Your data, on the record.

This site is operated by Niklas Lindahl, founder of Orion Primis, based in Milan, Italy ("we", "us"). We act as the data controller for the personal data described in this notice.

The fastest way to reach us about anything in this notice, including any GDPR request, is through our contact form.

We only collect what you choose to share with us, and the minimum technical data needed to serve the site.

• Contact form submissions. Name, company, role, email, the practice area you selected and the message you write.
• Email correspondence. If you email us directly, we receive the content of that email and your address.
• Technical data. Standard server logs (IP address, user agent, timestamps) generated when your browser requests pages, used to operate and secure the site.

We do not run third party analytics, advertising pixels or behavioural tracking on this site.

• To reply to your enquiry and discuss a potential engagement. Lawful basis: steps taken at your request prior to entering a contract (Art. 6(1)(b) GDPR).
• To stay in touch about that enquiry over time. Lawful basis: our legitimate interest in following up on direct, professional outreach (Art. 6(1)(f) GDPR).
• To operate and secure the site, prevent abuse, and meet legal obligations. Lawful basis: legitimate interest and legal obligation (Art. 6(1)(f) and (c) GDPR).

We do not sell your data. We do not use it for advertising. We do not enrich it from third party data brokers.

Contact form submissions are retained until you ask us to delete them, or until we determine the lead is no longer relevant. Server logs are kept for a short technical window required to investigate errors and abuse, then rotated out.

Access is limited to the founder and any senior partner directly working on the prospective engagement. We use a small number of trusted processors to actually run the service:

• Lovable Cloud (powered by Supabase) for database hosting and form storage, with data processed in the EU.
• Our DNS, hosting and CDN provider for serving the site itself.

These providers act as our processors under written terms and may only handle your data on our instructions.

We prefer EU based processing. Where any processor unavoidably transfers data outside the EEA, that transfer is covered by Standard Contractual Clauses or an equivalent GDPR transfer mechanism.

Under the GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct it if it is wrong or out of date.
• Ask us to delete it.
• Object to or restrict certain processing.
• Receive a copy in a portable format.
• Lodge a complaint with your local supervisory authority (in Italy, the Garante per la protezione dei dati personali).

To exercise any of these, please use the contact form and tell us what you want done. We will respond within 30 days.

We use only strictly necessary cookies and browser storage required for the site to function. See our Cookie Policy for the full breakdown.

We may update this notice as the business or the law evolves. Material changes will be reflected on this page with a new effective date.

Last updated: 29 June 2026.