We understand and highly respect the trust you show on us by sharing your personal data with us. Your data keeps the highest importance for us and its security is our highest priority. This document is designed to let you know how we collect, use and protect your personal data. This documents will also explain you what rights you keep with your data and how can you exercise your rights.
Who we are?
OrderMS is a start up with its principal place of business at 313 E.Main St Amsterdam NY 12010, USA (hereinafter also “OrderMS”, “we”, “us”) is the data controller in respect of your personal data we collect and process about you.
We determine how and why your personal data is processed within OrderMS.
If you have questions about how we process personal data, or would like to exercise your data subject rights, please email us at [email protected] If you contact us via email, please note that the communication is not automatically encrypted.
What personal data and from which sources do we collect?
The personal data we may collect about the users of our Services are described in detail below.
1. Information you provide us while using our Services
Information that is necessary for the use of the Services
We ask for and collect the following personal information about you when you use the Services:
- Account Information. When you sign up for the Services you create a user account ("OrderMS Account"), we require certain information such as your Name, Email Address, Company Name, Country & Contact Number.
- Payment Information. To use certain features of the Services (Paid Services) we require you to provide certain financial information (like your bank account or credit card information) in order to facilitate the processing of payment. In order to provide you a possibility to pay the Service, we have indicated in the input screens on our Website the respective input fields you are required to complete in order to complete payment for the Paid Services.
- Identity Verification and Other Information. In some cases (for example if you request to refund fees you paid) we may ask to provide us the following information: your billing information (name, transaction ID, last 4 digits of the credit card associated with the account, billing date, etc.), email address, login name. We also may require to provide us with identity verification information (such as images of your passport, national ID card) or other authentication information in order to verify your identity, provide the Paid Services to you, and to comply with applicable law.
You may provide us with the following information:
You may choose to provide us with additional personal information in order to obtain a better user experience when using the Services. This additional information will be processed based on your consent. You will see the respective notice (including request for granting us with your consent) before the data is being provided.
- Additional Profile Information. You may choose to provide additional information as part of your OrderMS Account (such as your job title, name of your employer, phone number (except when we require your phone number to use promo code by you or when you must insert the phone number when you use our Paid Services)).
- Additional Payment Information. You may choose to provide additional information such as your VAT, additional billing address or name of the entity that you represent.
- Information you provide through our support channels. The Services also include customer support, where you may send any question regarding the Services. If you speak to one of our representatives directly, by email or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem and any other information that would be helpful in resolving the issue.
- Information you provide through our landing pages. If you would like you can leave the information (such as your name, email, phone number or any comment you would like to) on our Website to provide your feedback, request information about our Services, etc.
2. Information you provide us while using some tools in our Services
Some of our tools may require to provide us with additional information (for example if the tool allow you to integrate your social media account). Such kind of integration can be made at your own discretion. You will receive respective notice (including request for your consent) before the integration is realized.
OrderMS provides third party integrations only when you choose to do so. The Integrations and API provided to you to communicate with third party tool communication provides us with additional information, only if required.
3. Information you provide us while using some tools in our Services
When you use the Services, we automatically collect information, including personal information, about the services you use and how you use them. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Services.
- Device and Connection Information. We collect information about your computer or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP registered address, IP address of your log in, URLs of referring/exit pages, your time zone and your language preferences. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience and to fulfil our legal and fiscal obligations. You can change the information about your country in your OrdeMS Account.
- Payment Transaction Information. OrderMS may collect information related to your payment transactions through the Services, including the product name, type of payment instrument used, date and time, payment amount, tax amount, credit card number, credit card expiration date, card holder name (if provided), card verification value/code and billing details: first name, last name, phone, address, country, state, city, postal code, and other details connected with transactions.
- Conversion Tags. If you reach our website via our partner’s Reference Link as, we may use conversion tags, provided by for the purposes of correct attribution of our partner’s marketing activity and the performance of our Affiliate program.
You will receive the notice about our use of the Cookies and similar technologies during your first visit of our partner’s web including request for your consent with use of Conversion Tags. You are the only person who decides if you would like to provide this permission. You can revoke your permission any time.
4. Information you provide us while using our Blog, Public Profile or another Website content
If you use our Blog or another content or would like to participate in our webinars we can ask you to provide us with some information (such as your name, job title, your photo or other information).
By posting any information on our website you acknowledge and agree that the data you fill in during the subscription process on our website or any time later creates your public profile (hereinafter "Public Profile"). You acknowledge and agree that the information that you provide in your Public Profile would be visible to the others. You can change the information in your Public Profile whenever you want.
5. Information provided or collected for marketing purposes
If you use our Services, we are entitled, based on our legitimate interest, to use your identification and contact details (in particular, your name and surname, job title, company, telephone number, e-mail) and information about your use of our Services for reaching the current or potential customers by direct marketing or thorough advertising campaigns on social networks including creation of Lookalike Audience on Facebook or similar type of marketing campaigns.
If you participate in events and conferences organized by us we can ask you for granting the consent with the processing of your personal data (in particular, your identification and contact data fill in the respective form of registration and information about your interests in the Services and participation in our events).
How do we use the collected information?
We use, store, and process information, including personal information, about you for the following purposes:
- To provide, improve, and develop the Services.
We process this information given our legitimate interest in improving the Services, and where it is necessary for the adequate performance of the contract with you.
- Enable you to access and use the Services.
- Operate, protect, improve, and optimize the Services and experience, such as by performing analytics and conducting research. Subject to our contract with you we process this information either manually or by computer.
