe and pleasant as much as possible. Having that in mind, we use different terms in this Privacy Policy. To make sure it’s clear what we’re talking about, below are some definitions of what we mean by each of these terms:

1. Personal data

Personal data is data relating to a person whose identity has been determined or can be determined from this data. This includes information such as name, address, telephone number, email address or other account number, and information about that person’s activities when directly related to that person, such as information about his or her use of the OrbyPOS website or solution. Personal information may also include demographic information such as date of birth, gender, geographic area, location and preferences when such information is linked to other personal information that identifies you. Personal data does not include “group/aggregate” information, that is, data we collect about a group or category of products, services or people, from which individual identities have been removed.

2. Data processing

Data processing refers to any procedure or set of procedures performed on personal data, which includes the collection, recording, organization, structuring, storage, adaptation or alternation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available disposal, alignment or combination, limitation, erasure or destruction.

3. Storage system

Storage system means any structured set of personal data that is accessible in accordance with specified criteria, whether centralized, decentralized or distributed on a functional or geographical basis.

4. Usage data

Usage data is automatically collected data either generated by the use of the Service or from the infrastructure of the Service itself (for example, the duration of website visits).

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate work performance (of our clients) or certain personal aspects relating to a natural person, in particular to analyze or predict aspects of personal preferences, needs, interests, location, etc.

6. Consent

Consent means any freely given, specific, informed and unambiguous indication of the clients and user’s wishes by which he or she, by a statement or a clear affirmative action, signifies consent to the processing of personal data relating to him or her.

7. Client

Client is every individual person who uses our service in a way that it has obtained a license from the service provider, the right to install and use the service provided by OrbyPOS and also has purchased or rented a device to use the OrbyPOS software solution, in accordance with these Terms and conditions, with the obligation to pay a fee to The Company. The client corresponds to the data subject, which is the subject of personal data.

8. User

User is a legal or natural persons who are registered or unregistered, and who use OrbyPOS in order to receive a service from the Client (e.g., a consumer who orders a drink and/or meal in a restaurant, etc.). The user is also the subject of personal data.

9. Data controller

Data controller means the person or entity that determines the purposes and manner in which personal data is or will be processed. For the purposes of this Privacy Policy, The Company is the data controller that you provide to us for enquiry, setup and management of your OrbyPOS system.

10. Data processors (or service providers)

Data processor (or service provider) means a person or entity that processes data on behalf of the Data Controller. We may use the services of different Service Providers to process your data more efficiently.

11. Data subject

A data subject is any individual person who is a subject of personal data.

12. Cookies

Cookies are small pieces of data stored on the clients and user’s device.

13. Personal data breach

Personal data breach is any breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.

14. Third parties

Third parties are natural or legal person, public authority, agency or body other than the data subject, data controller, processor or persons who are authorized to process the personal data under the direct authority of the controller or processor.

3. Type of data we collect.

3.1.Personal data

While using our Service, we may ask you to provide us with certain personal informations that can be used for contact or identification (“Personal data”) and for concluding the contract with us. Personally identifiable informations may include, but is not limited to: email address, phone number, full name, address, country, province/region, zip code, city, credit card information, location, profile picture, language preferences, allergies, currency you use, date of birth, special dining conditions if applicable, gender, disability information if applicable.

We may use your personal information to contact you about new features or announcements, to inform you about the status of your account, to issue invoices, receipts or payment reminders, or any other information that may be relevant (and/or important) to you.

Although we do not recommend it, you may opt out of receiving emails about new features and similar announcements by clicking the ‘opt-out’ link or following the instructions in the email. You cannot opt out of receiving transactional emails or notifications regarding your account status, security announcements, system upgrade or other communications that may be critical to the operation of your account.

Of course, if You are no longer a client or user of the OrbyPOS solution, and all business with us has been concluded (for example, you have closed your company and your OrbyPOS account), You can opt out of all communication with us by requesting the deletion of your data. For more details, please find point 6. and 7. of this Privacy Policy.

3.2.Usage data

We may also collect information about how the Service is accessed and used (“Usage Data”). This usage data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. We also need this informations in order to ensure maximum protection and customer service (e.g., if You cannot access your account).

3.3. Tracking and cookie data

We use cookies and similar tracking technologies to track activity on our website and application and to hold certain information.

