View All Shop by Car
No Shop by Car found.
View All Shop By Brand
No Shop By Brand found.
View All Wheels
No Wheels found.
Robert Whitaker "Great items, delivered quickly!" Reviews.io 4,014 reviews

Privacy Policy

How we collect, use, share, and protect your personal data.

Last updated: February 28, 2026

We want to be as privacy-first as possible while still running a working ecommerce business. This policy explains what we collect, what we share, and why.

1. Who We Are

Orranje Performance Ltd
Company number: 09736793
VAT number: GB228071030
Email: [email protected]

2. Our Privacy Commitments

  • We only collect data we need to run the site, fulfil orders, and provide support.
  • We do not sell personal data.
  • We try to minimise what we send to third parties.
  • We aim to describe our real implementation clearly and honestly.

3. Data We Collect

3.1 Account and order data

When you use the shop and checkout, we may collect:

  • Name, email address, and phone number
  • Billing and shipping addresses (including company and tax/VAT number where provided)
  • Order contents, totals, shipping method, and payment status
  • Customer account preferences (for example, newsletter and analytics preference)

3.2 Contact, newsletter, and chat data

  • Contact form submissions: name, email, subject, message, plus anti-abuse metadata (IP address and user agent)
  • Newsletter subscription: email, confirmation status/timestamps, and anti-abuse metadata (IP address and user agent)
  • On-site chat: chat messages, guest name/email (for guest chats), and a session-only guest chat token cookie to keep chat active between pages

3.3 Technical and anti-fraud data

To operate and secure checkout, we store technical data such as:

  • Session ID
  • Referrer and landing URL
  • Campaign/ad click parameters (UTM, gclid, etc.)
  • Recent page/journey and search activity
  • IP address and user agent

4. Cookies

We use a small number of cookies:

  • Essential session/security cookies required for login, cart, CSRF, and checkout flows
  • orj_analytics_cookie to remember your analytics consent choice
  • orj_chat_cookie as a session-only cookie to keep guest chat active between pages in the current browser session

If GA4 is enabled and accepted, Google cookies such as _ga, _ga_*, and _gcl_aw may be present.

If Meta Pixel is enabled and accepted, Meta cookies such as _fbp may be present.

5. Analytics and Tracking

We use analytics to understand website performance and measure marketing.

  • Before you accept analytics cookies: Google and Meta run in consent mode. Analytics / advertising cookies are not set and ad personalisation is off. Only limited, non-cookie technical signals may be processed.
  • After you accept analytics cookies: full analytics and ad measurement features are enabled.
  • Rybbit: privacy-focused, cookieless analytics used for basic website performance reporting.

Depending on configuration, providers may include Google Analytics 4 (GA4), Google Ads, and Meta Pixel.

For paid orders, and where enabled and consented, we may also send purchase / conversion events to configured providers.

Manage analytics consent

You can change your analytics choice here at any time, even if you do not have an account.

Current setting: Checking...

6. How We Use Personal Data

We use data to:

  • Create and manage customer accounts
  • Process payments and fulfil orders
  • Arrange shipping and provide delivery updates
  • Send transactional emails (order, shipping, support)
  • Prevent abuse/fraud and secure the service
  • Meet legal, tax, and accounting requirements
  • Understand shop performance and improve customer experience

7. Third Parties We Use

We share data with third parties only where needed to provide service. Depending on configuration and the actions you take, this may include:

  • Payments: Stripe, PayPal
  • Email delivery: Postmark
  • Shipping/labels: InXpress, Royal Mail Click & Drop
  • Suppliers (dropship fulfilment): delivery name/address and order item details required to fulfil and deliver your order (this may be shared manually where needed)
  • Tracking events: AfterShip (tracking number and destination postcode only; no customer name, email, phone, or street address)
  • Accounting/invoicing: Xero
  • Reviews: Reviews.io (including review data; and review-invite related email flow where configured)
  • Analytics: Rybbit, GA4, Google Ads, and Meta Pixel

8. Legal Bases (UK GDPR / EU GDPR)

We rely on:

  • Contract: to provide products/services you request
  • Legal obligation: tax, accounting, and compliance duties
  • Legitimate interests: secure operation, fraud prevention, service improvement
  • Consent: where required (for example enabling full GA4, Google Ads, and Meta Pixel analytics and ad measurement)

9. International Transfers

Some providers may process data outside the UK/EEA. Where this happens, we rely on contractual or equivalent safeguards required by data protection law.

10. Data Retention

We keep personal data for as long as needed for:

  • Order fulfilment and support
  • Legal/accounting/tax obligations
  • Security, fraud prevention, and audit needs

Retention periods vary by data type and legal requirement.

11. Security

We use reasonable technical and organisational safeguards. No online system is 100% risk-free, but we work continuously to reduce risk.

12. Your Rights

You can request to:

  • Access your personal data
  • Correct inaccurate data
  • Delete data (where legally possible)
  • Restrict or object to processing
  • Receive a copy of your data (portability)
  • Withdraw consent where processing is consent-based

To exercise rights, email: [email protected]

You can also lodge a complaint with the UK Information Commissioner’s Office (ICO). Our ICO registration number is ZA399994.

13. Policy Updates

We may update this policy as code and integrations evolve. The latest version is always published with an updated “Last updated” date.

Chat

Please provide the details below to start a chat