Privacy Policy



About Us.

Orreco Limited (“Orreco”) is a private company limited by shares incorporated in Ireland with company number 478047 and having a registered office at Unit 103, Research and Innovation Centre, NUI Galway, Newcastle Road, Galway (“we”/ “us”). We provide sports data analytics products and services to generate insights and inform personalised strategies to optimise athletes’ training and recovery (the“Services”).

About our Privacy Policy.

We respect your right to privacy and take seriously our responsibilities in relation to the processing of personal data. We do not collect or process personal data unnecessarily.

This privacy policy (the “Policy”) sets out important information about your rights in relation to the processing of your personal data, and the basis on which any personal data we collect from you, or that you provide to us, will be processed in connection with your use of the Orreco Services. We do not knowingly attempt to solicit or receive information from children.

Our Role as a Data Processor.

Under this Policy, and unless we have entered into a different agreement with you, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) as the“processor” of the personal data you provide to us. 


We will collect and process the following data about you for the following purposes:

Information you give us.

This is information about you that you give us when using Orreco products and services. The information may include:

The information you give us may include:

  • Identity Data: data about you, including your full name and e-mail address
  • Health Data: data about your health status, including wellness indicators and symptoms.

Information we may receive about you from other sources.

  • Lab Data: data from testing and reports (including data concerning health) from external laboratories or other clinics you may choose to visit to conduct these tests.
  • Wearables Data: data collected from wearable devices (i.e. heart rate, heart rate variability, sleep, activity, movement) that you authorise to share with us.


We will only use your personal information in compliance to applicable data protection legislation including but not limited to General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Health Insurance Portability and Accountability Act (“HIPAA”). 

Most commonly, we will use your personal data in the following circumstances:

  • To perform the Services.
  • To comply with a legal or regulatory obligation in the territories where the information is processed.

We have set out below, in table format, a description of the ways we plan to use your personal data and the legal basis we rely only to do so. We have also identified our legitimate interests where appropriate:

Type of data
Legal basis for processing
To respond to your queries and to provide you with the information you request from us in relation to our Services.
• Identity Data
Performance of the Services.

To provide you with information about Services we offer that are similar to those that you have inquired about.
• Identity Data
Necessary for legitimate interests to develop our Services and grow our business.
To provide the Services to you.
• Identity Data
• Health Data
• Lab Data
Performance of the Services
To share information with your governing body, coaches, team, league or advisors.
• Identity Data
• Health Data
• Lab Data
• Performance of the Services
• With explicit Consent
To manage our relationship with you, including notifying you about changes to the Services or our Privacy Policy.
• Identity Data
• Performance of the Services
• Necessary to comply with a legal obligation
To improve our Services and develop our business, including troubleshooting, data analysis, statistical, testing, survey, research, marketing and recruiting purposes.
• Identity Data
• Necessary for legitimate interests in running our business and  as part of our efforts to ensure the quality and security of our Services

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

How long we keep your information.
We will only retain your personal data for as long as necessary to fulfil the purposes for which we have collected it, including for the purposes of satisfying any legal, accounting, contractual, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For more information about our data retention policies please contact us at


We do not sell your personal information to third parties for marketing purposes. We may disclose information to third parties if you consent to us doing so as well as in the following circumstances:

You agree that we have the right to share your personal information with the following recipients or categories of recipients:

Any department or authorised person within our company or any member company within our group, which means any subsidiary or holding company within the meaning of sections 7and 8 of the Companies Act 2014.

We will disclose your personal information to third party recipients:

• For the purposes of supplying our Services;

• If all or substantially all of our business or assets are acquired by or transferred to a third party whether in the event of a merger, reorganisation, transfer of undertakings, receivership, liquidation or other winding up or any other similar circumstances, in which case personal data held by us will be one of the transferred assets;

• If we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or any other applicable laws, regulations or agreements;

• To protect our rights, property and safety and that of our customers, or others. This includes exchanging information with other companies and organisations for the maintenance and security of our Services.