Cookies are files with small amounts of data that may include an anonymous unique identifier. They do not cause any damage to your device, they do not contain harmful computer programs (such as viruses, “bugs” or similar). Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are tags and scripts to collect and track information and to improve and analyze our service.

Cookies usually save Your settings, settings for a website, such as the selected language or address. So, when you subsequently open the same web page again, the web browser sends back the cookies belonging to that page, which enables the page to display information adapted to your needs (for example, in the language you selected).

You must accept certain cookies to ensure the operation of our website and without which our website would not be able to function, which we bring to you as follows:

session cookies (we use these cookies for the operation of our service), like cookies for client and user input (id – session), session cookies for multimedia content, session cookies for more balanced loading, cookies for sharing the content of social networks/third parties for logging in their members,

preference cookies (we use these cookies to remember your settings and various settings) like cookies to customize the user’s interface during the session

security cookies (we use them to ensure the protection of your data) like authentication cookies that are used to verify the authenticity of services and security cookies that are aimed at the client and user in order to detect abuse.

Furthermore, when using our website, You can also use functional cookies (cookies whose task is to ensure a more pleasant use of the application, for example by saving the language in which this webpage is translated), performance or statistical cookies (cookies whose task is to determine how you use our site in order to also ensure that more pleasant user environment) and marketing cookies (cookies whose task is to display advertising content that is suitable for you and that might interest you). It is important You to know that we need Your consent to use these cookies (functional, performance/statistical and marketing).

Also, these cookies (functional, performance/statistical and marketing cookies) can be turned on or off as needed.

You can control and/or delete cookies on your personal computer. If you delete or block cookies, some parts of the website, or the website as a whole may not function.

You can see more about deleting cookies at the link

4. Principles related to the processing of personal data:

We are firmly committed to protecting your data. Therefore, in order to provide you with the best service and protect your personal data, we are guided by several principles when processing Your personal data:

Lawfulness: processing is lawful only if and to the extent that at least one of the following applies:

(a) the client/user has given consent for the processing of his or her personal data for one or more specific purposes.

(b) the processing is necessary for the execution of a contract to which the client/user is a party or for taking steps at the request of the data subject before concluding the contract.

(d) processing is necessary to protect the vital interests of clients/users or other natural persons.

(e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official powers assigned to the controller.

(f) the processing is necessary for the purpose of legitimate interests pursued by the controller or a third party, except when such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data.

In this way, legitimate interests mean commercial interests such as the right to constantly improve the quality of our services, and to generally improve our business processes in a way that does not harm your interests, rights and freedoms. With this in mind, we periodically survey our clients and users regarding their satisfaction with using our services, completing purchases, direct advertising, and to prevent abuse and detection of fraud.

Transparency – We will try to ensure your trust in the transparency of personal data processing, especially by providing our clients with all the necessary information regarding processing procedures.

Limitation of purpose – collected personal data will be used only for specific, explicit and legitimate purposes and may not be further processed in a way that is incompatible with these purposes.

With storage limitation – collected personal data is kept only as long as is necessary for the purposes for which it is processed. However, the same data can be stored for longer periods only if it is necessary for the purposes of public interest, legal obligations (fulfilment of tax obligations, accountancy reasons, etc.) and the legitimate interests of the data controller (for example, in the case of court disputes, etc.)

Accuracy – We will try to ensure that your personal information is accurate and up to date. With this in mind, we are binding to undertake every reasonable step to ensure that personal data that is inaccurate is rectified or deleted without delay.

Integrity and confidentiality – we are binding to undertake to process the collected personal data in a way that ensures the security of their protection. In doing so, we use different types of technical measures (for example, encryption and establishment of passwords) as well as organizational measures (establishment of a data controller, keeping up to date with legal regulations on the protection of personal data), thereby protecting the security of your personal data from breaches.

5. How we use personal data.

5.1. Collection and use

We collect and use your personal data for the operation of our website and in order to provide You and Your users with the most pleasant user environment.

We will use Your personal information to provide You and Your users with online ordering services, customer management utilities, technical support, billing and credit control, sales and support, product upgrades and information. We also use Your personal data to monitor the use of the service and to detect, prevent and solve technical problems, so that the same problems do not reoccur in the future.

