Last Updated: 05 August 2025
Bits Orchestra LLC, together with its affiliates and subsidiaries (“we”, “our”, “us”, or “Bits Orchestra”), is a private software development company specialising in the design, development, integration, and maintenance of custom software solutions, including web and mobile applications, enterprise system integrations, and related IT consulting services. We operate globally, with clients and partners located in multiple jurisdictions.
We recognise that the lawful and transparent processing of personal data is essential to maintaining the trust of our clients, prospective clients, employees, applicants, and all other stakeholders. This Privacy Policy (“Policy”) explains the categories of personal data we collect, the purposes and legal bases for processing such data, the manner in which it is stored and safeguarded, the parties with whom it may be shared, and the rights available to individuals under applicable laws.
Our data processing activities are conducted in strict compliance with relevant legal frameworks in the territories where we operate.
By engaging with us — whether through our websites, professional networks, email correspondence, events, or in the course of a service relationship — you acknowledge that you have read and understood this Policy. Where consent is required by law, we will request it explicitly before processing your personal data.
Unless otherwise specified in a specific contractual arrangement or service‑level agreement, Bits Orchestra LLC acts as the “data controller” in relation to personal data processed in connection with our business activities. As a data controller, we determine the purposes and means of processing personal data and ensure that such processing complies with all applicable legal requirements.
If you interact directly with one of our affiliates or subsidiaries (for example, applying for employment in a specific jurisdiction), that legal entity will be considered the data controller for the purposes of your interaction. In such cases, this Policy will apply in conjunction with any local privacy notices that may be provided to you.
Where Bits Orchestra operates as a “processor” (for example, when processing data on behalf of a client under a service agreement), we do so strictly in accordance with the client’s documented instructions and the applicable contractual provisions, and in compliance with relevant data protection laws.
The types of personal data collected by Bits Orchestra depend on the nature of your interaction with us and may include, without limitation:
Basic Identifiers – full name, date of birth, gender, nationality, and similar details.
Contact Information – residential or business address, email address, telephone numbers, and professional or social media profiles (e.g., LinkedIn).
Professional and Employment Information – curriculum vitae (CV), employment history, academic qualifications, skills, certifications, awards, references, and professional preferences (such as desired position or salary expectations).
Financial Information – bank account details, payment instructions, tax identification numbers, and other relevant billing data (only when necessary for contractual or legal purposes).
Technical Data – IP addresses, browser type and version, operating system, device identifiers, login data, and information collected via cookies or similar tracking technologies.
Communications Data – records of correspondence (email, instant messaging, or voice calls), meeting notes, and other interaction logs.
Other Data – any information voluntarily disclosed to us, including during events, in surveys, or through project collaborations.
We do not intentionally collect data from individuals under the age of 18 and request that such individuals refrain from providing any personal information to us.
We may collect personal data through the following means:
Direct Interactions – You provide data to us directly, for example, when you:
Complete forms on our website or other digital platforms.
Communicate with us via email, phone, video conferencing, or in person.
Apply for a position or submit a proposal for collaboration.
Enter into contractual negotiations or sign an agreement with us.
Automated Technologies – When you interact with our website or online services, we automatically collect certain technical data using cookies, server logs, and similar technologies. Such data may include information about your device, browsing patterns, and usage preferences.
Third‑Party Sources – We may receive your personal data from:
Publicly available professional profiles (e.g., LinkedIn, corporate websites).
Business partners, event organisers, recruitment agencies, or referrals.
Clients who authorise us to process data in connection with their projects.
All data collected is handled in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality, as mandated by applicable laws.
We process personal data only where it is necessary and proportionate to achieve legitimate business and operational purposes. The primary purposes include, but are not limited to:
Service Provision and Contract Fulfilment
Delivering custom software development, web and mobile application development, system integration, and related IT services.
Performing contractual obligations, including project management, quality assurance, technical support, and after‑sales service.
