(GDPR & CCPA-Ready — last updated 19 May 2025)
1. Scope & Service Description
- Service Provided: At the request of our clients, Form Orbits Ltd (“we”, “us”) submits marketing messages to publicly available contact-form URLs on third-party websites.
- We respect robots.txt files.
- No Personal Data Collected or Stored: We never scrape, purchase, store, or otherwise process names, email addresses, phone numbers, IP addresses, cookies, or any information that can identify a natural person. The only data we handle are:
- Website domain names or sub-domains.
- The specific path to a contact-form endpoint (e.g.,
/contact,/support/form).
2. Legal Basis under the GDPR (EU 2016/679)
| GDPR Article | Application to Form Orbits |
|---|---|
| Art 6 (1)(f) Legitimate Interests | We process publicly available contact-form URLs to deliver a client’s message. This processing is necessary for legitimate commercial outreach and does not override the fundamental rights and freedoms of data subjects, as no personal data are involved. |
| Art 13 & 14 Transparency | This statement fulfils our duty to provide clear, concise information about our processing activities. |
| Art 32 Security | We implement end-to-end TLS encryption, role-based access controls, hashed credentials, and annual penetration testing. No personal data means minimal residual risk. |
| Art 44–46 International Transfers | If servers outside the EEA are used, data remain limited to non-personal URL strings; nonetheless, we rely on ISO 27001-certified providers and Standard Contractual Clauses where relevant. |
3. Compliance with the California Consumer Privacy Act (CCPA, Cal. Civ. Code §1798.100 et seq.)
- No “Personal Information” (PI) Collected (§1798.140(v)): Because we handle only contact-form URLs, we do not collect PI as defined by the CCPA.
- No Sale or Sharing (§1798.120): We do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate PI for monetary or other valuable consideration.
- Consumer Rights: Since no PI is processed, rights to know, delete, or opt-out of sale are inherently satisfied.
- Non-Discrimination (§1798.125): We do not discriminate against any consumer for exercising CCPA rights.
4. Data Retention & Deletion
| Data Element | Retention Period | Deletion Method |
|---|---|---|
| Contact-form URLs | 90 days (for delivery logs & troubleshooting) | Cryptographic wipe from encrypted storage |
Logs contain no personal data; after 90 days, they are irreversibly purged.
5. Data Subject / Consumer Rights & Contact Method
Although we do not process personal data, we maintain a single point of contact for any privacy-related request.
- Email: [email protected]
- Mail: Form Orbits Ltd, 167 Great Portland St, London W1W 5PF, UK
- Phone: +447458164062
We respond within 30 days to any inquiry, complaint, or alleged rights violation.
6. Security Measures (Summary)
- TLS 1.3 across all network traffic
- AES-256 encryption at rest
- Principle-of-least-privilege IAM
- Multi-factor authentication for all operator accounts
- Quarterly vulnerability scans; annual external penetration tests
- ISO 27001-compliant cloud infrastructure
7. Partner & Client Obligations
Clients must ensure that:
- Their message content complies with all applicable laws (e-privacy, unfair commercial practices, etc.).
- They honour any opt-out or unsubscribe requests they receive directly.
- They do not supply Form Orbits with personal data; if they do, they remain the Controller and must provide a documented lawful basis.
8. Policy Updates
We may amend this statement to reflect legal or operational changes. A timestamped notice will appear at formorbits.com/privacy-contact-forms at least 7 days before changes take effect.
Contact Details
Form Orbits Ltd
167 Great Portland St, London W1W 5PF, United Kingdom
Phone: (+44) 7458 164 062
Email: [email protected]
This compliance text is designed to meet or exceed the requirements of the GDPR and CCPA for services that process no personal data. Nevertheless, regulations evolve; consult qualified counsel to verify ongoing compliance in your specific jurisdiction.
