Orqestro
Privacy Policy

Privacy Policy

The Orqestro platform treats user personal data with the same institutional diligence as market information. This policy describes what data is collected, how it is processed, on what legal grounds, and what rights users have regarding their data.

Introduction and scope

This Privacy Policy governs the processing of personal data in connection with the use of the Orqestro platform and its materials. The policy applies to all visitors of orqestro.com, registered users, subscribers, and other persons whose data may be processed by the platform.

The Orqestro project acts as the operator of personal data processing. For all questions related to the processing of personal data, exercise of user rights, and other aspects of this policy, please contact [email protected].

What data is collected

Depending on the nature of the user's interaction with the platform, the following categories of data may be collected:

  • Contact data — first name, last name, email address, organization name, country — provided voluntarily by the user during registration, subscription, or contact through communication channels;
  • Technical data — IP address, browser type and version, operating system, device identifiers, request timestamps — collected automatically when visiting the site to ensure platform security and stability;
  • Platform usage data — pages visited, navigation sequence, time spent in sections, interface language preference — processed to ensure correct platform operation and improve user experience;
  • Technical cookies data — session identifier, cookie consent, selected language — stored in the user's browser (see «Cookies» section below and the separate cookie policy);
  • Payment data — payment instrument details, payment history — processed exclusively through certified payment providers; the platform does not store users' card details.

The platform does NOT collect special categories of personal data (racial or ethnic origin, political opinions, religious beliefs, biometric or genetic data, health data) and does not request such data from users.

Purposes of data processing

Personal data is processed solely for the following purposes:

  • providing access to platform materials and fulfilling subscription obligations;
  • user identification and authentication when using the platform;
  • communication with the user on matters related to platform use (subscription notifications, technical messages, responses to inquiries);
  • ensuring platform security — detecting and preventing fraud, unauthorized access, and violations of terms of use;
  • complying with applicable legal requirements, including tax, anti-money laundering (AML/CFT), and personal data protection legislation;
  • improving platform functionality and user experience based on aggregated and anonymized data;
  • protecting the legitimate interests of the platform and users in the event of disputes.

The platform does not use personal data for marketing purposes, profiling, automated decision-making with legal consequences for users, or transfer to advertising networks.

Legal grounds for processing

Personal data is processed on the following legal grounds provided by applicable legislation, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Russian Federal Law No. 152-FZ:

  • User consent — for processing data in cases that explicitly require explicit consent (for example, when subscribing to communications or using non-essential cookies);
  • Performance of a contract — for processing data necessary for providing the subscription and fulfilling obligations to the user;
  • Legal obligation — for processing data to comply with applicable legislation (accounting, tax reporting, responses to requests from authorized authorities);
  • Legitimate interests — for processing data to ensure platform security, prevent fraud, and protect the rights of the platform and users.

In cases where processing is based on user consent, such consent may be withdrawn at any time by contacting the platform. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Cookies

The platform uses exclusively technical cookies necessary for interface functionality (storing language preferences, navigation state, cookie consent). Analytical, marketing, or third-party trackers (Google Analytics, Meta Pixel, advertising networks, social widgets) are NOT integrated on the platform. Detailed information about the composition and retention period of cookies is available in a separate document at orqestro.com/cookies.

Data sharing with third parties

The Orqestro platform does not transfer, sell, or rent personal user data to third parties for their own marketing, advertising, or other commercial activities. Data processing may include transfers to a limited group of recipients exclusively for service purposes:

  • hosting and cloud infrastructure providers — to ensure platform operation and data storage;
  • certified payment providers — for processing subscription payments (the platform does not receive access to card details);
  • email service providers — for sending technical and service notifications;
  • professional advisors (lawyers, auditors, tax consultants) — under confidentiality agreements;
  • authorized governmental authorities — exclusively in the presence of legal grounds and to the extent required by applicable legislation.

All data recipients are obligated to ensure the protection of personal data in accordance with applicable legislation. The platform selects contractors that ensure an adequate level of data protection.

Data storage and security

Personal data is stored for the period necessary to achieve the purposes of its processing, as well as for the periods established by applicable legislation for accounting, tax, legal, and other records. After applicable retention periods expire, data is deleted or anonymized.

