Privacy Policy
Last updated: 1/23/2026
PRIVACY AND COOKIE POLICYEffective Date: July 10, 2025INTRODUCTIONAt Orijins, we are firmly committed to protecting your privacy and safeguarding your personal data. We understand the importance of maintaining the confidentiality of the information entrusted to us and we are dedicated to processing your data with transparency and fairness, in strict compliance with applicable data protection laws.This Privacy Policy describes how we collect, use, store, protect, and disclose personal information in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act ("CCPA"), the Personal Information Protection and Electronic Documents Act ("PIPEDA"), the UAE Federal Data Protection Law No. 45 of 2021, the Japanese Act on Protection of Personal Information ("APPI"), and other applicable privacy laws.We have designed this policy to provide clear and comprehensive information about our data processing practices, enabling you to make informed decisions about sharing your personal information with us.We encourage you to carefully read this Privacy Policy to understand our practices regarding your personal data and how we will process it. By using our Orijins application, our artificial intelligence-based decision support platform, or by providing us with your personal information, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.Article 1: Data ControllerYour personal data is collected by Orijins Vision Science & Technology Consultancy L.L.C S.O.C, a company registered in the United Arab Emirates with its headquarters located at Office C1802-71, MENA Tower, Business Bay, Dubai, United Arab Emirates.In accordance with Article 24 of the GDPR and equivalent regulations, Orijins Vision Science & Technology Consultancy L.L.C S.O.C acts as the data controller for all personal data processed under this policy. This means we determine the purposes and means of processing your personal data and are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate compliance with data protection principles.We have appointed a Data Protection Officer ("DPO") who is responsible for overseeing matters related to this Privacy Policy and ensuring our continued compliance with data protection laws. Our DPO provides advice on data protection obligations, monitors compliance, and acts as a point of contact for data subjects and supervisory authorities.You can contact our Data Protection Officer at any time by email at [email protected] or by writing to our registered address with the reference "Attention: Data Protection Officer."Article 2: Data Collection and Purposes2.1 Types of Data We CollectOrijins collects and processes personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. In accordance with the data minimization principle, we strive to collect only the information necessary to effectively provide our artificial intelligence-based decision support services.We primarily collect data directly from you during various interactions:When registering for an account: We collect information necessary to create and maintain your user profile and provide access to our decision support platform.When using our AI services: We collect information necessary to process your analysis requests, provide personalized recommendations, and track usage of our services.When visiting our application and using our platform: We automatically collect certain information about your device, browsing actions, and usage patterns using cookies and similar technologies.When contacting our support team: We record the nature of your request, correspondence, and actions taken to resolve your issue.When providing feedback or participating in surveys: We collect your opinions, experiences, and suggestions to improve our decision support services.The personal data we collect may include:Identity Information: Full name, title, gender, age, date of birth, professional information, and other identifiers necessary for account management and age verification.Contact Information: Email address, postal address, phone number, and social media accounts for communication, support, and service delivery.Account Identifiers: Username, password, and security information for platform access and account protection.Service Usage Data: AI service usage history, requested analyses, received recommendations, service preferences, and interaction patterns.Payment Information: Billing details, payment method information, transaction history, and billing data (note: we do not store complete payment card details).Communication Records: Correspondence with support team, submitted feedback, and communications with other users.Technical Information: IP address, login information, browser type and version, device information, operating system, time zone settings, and other technical data collected when accessing our platform.Usage Data: Information about how you use our platform, including pages viewed, time spent on content, usage patterns, feature usage, and interaction history.Input and Output Data: Information you provide to our AI for analysis and recommendations generated by our algorithms.2.2 Special Categories of Personal DataOrijins does not intentionally collect special categories of personal data (also known as sensitive personal data) as defined by the GDPR, which include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation.However, given the nature of our decision support services, certain discussions or analyses may touch upon philosophical beliefs or wellness practices. If you voluntarily share such information in feedback or input data, we will treat it as sensitive personal data and process it in accordance with applicable laws.2.3 Data from MinorsOur decision support services are intended only for individuals who have reached the age of majority in their country of residence (generally 18 years or older, but may vary according to local laws). We do not knowingly collect or process personal data from individuals who have not reached the applicable legal age of majority in their jurisdiction without appropriate parental consent when required by law.If we learn that we have collected personal data from an individual who has not reached the applicable age of majority without appropriate verification or parental consent when required, we take steps to quickly delete such information from our servers.2.4 Processing PurposesOrijins processes