Orizon Logo

Table of Contents

Orizon SSO Privacy Policy

Last updated: June 2025

1. Introduction

This Privacy Policy applies to the Orizon SSO (Single Sign-On) authentication service provided by Orizon S.r.l. It describes how we collect, use, disclose, and protect your personal data when you access Orizon services through our SSO portal. This policy supplements our general website privacy practices and is designed to comply with the EU General Data Protection Regulation (GDPR) and the NIS 2 Directive.

2. Personal Data We Process

When you access Orizon services via SSO, we collect the following types of personal data:

Full name
Email address
Organization & identity provider
Unique identifiers
IP address & device data
Authentication timestamps

3. Purposes of Processing

We process your personal data for the following purposes:

Securely authenticate and authorize user access
Enable federated login across Orizon services and partner applications
Audit access events for compliance and security investigations
Detect, mitigate, and prevent security threats including account compromise
Fulfill statutory compliance requirements including those under the NIS 2 Directive

4. Legal Bases for Processing

Our processing is based on the following lawful grounds:

Performance of a contract

(Art. 6(1)(b) GDPR): to provide users with secure access to our systems

Legitimate interests

(Art. 6(1)(f) GDPR): to maintain service security and performance

Legal obligations

(Art. 6(1)(c) GDPR): where security logs must be kept for auditing

Consent

(Art. 6(1)(a) GDPR): when accessing optional user profile data via third-party identity providers

5. Data Sharing

We may share your personal data with:

Your organization (if the login is federated)
Trusted identity providers used for login (Google, Microsoft, etc.)
Orizon's internal systems for access control, compliance logging, and SOC visibility
Regulatory authorities upon lawful request or incident reporting requirements under NIS 2

6. Data Retention

Authentication Logs

Retained for 12 months for audit, security, and legal compliance

Identity Metadata

Retained for up to 3 years following the last access, unless subject to a legal hold

Profile Data

Retained for the session duration unless explicitly saved by the user

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data:

TLS encryption for all data in transit
Role-based access control
Log integrity and tamper detection
Real-time monitoring via SOC
Multi-factor authentication (MFA) enforcement for privileged roles

8. Data Subject Rights

Under GDPR, you have the right to:

Access your personal data
Rectify incorrect or incomplete data
Erase your data (right to be forgotten)
Restrict or object to processing
Request data portability
File a complaint with supervisory authority

To exercise your rights, please contact [email protected].

9. International Data Transfers

EU Data Processing

Orizon primarily stores and processes your data in the European Union. If any transfers occur to third countries, we ensure they are protected by Standard Contractual Clauses or adequacy decisions under GDPR.

10. Updates

Policy Updates

We may update this privacy policy from time to time. You will be notified of any material changes. The latest version is always available at https://orizon.one/sso-privacy

Orizon

Leading European cybersecurity company protecting organizations with advanced security solutions.

LinkedInYouTubeGitHub

Navigation

WebsitePartner AreaContent Portal

Legal & Compliance

Privacy PolicyTerms & ConditionsISO 9001:2015ISO 27001:2022

Contact Info

Italy HQ
Via Cefalonia 70, 25124
Brescia (BS), Italy
+39 030 0946 499
[email protected]

© 2025 Orizon S.R.L. All rights reserved.