Managing client accounts, billing, and payment processing.
Business Communication
Responding to inquiries, providing quotes, and supplying pre‑contractual information.
Notifying clients and partners about service updates, operational changes, or relevant legal and compliance matters.
Recruitment and Human Resources Management
Evaluating candidates for employment or contractual engagements.
Maintaining recruitment records in accordance with statutory retention requirements.
Managing employee administration, payroll, benefits, and performance evaluation.
Marketing and Business Development
Providing information about our services, events, publications, and thought leadership materials where such communication is permitted by law or based on your consent.
Conducting market analysis, measuring campaign effectiveness, and identifying potential leads.
Organizing and promoting webinars, conferences, and other professional events.
Security and Risk Management
Protecting against unauthorised access, cyber threats, fraud, or other unlawful activities.
Conducting internal audits, penetration testing, and security monitoring.
Legal and Regulatory Compliance
Fulfilling obligations under tax, accounting, employment, and data protection laws.
Responding to lawful requests from public authorities and regulators.
We do not use personal data for profiling or automated decision‑making that produces legal or similarly significant effects, unless required by law or explicitly consented to by you.
We do not engage in automated decision‑making that produces legal or similarly significant effects on individuals. If our practices change, we will provide meaningful information about the logic involved, the significance, and the potential consequences of such processing, and obtain any required consent.
Our processing of personal data is grounded in one or more of the following legal bases, depending on the jurisdiction and the specific processing activity:
Performance of a Contract or Pre‑Contractual Steps – processing is necessary to enter into or fulfil a contractual agreement with you or your organisation.
Compliance with a Legal Obligation – processing is required to meet statutory or regulatory requirements.
Legitimate Interests – processing is carried out for our legitimate business purposes, such as improving services, safeguarding IT systems, or preventing fraud, provided that such interests are not overridden by your rights and freedoms.
Consent – where processing is based on your explicit consent, such consent will be informed, specific, and freely given, and you may withdraw it at any time without affecting the lawfulness of prior processing.
Where applicable law requires additional justification for processing, we will provide it in a supplementary privacy notice or contractual document.
We disclose personal data only to the extent necessary for the purposes set out in this Policy and ensure that such disclosures are subject to appropriate contractual and technical safeguards. The categories of recipients may include:
Affiliates and Subsidiaries – for operational, administrative, and compliance purposes.
Service Providers and Contractors – including cloud hosting providers, analytics platforms, recruitment agencies, background check providers, and payment processors, who act as data processors under our instructions.
Clients and Project Partners – where necessary to deliver contracted services, and only where such sharing is consistent with applicable law and contractual commitments.
Professional Advisers – including legal counsel, accountants, and auditors bound by confidentiality obligations.
Regulatory and Government Authorities – where disclosure is required by applicable law, regulation, or legal process.
We do not sell personal data to third parties, nor do we share it for cross‑context behavioural advertising within the meaning of applicable laws such as the CCPA/CPRA.
Given the global nature of our business, personal data may be transferred to and processed in jurisdictions outside your country of residence, including countries that may not offer the same level of data protection as your jurisdiction.
When such transfers occur, we ensure that they are conducted in compliance with applicable law by implementing appropriate safeguards, which may include:
Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner.
Binding corporate rules, where applicable.
Contractual agreements ensuring that the recipient provides adequate protection for personal data.
In cases where no adequacy decision or equivalent safeguard is available, we will obtain your explicit consent for the transfer or ensure that the transfer is otherwise permitted by applicable data protection law.
You may request a copy of these safeguards by contacting us at the address or email provided in Section 14. Certain details may be redacted for confidentiality or security purposes.
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal, regulatory, and contractual obligations, and to protect our legitimate interests in the event of disputes or claims.
Retention periods vary depending on the nature of the data and applicable legal requirements:
Contract and Client Data – retained for the duration of the contract and for a minimum of five (5) years thereafter, unless a longer period is required by law or necessary for the establishment, exercise, or defence of legal claims.
