Privacy Policy for Low Orbit

Effective from: 2026-05-01

1. Introduction

This privacy policy explains how Low Orbit AB, reg. no. 559043-5565 ("Low Orbit", "we", "us"), processes personal data in connection with client assignments, projects, business relationships, communications and the provision of our creative and consulting services.

Low Orbit provides creative services, including art direction, concept development, design advisory and related consulting services. As part of our work processes, we may use AI-based tools.

2. Data Controller and Contact Details

Low Orbit AB is the data controller for the processing of personal data carried out for our own business purposes, such as client communications, contract administration, invoicing, marketing, supplier management and internal operations.

Contact details:

Email: contact@loworbit.se

Where we process personal data solely on behalf of a client and under that client's documented instructions as part of an assignment, we act as a data processor rather than a data controller. In such cases, the processing is governed by the applicable client agreement and, where required by law, a separate data processing agreement.

3. Categories of Personal Data We Process

We may process the following categories of personal data:

3.1 Contact and identity data

Name, email address, telephone number, job title, employer and other business contact details.

3.2 Customer and project data

Information relating to inquiries, quotes, orders, assignments, projects, briefs, feedback, approvals, timelines and deliverables.

3.3 Payment and invoicing data

Billing contact details, invoice address, company details, payment references, payment status and other data necessary to administer payment and accounting. Payment card or bank details are normally handled by external payment or banking providers.

3.4 Communications

Information contained in emails, messages, meetings, calls and other correspondence with us.

3.5 Technical and usage-related data

Technical data needed to operate, maintain, troubleshoot and secure our website, systems, shared resources and business operations, such as IP address, browser information, timestamps, device-related data and log information.

3.6 Client materials and project content

Materials shared with us in connection with an assignment, such as text, images, audiovisual material, brand assets, references, briefs and other project content. Such material may sometimes contain personal data.

We do not intentionally request sensitive personal data. If such data is included in materials shared with us, we will seek to limit its use and process it only as necessary for the relevant purpose and in accordance with applicable law.

4. How We Collect Personal Data

We collect personal data:

  • directly from you,
  • from your employer, colleagues or representatives in connection with an assignment or business relationship,
  • from our communications with you,
  • through the use of our website, systems or shared project resources,
  • and, to a limited extent, from public sources such as company websites or public registers where relevant for business contact or verification purposes.

5. Purposes and Legal Bases for Processing

We process personal data for the following purposes and on the following legal bases:

5.1 To manage inquiries and business relationships

We process personal data to respond to inquiries, prepare proposals, manage client and supplier relationships and communicate with relevant contact persons.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR).

5.2 To enter into and perform contracts

We process personal data to administer quotes, orders, assignments, projects, deliverables, approvals and related communications, and to provide our creative and consulting services.

Legal basis: Contract (Article 6(1)(b) GDPR), or legitimate interest (Article 6(1)(f) GDPR) where the data relates to business representatives rather than the contracting party itself.

5.3 To administer invoicing, accounting and legal compliance

We process personal data to issue invoices, manage payments, maintain accounting records and fulfil obligations under applicable law.

Legal basis: Legal obligation (Article 6(1)(c) GDPR).

5.4 To maintain, protect and improve our operations

We process personal data for security, troubleshooting, backup, internal administration, documentation, quality assurance and improvement of our workflows and business operations.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR).

5.5 To send marketing and business updates

We may process personal data to send news, updates, offers, case-related communications or other marketing to existing or potential business contacts where permitted by law.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR), and where required by law, consent (Article 6(1)(a) GDPR).

You may object to direct marketing at any time.

6. AI Tools and Personal Data

As part of our creative and consulting services, we may use AI-based tools for purposes such as ideation, structuring, concept development, drafting, visual exploration, layout support and similar workflow support.

When using AI-based tools, we seek to minimize the inclusion of personal data and avoid submitting personal data unless this is necessary for the relevant assignment or otherwise justified.

We do not use client materials containing personal data to train our own general-purpose AI models or for the benefit of other clients unless this has been expressly agreed in writing.

Where external AI providers process personal data on our behalf, we seek to ensure that appropriate contractual, technical and organizational safeguards are in place, including data processing agreements where required.

If a client wants us to avoid using AI tools for specific materials or categories of content, this should be agreed in writing in the relevant order, assignment or other project documentation.

7. Recipients of Personal Data

We may share personal data with the following categories of recipients where relevant:

  • IT, hosting, cloud, email and collaboration service providers,
  • suppliers of project management, productivity, design, storage, security, analytics or AI tools,
  • invoicing, payment, accounting and banking providers,
  • professional advisers such as lawyers, accountants and auditors,
  • public authorities, courts or regulators where required by law or official decision,
  • and other service providers engaged in connection with our business operations or delivery of assignments.

Some recipients act as data processors on our behalf, while others act as independent data controllers.

We do not sell personal data.

8. Transfers Outside the EU/EEA

Personal data may, in some cases, be transferred to or accessed from countries outside the EU/EEA, for example through cloud, collaboration or AI service providers.

Where such transfers take place, we seek to ensure that they are carried out in accordance with applicable data protection law by relying on lawful transfer mechanisms such as:

  • an adequacy decision by the European Commission, or
  • the European Commission's standard contractual clauses together with supplementary safeguards where appropriate.

More information about relevant transfers may be provided upon request, where appropriate.

9. Retention of Personal Data

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law or is necessary to establish, exercise or defend legal claims.

As a general rule:

  • client and project-related data is retained during the assignment and normally for up to twenty-four (24) months thereafter,
  • invoicing, payment and accounting data is retained for as long as required under applicable accounting and tax legislation,
  • technical logs and security-related data are retained for as long as relevant for security, troubleshooting, documentation and operational needs,
  • and marketing-related data is retained until you object, withdraw consent where applicable, or the data is no longer relevant for the purpose.

We may delete or anonymize data earlier where it is no longer needed.

10. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration and unlawful processing.

Such measures may include:

  • access controls and role-based permissions,
  • password protection and authentication controls,
  • encryption where appropriate,
  • logging, backup and recovery procedures,
  • internal routines for handling incidents and security-related events,
  • and limitation of access to personal data to those who need it for relevant purposes.

11. Your Rights

Under applicable data protection law, you may have the right to:

  • request access to personal data we process about you,
  • request rectification of inaccurate or incomplete data,
  • request erasure of your personal data in certain circumstances,
  • request restriction of processing in certain circumstances,
  • object to processing based on legitimate interest,
  • object at any time to processing for direct marketing,
  • and request data portability where applicable.

If you wish to exercise any of your rights, please contact us at:

Email: contact@loworbit.se

We may ask you to verify your identity before acting on your request.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) if you believe that our processing of your personal data infringes applicable law.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time.

The latest version will be made available through our usual channels, such as our website or upon request. Where required, we will inform relevant individuals of material changes in an appropriate manner.

The effective date of the current version is stated at the top of this policy.