Orren.biz – Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 1, 2026
Contact: support@orren.biz

This Privacy Policy explains how Orren.biz (“Orren”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use our digital services marketplace.

We are committed to protecting your privacy and ensuring compliance with:

GDPR – General Data Protection Regulation (EU/EEA)
UK GDPR
PSD2 – Revised Payment Services Directive
SCA – Strong Customer Authentication
Applicable global privacy laws

By using Orren.biz, you acknowledge and agree to the practices described in this Privacy Policy.

1. Data Controller

Orren.biz is the data controller for personal data processed through the platform, unless otherwise stated.

For GDPR and UK GDPR requests:
support@orren.biz

2. What Personal Data We Collect

We may collect the following categories of personal data:

2.1. Information You Provide Directly

Name, username, display name
Email address
Billing address (if applicable)
Phone number (optional or required in certain cases)
Profile information, portfolio items
Messages, uploaded files, project instructions
Payment-related identification (NOT full card numbers)

2.2. Automatically Collected Data

IP address
Device information, browser type
Login timestamps
Pages viewed, click activity
Cookies and tracking data
Approximate location (city/country)

2.3. Payment & Financial Data (PSD2-Compliant)

Processed securely by third-party payment providers.
We do not store full credit card numbers.

Payment data may include:

Transaction IDs
Partial card identifiers (last 4 digits)
Bank or payment service provider
SCA authentication success/fail status

2.4. Cookies & Similar Technologies

We use:

Essential cookies
Analytics cookies
Preference cookies
Security and fraud-prevention cookies

A full Cookie Policy can be provided upon request.

3. How We Use Your Personal Data

We use your data to:

3.1. Provide and Operate the Platform

Create and maintain your account
Process payments (PSD2/SCA compliant)
Facilitate communication between Buyers and Sellers
Deliver digital goods and services

3.2. Improve User Experience and Safety

Personalize user settings
Detect and prevent fraud or abuse
Maintain platform security

3.3. Legal and Compliance Purposes

Tax, accounting, and reporting requirements
Compliance with GDPR and UK GDPR
Compliance with PSD2 and SCA authentication

3.4. Marketing (Only with Consent Where Required)

Email updates
Service recommendations
Promotional messages

You may opt out at any time.

4. Legal Basis for Processing (GDPR & UK GDPR)

We process your data based on the following legal grounds:

Contract performance – to deliver services you request
Consent – for marketing, cookies, optional features
Legitimate interests – fraud prevention, platform improvements
Legal obligations – accounting, financial compliance
PSD2 compliance – payment verification & SCA

5. Sharing Your Data

We do not sell your personal data.

We may share it with trusted third parties:

5.1. Payment Processors

(PSD2 & SCA compliant)

Stripe, PayPal, or other authorized providers
Banking institutions
Fraud prevention tools

5.2. Service Providers

Hosting and cloud storage
Analytics services
Communication and email delivery platforms

5.3. Legal Authorities

Only when required by law, court order, or regulatory obligation.

6. International Data Transfers

Data may be transferred to countries outside the EU/EEA or the UK.
When this occurs, we use:

Standard Contractual Clauses (SCCs)
Adequacy Decisions
Data Processing Agreements (DPAs)

7. Data Retention

We retain data only as long as necessary for:

Account operation
Legal compliance
Fraud prevention
Transaction verification (PSD2 retention requirements)

Typical retention periods:

Account information: until deletion
Transaction records: 5–10 years (legal requirement)
Support messages: up to 2 years
Marketing consent logs: as required by law

8. Security Measures

We implement strong technical and organizational safeguards:

Encryption in transit (TLS/SSL)
Encrypted databases
Two-factor authentication options
SCA verification for payments
Secure development practices
Access control & audit logs

No online platform is 100% risk-free, but we take measures to protect your data.

9. Your Rights (GDPR + UK GDPR)

You have the right to:

✔ Access your personal data

✔ Correct inaccurate information

✔ Delete your data (“right to be forgotten”)

✔ Object to processing

✔ Restrict processing

✔ Data portability

✔ Withdraw consent at any time

✔ File a complaint with a Supervisory Authority

Requests may be sent to:
support@orren.biz

10. Children’s Privacy

Orren.biz is not intended for individuals under 18.
We do not knowingly collect data from minors.

11. PSD2 & SCA Compliance

11.1. Strong Customer Authentication

For EU/EEA-based users and selected UK transactions, Orren.biz and its payment partners apply SCA where required, using:

Two-factor authentication
Bank authentication apps
Biometrics (where supported)

11.2. PSD2 Requirements

We ensure compliance by:

Using authorized Payment Service Providers
Protecting financial data
Logging transaction identifiers
Preventing unauthorized payments

We never store full credit card numbers.

12. Automated Decision-Making

We may use automated systems for:

Fraud detection
Risk scoring
Transaction validation
Order moderation

You may request human review where legally required.

13. Third-Party Links

Links to other websites or services are provided for convenience.
We are not responsible for external privacy practices.

14. Changes to this Privacy Policy

We may update this Privacy Policy periodically.
Updates take effect when posted on the Website.
Continued use of the platform indicates acceptance.

15. Contact Us

For privacy questions or rights requests:
support@orren.biz

For GDPR/UK GDPR Supervisory Authorities, contact your local data protection regulator.