We treat all information we collect from you as strictly confidential. We do not rent or make available its customer lists, or any other information contained in your account (including customer information) to third parties. We will not disclose, sell, distribute, rent, license, share or pass on to any third party (other than those who contract or provide services to us, including spam filter operators) any personal information you may provide to us or that are stored in your account, unless we have your express consent to do so, except in the circumstances set out in the following paragraph.

5.2. Your Privacy and Disclosure

We will not disclose any of your personal data uploaded to our servers to anyone without your consent, except as permitted or required by law to various regulatory authorities and law enforcement officers and agencies, for fraud protection and related security purposes (e.g., protection of personal data to supervisory authority at your own request).

In the event of a merger, acquisition, other status changes of our company, sale of our assets, or sale of the assets of our clients, your personal data may be transferred. We will send a notice before your personal information is transferred and becomes subject to different Privacy Policies.

5.3. Registration

You can browse our site without the obligation to register on our site. However, we specifically inform You that it is not possible to place an order and/or pay for it without registering and entering personal data such as name, surname, card information, payment, into our system.

In order to provide the best possible user experience and ensure the protection of your data, during the order / use of our services, we may need to carry out checks of your identity (proof of your identity). When placing the order with us, you give your consent for us to carry out these checks, in order to avoid any violations of the processing of your personal data.

5.4. Data Retention

We will only retain your personal information for as long as it is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data, in accordance with and to the extent necessary to fulfill our legal obligations (for example, if we are required to retain your data to comply with applicable laws, tax obligations, or similar), resolve disputes and implement our legal contracts and policies. This all is for the reason that we could provide You and Your clients with the best possible customer support for your inquiries and so that we could follow up on any previous conversation.

At the end of the data retention period, we are binding to remove the collected personal data from the system and archives or convert them into anonymous data on the basis of which it is not possible to identify the client or user.

Also, please note that we will retain usage data for internal analysis purposes, so long we have Your consent. Usage data is generally kept for a shorter period, except when that data is used to strengthen security or improve the functionality of our service or when we are legally required to keep that data for a longer period of time.

Of course, it is important to mention that the important role in retention of Your data, you have too. By withdrawing Your consent, you are forbiting us to use Your data in marketing purposes or the purpose of using our service, except if we are bound to keep Your data by law or have legit interest (for the judicial purposes). However, bear in mind that if You withdraw consent, you will not be able to use our service. For more details on how to retreat Your consent, please check point 6. and 7. of this Privacy policy.

5.5. Data security

OrbyPOS has a wide range of security features to protect your personal information from unauthorized access. In addition, we maintain our servers in a controlled and secure physical environment, however no method of data storage and transmission (whether electronic or physical) can be considered 100% secure and therefore we cannot make this guarantee.

In addition to that, we are constantly working on security updates and improving and testing technical measures (e.g., encryption, establishment of passwords) and organizational measures (monitoring of new legal regulations) to maintain the security of everything.

We protect your data (e.g., payment, card and order data) using Socket layer technology/protocol (the so-called SSL protocol). SSL technology / protocol means the encryption of your personal data in coded text that can only be read with the help of a decoding key.

However, it is important to know that You also have an important role in protecting your data. You are responsible for maintaining the confidentiality of your personal information, account information and password. Your passwords protect your personal information, and you are responsible for all activities that occur on your account or in connection with suspect that the security of your password or account has been compromised in any way.

6. Your rights according to the Act

OrbyPOS may process your personal data for:

Execution and compliance with contractual provisions with you
You have given us consent to do so
The processing is in our legitimate interest and is not overridden by your rights
For payment processing purposes
Compliance with the law

In certain circumstances, you have the following data protection rights:

The right to access, update or delete the information we have about you.
Right to rectification. You have the right to correct your data if this data is incorrect or incomplete.
The right to object. You have the right to object to our processing of your personal data.
Right of limitation. You have the right to request that we limit the processing of your personal data.
The right to data portability. You have the right to receive a copy of your personal data in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time when OrbyPOS has relied on your consent to process your personal data.
The right to submit a complaint to the supervisory authority; If you live in the UK, you have the right to complain to a Information Commissioner, as the supervisory authority about our collection and use of your personal data.

