ORBITby DYNAMOHOLE SRL

Privacy Notice

Last updated: 10 June 2026

ORBIT is a private, invite-only supplier portal operated by DYNAMOHOLE S.R.L. This notice explains how we process the personal data of the people who use it — our team members and the representatives of our suppliers and freight forwarders.

1. Data controller

DYNAMOHOLE S.R.L., Via Bernardo Quaranta 45, 20139 Milano (MI), Italy — VAT 12628560968.
Privacy contact: privacy@dynamohole.com.

2. What we process

  • Account & profile: name, work email, phone, job title, profile photo, and your company & role.
  • Authentication & security: sign-in credentials (handled by our authentication provider), two-factor authentication, and security logs including IP address, browser/user-agent, device information and sign-in events.
  • Activity: an audit log of the actions you take in the portal, for security and traceability.
  • Communications: messages you post in order/RFQ threads, and the service emails we send you.
  • Business records you enter or upload: RFQs, quotes, purchase orders, payments, SKUs, forecasts and documents (e.g. invoices, packing lists), which may contain personal data such as contact names.

3. Why we process it, and our legal basis

  • To operate the portal and run the supply-chain workflow between DYNAMOHOLE and its suppliers/forwarders — performance of a contract and our legitimate interest in running our business (Art. 6(1)(b)/(f) GDPR).
  • To authenticate users and keep the service secure, including mandatory two-factor authentication and audit logs — our legitimate interest in security (Art. 6(1)(f)).
  • To send service notifications — legitimate interest / performance of the contract.
  • To comply with legal obligations, e.g. accounting and tax record-keeping (Art. 6(1)(c)).

4. Cookies

ORBIT uses only strictly-necessary and functional cookies: session cookies that keep you signed in, and a cookie that remembers your language preference. We do not use advertising or third-party analytics/tracking cookies, so no cookie-consent banner is required.

5. Who we share it with

We use the following processors, who act on our instructions under data-processing agreements:

  • Supabase — database, authentication and file storage (hosted in the EU).
  • Brevo — transactional email (EU).
  • Vercel — application hosting (United States).
  • Anthropic — AI assistance to read uploaded trade documents, only when that feature is used (United States).

We also exchange order data with our own internal operations system, operated by DYNAMOHOLE. Transfers to the United States are protected by the European Commission’s Standard Contractual Clauses. We do not sell personal data.

6. Retention

We keep account and business data for as long as the relationship with your company is active, and thereafter for the periods required by law (e.g. accounting/tax). Security and audit logs are kept for a limited period appropriate to their security purpose.

7. Security

Access is invite-only with mandatory two-factor authentication. Data is isolated per company at the database level (row-level security), encrypted in transit, and access is restricted by role.

8. Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your personal data, and to data portability. To exercise these rights, contact privacy@dynamohole.com. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, garanteprivacy.it).

9. Changes

We may update this notice; the “last updated” date above reflects the current version.