Privacy Policy

Web of Orange ("Company," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide, including:

• Contact Information: Name, email address, phone number, and mailing address
• Business Information: Company name, website URL, and project requirements
• Payment Information: Billing address and payment details (processed securely through PCI-compliant payment processors; we do not store full credit card numbers)
• Communications: Messages, inquiries, and correspondence you send to us

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

• Device Information: Browser type, operating system, and device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, and referring URLs
• Log Data: IP address, access times, and server logs
• Cookies and Similar Technologies: See Section 5 (Cookies and Tracking Technologies) below

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our website development and maintenance services
• Communication: To respond to inquiries, send project updates, and provide customer support
• Payment Processing: To process transactions and send invoices
• Analytics: To analyze website usage and improve user experience
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Business Operations: To manage our business, including recordkeeping and administrative functions

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contractual Necessity: Processing necessary to fulfill our service agreements with you
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and communicating with clients
• Consent: Where you have provided explicit consent for specific processing activities
• Legal Obligation: Processing necessary to comply with applicable laws

4. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who assist in our business operations, including:

• Payment processors — to securely process transactions (we do not store full credit card numbers)
• Website hosting providers — to deliver and maintain our website
• Analytics providers — to understand website usage and improve user experience
• Email and communication providers — to manage business correspondence

A current list of specific service providers is available upon request by emailing jon@weboforange.com.

We may engage additional service providers from time to time. When we add a new service provider that processes personal information:

• We will update this Privacy Policy within 30 days of engagement
• For existing clients, we will provide direct notice via email of any new sub-processor that will have access to client data
• All service providers are contractually required to process personal information only as necessary to provide services to us and in accordance with applicable privacy laws
• A current list of sub-processors is available upon request by emailing jon@weboforange.com

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Respond to lawful requests from public authorities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us understand how you use our website and improve your experience.

5.2 Cookie Consent

We use a cookie consent mechanism that:

• Displays a clear consent banner on your first visit
• Allows you to accept or reject non-essential cookies before they are set
• Provides granular control over cookie categories
• Stores your preferences for future visits
• Allows you to change your preferences at any time via the cookie settings link in our website footer

Essential cookies are set without consent as they are strictly necessary for website functionality. Non-essential cookies (including analytics) require your affirmative consent before being set.

5.3 Types of Cookies We Use

5.4 Analytics

We use analytics services to collect anonymized data about website traffic and user behavior. Analytics cookies collect information such as:

• Pages visited and time spent on each page
• Geographic location (country/region level)
• Device and browser information
• Referral sources

We configure our analytics services with privacy-protective settings, including:

• IP anonymization enabled
• Data sharing disabled where possible
• Advertising features disabled
• Limited data retention periods

You can opt out of analytics tracking by: (a) declining analytics cookies in our consent banner, or (b) adjusting your preferences via our cookie settings.

5.5 Managing Cookies

Most web browsers allow you to control cookies through their settings. You may:

• Block all cookies
• Delete existing cookies
• Set preferences for certain websites

Note that disabling essential cookies may affect website functionality.

5.6 Do Not Track and Global Privacy Control

Our website honors Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we will treat it as a valid opt-out request for the sale or sharing of your personal information, as required by applicable law.

For browsers that send legacy "Do Not Track" signals without GPC, you may opt out of tracking using the methods described above.

6. Data Breach Notification

6.1 Our Commitment

In the event of a data breach affecting your personal information, we are committed to:

• Investigating the incident promptly upon discovery
• Taking immediate steps to contain and remediate the breach
• Notifying affected individuals and relevant authorities as required by law

6.2 Notification Timeline

6.3 Notification Contents

Breach notifications will include:

• Description of the nature of the breach
• Categories of personal information affected
• Approximate date of the breach
• Steps we are taking to address the breach
• Recommendations for individuals to protect themselves
• Contact information for questions

6.4 Client Data Breaches

For clients whose customer or business data may be affected by a breach:

• We will notify the primary client contact within 48 hours of breach confirmation
• We will cooperate with Client's own breach notification obligations
• We will provide a detailed incident report within 14 days

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Upon request, we will delete your personal information unless retention is required for legal or legitimate business purposes. We will confirm deletion within 30 days of completing your request.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Secure Socket Layer (SSL) encryption for data transmission
• Secure payment processing through PCI-compliant providers
• Access controls limiting data access to authorized personnel
• Regular security assessments and updates

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. See Section 6 for our data breach notification procedures.

