The Platform Built for B2B Commerce

ORDERLINKS – PRIVACY POLICY

Last updated: 20th November 2025

This Privacy Policy explains how Orderlinks Technologies Ltd (“Orderlinks”, “we”, “us”, “our”) collects, uses, stores, shares, and protects personal data when Sellers, Buyers, or other Users interact with our platform. We are committed to processing personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Defined Terms

“Seller” – a business or individual who signs up to the Orderlinks platform to manage and receive orders.

“Buyer” – a business or individual placing an order with a Seller through the platform or via Order Assist channels (email or WhatsApp).

“User” – any individual interacting with the platform, including Sellers, Buyers, and staff acting on their behalf.

“Order Assist” – the feature that processes incoming email or WhatsApp messages to help Sellers manage and create orders.

“Platform” – the Orderlinks website, dashboard, APIs, order management tools, integrations, and related digital services.

2. Data Controller and Data Processors

Data Controller

Orderlinks Technologies Ltd
Company Number: 14254523
Email: tom@orderlinks.co

We determine how and why personal data is processed.

Data Protection Officer (DPO)

Thomas Paton
Email: tom@orderlinks.co

Categories of Data Recipients (Processors)

We use third-party services strictly to deliver our platform functionality, including:

  • Payment processors (e.g., Stripe)
  • Hosting and cloud infrastructure providers
  • Messaging and communications providers
  • AI processing services
  • Analytics providers
  • Delivery and logistics partners
  • Optional integration partners selected by Sellers

All processors act only under our instructions.

3. Categories of Personal Data We Collect

Identity and Contact Data

  • Name
  • Email address
  • Phone number
  • Business name
  • Delivery address
  • Billing address

Order and Transaction Data

  • Order items, quantities, and delivery instructions
  • Order history
  • Payment identifiers (e.g., Stripe customer ID, last 4 digits of card)

Other Business Data

  • Product information
  • Pricing information

Communication Data

  • Emails sent to Seller-connected inboxes
  • WhatsApp messages sent to Seller-assigned numbers
  • Message content containing order instructions

Integration Data

  • Order, inventory, or delivery information passed through optional integrations

Analytics Data

  • Aggregated usage and behavioural data from analytics tools

Special Category Data

We do not intentionally collect special category data. If received unintentionally, it is deleted or minimised.

4. Purpose of Data Collection (Why We Collect Data)

We collect and process data for:

  • Creating and managing Seller and Buyer accounts
  • Processing and administering orders
  • Extracting order details from email or WhatsApp messages for order creation
  • Facilitating payments
  • Generating shipping labels and delivery documentation
  • Providing customer support
  • Fraud prevention and platform security
  • Conducting analytics and improving the platform
  • Sending essential service-related updates
  • Meeting legal and accounting obligations

We do not use personal data for advertising or unrelated purposes.

5. How We Use Personal Data (Processing Activities)

Personal data is processed to:

  • Interpret order content from emails and WhatsApp messages
  • Create draft orders on behalf of Sellers
  • Transmit order information to Sellers and Buyers
  • Validate delivery and payment information
  • Provide usage reporting and platform insights
  • Communicate about orders and account activity
  • Maintain and optimise platform functionality

AI-assisted tools may help interpret messages, but all AI outputs are reviewed or approved by a human.

We do not use automated decision-making that produces legal or significant effects.

6. Use of Google Data (Email Connection)

Where a Seller connects their Google account to Orderlinks, we only access Google data that the Seller explicitly authorises through Google’s OAuth permission process.

Purpose and Limited Use

Google data is used solely to provide or improve user-facing features that are prominent in the Seller’s Orderlinks dashboard, including:

  • Identifying incoming order-related emails
  • Extracting relevant order information
  • Assisting Sellers in automating draft order creation

Data is used purely to enhance the email experience for productivity purposes.

Google data is never used for advertising, profiling, or other unrelated purposes.

Restrictions on Transfers of Google Data

Orderlinks does not transfer Google data except when:

  • Necessary to provide or improve user-facing features
  • The Seller has given consent
  • Required for security purposes
  • Required to comply with applicable laws

Human Access to Google Data

Orderlinks does not permit human access to Google data unless:

  • Access is required to comply with applicable law
  • The data is aggregated or anonymised for internal operations
  • It is necessary for security purposes

By default, message content is not manually viewed.

Data Minimisation

Orderlinks processes only message content relevant to trade order automation. Unrelated Google data is not accessed, stored, or used.

Revoking Access

A Seller may revoke Google access at any time via their Google Account permissions. Once revoked, Orderlinks immediately stops receiving new data.

7. Lawful Basis for Processing

7.1 Contract (Article 6(1)(b))

To provide the platform, operate accounts, and facilitate order processing and delivery.

7.2 Legitimate Interests (Article 6(1)(f))

For:

  • Delivery of service
  • Order creation through Order Assist
  • Platform security
  • Fraud detection
  • AI-assisted message processing
  • Analytics and service improvement
  • Operational communications

We balance these interests with User rights.

7.3 Consent (Article 6(1)(a))

For:

  • Marketing communications
  • Connecting email accounts to automate order processing

Consent may be withdrawn at any time.

7.4 Legal Obligation (Article 6(1)(c))

For compliance with accounting, regulatory, and legal duties.

8. Special Category Data (Article 9 UK GDPR)

We do not intentionally process special category data. Any such data received unintentionally is deleted where feasible.

9. Storage, Retention, and Security

9.1 Storage

Data is stored securely using:

  • Cloud hosting infrastructure
  • Approved third-party systems

9.2 Retention Periods

Unless required otherwise by law:

  • Order and payment records: 6 years
  • Account information: retained while active, then deleted/anonymised within 12 months of inactivity
  • Email/WhatsApp message data (Order Assist): 18 months
  • Analytics data: 26 months

Orderlinks does not retain message content unrelated to order automation.

9.3 Security Measures

We use appropriate technical and organisational measures, including:

  • TLS/HTTPS encryption
  • Secure API key management
  • Access controls and permissions
  • Staff access restrictions
  • Audit logging
  • Regular backups
  • Secure hosting environments

10. Who We Share Personal Data With and Why

We share data only where necessary to provide the Platform’s functionality.

Categories of recipients include:

  • Payment processors
  • Messaging and communication providers
  • AI processing services
  • Hosting and infrastructure providers
  • Analytics providers
  • Delivery and logistics partners
  • Optional integration partners selected by Sellers

These organisations process data only on our behalf and only for specified purposes.

We do not sell personal data.

11. Individual Rights

Users have the right to:

  • Access personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request portability
  • Withdraw consent at any time

To exercise these rights, contact: tom@orderlinks.co

We respond within one month, unless an extension applies.

12. Data Protection Contact

Thomas Paton (DPO)
Email: tom@orderlinks.co

13. ICO Complaints

If you are unhappy with how we use your data, you may complain to:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • Changes to how we process data
  • Updates to the platform
  • New integrations or features
  • Legal or regulatory requirements

Significant changes may be communicated directly to Users. The latest version will always be available on our website.


2025 Orderlinks Technologies Ltd
Company Number: 14254523
AWRS: XQAW00000119146
All Rights Reserved.