More information about Your Information Commissioner You can find on the link

You can exercise all these rights by contacting our Data Protection Officer at the email address dpo@oneclickpay.co.uk

7. Legal basis for processing personal data in EEA according to the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), OrbyPOS’s legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect it.

OrbyPOS may process your personal data for:

Execution and compliance with contractual provisions with you
You have given us consent to do so
The processing is in our legitimate interest and is not overridden by your rights
For payment processing purposes
Compliance with the law

7.1. Your data protection rights under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We also extend these rights to all clients and users, even if you are located outside the EEA/EEA. We aim to take reasonable steps to enable you to correct, amend, delete or restrict the use of your personal information.

If you want to be informed about what personal data, we have about you and if you want it removed from our systems, please contact us through our Data Protection Officer at the email address that is listed at the end of this paragraph.

In certain circumstances, you have the following data protection rights:

The right to access, update or delete the information we have about you.
Right to rectification. You have the right to correct your data if this data is incorrect or incomplete.
The right to object. You have the right to object to our processing of your personal data.
Right of limitation. You have the right to request that we limit the processing of your personal data.
The right to data portability. You have the right to receive a copy of your personal data in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time when OrbyPOS has relied on your consent to process your personal data.
The right to submit a complaint to the supervisory authority; If you live in the EEA, you have the right to complain to a data protection supervisory authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

You can exercise all these rights by contacting our Data Protection Officer at the email address dpo@oneclickpay.co.uk

Please note that we may ask you to verify your identity before responding to such requests. If you are a customer of our Client that uses the OrbyPOS Solution, you will need to contact that company directly to discuss or invoke your protection rights.

7.2. OrbyPOS as data processor

We provide online software commonly used to manage businesses based on online ordering. As part of using OrbyPOS, you, our customer, will likely store personal information about your customers in your Orby account. According to the Act, in these circumstances you are considered the data controller, and we are your data processor.

You are responsible for respecting the privacy and related rights of your customers. As your Data Processor, we will take care to protect the privacy of your customers and will process their personal data in accordance with the terms of our contract with you and according to your legal instructions.

7.3. Transferring and processing of the personal data in UK

If your place of residence is outside the territory of the UK , please note that personal data collected through this application will be transferred to the UK and processed and stored there, in accordance with data protection standards in the UK . By using this application, providing the personal data, and giving consent You agree to such data transfer and processing in the UK .

7.4. Third Party Service Providers

We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform services related to the Service, or to help us analyze how our Service is used.

These third parties have access to your personal information only to perform these tasks on our behalf and undertake not to disclose or use it for any other purpose.

Some of them are named as it follows:

Google Analytics

Google Analytics is a web analytics service provided by Google that monitors and reports on website traffic. Google uses the collected data to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt out of your activity on the Service being available to Google Analytics by installing the Google Analytics opt-out browser add-on. The plugin prevents Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visit activity. For more information about Google’s privacy practices, visit Google’s privacy and terms here.

Payment processors

We use third-party services (e.g., payment processors) to process payments. These payment processors adhere to the standards set by PCI-DSS, which is administered by the PCI Security Standards Council, a collaborative effort of brands such as Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure secure handling of payment data.

As an online payment system in OrbyPOS, we use Adyen.

8. Links to other sites

Our service may contain links to other sites that we do not control. If you click on a third-party link, you will be redirected to that third party’s site. We strongly advise you to review the Privacy Policy of each site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

9. Special protection of children’s personal data.

Our Services are not intended for use by people under the age of 16. With that in mind, we hereby kindly ask if you are under the age of 16, to stop using our site or service.

However, it is clear that sometimes is difficult to determine the exact age of our users. In order to be sure that what we are doing is correct, we make a special appeal to parents to contact us in order to safely remove personal data from our system.

10. Changes to the privacy policy

From time to time, we will update this Privacy Policy as necessary. Revised versions will be updated on this website and will become effective upon publication, which we will notify you via this page. Your continued use of the website and our solution will be deemed as acceptance/consent of the amended provisions of the Privacy Policy.

11. Feedback

We welcome your feedback. If you have any comments about this Privacy Policy or our services or would like to contact us or our data protection officer for any reason, please send an email us to info@oneclickpay.co.uk to or via the contact form on our website.

Data Protection Officer: dpo@oneclickpay.co.uk

This Privacy Policy is effective and applicable from 18th January 2024.