Organizational and technical security measures are applied to protect data, including: encrypted data transmission (TLS/HTTPS), account protection, restriction of employee access on a least-privilege basis, regular updating of security systems, monitoring and logging of critical operations, and periodic infrastructure audits.

Despite the measures applied, no method of transmission or storage of data over the Internet is absolutely secure. The platform cannot guarantee absolute protection of personal data and bears no responsibility for incidents caused by circumstances beyond reasonable control.

User rights

In accordance with applicable personal data protection legislation, the user has the following rights:

  • Right of access — to receive confirmation of the processing of their data and a copy of the data being processed;
  • Right to rectification — to request correction of inaccurate or incomplete personal data;
  • Right to erasure («right to be forgotten») — to request deletion of personal data when grounds provided by legislation exist;
  • Right to restriction of processing — to request suspension of data processing in certain cases;
  • Right to data portability — to receive personal data in a structured, commonly used, machine-readable format and transfer it to another operator;
  • Right to object — to object to the processing of data based on the legitimate interests of the platform or for direct marketing purposes;
  • Right to withdraw consent — to withdraw previously given consent to processing at any time;
  • Right not to be subject to automated decision-making — including profiling that has legal consequences (the platform does not engage in such automated decision-making);
  • Right to lodge a complaint — to file a complaint with the personal data protection supervisory authority at the user's place of residence or the place of the alleged violation.

To exercise any of the above rights, the user may contact [email protected]. The platform considers such requests within the timeframes established by applicable legislation (generally, up to 30 days). The platform reserves the right to request additional information to verify the applicant's identity in order to protect data from unauthorized access.

International data transfer

The Orqestro platform is provided globally. The servers and infrastructure ensuring the operation of the platform may be located in various countries. Accordingly, users' personal data may be transferred, stored, and processed outside the user's country of residence, including in jurisdictions whose legislation may differ from the user's country.

When transferring data internationally, the platform applies appropriate protection measures, including contractual obligations of contractors regarding compliance with data protection standards. By using the platform, the user acknowledges awareness of and consents to possible international data transfer to the extent necessary for the provision of platform services.

Minors

The Orqestro platform is intended exclusively for individuals who have reached the age of 18 (or the age of majority in the applicable jurisdiction, if higher). The platform does not knowingly collect or process personal data of minors. If the platform becomes aware that data of a minor was obtained without proper parental or guardian consent, such data shall be immediately deleted. Parents or legal guardians who discover that a minor has provided their data to the platform may contact [email protected] for data deletion.

Contact, policy updates, and supervisory authority

This section contains information on how users may interact with the platform on privacy matters:

  • Contact address — all inquiries related to the processing of personal data, exercise of user rights, or other aspects of this policy should be sent to [email protected];
  • Response timeframes — the platform strives to respond to user inquiries within reasonable timeframes, generally not exceeding 30 days from receipt of the inquiry; in case of complex inquiries, the period may be extended in accordance with applicable legislation;
  • Policy updates — this Policy may be updated due to changes in platform functionality, legal requirements, or data processing practices; the current version is always available at orqestro.com/privacy; users will be notified of material changes through the website or by email;
  • Supervisory authority — users whose personal data protection rights have been violated have the right to file a complaint with the competent supervisory authority for personal data protection at their place of residence, place of work, or the place of the alleged violation.

Use of the platform after publication of an updated version of this policy constitutes the user's consent to its new version. If the user does not agree with the updated policy, they should cease use of the platform and contact the contact address for deletion of their data.

Applicability and document version

This Privacy Policy applies to all use of the Orqestro platform from the moment of its publication until it is replaced by a new version. The policy is drafted in Russian and English; in the event of discrepancies, the version in the language selected when entering into an individual agreement shall prevail, or the English version if not otherwise specified by the individual agreement. This policy is supplemented by the «Legal Disclaimer» (orqestro.com/disclaimer), «Platform Terms of Service» (orqestro.com/terms), and «Cookie Usage» (orqestro.com/cookies) documents.

Last updated: May 1, 2026
Privacy policy · Orqestro