Privacy Policy
Last updated: 12 May 2026
This Privacy Policy explains how OrderWolf collects, uses, shares and protects personal data. It applies to data we collect from visitors to myorderwolf.com, from our clients, and from the data subjects of those clients where we act as a processor on their behalf.
OrderWolf takes data protection seriously. We operate in alignment with the EU General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018 and the ePrivacy Regulations.
1. Who we are
OrderWolf is a trading name of OrderWolf Limited, a private company limited by shares incorporated in Ireland under company number 813708, with its registered office at Grange Beg, Dunlavin, Co. Kildare, W91 N2X7, Ireland.
In this Policy, references to "OrderWolf", "we", "us" or "our" mean the entity above.
For all data protection enquiries, contact us at mark@myorderwolf.com
2. The two roles we operate in
OrderWolf operates in two distinct roles depending on the personal data in question:
- Data Controller — for personal data we collect about visitors to our website, prospects, clients and our own staff and contractors. We decide what data is collected and why.
- Data Processor — for personal data we process on behalf of our clients (for example, the contacts loaded into a CRM or automation platform we build and operate for a client). The client remains the Data Controller; we act only on their documented instructions.
This Privacy Policy primarily covers the data for which OrderWolf is the Data Controller. Where we act as a Data Processor, our obligations are set out in the Data Processing Agreement we enter into with each client.
3. The personal data we collect
3.1 Data you give us directly
- Contact data: name, business name, email address, phone number, postal address.
- Account data: login credentials and preferences for any platforms we provision for you.
- Communication data: any messages, calls, emails or correspondence you send to us.
- Billing data: billing contact, invoice address, VAT number. We do not store payment card details ourselves; payments are processed by third-party providers.
- Marketing data: preferences for receiving communications from us.
3.2 Data we collect automatically
- Usage data: pages visited on myorderwolf.com, referring URL, browser type, device, approximate location derived from IP address.
- Cookie data: see our Cookie Policy for the full list.
- Marketing data: events captured by the Meta Pixel where you have consented to marketing cookies.
3.3 Data we receive from third parties
- Public sources: business contact data from LinkedIn or other public business directories where you have made that information public for business contact purposes.
- Referrers: data shared by mutual contacts or business partners who have your permission to introduce you.
4. How we use your personal data and our lawful bases
We rely on the following lawful bases under Article 6 GDPR:
| Purpose | Data used | Lawful basis |
|---|---|---|
| Responding to enquiries and providing quotes | Contact data, communication data | Legitimate interests / pre-contractual steps |
| Delivering services to clients | Contact data, account data, billing data | Performance of a contract |
| Invoicing and accounting | Billing data, contact data | Performance of a contract / legal obligation |
| Marketing communications to prospects and clients | Contact data, marketing data | Consent (cold) / legitimate interests (existing clients) |
| Website analytics and improvement | Usage data, cookie data | Legitimate interests |
| Online advertising and retargeting via Meta | Cookie data, usage data | Consent |
| Complying with legal and regulatory obligations | All categories as required | Legal obligation |
| Securing our systems and preventing fraud | Usage data, account data | Legitimate interests |
5. Marketing communications
We may send you marketing communications about OrderWolf's services where you have consented or where we have a legitimate interest in doing so (for example, where you are an existing client). You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by emailing mark@myorderwolf.com.
6. Sharing your personal data
We share personal data only with the following categories of recipient:
- Service providers and sub-processors (such as CRM platforms, Supabase, Google Workspace) who provide infrastructure and tools we use to deliver services. A current list is published on our Sub-Processor List page.
- Professional advisers such as our accountants, solicitors and insurers where necessary.
- Regulators, courts and law enforcement where we are legally required to do so.
- Successors in interest in the event of a merger, acquisition or business transfer, in which case personal data will be transferred subject to confidentiality and to the receiving party agreeing to honour this Policy.
We do not sell personal data to anyone.
7. International transfers
Some of our sub-processors are located outside the European Economic Area (EEA), including in the United States. Where we transfer personal data outside the EEA we rely on one or more of the following safeguards:
- Adequacy decisions issued by the European Commission.
- The EU-US Data Privacy Framework where the recipient is self-certified.
- Standard Contractual Clauses approved by the European Commission, supplemented by additional safeguards where necessary following a transfer impact assessment.
Wherever possible we host customer-facing data inside the EU. Specifically, our Supabase deployments use eu-west-1 (Ireland).
8. Data retention
We retain personal data only for as long as is necessary for the purposes set out in this Policy, including to meet any legal, accounting, or reporting requirements. Indicative retention periods:
- Prospect enquiries that do not convert: 24 months from last contact, then deleted or anonymised.
- Client records (contracts, correspondence): 7 years from end of engagement, in line with Irish accounting and limitation periods.
- Invoicing and financial records: 7 years, as required by Irish Revenue rules.
- Marketing data: until consent is withdrawn or 24 months of inactivity.
- Website analytics data: 26 months for GA-equivalent metrics, then aggregated or deleted.
9. Your rights
Under GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your personal data (the "right to be forgotten"), subject to certain exceptions.
- Restrict our processing of your data.
- Object to processing carried out on the basis of legitimate interests or for direct marketing.
- Receive your data in a portable format.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie).
To exercise any of these rights, email mark@myorderwolf.com. We will respond within one month.
10. Security
We use appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure or destruction. These include encryption in transit and at rest, multi-factor authentication on all administrative accounts, role-based access controls, regular access reviews, and an internal information security policy. Detailed information is available on our Security page.
11. Children
OrderWolf's services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes will be notified to clients by email.
13. Contact and complaints
Privacy enquiries: mark@myorderwolf.com
Postal address: Grange Beg, Dunlavin, Co. Kildare, W91 N2X7, Ireland
If you are not satisfied with our response, you have the right to lodge a complaint with the Irish Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, or via www.dataprotection.ie.
