Orphek Private Policies
Introduction
Orphek (“Orphek,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.orphek.com or use our services (collectively, the “Service”). This Privacy Policy applies to all users of the Site and Service, regardless of their location.
By accessing or using our Site or Service, you consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Site or Service.
Information We Collect
We collect the following types of information:
(a) Information You Provide Directly:
Contact Information: Name, email address, postal address, phone number.
Account Information: Username, password, purchase history, preferences.
Payment Information: Credit Card Details: Credit card number, expiration date, CVV code, billing address (collected by our payment processor; we do not store this information directly). PayPal Information: If you choose to pay with PayPal, we may receive your PayPal account ID, email address, and shipping address from PayPal. We do not store your PayPal login credentials. Bank Account Information: In some cases, we may offer direct bank transfer as a payment option. If you choose this option, we will collect your bank account number, sort code/routing number, and account holder name. This information is processed securely by our payment processor and is used solely for the purpose of processing your payment. We may store a masked or tokenized version of your bank account information for future transactions, but we do not store your full bank account details directly. Communications: Information you provide when you contact us, such as through email or customer support channels.
Marketing Preferences: Your choices regarding receiving marketing communications from us.
User Content: Any content you post, upload, or otherwise submit to the Site or Service (e.g., reviews, comments).
(b) Information We Collect Automatically:
Log Data: IP address, browser type, operating system, referring URLs, pages visited, and other usage information.
Device Information: Device type, device ID, mobile network information.
Location Information: General location derived from your IP address or precise location if you enable location services.
Cookies and Similar Technologies: We use cookies, web beacons, and other tracking technologies to collect information about your browsing activity on our Site. (See Section 5 for more details).
How We Use Your Information
We use your information for the following purposes:
Providing and Maintaining the Service: To operate our Site, fulfill orders, process payments, and provide customer support.
Personalizing Your Experience: To tailor content and recommendations to your interests.
Improving the Service: To analyze usage patterns, troubleshoot technical issues, and develop new features.
Communicating With You: To respond to your inquiries, send order updates, and provide important notices.
Marketing: To send you promotional emails, newsletters, and other marketing communications (subject to your consent, where required by law).
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Security: To protect the security and integrity of our Site and Service.
Fraud Prevention: To detect and prevent fraudulent activity.
Legal Compliance and Safety: We may use your information to investigate suspected violations of our Terms of Service, including the use of our products for illegal purposes (such as cultivating controlled substances in jurisdictions where it is prohibited, or any type of scam, steal or illegal activity), and to report such activity to law enforcement authorities, as required by law or when we have a good faith belief that doing so is necessary to protect our rights, property, or safety, or the rights, property, or safety of others, and to investigate suspected fraud, including false claims of product malfunction or non-delivery, and to verify product functionality through remote access with your explicit consent, as described in our Terms of Service.
How We Share Your Information
We may share your information with the following categories of recipients:
Service Providers: Third-party companies that provide services on our behalf, such as payment processing, data analytics, email marketing, hosting, and customer support. We require these service providers to protect your information and use it only for the purposes we specify.
Business Partners: Companies with whom we collaborate to offer products or services. We will only share your information with business partners if you have consented to such sharing.
Affiliates: Our parent company, subsidiaries, or other companies under common control with us.
Legal Authorities: Government agencies, law enforcement officials, or other legal bodies when required by law or to protect our rights or the rights of others. If any illegal activity is suspected, be aware that we will share the information with law enforcement, insurance providers, or other relevant third parties, as permitted by law. Such information may include your contact information, purchase history, device information, and any communications you have had with us regarding the product. In these cases, we also reserve the rights to use user data to prove any illegal activity is happening.
Business Transfers: In connection with a merger, acquisition, sale of assets, or other business transaction, your information may be transferred to the acquiring entity.
With Your Consent: We may share your information with third parties when you have given us your explicit consent to do so.
Cookies and Similar Technologies
We use cookies and similar technologies to collect information about your browsing activity on our Site.
(a) What are Cookies?
Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently and to provide information to the website owner.
