General Data Protection Regulation

Data Protection Goals

HeyOrca Inc takes the protection of personal data very seriously and formulates the following data protection goals by the company management. This defines the basic orientation of HeyOrca Inc towards compliance with the General Data Protection Regulation. In particular, it is stated that compliance with legal regulations takes precedence over business requirements.


Fairness and Legality

When personal data is processed by the HeyOrca Inc, the right of the data subject to his or her data is to be safeguarded. Personal data should be lawfully collected and processed.

Processing Purpose

The processing of personal data is intended solely to pursue the purposes defined prior to the collection of the data. Subsequent changes to the purposes are only possible to a limited extent and require justification.


The person concerned should be informed about the handling of his data. In principle, personal data must be collected from the data subject himself. When collecting the data, the data subject should be able to recognize at least the following or be informed accordingly about:

  • the identity of the responsibleparty
  • the purpose of dataprocessing
  • the periods for which the documents are to bekept
  • third parties or categories of third parties to whom the data may be

Data Avoidance and Data Minimization

Before personal data is processed, it should be checked whether and to what extent this is necessary in order to achieve the purpose for which it was processed. If it is possible to achieve the purpose and the effort is proportionate to the intended purpose, anonymised or statistical data must be used. Personal data should not be retained for potential future use unless required or permitted by state law.


Personal data that is no longer required after the expiry of legal or business process related retention periods should be deleted. If, in individual cases, there are indications of interests worthy of protection or of a historical significance of this data, the data must remain stored until the interest worthy of protection has been legally clarified.

Factual Correctness

Personal data must be stored correctly, completely and – if necessary – up to date. Appropriate measures shall be taken to ensure that inaccurate, incomplete or outdated data is deleted, corrected, supplemented or updated.

Confidentiality and Data Security

The data secrecy applies to personal data. They must be treated confidentially in personal contact and protected against unauthorized access, unlawful processing or disclosure, as well as accidental loss, alteration or destruction by appropriate organizational and technical measures.


All managers and employees of HeyOrca Inc undertake to pursue these goals of data protection and to observe the basic data protection regulation and support the data protection strategy to the best of their ability.

To ensure data protection, HeyOrca Inc relies on technical and organisational measures, privacy by design and default, risk management, training and other procedures that are still being developed.