View All Shop by Car
No Shop by Car found.
View All Shop By Brand
No Shop By Brand found.
View All Wheels
No Wheels found.
Stephen John Smith "Amazing service as always. Highly recommend Orranje" Reviews.io 4,000 reviews

Privacy Policy

How we collect, use, share, and protect your personal data.

Last updated: February 28, 2026

We want to be as privacy-first as possible while still running a working ecommerce business. This policy explains what we collect, what we share, and why.

1. Who We Are

Orranje Performance Ltd
Company number: 09736793
VAT number: GB228071030
Email: [email protected]

2. Our Privacy Commitments

  • We only collect data we need to run the site, fulfil orders, and provide support.
  • We do not sell personal data.
  • We try to minimise what we send to third parties.
  • We aim to describe our real implementation clearly and honestly.

3. Data We Collect

3.1 Account and order data

When you use the shop and checkout, we may collect:

  • Name, email address, and phone number
  • Billing and shipping addresses (including company and tax/VAT number where provided)
  • Order contents, totals, shipping method, and payment status
  • Customer account preferences (for example, newsletter and analytics preference)

3.2 Contact, newsletter, and chat data

  • Contact form submissions: name, email, subject, message, plus anti-abuse metadata (IP address and user agent)
  • Newsletter subscription: email, confirmation status/timestamps, and anti-abuse metadata (IP address and user agent)
  • On-site chat: chat messages, guest name/email (for guest chats), and a session-only guest chat token cookie to keep chat active between pages

3.3 Technical and anti-fraud data

To operate and secure checkout, we store technical data such as:

  • Session ID
  • Referrer and landing URL
  • Campaign/ad click parameters (UTM, gclid, etc.)
  • Recent page/journey and search activity
  • IP address and user agent

4. Cookies

We use a small number of cookies:

  • Essential session/security cookies required for login, cart, CSRF, and checkout flows
  • orj_analytics_cookie to remember your GA4 analytics choice
  • orj_chat_cookie as a session-only cookie to keep guest chat active between pages in the current browser session

If GA4 is enabled and accepted, Google cookies such as _ga, _ga_*, and _gcl_aw may be present.

5. Analytics and Tracking

We currently support two analytics integrations:

  • Rybbit: used as a privacy-focused, cookieless analytics setup. In the current implementation, Rybbit can run without a consent prompt when configured.
  • Google Analytics 4 (GA4): not loaded unless analytics consent is granted. Server-side GA4 purchase tracking also checks stored consent before sending.

For paid orders, we store internal order analytics context and may send purchase analytics events to configured analytics providers.

6. How We Use Personal Data

We use data to:

  • Create and manage customer accounts
  • Process payments and fulfil orders
  • Arrange shipping and provide delivery updates
  • Send transactional emails (order, shipping, support)
  • Prevent abuse/fraud and secure the service
  • Meet legal, tax, and accounting requirements
  • Understand shop performance and improve customer experience

7. Third Parties We Use

We share data with third parties only where needed to provide service. Depending on configuration and the actions you take, this may include:

  • Payments: Stripe, PayPal
  • Email delivery: Postmark
  • Shipping/labels: InXpress, Royal Mail Click & Drop
  • Suppliers (dropship fulfilment): delivery name/address and order item details required to fulfil and deliver your order (this may be shared manually where needed)
  • Tracking events: AfterShip (tracking number and destination postcode only; no customer name, email, phone, or street address)
  • Accounting/invoicing: Xero
  • Reviews: Reviews.io (including review data; and review-invite related email flow where configured)
  • Analytics: Rybbit and GA4 (GA4 consent-gated as above)

8. Legal Bases (UK GDPR / EU GDPR)

We rely on:

  • Contract: to provide products/services you request
  • Legal obligation: tax, accounting, and compliance duties
  • Legitimate interests: secure operation, fraud prevention, service improvement
  • Consent: where required (for example GA4 analytics loading)

9. International Transfers

Some providers may process data outside the UK/EEA. Where this happens, we rely on contractual or equivalent safeguards required by data protection law.

10. Data Retention

We keep personal data for as long as needed for:

  • Order fulfilment and support
  • Legal/accounting/tax obligations
  • Security, fraud prevention, and audit needs

Retention periods vary by data type and legal requirement.

11. Security

We use reasonable technical and organisational safeguards. No online system is 100% risk-free, but we work continuously to reduce risk.

12. Your Rights

You can request to:

  • Access your personal data
  • Correct inaccurate data
  • Delete data (where legally possible)
  • Restrict or object to processing
  • Receive a copy of your data (portability)
  • Withdraw consent where processing is consent-based

To exercise rights, email: [email protected]

You can also lodge a complaint with the UK Information Commissioner’s Office (ICO). Our ICO registration number is ZA399994.

13. Policy Updates

We may update this policy as code and integrations evolve. The latest version is always published with an updated “Last updated” date.

Chat

Please provide the details below to start a chat