(b) Types of Cookies We Use:
Storefront: https://www.shopify.com/legal/cookies ]
Cookies Necessary for the Functioning of the Store
| Name | Function | Duration |
|---|---|---|
| _ab | Used in connection with access to admin. | 2y |
| _secure_session_id | Used in connection with navigation through a storefront. | 24h |
| _shopify_country | Used in connection with checkout. | session |
| _shopify_m | Used for managing customer privacy settings. | 1y |
| _shopify_tm | Used for managing customer privacy settings. | 30min |
| _shopify_tw | Used for managing customer privacy settings. | 2w |
| _storefront_u | Used to facilitate updating customer account information. | 1min |
| _tracking_consent | Tracking preferences. | 1y |
| c | Used in connection with checkout. | 1y |
| cart | Used in connection with shopping cart. | 2w |
| cart_currency | Used in connection with shopping cart. | 2w |
| cart_sig | Used in connection with checkout. | 2w |
| cart_ts | Used in connection with checkout. | 2w |
| cart_ver | Used in connection with shopping cart. | 2w |
| checkout | Used in connection with checkout. | 4w |
| checkout_token | Used in connection with checkout. | 1y |
| dynamic_checkout_shown_on_cart | Used in connection with checkout. | 30min |
| hide_shopify_pay_for_checkout | Used in connection with checkout. | session |
| keep_alive | Used in connection with buyer localization. | 2w |
| master_device_id | Used in connection with merchant login. | 2y |
| previous_step | Used in connection with checkout. | 1y |
| remember_me | Used in connection with checkout. | 1y |
| secure_customer_sig | Used in connection with customer login. | 20y |
| shopify_pay | Used in connection with checkout. | 1y |
| shopify_pay_redirect | Used in connection with checkout. | 30 minutes, 3w or 1y depending on value |
| storefront_digest | Used in connection with customer login. | 2y |
| tracked_start_checkout | Used in connection with checkout. | 1y |
| checkout_one_experiment | Used in connection with checkout. | session |
Reporting and Analytics
| Name | Function | Duration |
|---|---|---|
| _landing_page | Track landing pages. | 2w |
| _orig_referrer | Track landing pages. | 2w |
| _s | Shopify analytics. | 30min |
| _shopify_d | Shopify analytics. | session |
| _shopify_s | Shopify analytics. | 30min |
| _shopify_sa_p | Shopify analytics relating to marketing & referrals. | 30min |
| _shopify_sa_t | Shopify analytics relating to marketing & referrals. | 30min |
| _shopify_y | Shopify analytics. | 1y |
| _y | Shopify analytics. | 1y |
| _shopify_evids | Shopify analytics. | session |
| _shopify_ga | Shopify and Google Analytics. | session |
(c) Your Cookie Choices:
You can control and manage cookies in several ways:
Browser Settings: Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage, or filter cookies, consult your browser’s help file or visit [www.allaboutcookies.org].
Cookie Consent Tools: We may use cookie consent management platforms to allow you to customize your cookie preferences.
Third-Party Opt-Outs: For certain advertising cookies, you may be able to opt-out directly through the third party’s website.
(d) Impact of Blocking Cookies:
Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our Site may no longer be fully accessible.
(e) Third-Party Sharing:
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioral Advertising” section above (if applicable).
Behavioral Advertising (If Applicable)
We may participate in behavioral advertising, which is also known as interest-based advertising. This means that we or our advertising partners may use cookies and similar technologies to collect information about your browsing activity and to show you advertisements that are tailored to your interests.
If you do not want to participate in behavioral advertising, you can opt-out through the following methods:
Digital Advertising Alliance (DAA): Visit [www.aboutads.info/choices] to opt-out of interest-based advertising from participating companies.
Network Advertising Initiative (NAI): Visit [www.networkadvertising.org/choices] to opt-out of interest-based advertising from participating companies.
Browser Settings: You can also disable or block third-party cookies through your browser settings.
Data Security
We take reasonable measures to protect your information from unauthorized access, use, or disclosure. These measures include:
Encryption: Using encryption to protect sensitive data, such as payment information.
Access Controls: Limiting access to your information to authorized personnel only.
Regular Security Assessments: Conducting regular security assessments to identify and address vulnerabilities.
Employee Training: Training our employees on data security best practices.
However, no method of transmission over the Internet or method of electronic storage is completely secure. Therefore, we cannot guarantee the absolute security of your information.
Secure Remote Access Protocols: All remote access sessions are conducted using industry-standard encrypted connections and require strong authentication.
Limited Access: During remote access sessions, our technicians will only access the data and settings that are necessary to diagnose and resolve the issue.
Session Monitoring (Optional): Remote access sessions may be monitored and recorded for quality assurance and security purposes. You will be informed if the session is being recorded.
Consent Required: We will only initiate a remote access session with your explicit consent, and you have the right to terminate the session at any time.
Data Retention: Data collected during remote access sessions will be retained only for as long as necessary to resolve the issue and for internal record-keeping purposes, and will be handled in accordance with this Privacy Policy.
Data Retention
We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
The length of our relationship with you; Whether there is a legal obligation to retain the data; or
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
International Data Transfers
Your information may be transferred to and processed in countries outside of your country of residence, including countries that may not have data protection laws that are as comprehensive as those in your country.
If we transfer your information internationally, we will take appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable law. These safeguards may include:
Standard Contractual Clauses: Using Standard Contractual Clauses approved by the European Commission.
Binding Corporate Rules: Implementing Binding Corporate Rules approved by a data protection authority.
Adequacy Decisions: Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission.
Your Rights
You have the following rights regarding your information, subject to certain limitations under applicable law:
Right to Access: You have the right to request access to the information we hold about you.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information we hold about you.
Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your information, subject to certain exceptions.
Right to Restriction of Processing: You have the right to request that we restrict the processing of your information in certain circumstances.
Right to Data Portability: You have the right to receive your information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to Object: You have the right to object to the processing of your information in certain circumstances, including for direct marketing purposes.
Right to Withdraw Consent: If we are processing your information based on your consent, you have the right to withdraw your consent at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority.
Exercising Your Rights
To exercise your rights, please contact us using the contact information provided in Section 14. We will respond to your request within the timeframes required by applicable law. We may require you to verify your identity before processing your request.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. We will post the updated Privacy Policy on our Site and update the “Last Updated” date at the top of this policy. Your continued use of the Site or Service after the posting of the updated Privacy Policy constitutes your acceptance of the changes.
Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Orphek
Email: contact@orphek.com
- Data Protection Authority
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority in your jurisdiction. You can contact your local data protection authority, or our supervisory authority here: [Add contact information or website for the data protection authority in your jurisdiction. For example, for the UK: https://ico.org.uk/make-a-complaint/]
Last Updated: July, 2, 2025.