Legal
Privacy Policy
How we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).
Last updated: March 2026
1. Introduction
Origin Research ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, communicate with us via Telegram, or place an order for our research products.
We operate in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable EU member state data protection laws.
2. Data We Collect
2.1 Information You Provide
- Contact information: Name, email address, phone number, shipping address, and any other details you provide when contacting us via our contact form, email, or Telegram.
- Order information: Product selections, order history, payment details (processed securely through third-party payment providers — we do not store full payment card data).
- Communications: Messages sent through Telegram, email, or our website contact form, including any attachments or supporting documents.
2.2 Information Collected Automatically
- Browsing data: IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and clickstream data.
- Device information: Device type, screen resolution, and unique device identifiers.
- Cookies and similar technologies: We use cookies and similar tracking technologies to enhance your experience and gather analytics. See Section 6 for our Cookie Policy.
3. How We Use Your Data
We process your personal data for the following purposes, each with a lawful basis under GDPR:
- Order fulfillment (contractual necessity): To process, ship, and manage your orders and provide related customer support.
- Communication (legitimate interest / consent): To respond to your enquiries via Telegram, email, or contact form and to send order updates.
- Website analytics (legitimate interest): To understand how visitors use our website, improve site performance, and optimize the user experience.
- Legal compliance (legal obligation): To comply with applicable laws, regulations, and legal processes.
- Security (legitimate interest): To detect and prevent fraud, unauthorized access, and other security incidents.
4. Data Sharing
We do not sell, rent, or trade your personal data. We share your information only with the following categories of third parties, and only to the extent necessary:
- Shipping and logistics providers: To fulfill and deliver your orders.
- Payment processors: To securely process payments for your orders.
- Analytics providers: To help us understand website usage (e.g., Google Analytics, configured with IP anonymization).
- Communication platforms: Telegram for customer communications initiated by you.
- Legal authorities: When required by law or to protect our legal rights.
All third-party processors are required to handle your data in accordance with GDPR and our data processing agreements.
5. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., through third-party services), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.
6. Cookie Policy
6.1 Essential Cookies
These cookies are strictly necessary for the website to function and cannot be switched off. They include cookies for session management, security, and remembering your cookie preferences.
6.2 Analytics Cookies
With your consent, we use analytics cookies to collect anonymized data about how visitors interact with our website. This helps us improve site performance and content. Analytics cookies include:
- Google Analytics (_ga, _gid) — website usage tracking with IP anonymization enabled.
- Session duration and page view tracking.
You can manage your cookie preferences at any time by clicking "Cookie Settings" in the footer or by adjusting your browser settings. Rejecting non-essential cookies will not affect core website functionality.
7. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete personal data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
- Right to restrict processing: Request that we limit how we use your data in certain circumstances.
- Right to data portability: Request your personal data in a structured, commonly used, machine-readable format.
- Right to object: Object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at info@originlabsresearch.com. We will respond within 30 days of receiving your request.
You also have the right to lodge a complaint with your local Data Protection Authority if you believe your rights have been violated.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:
- Order and transaction data: Retained for 7 years to comply with EU tax and accounting regulations.
- Communication records: Retained for 3 years after your last interaction with us, unless required longer for legal purposes.
- Website analytics data: Anonymized and aggregated data is retained indefinitely. Identifiable analytics data (e.g., IP-based) is deleted after 14 months.
- Cookie consent records: Retained for 12 months, after which you will be asked to confirm your preferences again.
Upon request for deletion, we will erase your data within 30 days, except where retention is required by law.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption, access controls, regular security assessments, and secure data storage practices.
10. Children's Privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