PersonalData may be transferred to our trusted partners and service providers who maintain their servers outside of your jurisdiction. This is only for the purposes of providing, and to the extent necessary to provide, the Services to you. Orreco will ensure that such data transfers have adequate security measures in place to safeguard and maintain the integrity of your personal data on transfer.


For more information about this and the safeguards in place relating to the transfer, please contact us by email at 


Orreco maintains appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your personal data is strictly provided on a business need-to-know basis and subject to a duty of confidentiality.  Processing of your personal data is conducted in accordance with specific, direct instructions.

 We have put in place procedures to manage a suspected breach of your personal data and will notify you and other authorities, as appropriate, of such a breach in accordance with our obligations as established by applicable data protection legislation (including GDPR, and HIPAA).



Accessing your Personal Data.

You may request access at any time to a copy of your personal data. Any such request should be submitted to us in writing and sent to We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested.

There is usually no charge applied to access your personal data. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee.

Right of Restriction. 

You may restrict us from processing your personal data in any of the following circumstances:

ou have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;

• you have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;

• the processing of your personal data is unlawful and you request the restriction of use of the personal data instead of its erasure;

• we no longer require your personal data for the purpose of processing but you require this data for the establishment, exercise or defence of legal claims; or

• where you have contested the processing pending the verification of our legitimate grounds.


Corrections or Erasure (Right to Rectification and Right to Be Forgotten).

If we hold personal data concerning you which are no longer necessary for the purposes for which they have been collected or if you withdraw consent for us to process your personal data, you can request the deletion of such personal data. This right, however, will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health. If the personal information we hold about you is inaccurate, you may request to have your personal information updated and corrected. To do so at any time, please contact us by email at


Your Right to Object. 

You have the right to object to the processing of your personal data at any time. To exercise your right to object at any time, please email


Data Portability. 

Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.


Personal Rights.

The rights described in this Privacy Policy are personal rights and are exercisable only by the individual person (or data subject) concerned.  



Our Services may contain links to other websites not controlled or operated by Orreco. These links do not imply that we endorse these third-party sites. We recommend reviewing those sites directly for information on their privacy and cookie policies.



This Cookies Policy explains how Orreco uses cookies and similar technologies. Whenever you use Orreco’s website or visit a website, information may be collected through the use of cookies and similar technologies.


Use of Cookies

“Cookies” are small text files that are placed onto your computer by websites that you visit. They are used to make websites work, to improve their efficiency, to improve the user’s experience, and to provide website usage information. This information should make website visits more productive by storing and using information on your website preferences and habits.


Your web browser can choose whether to accept cookies. Most web browser software is initially set up to accept them. We may offer cookies to you and you should ensure that your web browser is set up to not accept cookies if you do not wish to receive them.

How can I block and/ or delete cookies?

Use the options in your web browser if you do not wish to receive a cookie or if you wish to set your browser to notify you when you receive one. You can easily delete any cookies that have been installed in the cookie folder of your browser. Please note that if you disable cookies, some services or website functionality may not be available.

 By using your browser controls, you are always in control of the cookies we store and access on your computer. More information on how to control cookies and limit personal data processing can be found at


We use the following cookies:

Strictly necessary cookies

These cookies are essential to our website’s basic function and enable services you request. Without these cookies, your experience on our site will be limited.


Functional cookies

These cookies allow the website to remember choices you make and enhance functionality. Your experience on our site will be improved with these cookies enabled.


Performance cookies

These cookies gather data on how you interact with our website. All data collected is anonymized and used only to improve our website and products.




Any changes made to this Policy from time to time will be published on Orreco websites and products. 




Contact Us. If you have any questions or complaints relating to this Policy, please contact us at:


Orreco Limited

Unit 103

Research and Innovation Centre

NUI Galway

Newcastle Road



Supervisory Authority. 

We are committed to complying with the terms of GDPR and other data protection legislation across the world and to the processing of personal data in a fair, lawful and transparent manner. If, however, you believe that we have not complied with our obligations under GDPR, you have the right to lodge a complaint with the Data Protection Commission in Ireland.


Effective date of this Policy: November 2021


Do you have a question? Contact us now!

Contact Us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.