This notice describes how Orchestratum AI processes personal data in our direct outbound email programme to senior corporate buyers. It complements our general privacy policy at orchestratum.ai.
Who we are
Orchestratum AI is the trading name of the company operating the Orchestratum platform. Contact for privacy enquiries: customer@orchestratum.ai.
What data we process
Your work email address (corporate; never personal Gmail / Hotmail / Yahoo).
Your first name, last name, and job title.
Your employer's name, sector classification, and employee count band.
Engagement signals once outreach begins: opens, clicks, and replies.
Where we got it
Verified work-email providers (e.g. Prospeo) using publicly available corporate email patterns.
LinkedIn Sales Navigator — read-only public profile fields (title, employer). We do not message you on LinkedIn.
UK Companies House and equivalent EU public registers.
Public regulator publications (FCA, PRA, ECB, SEC, EMA, HESA, OfS, and similar).
Company websites, conference speaker lists, and earnings-call transcripts — all public.
Why we process it (lawful basis)
Legitimate interest under UK GDPR Article 6(1)(f) (and the equivalent provision under EU GDPR). The legitimate interest is the introduction of a relevant compliance-training capability to senior corporate buyers whose roles plausibly benefit from awareness of it. Our internal Legitimate Interest Assessment (LIA v1.0, 2026-05-27) documents the purpose, necessity, and balance test per the Information Commissioner's Office published framework.
The B2B work-email exception under UK PECR applies. We never email personal addresses; we only contact corporate subscribers.
How long we keep it
Lead records remain while engagement signals are warm. If you do not engage with three emails, we drop your record from the active sequence for at least twelve months.
If you unsubscribe or otherwise ask us to stop, we keep a minimal suppression record permanently — solely to ensure we do not contact you again.
If you ever interact with our chatbot, transcripts are retained for 18 months from the conversation end, then auto-deleted.
Your rights
Under UK GDPR and EU GDPR you have the right to:
Unsubscribe. Reply to any email of ours with the word unsubscribe, or use the List-Unsubscribe header your mail client surfaces. Unsubscribe is permanent and global across all our outbound.
Object to the processing.
Request a copy of the data we hold about you (subject access request).
Have your data corrected if inaccurate.
Have your data erased ("right to be forgotten") — we will delete all Lead records, engagement signals, and chatbot transcripts matching you.
Complain to your supervisory authority (the ICO in the UK, or the equivalent in your EU member state).
All rights requests: customer@orchestratum.ai. We acknowledge within five working days and complete within 30 days.
What we do NOT do
We do not send to US recipients (no CAN-SPAM / CCPA coverage).
We do not collect special-category data.
We do not share your data with third parties for marketing.
We do not use tracking pixels in our email body content. Our analytics on landing-page visits use Umami (cookieless, GDPR-clean), tied to a per-prospect URL token, not to your email or any cookie that follows you between sites.