your personal data for specific, explicit, and legitimate purposes related to our decision support mission. We have outlined these purposes below:2.4.1 Decision Support Service DeliveryProviding access to AI-based analysis toolsProcessing your analysis requests and generating recommendationsPersonalizing decision support experiences based on your preferencesFacilitating user-AI interactionsProviding technical support for platform usageMaintaining your analysis and recommendation history2.4.2 Administrative ManagementCreating and maintaining user accounts and profilesProcessing payments and managing billingGenerating and issuing invoices and receiptsVerifying identity for security purposesManaging refund requests and processing returnsMaintaining service records2.4.3 Customer Relationship ManagementProviding user support and assistanceManaging service feedback and reviewsConducting satisfaction surveys and service evaluationsResponding to inquiries and fulfilling user requestsNotifying users of service updates and new features2.4.4 Quality Assurance and ImprovementMonitoring the effectiveness of our AI servicesAnalyzing usage patterns to improve our algorithmsConducting technological research and developmentEnsuring service integrity and preventing fraudMaintaining service quality standards2.4.5 Marketing and Platform DevelopmentAnalyzing platform usage to improve user experienceDeveloping new AI features and servicesConducting market research for decision support servicesProviding relevant content recommendationsMeasuring the effectiveness of our servicesPromoting relevant services to existing usersArticle 3: Legal Basis for ProcessingUnder applicable data protection laws, we must have a legal basis for processing your personal data. We rely on different legal bases depending on the specific processing activity:3.1 Contractual NecessityWe process your personal data when necessary for the performance of our decision support services contract with you or to take steps at your request before registration. This includes:Processing service registrations and providing access to AI toolsCreating and managing your user account and profileProviding customer support related to our decision support servicesProcessing payments and managing service accessCommunicating about service-related matters and platform updates3.2 Legitimate InterestsWe process your personal data when necessary for our legitimate technological and business interests, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:Improving and developing our decision support services and platformEnsuring platform security and preventing fraudConducting technological research and analyticsManaging user relationships and providing personalized servicesMarketing decision support services to existing usersAnalyzing usage patterns to improve AI experiencesEnforcing our terms of service and technological policies3.3 Legal ObligationWe process your personal data when necessary to comply with legal obligations, including:Maintaining service records as required by lawComplying with tax and financial reporting requirementsResponding to legal requests from authoritiesComplying with consumer protection standardsMeeting data protection and privacy law requirements3.4 ConsentWe process your personal data based on your specific and informed consent for certain activities, such as:Sending marketing communications about new services and technological opportunitiesUsing non-essential cookies and tracking technologiesParticipating in technological research studiesReceiving personalized service recommendationsWhen we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.Article 4: Data Hosting and Security4.1 Data Storage LocationAll personal data collected by Orijins is hosted on secure servers located in jurisdictions that provide adequate data protection standards. We carefully select hosting providers that comply with strict data protection requirements and implement appropriate security measures.4.2 Security MeasuresWe implement comprehensive technical and organizational measures to ensure appropriate security for personal data processing. These measures protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.Our security framework includes:Data Encryption and Protection: End-to-end encryption for data transmission and strong encryption for data at restAccess Controls: Role-based access controls ensuring only authorized personnel can access personal dataAuthentication Systems: Multi-factor authentication for administrative access and secure login systemsRegular Security Assessments: Periodic vulnerability assessments, penetration testing, and security auditsContinuous Monitoring: 24/7 security monitoring and incident detection systemsBackup and Recovery: Regular encrypted backups and tested emergency recovery proceduresStaff Training: Comprehensive data protection and security awareness training for all personnelDocumentation: Detailed security policies, procedures, and incident response plans4.3 Data Breach ProceduresIn the event of a personal data breach, we have established comprehensive procedures to detect, assess, contain, and respond to incidents. If a breach is likely to pose a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach, where feasible.If the breach is likely to pose a high risk to your rights and freedoms, we will also directly notify affected data subjects, unless we have implemented appropriate safeguards that render the personal data unintelligible to unauthorized persons.Article 5: Data Recipients and SharingOrijins is committed to protecting your personal data and does not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your data only with the following categories of recipients under strict contractual obligations:5.1 Technology Service ProvidersCloud hosting and infrastructure providersIT support and system administration servicesCybersecurity and data protection servicesBackup and disaster recovery providersPerformance analytics and monitoring toolsArtificial intelligence and machine learning service providers5.2 Business Service ProvidersPayment processors and financial servicesCustomer relationship management platformsEmail and communication service providersSurvey and feedback collection toolsMarketing and advertising platforms (with appropriate consent)5.3 Professional AdvisorsLegal advisors and law firmsAuditors and accounting