Last updated: October 24, 2023

Privacy Policy

Thank you for using Negotiatus Corp. d/b/a Order.co (“Order.co”). We are committed to protecting your privacy and, for that reason, we have adopted this Privacy Policy to explain our data collection, use, and disclosure practices for the Order.co services (including the https://www.order.co/home/ website, and mobile and web-based applications, and any other tools, products, or services provided by Order.co that link to or reference this Privacy Policy) (collectively, the “Services”). The Services are owned and operated by Order.co, a Delaware Corporation (“we”, “us” or “our”).

If you reside in a country in the European Economic Area or in Switzerland, please click here to learn more about your privacy rights. To the extent that there is a conflict between this Privacy Policy and the Privacy Notice for European Residents, the Privacy Notice for European Residents will prevail with respect to European Residents (as defined below) only.

This Privacy Policy applies to information Order.co collects through the Services, as well as other information provided to us online or offline by third parties, when we associate that information with customers or users of the Services; however, it does not apply to information collected from our employees, contractors, or vendors. It also does not apply to information that you ask us to share with third parties or that is collected by certain other third parties whose software or services are featured or included in the Services (as further described below).

This Privacy Policy describes, among other things:

  • Personal and other information we collect about you;
  • How we use your information;
  • How we may share your information with third parties; and
  • Your choices regarding the personal information we collect about you.

This Privacy Policy has been compiled to better serve those who are concerned with how their Personal Information (as defined below in Section 2) is being used online. Please read our Privacy Policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personal Information in accordance with our Services.

1. Consent

By accessing or using the Services, you consent to this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Services. Information gathered through the Services may be transferred, used, and stored in the United States or in other countries where our service providers or we are located. If you use the Services, you agree to the transfer, use, and storage of your Personal Information (as defined below) in those countries. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. You agree that all transactions relating to the Services or Order.co are deemed to occur in the United States, where our servers are located.

2. Collection of Your Personal and Other Information

When you order or register for or use our Services, we collect Personal Information. By “Personal Information” we mean information that can identify or reasonably be linked to an individual, such as:

  • Names;
  • Email addresses;
  • Personal or business mailing address;
  • Credit card information (which you submit for payment purposes and which is collected by our third party payment gateway service providers (such as Stripe, Inc., Lithic, Inc. or Apto Payments Inc. ); and
  • Information contained in any image, photograph or profile you submit to us

You may choose not to provide Personal Information or prevent the Services from accessing certain features of your mobile device, (subject to the controls offered by your mobile device’s operating system), but this may prevent you from receiving certain features of the Services.

We also collect non-Personal Information relating to the Services, that is, information that does not personally identify an individual. The non-Personal Information we collect includes how you interact with the Services, information generally collected or “logged” by Internet websites or Internet services when accessed or used by users, and information about your web browser or device accessing or using the Services.

Examples of the non-Personal Information we collect are:

  • The pages of our website that you viewed during a visit;
  • What information, content or advertisements you view or interact with using the Services;
  • Language preferences;
  • The city and state in which you are located (but not your precise geographic location); and
  • Unique identifiers that are not connected and cannot reasonably be connected to your identity.

We will not use non-Personal Information to try to identify you, and if we associate any non-Personal Information with information that personally identifies you, then we will treat it as Personal Information. As discussed in more detail below, we sometimes use cookies and other automatic information gathering technologies to gather Personal Information and non-Personal Information.

Information collected by the Services may be collected by us or one of the third parties we utilize in providing the Services (as further described below).

We also check that you are using our Services legally and are eligible for the Services you want to use. We protect the Services from fraudsters who may put you and your money at risk. To do this, we may collect data about you from companies that help us verify your identity, if applicable, prevent fraud or assess risk.

We collect (and/or have collected during at least the 12-month period preceding the effective date of this Policy) information about you from the following categories of sources:

You directly, when you submit information to us or allow us to access information,

  • Your devices and how you interact with our Services, and
  • Other sources, including:
    • Identity Verification, if applicable. Information from third-party identity verification services and publicly available sources, including your government-issued identification number.
    • Eligibility, Compliance, and Fraud. Information about you from third parties for any investigation, eligibility, identity or account verification process, fraud detection process, or collection procedure, or as may otherwise be required by applicable law. This may include, without limitation, the receipt and exchange of account or transaction-related information with any consumer reporting agency.

