Privacy Policy
Stone Orca LLC
1.Introduction & Scope
This Privacy Policy describes how Stone Orca LLC (“Stone Orca,” “we,” “us,” or “our”) collects, uses, stores, and discloses personal data in connection with the website located at stoneorca.com (the “Website”) and any related digital properties operated by Stone Orca LLC.
Stone Orca LLC is a limited liability company registered in the State of Wyoming, United States, with operational presence in both the United States and the European Union (Ireland). This policy applies to all visitors and users of the Website regardless of geographic location and is designed to meet the requirements of applicable data protection legislation, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and applicable US federal data protection standards.
2.Data Controller
For the purposes of the GDPR and applicable EU data protection law, the data controller for personal data collected through this Website is:
Stone Orca LLC is responsible for determining the purposes and means of processing personal data collected through this Website and is accountable for ensuring such processing complies with applicable data protection obligations.
3.Personal Data We Collect
We collect and process the following categories of personal data (“Personal Data”) in connection with your use of the Website:
3.1 Data Submitted via Contact Form
When you submit an inquiry through our contact form, we collect the following information that you voluntarily provide: your name, email address, company or organisation name (optional), and the content of your message. This data is collected solely for the purpose of receiving and responding to your inquiry.
3.2 Technical Data Collected Automatically
When you access the Website, our hosting infrastructure automatically collects certain technical data, including: your IP address, browser type and version, operating system, referring URL, pages viewed, access timestamps, and request metadata. This data is collected through standard server logging mechanisms inherent to our hosting infrastructure.
3.3 Data We Do Not Collect
We do not collect sensitive or special category data as defined under Article 9 of the GDPR. We do not deploy cookies for tracking or advertising purposes. The Website uses only essential technical cookies strictly necessary for site functionality. We do not operate user accounts, process payments on-site, or employ analytics tracking tools, advertising pixels, or social media integration scripts.
4.Lawful Basis for Processing (GDPR)
In accordance with Article 6 of the GDPR, we process Personal Data on the following lawful bases:
Contact form submissions
Legitimate interest (Article 6(1)(f)) in receiving and responding to business inquiries directed to us, and where applicable, consent (Article 6(1)(a)) given at the point of submission. Our legitimate interest in processing contact form data is the evaluation of potential business relationships and the provision of requested information. We have assessed that this interest is not overridden by the rights and freedoms of data subjects, given the limited nature of data collected and its direct relevance to the inquiry initiated by the data subject.
Technical and server log data
Legitimate interest (Article 6(1)(f)) in maintaining the security, integrity, and performance of the Website, detecting and preventing malicious activity, and ensuring operational stability of our digital infrastructure.
5.How We Use Your Data
Personal Data collected through the Website is processed for the following purposes: responding to inquiries and correspondence submitted through the contact form; evaluating potential business and contractual relationships; monitoring and maintaining the security, availability, and performance of the Website; detecting, investigating, and preventing unauthorised access or malicious activity; and compliance with applicable legal and regulatory obligations.
We do not use Personal Data for automated decision-making or profiling as defined under Article 22 of the GDPR.
6.Data Sharing & Third Parties
Stone Orca LLC does not sell, rent, lease, or trade Personal Data to any third party. We do not share Personal Data with advertising networks, data brokers, or social media platforms.
Personal Data may be disclosed to the following categories of recipients, acting as data processors or otherwise, solely to the extent necessary for the purposes described in this policy:
- Hosting infrastructure provider - Vercel Inc. (United States), which provides the hosting environment for the Website and processes technical data as part of standard infrastructure operations.
- Form processing service provider - A third-party service provider that facilitates the transmission and delivery of contact form submissions.
- Professional advisors - Legal counsel, accountants, and auditors retained by Stone Orca LLC, where disclosure is necessary for the provision of professional services or to comply with legal obligations.
- Law enforcement and regulatory authorities - Where we are legally compelled to disclose Personal Data by court order, subpoena, statutory obligation, or other lawful process.
All third-party processors engaged by Stone Orca LLC are bound by contractual obligations to process Personal Data only on our instructions and in accordance with applicable data protection legislation.
7.International Data Transfers
Stone Orca LLC is headquartered in the United States and the Website is hosted on US-based infrastructure. Personal Data collected from individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland may be transferred to and processed in the United States.
