Last update: 2018-05-23

Orio AB and its subsidiaries undertake to respect and protect your personal data and your
personal integrity in accordance with applicable laws. This Privacy Policy (hereinafter
“Policy”) informs you why Orio collects, uses or shares your personal data in connection with
your relationship with Orio. Please read this Privacy Policy carefully.


The data controller for your personal data in accordance with the applicable data
protection law is Orio (hereinafter together “Orio”, “we”, “us” or “our”). Orio is
responsible for ensuring that your personal data is processed in compliance with this
Policy and applicable data protection laws.
Orio UK Limited
Company Reg. No: 07848402
Address: Unit 30a, The Innovation Centre, University Way, Cranfield, MK43
Phone: 01234 756800
E-mail: if you would like to contact us, you can do so by using
any of the above contact details. Please address all letters and e-mails with “GDPR” as
the subject/header.


We may collect your personal data through different means, which are explained
below. As a rule, the personal data processed by us is provided by you when registering
with us as a customer or as a member, or otherwise being in touch with us (for example,
through our website forms or customer service). We may also collect personal data
from external sources. The personal data we collect includes e.g. the following
categories of data:

General personal data, such as name, date of birth and identification number;

 Contact details, such as email address, address and phone number. From
business customers, we may also collect relevant information concerning your
position and contact details within the company you represent;

 Information relating to customer relationship, such as customer interaction,
customer contacts and replies, billing and credit information. Information
about your vehicle that could indirectly be traced to you will also be
documented, such as registration numbers.

 IP-address


We process personal data for the following purposes:

1. Service provision and managing your customer relationship
The primary purpose of collecting your personal data is to provide our services to you
and to manage and maintain the customer relationship between us and you/the
company you represent. In this case, our processing of personal data is based on the
contract between you/the company you represent and us.

2. Marketing
We may send you emails and text messages to inform you about new features of our
services, ask you for feedback, or provide you other relevant information about our
services. In this respect, processing of personal data is based on our legitimate interest
to provide you relevant information about Orio and to promote our services to you.
You may opt-out from marketing communications at any time.

3. Service development and information security
We also process personal data to improve the quality of our services and to develop
new ones. In these cases, the processing of personal data is our legitimate interest to
ensure that we have sufficient and relevant information at hand to develop our

4. Billing related data
We also process personal data to fulfil our obligations under applicable accounting and
tax laws. In these cases, the processing of personal data is based on mandatory legal
provisions which require that we store certain data for accounting purposes.


We may disclose personal data to third parties:

 when permitted or required by law, e.g. to comply with requests by competent
authorities or related to legal proceedings;

 when our trusted services providers provide services to us on behalf of us and
under our instructions. We will control and be responsible for the use of your
personal data at all times;

 if we are involved in a merger, acquisition, or sale of all or a portion of our
assets; and

 when we believe in good faith that disclosure is necessary to protect our
rights, protect your safety or the safety of others, investigate fraud, or respond
to a government request.


ALL information that we collect from you is stored within the European Economic Area
(EEA), but may also be transferred and Processed in countries outside of the EEA. All
such transfers of your personal data will be in accordance with applicable laws.


We also use cookies and other similar techniques on our websites. Cookies are small
text files placed on your device to collect and remember useful information, to increase
the functionality of our website and to make it easier to use. We may also use cookies
and other similar techniques for statistical purposes to compile anonymous,
aggregated statistics thereof, concerning e.g. the use of the website, allowing us to
understand how users use the website and improve user experience.
You can set your web browser not to accept cookies, limit the use of cookies or remove
cookies from the browser. However, as cookies are an important part of how our
website works, limiting the use of cookies may affect the functionality of the website.
To learn more about how we use cookies, please see our cookie policy here.


Your personal data will be retained only for as long as necessary to fulfill the purposes
defined in this Policy.

1. Customer
Most of your personal data will be retained during the course of you customer
relationship with Orio. Some personal data might be retained after your customer
relationship with us has ended, if required or allowed by applicable laws. For example,
we keep accounting related documents for 7 years. When your personal data is no
longer required by law or rights or obligations by either party, we will delete your
personal data.

2. Member
As a member at Orio we will save your information until you withdraw your consent.


You have a right to access personal data we process about you. You may access, correct,
update, change or remove your personal data at any time. However, please note that
certain information is strictly necessary in order to fulfil the purposes defined in this
Policy and may also be required by law. Thus, you may not remove such personal data.
You have a right to object for certain processing. To the extent required by applicable
data protection law, you have a right to restrict data processing.
You have a right to data portability, i.e. right to receive your personal data in a
structured, commonly used machine-readable format and transmit your personal data
to another data controller, to the extent required by applicable law.
Please send above-mentioned requests by using the contact details stated above in
the Policy in point 1.

If you think there is a problem with the way we are handling your personal data, you
have a right to file in a complaint to your national data protection authority in the
EU/EEA. In the UK, that is Information Commissioner’s Office (ICO). You can find
contact details of the ICO via their website (, or by
telephoning 0303 123 1113.


We maintain reasonable security measures (including physical, electronic, and
administrative) to protect personal data from loss, destruction, misuse, and
unauthorized access or disclosure. For example, we limit access to personal data to
authorized employees and contractors who need to know the information in the course
of their work tasks.
Please be aware that, although we endeavour to provide reasonable security measures
for personal data, no security system can prevent all potential security breaches.


We may change this Policy from time to time. If we make any changes to this Policy,
we will let you know on our websites and via the applications, where you will also find
the latest version of this Policy.


If you have any questions regarding this Policy or the personal data we process about
you, please use the contact details stated above in the Policy in point 1.