3. Use of Your Information

We may use the information we collect from you when you register or sign up for our Services, make a purchase, newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To personalize user’s experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  • To assist us in providing, maintaining, and protecting the Services.
  • Set up, maintain, and protect accounts to use the Services.
  • To improve our website and online operations in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • Communicate with you, such as provide you with account- or transaction-related communications, or other newsletters, RSS feeds, and/or other communications relating to the Services.
  • To quickly process your transactions.
  • Perform research and analysis aimed at improving our products and services and developing new products or services.
  • Manage and maintain the systems that provide the Services
  • To send periodic emails regarding your order or other products and services.
  • To verify your identify, where applicable.
  • To protect the legal rights, property and safety of our Service and Users

4. Information Security

We utilize reasonable information security measures to safeguard your Personal Information against unauthorized access, modification, or destruction. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. Our website is scanned on a regular basis for security vulnerabilities.

We implement a variety of security measures when a user places an order, enters, submits, or accesses their information to maintain the safety of your personal information. For example, we utilize Secure Socket Layer (SSL), Transport Layer Security (TLS), or similar encryption technology when sensitive data is transmitted over the Internet, and use firewalls to help prevent external access into our network. However, no data transmission over the Internet and no method of data storage can be guaranteed to be 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its security.

We restrict access to Personal Information in our possession to our employees, Service Providers (as defined below in Section 6), and Online Tool Providers (as defined below in Section 6) who need to know that information in order to operate, develop, improve or support our Services. All transactions are processed through a gateway provider and are not stored or processed on our servers.

5. Cookies and Automatic Information Gathering Technologies

Every time you use the Services (e.g., access a Service webpage, or navigate to a specific location within the Service mobile app), we collect Personal Information and non-Personal Information (discussed above in Section 2) regarding that use. For example, to improve our Services, we collect how, when, and which parts of the Services or their features you use, which social media platforms you connect to the Services, and when, how, and what you post to the social media platforms through the Service app. Also, we may use your device’s unique identifier (UDID) or other unique identifiers to assist us in collecting and analyzing this data.

Do we use ‘cookies’?

To assist us in collecting and storing this non-Personal Information, we may employ a variety of technologies, including “Cookies,” local browser storage, and “web beacons,” “pixels,” or “tags.”

“Cookies” are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use Cookies to help us remember and process the items in your shopping cart on the Services. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved Services. We also use Cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

A web beacon, pixel or tag is a small, usually-transparent image placed on a web page that allows the operator of that image, which may be the operator of the website you visit or a third party, to read or write a Cookie.

We use cookies to:

  • Keep you logged into the Services;
  • Help remember and process the items in places like the shopping cart on the Services; and
  • Understand and save user’s preferences for future visits for the Services; and
  • Collect information about how you use our Services.

You can choose to have your computer warn you each time a Cookie is being sent, or you can choose to turn off all cookies. Your operating system and web browser may allow you to erase information stored in Cookies and local browser storage. You do this through your browser (like Internet Explorer) settings, but if you do so, you may be forced to login to the Services again, and you may lose some preferences or settings. You may also be able to set your browser to refuse all website storage or to indicate when it is permitted, but some features of our Services may not function properly without it. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your Cookies.

If users disable cookies in their browser: If you disable cookies in the browser, some features will be disabled. It will turn off some of the features that make your Services experience more efficient and some of our Services will not function properly. However, you can still place orders. Searching for an item while logged out stores that URL to speed up the item add process.

6. Disclosure of Your Information

We may disclose your Personal Information to third parties as described below.

We may disclose Personal Information to provide the Services, or when you authorize or instruct us to do so, for example, when you use the Services to submit content or profile information. We may also disclose Personal Information and non-Personal Information to Service Providers. By “Service Providers” we mean companies, agents, contractors, service providers, financial institutions, payment card associations, processors or others engaged to perform functions on our behalf (such as processing of payments, provision of data storage, hosting of our website, marketing of our products and services, and conducting audits). When we use a Service Provider, we require that the Service Provider use and disclose the Personal Information received from us only to provide their services to us or as required by applicable law.

We may also disclose Personal Information and non-Personal Information to Online Tool Providers. By “Online Tool Provider” we mean a licensor of software that we include in, or use with, the Services, including an API or SDK, that provides a specialized function or service to us and that requires the transmission of Personal Information and/or non-Personal Information to the Online Tool Provider. Online Tool Providers may have the right to use Personal Information and non-Personal Information about you for their own business purposes. Use and disclosure of Personal Information and non-Personal Information by an Online Tool Provider is described in its privacy policy.

An Online Tool Provider may collect information automatically, in which case Personal Information and non-Personal Information it receives are subject to the Online Tool Provider’s privacy policy. Some Online Tool Providers may allow you to opt out of certain collection and/or uses of your information. You can read more here:

You can read more here:
Google Analytics
Pendo.io, Inc.