Where such transfers occur, we ensure that appropriate safeguards are in place to provide an adequate level of protection for Personal Data as required by Chapter V of the GDPR. These safeguards include, as applicable: reliance on the EU-US Data Privacy Framework for transfers to certified US organisations; Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with sub-processors that receive EEA-origin data; and supplementary technical and organisational measures where necessary to ensure the effectiveness of the transfer mechanism.
Stone Orca LLC is committed to ensuring that international transfers of Personal Data meet the requirements of applicable data protection law and that data subjects' rights are not diminished as a result of such transfers.
8.Data Retention
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, subject to any overriding legal, regulatory, or contractual retention requirements.
Contact form submissions
Retained for a period of twenty-four (24) months from the date of last interaction, unless a business or contractual relationship is established, in which case retention is aligned with the duration of that relationship and any applicable legal or contractual retention obligations.
Server and access logs
Retained for a maximum of ninety (90) days for security monitoring and operational purposes.
Upon expiration of the applicable retention period, Personal Data is securely deleted or irreversibly anonymised.
9.Your Rights
9.1 Rights Under the GDPR (EEA Data Subjects)
If you are located in the European Economic Area, you are entitled to the following rights under the GDPR, subject to applicable conditions and exceptions: the right of access to your Personal Data and information about how it is processed (Article 15); the right to rectification of inaccurate or incomplete Personal Data (Article 16); the right to erasure of your Personal Data in specified circumstances (Article 17); the right to restriction of processing in specified circumstances (Article 18); the right to data portability, receiving your Personal Data in a structured, commonly used, and machine-readable format (Article 20); the right to object to processing based on legitimate interest (Article 21); and the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal.
You also have the right to lodge a complaint with a supervisory authority. Given Stone Orca LLC's operational presence in Ireland, the relevant supervisory authority is the Irish Data Protection Commission, contactable at dataprotection.ie.
9.2 Rights Under the CCPA/CPRA (California Residents)
If you are a California resident, you may be entitled to the following rights under the CCPA as amended by the CPRA: the right to know what Personal Data we have collected about you and how it has been used, disclosed, and shared; the right to request deletion of your Personal Data, subject to certain exceptions; the right to opt-out of the sale or sharing of Personal Data - Stone Orca LLC does not sell or share Personal Data as defined under the CCPA/CPRA, and therefore no opt-out mechanism is required; and the right to non-discrimination for exercising your privacy rights.
9.3 Exercising Your Rights
To exercise any of the rights described above, submit a written request to hello@stoneorca.com. We will verify your identity before processing any request and will respond within thirty (30) days for requests made under the GDPR and within forty-five (45) days for requests made under the CCPA/CPRA, in each case subject to any permitted extensions under applicable law.
10.Security
Stone Orca LLC implements appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful access, alteration, disclosure, destruction, or accidental loss. These measures are reviewed and updated periodically to reflect changes in technology, threat landscape, and operational requirements.
Where Stone Orca LLC engages with clients subject to federal data protection and information security requirements, we maintain compliance with applicable standards and contractual obligations governing the handling of controlled or sensitive information.
While no method of electronic transmission or storage is entirely without risk, we are committed to maintaining a security posture commensurate with the sensitivity of the data we process and the expectations of our clients and partners.
11.Children's Privacy
This Website and the services offered by Stone Orca LLC are not directed at individuals under the age of sixteen (16). We do not knowingly collect Personal Data from children under the age of thirteen (13) as defined under the Children's Online Privacy Protection Act (COPPA), or under the age of sixteen (16) as applicable under the GDPR. If we become aware that Personal Data has been collected from a child below the applicable age threshold, that data will be deleted promptly. If you believe that such data has been submitted to us, contact us at hello@stoneorca.com.
12.Changes to This Policy
Stone Orca LLC reserves the right to modify or update this Privacy Policy at any time. Where material changes are made, the “Last Updated” date at the top of this document will be revised and the version number incremented accordingly. Continued use of the Website following the publication of changes constitutes acceptance of the revised policy. We encourage you to review this policy periodically.
13.Governing Law
This Privacy Policy and any dispute arising out of or in connection with it shall be governed by and construed in accordance with the laws of the State of Wyoming, United States, without regard to its conflict of laws provisions. Nothing in this policy is intended to, or shall, limit or override the mandatory provisions of EU/EEA data protection law, including the GDPR, as applicable to data subjects located in those jurisdictions.
14.Contact
For questions, requests, or complaints regarding this Privacy Policy or our data processing practices, contact us at:
Stone Orca LLC
Email: hello@stoneorca.com
We aim to resolve all inquiries and complaints promptly and in accordance with applicable legal timeframes.