GDPR Privacy Notice
This notice explains how Orka Labs Inc. and its affiliates (collectively, “Orka,” “we,” “our,” “us”) process personal data of individuals located in the European Economic Area (EEA) or the United Kingdom, in accordance with the EU General Data Protection Regulation (GDPR) and the UK GDPR. It supplements—but does not replace—our main privacy policy.
1. Who Is the Data Controller?
Orka Labs Inc. 125 S Wacker Drive, Suite 300 Chicago, IL 60606 USA Email: privacy@hiorka.com
2. What Personal Data Do We Collect—and Why?
| Category | Examples | Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|---|---|
| Account Data | Name, email, password, optional phone | Create & manage your account; communicate with you | Contract (Art. 6 1‑b) |
| Identifiers & Device Data | IP address, device IDs, browser type, app version | Operate Services, security, fraud prevention | Legitimate interest (Art. 6 1‑f) |
| Usage Data | Pages viewed, clicks, crash logs, cookies | Analytics, service improvement | Consent for non‑essential cookies (Art. 6 1‑a); otherwise legitimate interest |
| Approximate Location | Derived from IP; precise GPS only if you enable it | Localization, security | Consent (GPS) / legitimate interest (IP) |
| Support Communications | Emails, chat transcripts, call recordings | Customer support, dispute resolution | Legitimate interest |
We do not collect: payment‑card data, medical/health information, educational or employment records, or biometric identifiers from EEA/UK users.
3. How Long Do We Keep Your Data?
We retain personal data only as long as necessary to (i) fulfil the purposes listed above, (ii) comply with legal obligations, or (iii) establish, exercise, or defend legal claims. When data is no longer required, we securely delete or anonymise it.
4. International Transfers
Your data is stored in the United States. We rely on EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum with our service providers (e.g., Google Firebase) to ensure an adequate level of protection for transfers outside the EEA/UK. Copies of the relevant safeguards are available upon request.
5. Recipients of Personal Data
We share data only with:
- Service providers acting under written contracts (e.g., hosting, authentication, analytics, customer‑support platforms).
- Public authorities or courts when required by law.
- Successor entities in case of a merger, acquisition, or asset sale (subject to GDPR safeguards).
We do not sell personal data and do not use personal data for automated decision‑making that produces legal or similarly significant effects.
6. Your GDPR Rights
You may exercise the following rights free of charge (subject to verifying your identity):
| Right | What you can do |
|---|---|
| Access | Obtain confirmation and a copy of the personal data we hold about you. |
| Rectification | Request correction of inaccurate or incomplete data. |
| Erasure (“Right to be Forgotten”) | Ask us to delete your data when it is no longer needed or if processing is unlawful. |
| Restriction | Ask us to suspend processing while we resolve an issue. |
| Portability | Receive your data in a structured, machine‑readable format and have it sent to another controller. |
| Object | Object to processing based on legitimate interests or to direct marketing. |
| Withdraw Consent | Withdraw any consent you have given at any time (e.g., cookie preferences). |
| Complain | Lodge a complaint with your local supervisory authority (e.g., CNIL, DPC, ICO). |
7. How to Exercise Your Rights
- Email: privacy@hiorka.com
- Postal mail: see Controller address above
- EU/UK Representative contact: via https://prighter.com/q/17730107006
We will acknowledge requests within one month (extendable by two further months for complex cases).
8. Legal Bases in Detail
| Basis | Typical Scenarios |
|---|---|
| Consent (Art. 6 1‑a) | Non‑essential cookies; GPS‑based location; marketing emails or texts. |
| Contract (Art. 6 1‑b) | Creating and managing user accounts; delivering core Services you request. |
| Legal obligation (Art. 6 1‑c) | Complying with tax, accounting, or court orders. |
| Legitimate interest (Art. 6 1‑f) | Network security; preventing fraud; improving Services, provided these interests are not overridden by your rights and interests. |
Where we rely on legitimate interests, we have performed a balancing test to ensure those interests do not unfairly prejudice your rights.
9. Updates to This Notice
We may revise this GDPR Privacy Notice from time to time. Material changes will be highlighted on our website or via in‑app notice. Please review this page periodically.
If you have any questions about this notice or our data‑protection practices, please contact us — we’re here to help protect your privacy.