firmsTechnology consultants and accreditation bodiesInsurance providersBusiness consultants5.4 Regulatory and Legal EntitiesWe may disclose personal data to authorities when:Required by applicable law or regulationIn response to valid legal process or court ordersTo protect our rights, property, or safetyTo prevent fraud or illegal activitiesFor national security or public safety reasons5.5 Business TransfersIn the event of a merger, acquisition, or asset sale, personal data may be transferred to successors, provided appropriate data protection safeguards are maintained.All third parties are bound by strict contractual obligations to protect your data and use it only for specified purposes.Article 6: Data RetentionWe retain personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests. Our retention periods are based on:The nature and sensitivity of personal dataLegal and regulatory requirementsThe purposes for which we process the dataOur legitimate business interestsYour rights and expectations6.1 Accounts and Usage DataActive User Accounts: Retained for the duration of the relationship and up to 7 years after account closure to maintain service recordsAI Service Usage History: Retained for 5 years after last use for service improvement and researchAnalysis and Recommendation Data: Retained for 3 years after generation for continuous service improvement6.2 Financial and Transaction DataPayment Information: Retained for 7 years in accordance with tax and accounting requirementsInvoices and Receipts: Retained for 7 years for tax and financial complianceRefund Records: Retained for 3 years after processing6.3 Communication and Support DataCustomer Support Communications: Retained for 3 years after case resolutionMarketing Communications: Retained for 3 years from last active engagement or until consent withdrawal6.4 Technical and Usage DataWebsite Analytics: Anonymized data retained indefinitely; identifiable data retained for 26 monthsSecurity Logs: Retained for 1 year for security monitoring and incident investigationCookie Data: Retained according to cookie-specific retention periods (detailed in Article 9)When retention periods expire, we securely delete or anonymize personal data so it can no longer be associated with identifiable individuals.Article 7: Your RightsUnder applicable data protection laws, you have important rights regarding your personal data. We are committed to facilitating the exercise of these rights:7.1 Right of AccessYou can request a copy of the personal data we hold about you, including information about how we use it, who we share it with, and how long we retain it.7.2 Right to RectificationYou can request correction of inaccurate personal data and completion of incomplete information.7.3 Right to Erasure ("Right to be Forgotten")You can request deletion of your personal data in certain circumstances, such as when:The data is no longer necessary for the original purposesYou withdraw your consent (when consent was the legal basis)You object to processing based on legitimate interestsThe data has been unlawfully processedNote: This right may be limited by our legal obligations to retain certain service records.7.4 Right to Restriction of ProcessingYou can request limitation of how we process your personal data in specific circumstances, such as when you contest data accuracy or object to processing.7.5 Right to Data PortabilityYou can receive your personal data in a structured, machine-readable format and request its transfer to another service provider when technically feasible.7.6 Right to ObjectYou can object to processing based on legitimate interests, direct marketing, or research purposes. We will cease processing unless we have compelling legitimate grounds that override your interests.7.7 Rights Related to Automated Decision-MakingYou have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently engage in such automated decision-making for our decision support services.7.8 How to Exercise Your RightsTo exercise these rights, contact us at [email protected] or write to our registered address. We may require identity verification to protect your privacy and security.We will respond within one month, with possible extensions up to two additional months for complex requests. Most requests are processed free of charge, although we may charge reasonable fees for excessive or unfounded requests.Article 8: Jurisdiction-Specific Rights8.1 Rights for California Residents (CCPA/CPRA)If you are a California resident, you have additional rights under the California Consumer Privacy Act:Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.Right to Delete: You can request deletion of your personal information, subject to certain exceptions.Right to Opt-Out: You have the right to opt out of the sale of your personal information. Note: We do not sell personal information.Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.Right to Correct: You can request correction of inaccurate personal information.Right to Limit Sensitive Personal Information: You can request limitation of our use of sensitive personal information.To exercise CCPA rights, contact us at [email protected]. We will verify your identity before processing requests.8.2 Rights for Canadian Residents (PIPEDA)Canadian residents have rights under PIPEDA and applicable provincial privacy laws:Right of Access: You can request access to personal information we hold about you and information about how it is used.Right to Correct: You can request correction of inaccurate or incomplete personal information.Right to Withdraw Consent: You can withdraw consent for certain processing activities.Right to Complain: You can file complaints with the Privacy Commissioner of Canada or relevant provincial privacy commissioners.8.3 Rights for UAE ResidentsIn accordance with UAE Federal Data Protection Law No. 45 of 2021, you have the right to:Access your personal data and obtain information about its processingCorrect or update your personal dataDelete your personal data in certain circumstancesObject to the processing of your personal dataFile a complaint with the UAE Data Protection Authority8.4 Rights for Japanese Residents (APPI)Under the Japanese Act on Protection of Personal Information, you have the right to:Request disclosure of your personal dataRequest correction, addition, or deletion of your personal dataRequest cessation