We may also disclose your Personal Information to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the Services, including investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property or safety of us, our users or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent or otherwise address fraud, security or technical issues.

We reserve the right to transfer information (including your Personal Information) to a third party in the event of a sale, merger, or transfer of all or substantially all of the assets of our company relating to the Services, or in the unlikely event of a bankruptcy, liquidation, or receivership of our business. We will use commercially reasonable efforts to notify you of such transfer, for example, via email or by posting notice on our website.

Lastly, we may also disclose non-Personal Information, aggregated with information about our other users, to our clients, business partners, merchants, advertisers, investors, potential buyers and other third parties if we deem such disclosure, in our sole discretion, to have sound business reasons or justifications.

7. Third Party Websites

Please note that the Services may link or integrate with third-party sites, services or apps. We are not responsible for the privacy or security policies or practices or the content of such third parties. Accordingly, we encourage you to review the privacy and security policies and terms of service of those third parties so that you understand how they collect, use, share and protect your information.

We do not include or offer third party products or services on our website.

We have implemented the following:

  • Google Display Network Impression Reporting
  • Demographics and Interests Reporting

We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together that analyze data to help users

Opting out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.

Bank authorization:
We may use a third party service provider such as Plaid Technologies Inc (‘Plaid’) to authenticate and use bank accounts for payment. Plaid’s Terms of Use and its Privacy Policy are located at https://plaid.com/legal.

8. Certain State Residents

You may have heard of the certain state laws including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (CDPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), and Connecticut Data Privacy Act (CTDPA) which provide certain rights to California, Virginia, Colorado, Utah, and Connecticut residents in connection with their Personal Information. Our Services are not currently subject to any state laws providing rights in connection with Personal Information. However, we do provide notice and transparency about our collection and use of Personal Information as described in this Privacy Policy.

9. Residents of Canada

If you have an objection to the use of your Personal Information as described in this Privacy Policy, you may file a complaint by sending an email to [email protected]. We will attempt to accommodate your objection or complaint, but you understand that, to the extent you object to our processing of Personal Information that is necessary for us to provide the Services to you, certain features and functionalities of the Services may no longer be available to you. Nothing in this Privacy Policy prejudices your rights to file a complaint with the Office of the Privacy Commissioner of Canada, and/or with any other applicable data protection authorities.

10. Residents of Nevada

We do not sell your Personal Information. However, you may contact us at [email protected] with questions.

11. Transparency and Choice; Do Not Track Signals

You may request access to your Personal Information by sending an email to [email protected]. We will try to locate and provide you with your Personal Information and give you the opportunity to correct this data, if it is inaccurate, or to delete it, at your request. But, in either case, we may need to retain it for legal reasons or for legitimate business purposes. You may also remove any content that you post to the Services using the deletion or removal options within the Services. However, we (and you) are not able to control information that you have already shared with other users or made available to third parties through the Services.

If you need further assistance with removing any content you posted through the Services, you can email us at [email protected]. Removal of your posted content may not ensure complete or comprehensive removal from our computer systems.

We ask individual users to identify themselves and the information requested to be accessed, corrected, or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, would be extremely impractical (for instance, requests concerning information residing on backups), or relate to information that is not associated with your Personal Information. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. We may also require you to verify your identity to our satisfaction before providing you with access to Personal Information.

Please be aware that if you request us to delete your Personal Information, you may not be able to continue to use the Services. Also, even if you request that we delete your Personal Information, we may need to retain certain information for a limited period of time to satisfy our legal, audit and/or dispute resolution requirements.

We may use third-party service providers that collect information for interest-based advertising purposes (advertisements that are tailored to your likely interests, based on categories in which you have shown an interest). To learn more about these third parties and the choices they offer users, please visit the Network Advertising Initiative’s choices page or the Digital Advertising Alliance’s choices page. If you are reading this Privacy Policy from a mobile device, you can learn more about the DAA's mobile choices program here.

We support the development and implementation of a standard "do not track" browser feature that provides customers with control over the collection and use of information about their web-browsing activities. Once a standardized "do not track" feature is released, we honor “do not track” signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

You can opt out of receiving marketing e-mails from us by clicking on the “unsubscribe” link in the e-mails. Please note that it may take up to ten (10) business days for your opt-out request to be processed. Also, even if you opt out of marketing e-mails, we may continue to send you certain account-related e-mails, such as notices about your account and confirmations of transactions you have requested.

It’s also important to note that we do not allow third party behavioral tracking.

12. Children

When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

The Services are not intended for users under 18 years of age. We do not knowingly collect Personal Information from users under 18 years of age. We do not authorize users under 18 years of age to use the Services.

13. Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify the users via email

  • Within 7 business days

We will notify the users via in site notification

  • Within 7 business days

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

14. Text/SMS Messaging

Some of our Services are available on mobile devices or may utilize SMS/iMessage, which may cause you to incur SMS or data charges with your wireless provider. Please be aware that we have no control over these charges, and if you do not wish to be charged, you should stop using the mobile or SMS/iMessage features (as applicable). When you send SMS/iMessage messages using the Services, you represent and warrant you have the recipient’s prior consent to send him or her messages.

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions.
  • Process orders and to send information and updates pertaining to orders
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred

To be accordance with CANSPAM we agree to the following:

  • NOT use false, or misleading subjects or email addresses
  • Identify the message as an advertisement in some reasonable way
  • Include the physical address of our business or site headquarters
  • Monitor third party email marketing services for compliance, if one is used
  • Honor opt-out/unsubscribe requests quickly
  • Allow users to unsubscribe by using the link at the bottom of each email

If at any time you would like to unsubscribe from receiving future emails, you can
Email us at [email protected] and we will promptly remove you from ALL correspondence.

15. Data Privacy Framework

We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified with the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We have liability for onward transfers to third parties under the DPF Principles unless we can prove we were not a party to the events giving rise to the damages.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

You may, under certain conditions, invoke binding arbitration.

Your organization is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to your organization and following the procedures and subject to conditions set forth in Annex I of Principles.

16. Dispute Resolution

In compliance with the EU-U.S. Data Privacy Framework, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. Data Privacy Framework to CDR-AAA® DPF IRM Service, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of CDR-AAA® DPF IRM Service are provided at no cost to you.

17. Changes to this Policy

We may modify or update this Privacy Policy periodically with or without prior notice by posting the updated policy on this page. You can always check the “Last Updated” date at the bottom of this document to see when the Privacy Policy was last changed. If we make any material changes to this Privacy Policy, we will notify you by reasonable means, which may be by e-mail or posting a notice of the changes on our website prior to the changes becoming effective. We encourage you to check this Privacy Policy from time to time. IF YOU DO NOT AGREE TO CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES (WHICH IS THE “LAST UPDATED” DATE OF THIS PRIVACY POLICY).

18. Contacting Us

If there are any questions regarding this privacy policy you may contact us using the information below.

Negotiatus Corp. d/b/a Order.co
156 5th Ave Floor 7
New York, NY, 10010

[email protected]

Last updated: October 24, 2023

PRIVACY NOTICE FOR EUROPEAN RESIDENTS

If you reside in a country in the European Economic Area, the United Kingdom, or Switzerland (a “European Resident”), then information we collect from you may be subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “EU GDPR”), or the equivalent laws of the United Kingdom and Switzerland (collectively, “Data Protection Laws”), and the following additional information is provided for your benefit. For purposes of this Privacy Notice for European Residents, in addition to the meaning set forth in the Privacy Policy, “Personal Information” shall also include “personal data” as that term is defined by the GPDR, as well as “personal data” or similar terminology as defined by other applicable Data Protection Laws.

To the extent Order.co processes Personal Information on behalf of a customer, the customer is the controller, Order.co is the processor, and this Privacy Notice for European Residents does not apply.

With respect to the Personal Information we collect through the Services from individuals who are not a customer or an employee of a customer, the controller of the Personal Information is:

Negotiatus Corp. d/b/a Order.co
156 5th Ave Floor 7, New York, NY, 10010

If you use the Services, you acknowledge that your Personal Information is being processed pursuant to the lawful bases described below, and you specifically consent to your Personal Information gathered through the Services being transferred, used, and stored in the United States or other third party countries which do not have local privacy laws that are equivalent to the Data Protection Laws. You acknowledge and agree that the local laws in such countries may be materially different from, and provide for a lesser degree of protection regarding your Personal Information (including, but not limited to, with respect to governmental and law enforcement agencies’ ability to access your Personal Information under certain conditions) than, Data Protection Laws.

1. Personal Information

If you use the Services, we may collect certain categories of Personal Information, as described in Section 2 of the Privacy Policy.

