PRIVACY POLICY

Privacy Notice – Orca Bags Ltd.

Who we are (data controller).
Orca Bags Ltd. (“Orca”, “we”, “us”, “our”) is the controller of the personal data described in this notice.
General privacy contact: info@orcabags.com 

What this notice covers.
This notice explains what personal data we collect on orcabags.com, our customer service channels, orders and repairs/RMA flows, newsletters and promotions, and in-person sales events; how we use it; with whom we share it; for how long we keep it; and your rights.

1) The personal data we collect

We may collect and process the following categories (depending on your interaction with us):

  • Identity & contact: name, company, postal address, email, phone.

  • Account & preferences: login, newsletter and cookie preferences, saved carts/wishlists.

  • Orders & fulfillment: items, prices, currency, shipping details, invoice data, service/repair history.

  • Payments: limited billing details and payment confirmation (payment card data is handled by our payment processor and not stored by us).

  • Support communications: emails, forms, chat transcripts, call notes.

  • Device & usage data: IP, device/browser type, pages viewed, events (via cookies, pixels, analytics SDKs).

  • Media & UGC (if you share it): product images, reviews, testimonials.

  • Supplier/partner data: contact points at dealers, distributors and PR/press.

Sources. Directly from you (web forms, checkout, support, events); indirectly from your device (cookies/analytics); from order and shipping partners; and—where permitted—from our newsletter provider and advertising platforms.

2) Why we use your data (purposes)

  • Provide our products and services: process orders, ship goods, manage repairs and warranties, provide customer support.

  • Account & site operation: run the website and online store, authenticate users, prevent fraud and abuse, maintain security.

  • Customer communications: transactional emails/SMS (order status, delivery updates, service notices).

  • Marketing with consent where required: newsletters, new products, events, surveys; you can unsubscribe anytime.

  • Analytics and performance: measure site performance, fix errors, improve content and UX.

  • Legal & compliance: accounting, tax and regulatory obligations, rights enforcement and defense of claims.

Where the law requires consent (e.g., marketing messages or non-essential cookies), we will ask for it and you may withdraw it at any time via the links provided or by contacting us.

3) Do you have to provide the data? What happens if you refuse?

  • Mandatory for a purchase or service: certain details (e.g., name, shipping address, contact email/phone, and payment confirmation) are necessary to fulfill an order or a repair. If you do not provide them, we cannot complete your purchase or service.

  • Voluntary for marketing and cookies: you may decline marketing and non-essential cookies; your shopping experience will still work, though some features may be limited.

4) Cookies and tracking (Cookie Banner / CMP)

We use a cookie banner (consent management platform, “CMP”) that lets you choose among categories (e.g., essential, functional, analytics, marketing). Non-essential cookies and tags are not activated until you provide consent. You can change your choices anytime via “Cookie Settings” in the site footer.
Key technologies may include first-party cookies, Google/Meta/TikTok/analytics tags, and email pixel tracking in our newsletters (if you subscribe).

5) Sharing your data (recipients)

We share personal data only as needed, under contracts that bind recipients to confidentiality and data protection:

  • Hosting & IT: our Israel-based hosting provider Jetserver Ltd. (infrastructure, storage, security).

  • Email & newsletters: ActiveTrail Ltd. (subscription management, email delivery) please refer to activtrail GPDR policy.  click here.

  • Order processing: payment processors, fraud prevention providers, warehouses, shipping and customs brokers.

  • Professional services: accountants, auditors, lawyers, and other advisors.

  • Authorities & legal: where required by law, to competent authorities and courts.

  • Corporate transactions: to a buyer/successor as part of a merger, acquisition or asset sale (with safeguards).

6) International transfers

Some processors or sub-processors may store or access personal data from countries outside Israel (for example, cloud services or global CDNs). We take steps designed to ensure an adequate level of protection consistent with Israeli law, including contractual protections and vendor due-diligence. If you are in the EEA/UK, we apply additional safeguards where GDPR applies.

7) How long we keep data (retention)

We keep personal data only as long as necessary for the purposes above, and then delete or de-identify it. Typical periods:

  • Orders, invoices & repairs: the statutory period required by accounting/tax laws and for the limitation period for claims.

  • Accounts: for the life of the account, or after prolonged inactivity plus a short buffer; we may keep minimal logs for security and fraud prevention.

  • Marketing data: until you unsubscribe or ask us to delete, or after a period of inactivity in accordance with our retention rules.

8) Your rights

Under Privacy Protection Law you may:

  • Request access to the personal data we hold about you; and

  • Request correction if personal data is inaccurate, incomplete or out-of-date.
    You may also unsubscribe from marketing at any time, and request deletion from certain marketing/contact databases where applicable by law.
    We will respond within the timeframe required by law and may ask for information to verify your identity.

How to submit a request:
Email info@orcabags.com (subject: Privacy Request). Please state the right you wish to exercise and provide contact details so we can respond.
If you believe your request was not handled properly, you may lodge a complaint with the Privacy Protection Authority (PPA).

9) Security

We implement organizational and technical measures designed to protect personal data, including role-based access, encryption in transit (HTTPS), secure development and logging, employee confidentiality undertakings and vendor security reviews. No system is perfectly secure; we continually improve controls and investigate suspected incidents.

10) Children

Our site and products are not directed to children. If you believe a child has provided us personal data without appropriate consent, please contact us and we will take steps to delete it.

11) Updates to this notice

We may update this notice from time to time. When we make material changes, we will update the “Last updated” date and provide additional notice if required.

Last updated: [10 sep 2025]

Contact

Orca Bags Ltd. – info@orcabags.com