Last updated: 19 May 2026. This policy applies to orbital-matter.com and explains how Orbital Matter Poland sp. z o.o. processes personal data under the EU General Data Protection Regulation (GDPR).
1. Controller
The controller responsible for processing personal data on this website within the meaning of Art. 4 (7) GDPR is:
For any privacy-related question, please write to contact@orbital-matter.com with the subject line "Privacy" so we can route it correctly.
Orbital Matter Poland sp. z o.o. is not required to appoint a Data Protection Officer under Art. 37 GDPR or Art. 8 of the Polish Act of 10 May 2018 on the Protection of Personal Data (Ustawa o ochronie danych osobowych). The controller listed above is the single point of contact for data protection matters.
2. Scope of this policy
This policy covers personal data we process when you visit orbital-matter.com and any of its subpages, and when you contact us by email or phone through the channels listed above.
It does not cover third-party websites we link to, or platforms (LinkedIn, X, and similar) that we may operate company accounts on. Those services have their own privacy policies, which we encourage you to read.
3. What we process and why
3.1 Server log files
When you load a page on this website, the hosting infrastructure automatically records technical information sent by your browser. This is a standard, unavoidable part of how the web works.
The data processed includes:
Your IP address (shortened to anonymised form at the earliest opportunity)
Date and time of the request
The URL requested and the HTTP status returned
Referring URL, if any
Browser type and version, operating system
Purpose: Operating the website, ensuring it loads correctly, detecting and mitigating abuse such as denial-of-service attempts.
Legal basis: Art. 6 (1) (f) GDPR — our legitimate interest in providing a functional and secure website.
Retention: Log entries are retained for a maximum of 30 days, then deleted or fully anonymised.
3.2 Email and phone contact
If you contact us by email or phone, we process the contact details you provide and the content of your message in order to respond.
Purpose: Replying to your enquiry and, where applicable, following up on subsequent business discussions.
Legal basis: Art. 6 (1) (b) GDPR where the message relates to pre-contractual steps or the performance of a contract; otherwise Art. 6 (1) (f) GDPR (our legitimate interest in responding to inbound communications).
Retention: Correspondence is retained for as long as needed to handle the conversation and any resulting business relationship, plus mandatory retention periods under Polish commercial and tax law (typically five years for business correspondence under Art. 74 of the Polish Accounting Act and Art. 86 § 1 of the Polish Tax Ordinance).
4. Third-party services
This website uses a small number of third-party services. Each is listed below with the data it can receive and the legal basis for using it.
4.1 Hosting
The website is hosted on infrastructure with servers located in the European Union. The hosting provider processes personal data (server log files — see § 3.1) on our behalf as a processor under Art. 28 GDPR, governed by a written data processing agreement.
4.2 Google Fonts
This website loads the typeface "Space Grotesk" from Google Fonts, operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). When a page loads, your browser makes a request to Google's servers to retrieve the font files. As part of this request, your IP address is transmitted to Google. Google's parent company is based in the United States, so some processing may take place there.
Legal basis: Art. 6 (1) (f) GDPR — our legitimate interest in a consistent typographic presentation across all browsers and devices.
Transfer safeguards: Transfers to Google LLC in the United States are covered by the EU–U.S. Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795), under which Google is certified.
Some pages embed videos hosted on Vimeo, operated by Vimeo.com, Inc. (555 West 18th Street, New York, NY 10011, USA). Vimeo embeds on this site are loaded in "Do Not Track" mode (dnt=1), which prevents Vimeo from tracking viewers across sites or sessions for advertising purposes. Even in this mode, Vimeo necessarily receives technical information (IP address, browser type, the page the video was played on) in order to deliver the video stream and may set cookies that are strictly necessary for video playback.
Legal basis: Art. 6 (1) (f) GDPR — our legitimate interest in providing high-quality video content without operating our own video infrastructure.
Transfer safeguards: Vimeo, Inc. is certified under the EU–U.S. Data Privacy Framework.
This website does not set its own cookies and does not use any web analytics, tracking pixels, advertising tags, or behavioural profiling tools.
The only cookies that may be set are those that the embedded Vimeo player writes when you actively interact with it. Because Vimeo is loaded in Do Not Track mode, no cross-site advertising or profiling identifiers are set; the cookies that remain are strictly necessary to make video playback work.
If we add any analytics or non-essential cookies in the future, we will update this policy and introduce a consent mechanism before doing so, as required by Art. 398 of the Polish Electronic Communications Law (Prawo komunikacji elektronicznej) and Art. 7 GDPR.
6. International data transfers
The hosting of this website takes place within the European Union. Some third-party services we use (Google Fonts, Vimeo) may involve processing in the United States, as described in § 4. Where such transfers occur, they are covered by the EU–U.S. Data Privacy Framework adequacy decision or, where applicable, by Standard Contractual Clauses adopted by the European Commission, in line with Chapter V GDPR.
7. Your rights under the GDPR
You have the following rights regarding personal data we hold about you:
Right of access (Art. 15 GDPR) — to obtain confirmation of whether we process your data and, if so, a copy of it.
Right to rectification (Art. 16 GDPR) — to have inaccurate data corrected and incomplete data completed.
Right to erasure (Art. 17 GDPR) — to have your data deleted, subject to the conditions in that Article.
Right to restriction of processing (Art. 18 GDPR) — to have processing limited in certain circumstances.
Right to data portability (Art. 20 GDPR) — to receive your data in a structured, commonly used, machine-readable format.
Right to object (Art. 21 GDPR) — to object at any time to processing that is based on Art. 6 (1) (f), including direct marketing.
Right to withdraw consent (Art. 7 (3) GDPR) — where processing is based on your consent, to withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, write to contact@orbital-matter.com. We will respond within one month of receipt of your request (extendable by two further months for complex requests, in line with Art. 12 (3) GDPR). We may need to verify your identity before acting on a request.
8. Complaints to a supervisory authority
If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).
The supervisory authority competent for Orbital Matter Poland sp. z o.o., given its registered office in Warsaw, is:
AuthorityPrezes Urzędu Ochrony Danych Osobowych (UODO)
This website is served exclusively over HTTPS. Personal data we hold internally is protected by access controls, encrypted backups where applicable, and the technical and organisational measures required under Art. 32 GDPR.
No internet-based service can guarantee absolute security. If you suspect a breach involving your data, please notify us at contact@orbital-matter.com.
10. Updates to this policy
We may update this policy from time to time to reflect changes in our processing activities or in applicable law. The date at the top of this page indicates when it was last revised. Substantive changes that affect your rights will be highlighted on this page for a reasonable period after they take effect.