of use or deletion of your personal dataRequest cessation of provision to third parties8.5 Rights for Other JurisdictionsWe respect privacy rights under all applicable laws and will work with you to address any privacy concerns, regardless of your location.Article 9: Cookie Management PolicyCookies are small text files stored on your device when you visit our application. We use different types of cookies to enhance your decision support experience and improve our technological platform.9.1 Essential CookiesThese cookies are necessary for the proper functioning of our decision support platform:Authentication and session managementSecurity and fraud preventionLoad balancing and performance optimizationUser preference storageRetention: Session duration or up to 24 hours Legal Basis: Legitimate interest (essential for service delivery)9.2 Functional CookiesThese cookies enhance your decision support experience:Language and accessibility preferencesAI service usage trackingPlatform personalization settingsUser interface customizationRetention: Up to 13 months Legal Basis: Legitimate interest or consent9.3 Analytics CookiesThese cookies help us understand how users interact with our platform:Usage patterns and decision support analyticsAI service effectiveness measurementPlatform performance monitoringTechnological research dataRetention: Up to 26 months Legal Basis: Legitimate interest or consent9.4 Marketing CookiesThese cookies enable personalized service recommendations:Service recommendation enginesDecision support content personalizationMarketing campaign effectivenessService content retargetingRetention: Up to 13 months Legal Basis: Consent9.5 Cookie Preference ManagementYou can manage cookies through:Our cookie consent banner and preference centerBrowser settings and controlsThird-party opt-out toolsDirect contact with our support teamDisabling certain cookies may limit your access to certain platform features and personalized decision support experiences.Article 10: International TransfersWe may transfer your personal data outside your country of residence to provide our decision support services. When we do so, we implement appropriate safeguards:10.1 Adequacy DecisionsWe may transfer data to countries deemed adequate by competent authorities, such as those recognized by the European Commission.10.2 Standard Contractual ClausesFor transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.10.3 Additional SafeguardsWe implement additional measures such as:Technical safeguards (encryption, access controls)Contractual protections beyond standard clausesRegular monitoring and auditingImpact assessments for high-risk transfers10.4 Specific Transfer LocationsOur services may involve transfers to:United States: For cloud hosting and decision support technology services, protected by Standard Contractual Clauses and additional safeguardsOther Countries: As needed for decision support service delivery, always with appropriate protective measuresArticle 11: Automated Decision-Making and ProfilingWe may use automated processing for certain decision support purposes:11.1 Technological ProfilingPersonalized Service Recommendations: Based on your usage, interests, and decision support goalsFeature Suggestions: Personalized recommendations for relevant AI toolsUsage Assessments: Automated evaluation of certain types of interactions with our servicesPattern Tracking: Automated monitoring of usage trends and preferences11.2 Safeguards and RightsYou can request human review of automated decisionsYou can object to automated processing in certain circumstancesWe provide transparency about automated decision-making logicYou retain the right to challenge automated decisionsArticle 12: Changes to This Privacy PolicyWe may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. Significant changes will be communicated through:Prominent notices on the applicationEmail notifications to registered usersUpdated effective dates and change summariesAdditional consent requests when required by lawYour continued use of our services after policy updates constitutes acceptance of the revised terms, unless additional consent is required.Article 13: Contact Information and Complaints13.1 General InquiriesFor any questions regarding this Privacy Policy or to exercise your rights:Email: [email protected] Address: Orijins Vision Science & Technology Consultancy L.L.C S.O.C Office C1802-71, MENA Tower Business Bay, Dubai United Arab EmiratesData Protection Officer: Contact via the same email with "DPO" in the subject line.13.2 Supervisory AuthoritiesYou have the right to file complaints with competent supervisory authorities:EU/EEA Residents: Your local Data Protection Authority or the Irish Data Protection CommissionWebsite: www.dataprotection.ie Email: [email protected] Phone: +353 57 868 4757California Residents: California Attorney General's OfficeWebsite: oag.ca.gov/privacy/ccpa Phone: 1-800-952-5225Canadian Residents: Office of the Privacy Commissioner of CanadaWebsite: www.priv.gc.ca Phone: 1-800-282-1376 Email: [email protected] Residents: UAE Data Protection AuthorityWebsite: www.tdra.gov.ae Email: [email protected] Residents: Personal Information Protection CommissionWebsite: www.ppc.go.jp Email: [email protected] Response CommitmentsWe commit to:Acknowledging requests within 48 hoursProviding substantive responses within 30 days (or as required by applicable law)Working cooperatively with supervisory authoritiesImplementing corrective measures when appropriateMaintaining records of all privacy-related communicationsIMPORTANT WARNING REGARDING ARTIFICIAL INTELLIGENCEOur decision support services use advanced artificial intelligence technologies to analyze information and generate recommendations. It is essential to understand that:AI-generated recommendations are based on algorithms and data models that may have limitationsResults do not constitute professional advice and should not replace expert human judgmentYou must not use recommendations concerning a person for purposes that could have significant legal or material impact on that personWe reserve the right to improve and modify our AI algorithms to optimize service qualityAny use of our AI services must comply with ethical principles and applicable regulationsLast Updated: July 10, 2025© 2025 Orijins Vision Science & Technology Consultancy L.L.C S.O.C. All rights reserved.