Orietech, trading name of AI-ENGAGE LTD, registered in England and Wales. Registered office: 71-75, Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. ("Orietech," "we," "us," or "our"), operates orietech.co.uk and provides web hosting services (the "Services"). We are the data controller for personal data processed in connection with our Services.
This Privacy Policy explains how we collect, use, store, and disclose your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
By using our Services, you confirm that you have read and understood this Privacy Policy.
1 Personal Data We Collect
1.1 Information You Provide
- Account details: name, email address, postal address, telephone number, business name, VAT number, and password.
- Payment information: billing address and payment card details, processed by our PCI-DSS compliant payment providers (Stripe and PayPal). We do not store full card numbers.
- Verification data: government-issued identification, proof of address, or business registration documents where required for fraud prevention or legal compliance.
- Support communications: email and chat correspondence, including support ticket content.
1.2 Information Collected Automatically
- Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
- Server and service data: bandwidth usage, disk usage, uptime metrics, and technical diagnostics.
- Cookies: see Section 7.
1.3 Information from Third Parties
Identity verification services, fraud prevention databases, payment processors, and publicly available sources.
2 How We Use Your Personal Data and Our Lawful Bases
Under the UK GDPR, we rely on the following lawful bases:
| Purpose | Lawful Basis |
|---|---|
| Providing hosting and related Services | Performance of a contract |
| Processing payments and managing subscriptions | Performance of a contract |
| Account security, fraud prevention, and abuse detection | Legitimate interests / Legal obligation |
| Customer support and service communications | Performance of a contract |
| Marketing emails to existing customers about similar services | Legitimate interests (soft opt-in under PECR) |
| Marketing to prospects | Consent |
| Service improvement | Legitimate interests |
| Compliance with tax, accounting, and other legal duties | Legal obligation |
| Establishing, exercising, or defending legal claims | Legitimate interests |
You can object to processing based on legitimate interests at any time (see Section 10).
3 Marketing Communications
We will only send you marketing emails about products or services similar to those you have purchased, unless you have opted in to broader marketing. You can opt out at any time using the unsubscribe link in any marketing email or by contacting support@orietech.co.uk.
4 Who We Share Your Personal Data With
We do not sell your personal data. We share it only with:
- Service providers: data centres, payment processors (Stripe, PayPal), email delivery services, customer support platforms, and fraud prevention vendors. All are bound by written contracts requiring them to protect your data.
- Regulators and law enforcement: where required by law, court order, or a valid legal request, including disclosures to HMRC, the Information Commissioner's Office (ICO), Action Fraud, or the police.
- Professional advisers: lawyers, auditors, accountants, and insurers under duties of confidentiality.
- Buyers or successors: in the event of a sale, merger, restructuring, or insolvency.
- With your consent: any other recipients you authorise.
5 Hosted Content
You are responsible for the data you upload, store, or process through our Services. Where that data includes personal information of third parties, you remain responsible for complying with applicable data protection laws.
We will not access your hosted content except:
- To deliver support you have requested.
- To investigate suspected breaches of our Terms of Service or Acceptable Use Policy.
- Where required by law.
6 International Data Transfers
Where we transfer personal data outside the UK, we rely on one of the following safeguards:
- An adequacy decision issued by the UK government.
- The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.
- Other lawful transfer mechanisms approved under UK GDPR.
A list of countries where your data is processed is available on request.
7 Cookies
We use a single strictly necessary session cookie to keep you logged in and maintain the security of your session. This cookie is deleted when you close your browser.
We do not use analytics, advertising, retargeting, or any other tracking cookies. Under PECR, strictly necessary cookies do not require your consent.
8 Data Retention
We retain personal data only for as long as necessary:
| Data | Retention period |
|---|---|
| Active account data | Duration of the contract |
| Billing and tax records | 6 years after the end of the relevant accounting period (HMRC requirement) |
| Support communications | Up to 3 years after closure |
| Marketing data | Until you withdraw consent or object |
| Server backups | Up to 30 days after deletion |
| Fraud and abuse records | Up to 6 years |
After these periods, data is securely deleted or anonymised.
9 Data Security
We implement appropriate technical and organisational measures, including:
- TLS/SSL encryption in transit and encryption at rest where appropriate.
- Role-based access controls and multi-factor authentication for staff systems.
- Regular vulnerability scans.
- Secure data centres with physical access controls.
You are responsible for keeping your account credentials confidential.
10 Your Rights Under UK GDPR
You have the right to:
- Be informed about how we use your personal data.
- Access the personal data we hold about you (subject access request).
- Rectification of inaccurate or incomplete data.
- Erasure ("right to be forgotten") in certain circumstances.
- Restriction of processing in certain circumstances.
- Data portability for data you have provided to us.
- Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent at any time where processing is based on consent.
- Not be subject to a solely automated decision producing legal or similarly significant effects.
To exercise any right, contact us at Support@orietech.co.uk. We will respond within one month. There is no fee unless the request is manifestly unfounded or excessive.
Right to Complain
You have the right to complain to the Information Commissioner's Office (ICO) if you believe we have not handled your data properly.
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk
We would appreciate the chance to address your concerns before you approach the ICO, so please contact us first.
11 Children's Privacy
Our Services are not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
12 Third-Party Websites
Our Services may link to third-party sites. We are not responsible for their privacy practices. Please read their privacy policies before providing any personal data.
13 Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or prominent notice on our website. The "Last Updated" date at the top reflects the most recent version.
14 Contact Us
Email: Support@orietech.co.uk