Recruitment Data – applications, CVs, and interview records are typically retained for up to two (2) years from the date of the last contact with the candidate, unless consent is obtained for a longer retention period or applicable law requires otherwise.
Financial and Accounting Records – retained for the period prescribed by tax and accounting laws in the relevant jurisdiction (commonly between five (5) and ten (10) years).
Marketing Data – retained for as long as you remain subscribed to receive our communications or until you object to such processing.
Technical and Web Usage Data – retained in accordance with the retention schedules of the relevant cookies, analytics tools, and server logs, after which the data is anonymised or deleted.
When the applicable retention period expires, personal data is securely deleted, anonymised, or otherwise processed in compliance with applicable law and internal policies.
Subject to applicable law, you may have the following rights in relation to your personal data:
Right of Access – to obtain confirmation as to whether we process your personal data and, if so, to receive a copy along with details of the processing.
Right to Rectification – to have inaccurate personal data corrected and incomplete data completed.
Right to Erasure (“Right to be Forgotten”) – to request deletion of your personal data where processing is no longer necessary, where you withdraw consent (if applicable), or where processing is otherwise unlawful.
Right to Restrict Processing – to request the temporary suspension of processing under certain circumstances, such as when contesting the accuracy of the data.
Right to Data Portability – to receive personal data you provided to us in a structured, commonly used, machine‑readable format and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
Right to Object – to object to processing carried out on the basis of legitimate interests, including profiling, and to object to processing for direct marketing purposes at any time.
Right to Withdraw Consent – where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint – to file a complaint with a competent data protection authority in your jurisdiction if you believe your rights have been infringed.
We will respond to rights requests without undue delay and within the time limits required by applicable law.
If you wish to lodge a complaint, you may contact your local data protection authority. In the EU, a list of supervisory authorities is available at https://edpb.europa.eu/about-edpb/board/members_en. In the UK, the supervisory authority is the Information Commissioner’s Office (www.ico.org.uk). In Ukraine, the supervisory authority is the Parliament Commissioner for Human Rights (www.ombudsman.gov.ua).
Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal data from them. If we discover that we have collected personal data from a minor without parental consent, we will take steps to delete such information promptly.
Our website uses cookies, pixel tags, and similar technologies to enhance the functionality of our services, improve user experience, and conduct analytics.
Essential Cookies – required for the website to operate securely and function properly.
Analytics Cookies – help us understand how visitors interact with our website so we can improve performance.
Functionality Cookies – remember your preferences and settings to personalise your experience.
Marketing Cookies – may be used, where permitted by law, to deliver relevant advertising on third‑party platforms.
You can control the use of cookies through your browser settings. For more information, please refer to our Cookie Policy.
For visitors in the EU/UK, we obtain consent before placing non‑essential cookies on your device. Full details, including cookie types, purposes, retention periods, and how to withdraw consent, are available in our Cookie Policy.
We may amend this Privacy Policy from time to time to reflect changes in our operations, applicable laws, or regulatory guidance. Any material changes will be communicated through our website and, where legally required, we will seek your consent before such changes take effect.
The “Last Updated” date at the top of this Policy will indicate when it was most recently revised. We encourage you to review this Policy periodically to remain informed about how we process and protect your personal data.
Should you have any questions, requests, concerns, or complaints regarding the processing of your information, or if you would like to request the deletion of your data from our databases, report a personal data breach, or discuss any other matter, please feel free to contact us using any of the contact methods listed below:
Bits Orchestra LLC
255 S Orange Avenue, Suite 104-1075, Orlando, Florida 32801
Email: info@bitsorchestra.com
If you are based in Ukraine and wish to contact our office in Ukraine, you can reach them using the following contact details:
Bits Orchestra LLC
Address: Vulytsya Andreya Sheptytsʹkoho, 3, Zymna Voda, Lviv Oblast, 81110
Email: info@bitsorchestra.com