How we handle personal data for the Orbifs service — written for the people who actually read it: customers, their DPOs, and procurement.
This reflects how we operate and is published for transparency. The binding version is being finalised with counsel; where the two differ, the signed or issued document governs.
Orbifs is operated by Archi Systems AS (org. no. 916 683 332), registered at Gustav Vigelands Vei 36, Oslo, Norway. For personal data processed about you as a visitor or account holder, Archi Systems AS is the data controller. For the project files you store in Orbifs, you are the controller and we act as your processor — that relationship is governed by our Data Processing Agreement.
We use personal data to provide and secure the service, set up and run pilots, handle billing, respond to support, and meet legal obligations. We do not sell personal data, and we do not profile visitors for advertising.
The Orbifs marketing site sets no cookies and runs no analytics or third-party tracking. We don’t profile visitors. When you sign in to the application at app.orbifs.eu, strictly necessary cookies are used there to keep you logged in; those are covered by the application’s own notice. If we ever add analytics, we will update this section and introduce any consent mechanism the law requires — not before.
Personal data and project files are processed in the EU/EEA. Project files are hosted in France (EU). See our Data Residency & Sovereignty statement for the detail.
We use a short, EU-based list of sub-processors to run the service — currently our European cloud provider (France) and Mollie (Netherlands) for billing. Support and transactional email runs on our own servers in Stavanger, Norway (EEA), not a third party. The current list — with purpose, location and data handled — is published at Sub-processors, and we notify customers of material changes.
We keep personal data only as long as needed for the purpose it was collected, or as the law requires. Account data is kept for the life of the account; billing records are kept for the statutory period. Project-file retention follows your plan and your instructions.
Under the GDPR you can request access, correction, erasure, restriction, portability, and object to certain processing. You can also lodge a complaint with a supervisory authority — in Norway, the Datatilsynet. To exercise any right, email support@orbifs.eu, which is also our route for all data-protection questions. We have not appointed a statutory Data Protection Officer; where one becomes required, we will name them here.
We process personal data within the EU/EEA. We do not transfer customer project data outside the EEA. If any operational vendor were ever located outside the EEA, we would document and assess a valid transfer mechanism (such as Standard Contractual Clauses) before use.
This policy is versioned and dated. When it changes materially, we update the version line above and, where appropriate, notify account holders.
Email support@orbifs.eu and we’ll route it to the right person, including data-protection requests.
Archi Systems AS
Gustav Vigelands Vei 36, Oslo, Norway
Org. no. 916 683 332