- Provide customer service: to resolve technical issues you meet, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.
- Send you service or support messages, updates, security alerts, and account notifications.
- If you provide us with your contacts’ information, we may process this information: (i) for fraud detection and prevention, and (ii) for any purpose you authorize at the time of collection.
- To create and maintain a trusted and safer environment.
We process this information given our legitimate interest in protecting the Services, to measure the adequate performance of our contract with you, and to comply with applicable laws.
- Detect and prevent fraud, spam, abuse, security incidents, and other harmful activity.
- Conduct security investigations and risk assessments.
- Verify or authenticate information or identifications provided by you (such as to verify your ID).
- Comply with our legal obligations.
- Resolve any disputes and enforce our agreements with third parties.
- Enforce our Terms of Service and other policies.
- To provide, personalize, and improve our advertising and marketing.
- Send you promotional messages, marketing, advertising, and other information that may be interesting to you based on your preferences (including information about OrderMS campaigns and services) and social media advertising through social media platforms (such as Facebook or Google).
- Personalize, measure, and improve our advertising.
You will receive marketing communications from us if you’ve given us the consent. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications.
- To provide and secure Paid Services.
We process this information given our legitimate interest in improving the Paid Services, and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.
- Enable you to access and use the Paid Services.
- Detect and prevent fraud, abuse, security incidents, and other harmful activity.
- Conduct security investigations and risk assessments.
- Comply with legal obligations (such as anti-money laundering regulations).
- Enforce payment policies.
- Automated individual decision-making
OrderMS does not carry out the processing under Article 22(1) of the GDPR: You will not be subject to a decision adopted by OrderMS based solely on automated processing of your personal data, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Do we share personal data with others?
In the context of the data processing above and the respective legal bases given (contract performance, legitimate interests, consent or processing obligations under law), your data may be passed on to the following categories of recipients:
OrderMS Product Line
Your personal data can be shared by OrderMS and with its product line. If your personal data is shared, this is done provided that there is a need for knowledge of this data and this data is shared only with selected product lines for fulfilment of their working tasks.
Access rights between product lines are limited and we only grant them if the person needs to know the relevant data on the basis of his or her job or job responsibilities, and the authorized employees are bound by the confidentiality obligation.
- Service Providers
OrderMS uses external service providers as payment service providers; service providers conduct background or police checks, fraud prevention, and risk assessment, perform product development, maintenance and debugging, newsletter dispatch, analysis of information etc. In order to fulfil their obligations, OrderMS must transfer certain data to them or service providers have to process certain data.
OrderMS also use external providers of IT infrastructure to store and process your personal data.
All external service providers are checked by OrderMS and provide sufficient guarantees regarding the confidentiality and security of your data. With all of these providers OrderMS has concluded written data privacy agreement where the providers have undertaken to protect personal data and to comply with OrderMS's privacy standards.
- Other third parties
In certain circumstances, we share and/or are obliged to share your personal data with third parties outside our product line or services providers, for the purposes described above and in accordance with the data protection laws.
These third parties include, in particular:
- administrative and similar authorities (tax authorities);
- financial institutions (banks, insurance companies);
- business partners (with your previous consent or based on our legitimate interests, eg. in case of merger or similar corporate transactions),
- Our external advisors.
Do we transfer personal data to countries outside the EEA?
We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU commission’s model clauses.
Information on EU standard contractual clauses is available here on the European Union website. If you would like to have information in detail, please contact us at [email protected] .
How long do we store your personal data?
Your personal data will be deleted as soon as they are no longer necessary for the stated purposes. However, we must sometimes continue to store your data until the retention periods and deadlines set by the legislator or supervisory authorities expire. We may also retain your data until the statutory limitation periods have expired, provided that this is necessary for the establishment, exercise or defense of legal claims.
After that, the relevant data are routinely erased.
If you have any questions about specific retention periods, please contact us at [email protected]
What are your rights under applicable data protection laws?
Under the stipulated conditions, you can exercise all of the rights listed below, which are granted to you by legislation on the protection of personal data, in particular the General Data Protection Regulation (GDPR):
- You have the right to request access to your personal data and the right of provision of further information on the processing of your personal data.
- You have right to rectification of inaccurate or incomplete persona data.
- You have right to obtain your personal data and transfer your data to another controller (data portability).
- You have right to delete your personal data.
- You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
- In particular, you have an unconditional right to object to the processing of your personal data for direct marketing purposes.
- If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent by contacting us at [email protected]
- You also have the right to lodge a complaint with a respective supervisory authority pursuant to Art. 77 GDPR (in particular in the country of your residence, place of work or of an alleged infringement of the GDPR).
How is your data secured?
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. Some of the safeguards we use to protect your information are as follows:
- Limited access to the production database at the network level
- Limited access to the production database at the process/users level
- Password policy for access to the production database
- Data transfer encryption
- Data encryption in the database (for card data and authentication credentials)
- WAF (Web Application Firewall)
- DDoS protection
- Internal password change policies
- PCI DSS level 1 compliance
- Logging of actions and log analysis
- Antiviruses on admins workstations
We use industry standard algorithms (AES, PGP and others) for encryption of personal data. As well as full-disk encryption, databases encryption and encryption of special personal data (payment card details for PCI DSS compliance).
We have policies and procedures to keep encryption keys secure, and generate new keys when necessary to do so.
If you know or suppose that your Personal Data have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your OrderMS Account, please contact us by email at [email protected]