9. Your Privacy Rights

9.1 All Users

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal exceptions
• Portability: Request your data in a portable, machine-readable format

9.2 California Residents — Your CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

Right to Know: You have the right to request disclosure of:

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Categories of third parties with whom we share information
• Specific pieces of personal information collected

Right to Delete: You may request deletion of your personal information, subject to certain exceptions.

Right to Correct: You may request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information, you have the right to limit its use to purposes necessary to provide the services you requested.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. Authorized agents must provide written authorization signed by you and may be required to verify their own identity.

To Exercise Your Rights: Submit a verifiable request by emailing us at jon@weboforange.com. We will respond within 45 calendar days as required by law. If we need additional time, we will notify you of the extension and the reason for it.

Verification: We may request additional information to verify your identity before processing your request.

Financial Incentives: We do not offer financial incentives or price differences in exchange for the retention or sale of personal information.

9.3 European Economic Area, United Kingdom, and Switzerland Residents — GDPR Rights

While our services are primarily intended for clients located in the United States, we recognize that individuals from the European Economic Area (EEA), United Kingdom, and Switzerland may visit our website or engage our services. If you are located in these regions, the General Data Protection Regulation (GDPR) or equivalent local laws provide you with additional rights:

Your Rights Under GDPR:

• Right of Access: You may request a copy of the personal data we hold about you
• Right to Rectification: You may request correction of inaccurate personal data
• Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal data, subject to legal exceptions
• Right to Restriction: You may request that we restrict processing of your personal data in certain circumstances
• Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format
• Right to Object: You may object to processing based on legitimate interests, including direct marketing
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority

Legal Basis for Processing (GDPR):

We process personal data of EEA/UK/Swiss residents on the following legal bases:

• Contract: Processing necessary for the performance of a contract with you
• Legitimate Interests: Processing necessary for our legitimate business interests (service improvement, fraud prevention, security), balanced against your rights
• Consent: For analytics cookies and marketing communications, where applicable
• Legal Obligation: Processing necessary to comply with legal requirements

International Data Transfers:

If you are located in the EEA, UK, or Switzerland, your personal data may be transferred to and processed in the United States. We rely on the following safeguards for such transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Appropriate supplementary measures where required

To request a copy of the relevant SCCs, contact us at jon@weboforange.com.

Data Protection Contact:

For GDPR-related inquiries or to exercise your rights, please contact:

Web of Orange — Privacy Inquiries
Email: jon@weboforange.com
Subject Line: "GDPR Request"

We will respond to GDPR requests within 30 days. If we require additional time (up to 60 additional days for complex requests), we will notify you of the extension and the reasons for it.

10. Children's Privacy

Our website and services are intended for business clients and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 13 as defined by the Children's Online Privacy Protection Act (COPPA), or under 16 as defined by the GDPR. If we become aware that we have collected information from a child under these age thresholds, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately at jon@weboforange.com.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Post the revised policy on our website
• Notify affected clients via email for significant changes

Your continued use of our website or services after such modifications constitutes acceptance of the updated Privacy Policy. For changes affecting cookie consent or GDPR rights, we will re-obtain consent where required by law.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

14. International Users

Our services are primarily intended for clients located in the United States. If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

For EEA/UK/Swiss residents: Please see Section 9.3 for information about international data transfers and your GDPR rights, including the safeguards we use for such transfers.

For other international visitors: By using our website or engaging our services, you consent to the transfer of your information to the United States. If you do not consent to this transfer, please do not use our website or services.