2. Your Rights

You have the following rights under applicable Data Protection Laws:

  • You have the right to know why we collect your Personal Information, how and why it is processed by us, and what our legal bases for such processing are.
  • Right of access: You have the right to access your Personal Information.
  • Right to rectification and deletion: you have the right to supplement or correct the Personal Information we’ve collected about you, or to direct us to delete your Personal Information.
  • If you give us your consent to process your Personal Information, you have the right to revoke that consent.
  • Right to data portability: you have the right to request that we transfer all your Personal Information to another controller in a reasonably understandable format.
  • Right to object: you may object to our processing of your Personal Information. We will make commercially reasonable efforts to comply with your objection, unless there are legally permissible reasons why we can or must continue to process your Personal Information.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA. For contact details of your local Data Protection Authority, please see https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

3. Lawful Bases for Processing

Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on which legal basis we use, and we've explained these above. You always have the right to request access to, rectification of, and erasure of your data under applicable Data Protection Laws. To exercise your rights, please email us at [email protected].

Pursuant to a contract with you:

We may process data as necessary to perform our contracts with you. We describe the contractual services for which this data processing is necessary throughout this Privacy Policy and in our Terms of Service (collectively, the “Terms”). The main uses of your data necessary to provide our contractual services are described in the Use of Your Information section of the Privacy Policy.

We'll use the Personal Information we have to provide the Services and as otherwise described in our Privacy Policy if you choose not to provide certain data, the quality of your experience using the Services may be negatively impacted.

When we process data you provide to us as necessary to perform our contracts with you, you have the right to receive a portable copy of it (meaning to receive a copy of your data in a structured, commonly used and machine-readable format) under applicable Data Protection Laws. To exercise your rights, please email us at [email protected].

The other legal bases we rely on in certain instances when processing your data are:

Your Consent:

We may process your Personal Information on the lawful basis of consent. When we process data you provide to us based on your consent, you have the right to withdraw your consent at any time and to receive a portable copy of the data you provide to us, under applicable Data Protection Laws. To exercise your rights, please email us at [email protected]. You have given your consent for processing Personal Information for the specific purposes disclosed in the Privacy Policy.

Legitimate Interests:

We may process your Personal Information where our legitimate interests, or the legitimate interests of a third party, are not outweighed by your interests or fundamental rights and freedoms.

The legitimate interests for our processing of Personal Information are to:

  • Assist us in providing, maintaining, and protecting the Services;
  • Set up, maintain, and protect accounts to use the Services;
  • Improve our online operations;
  • Process transactions;
  • Provide customer service;
  • Communicate with you, such as provide you with account- or transaction-related communications, or other newsletters, RSS feeds, and/or other
    communications relating to the Services;
  • Send or display offers and other content that is customized to your interests or preferences;
  • Perform research and analysis aimed at improving our products and services and developing new products or services;
  • Manage and maintain the systems that provide the Services
  • Prevent and address fraud, unauthorized use of the Services, violations of our terms and policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm; and
  • Operate of our day-to-day business and planning, including executing strategic corporate transactions, such as mergers.

You have the right to object to, and seek restriction of, such processing; to exercise your rights, please email us at [email protected].

We will consider several factors when assessing an objection to our processing in furtherance of Order.co’s legitimate interests, including: our users' reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Compliance with a legal obligation:

  • We need to process your Personal Information when applicable law requires it, including, for example, if there is a valid legal request for certain data.

4. Disclosures of Your Information

“Processors” means our Service Providers and their respective service providers.

We may also disclose your Personal Information, (as well as non-Personal Information, without the same restrictions that apply to your Personal Information) to our Processors who we engage to perform certain functions for us, or on our behalf (including, but not limited to, processing of payments, provision of data storage, hosting of our website, marketing of our products and services, conducting audits, and performing web analytics). A list of our Processors and a description of the services that they perform for us follows. We establish data processing agreements that govern our Processors’ use of your Personal Information, but our Processors’ use of your Personal Information may also be subject to the Processors’ own privacy policies. See links to our Processors’ privacy policies below.

5. Retention of Your Information

We retain each category of your Personal Information for no longer than is reasonably necessary for one or more of the above lawful bases for processing, subject to your right to request we delete your Personal Information. Due to the nature of the services, it is not possible to predict the length of time that we intend to retain your Personal Information. Instead, we use the following criteria to determine whether it remains reasonably necessary to retain your Personal Information for one or more disclosed lawful bases for processing: we will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

When we determine that it is no longer reasonably necessary to retain your Personal Information for one or more disclosed lawful bases for processing based on the above criteria, we will delete your Personal Information.

6. Questions and Complaints

If you have any questions or complaints regarding our use of your Personal Information, please contact us at [email protected]. You also have the right to submit a complaint to your applicable Data Protection Authority.

We have appointed GRCI Law to act as our EU Representative. If you wish to exercise your rights under the General Data Protection Regulation (GDPR) or have any queries in relation to your rights or privacy matters generally please email [email protected] or post your request or query to Head of Data Privacy Manager Service, GRCI Law Limited, Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA, UK.