PRIVACY POLICY
24 September 2024
We know that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. This Privacy Policy describes how we collect and process your personal information.
By using Ortnix.com, you agree to the collection and use of information in accordance with this Privacy Policy.
Information We Collect
We collect several types of information to provide and improve our services:
- Personal Information: When you make a purchase, create an account, or contact us, we may collect information such as your name, email address, phone number, shipping address.
- Usage Data: We may collect information about how you access and use our website. This includes your IP address, browser type, operating system, pages visited, and the dates and times of your visits.
- Cookies and Tracking Technologies: We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small data files stored on your device that help us remember your preferences and personalize your visit.
How We Use Your Information
We use the information we collect for various purposes, including:
- Processing Transactions: To process your orders and deliver products to you. As mentioned, payment information is handled by third-party payment processors.
- Customer Service: To provide customer support, respond to inquiries, and improve our services.
- Personalization: To personalize your experience on our website and recommend products that may be of interest to you.
- Marketing: To send you promotional materials, newsletters, and other communications about our products and services. You can opt-out of receiving these communications at any time.
- Analytics: To analyze website usage and improve our website’s functionality and performance.
Disclosure of Your Information
We do not sell, trade, or otherwise transfer your personal information to outside parties except in the following circumstances:
- Service Providers: We may share your information with third-party service providers who assist us in operating our website, conducting our business, or providing services to you, if they agree to keep your information confidential.
- Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction.
Data Security
We take the security of your data seriously and use reasonable technical and organizational measures to protect your personal data from unauthorized access, disclosure, or destruction. However, no method of transmission over the internet is completely secure, and we cannot guarantee the absolute security of your information.
Retention of Your Data
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including legal and regulatory requirements. Once your data is no longer needed, we will securely delete or anonymize it.
Payment Information
We do not collect any payment information directly. All payments are processed by third-party payment processors who adhere to strict security standards. Please refer to the privacy policy of the respective payment provider for more information on their data processing practices.
GDPR Compliance
Under GDPR, you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to the processing of your data.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal and accounting requirements.
Extra-EEA Transfers of Personal Data
Personal data may be transferred outside the European Economic Area (EEA) for processing. We ensure that any such transfers are conducted in accordance with GDPR requirements and that appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission to ensure that data transfers outside the EEA provide adequate data protection.
- Privacy Shield: For transfers to the United States, we may rely on the EU-U.S. Privacy Shield framework, if applicable.
- Binding Corporate Rules (BCRs): We may implement BCRs approved by data protection authorities to safeguard international data transfers within our corporate group.
Strong Customer Authentication (SCA) and PSD2 Compliance
- SCA Availability: We comply with Strong Customer Authentication (SCA) requirements as mandated by the Payment Services Directive 2 (PSD2). SCA is available for all online card payments and requires customers to undergo two-factor authentication before completing a transaction.
- PSD2 Requirements: In accordance with PSD2, we implement the following security measures to ensure the safety of online payments:
- Two-Factor Authentication (2FA): Customers are required to authenticate their identity using two out of three factors: something they know (password), something they have (smartphone), and something they are (biometric verification).
- Transaction Monitoring: We continuously monitor transactions for suspicious activity to detect and prevent fraud.
- Dynamic Linking: Transaction details, such as the amount and recipient, are dynamically linked to the authentication process to ensure the security of payments.
Monitoring and Auditing
- Continuous Monitoring: We continuously monitor our systems for potential vulnerabilities and threats. Regular security audits and assessments are conducted to ensure our security measures are effective and up to date.
- Third-Party Audits: We engage independent third-party auditors to conduct thorough security assessments of our systems and processes, ensuring compliance with industry standards and best practices.
Third-Party Links
Our website may contain links to third-party websites. We cannot guarantee that these third parties will handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.
Data Breach Response
- Incident Response Plan: We have a detailed incident response plan in place to address any data breaches or security incidents. This plan includes immediate containment measures, thorough investigation procedures, and timely notification to affected individuals and authorities as required by law.
- User Notification: In the unlikely event of a data breach that affects your personal data, we will promptly inform you and provide information on the nature of the breach, the affected data, and the steps we are taking to mitigate the impact and prevent future occurrences.
Your Role in Data Security
While we take extensive measures to protect your data, you also play a crucial role in safeguarding your personal information. We recommend that you:
- Use strong, unique passwords for your accounts.
- Regularly update your passwords and avoid reusing the same password across multiple sites.
- Be cautious of phishing attempts and suspicious emails requesting personal information.
- Ensure that your devices are protected with up-to-date antivirus software and firewalls.
Submitting a complaint
If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.
Amendments to this privacy statement
We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly to be aware of any changes. In addition, we will actively inform you wherever possible.
Contact Information
If you have any questions regarding these terms and conditions, please contact us at:
DORFEX LTD
Registered Office: 85 Great Portland Street, First Floor, London, England, W1W 7LT
Email: info@ortnix.com
By using Ortnix.com, you acknowledge that you have read, understood, and agreed to this Privacy Policy.
