OPParts Online

Privacy Policy

This Privacy Policy explains how OPParts Online processes personal data of users and customers, including account data, order data, payment, delivery, returns, complaints and communication data.

Last updated: 2026-05-28

Related documents

1. General provisions

This Privacy Policy sets out the rules for processing personal data of users and customers of the OPParts Online store, available at opparts.online.

This Privacy Policy applies to persons using the website, product search engine, customer account, contact forms, order process, payment handling, delivery, complaints, returns and communication with the store.

This Privacy Policy has been prepared to inform users what personal data may be processed, for what purposes, on what legal bases, for what period, to whom it may be disclosed and what rights are available to data subjects.

The controller makes efforts to ensure that personal data is processed in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council, known as GDPR.

2. Personal data controller

The personal data controller is:

Multi Trade Hub Sp. z o.o.
ul. Osiedle 28
46-060 Prószków
Poland
Tax ID / NIP: PL9910462308
REGON: 542416703
KRS: 0001187919
Registry court: District Court in Opole, 8th Commercial Division of the National Court Register
Share capital: PLN 5,000.00

The controller may be contacted by e-mail at: support@opparts.online.

In matters related to complaints, you may also contact: claim@opparts.online.

The controller has not appointed a Data Protection Officer, unless such information is clearly provided on the website in the future.

3. What personal data may be processed

Depending on how the OPParts Online store is used, the controller may process the following categories of personal data:

  • first name and surname;
  • company name;
  • e-mail address;
  • telephone number;
  • billing address;
  • delivery address;
  • delivery country;
  • tax identification number, such as NIP/VAT ID;
  • data required to issue an invoice;
  • order data;
  • payment data, while detailed payment data may be processed directly by the payment operator;
  • delivery and shipment status data;
  • complaint, return and correspondence data;
  • customer account data, if an account has been created;
  • order history;
  • technical information related to website use, such as IP address, cookie identifiers, browser data, device data, system logs and website activity information.

In the case of business customers, the controller may also process data of contact persons, employees, representatives, persons responsible for purchasing, accounting, logistics or order collection.

Some data is necessary to fulfil an order. Failure to provide such data may prevent placing an order, delivery, issuing sales documents, payment handling, complaint handling or contact with the store.

4. Source of personal data

The controller obtains personal data primarily directly from the user or customer, in particular when:

  • creating an account;
  • placing an order;
  • completing a contact form;
  • contacting the store by e-mail or telephone;
  • submitting a complaint;
  • making a return;
  • using website functions.

Some technical data may be obtained automatically when using the website, for example through cookies, server logs or similar technologies.

In the case of business customers, data may also be obtained from the employer, co-worker, person placing the order on behalf of the company or from publicly available business registers, if necessary to handle the commercial relationship.

5. Purposes and legal bases of data processing

For the purposes of this Privacy Policy, the legal bases for data processing include in particular:

  • Article 6(1)(b) GDPR — performance of a contract or taking steps before entering into a contract;
  • Article 6(1)(c) GDPR — compliance with a legal obligation to which the controller is subject;
  • Article 6(1)(f) GDPR — legitimate interest pursued by the controller;
  • Article 6(1)(a) GDPR — consent of the data subject, where required in a given case.

Personal data may be processed for the following purposes:

5.1. Customer account handling

If the user creates an account in the store, data is processed to create and operate the account, enable login, use order history and other account functions.

The legal basis for processing is the performance of an electronic service agreement or taking steps at the user’s request before entering into such agreement.

5.2. Order fulfilment

Personal data is processed to accept an order, conclude and perform a sales contract, prepare goods, arrange delivery, handle payment, contact the customer and provide after-sales service.

The legal basis for processing is the performance of a sales contract or taking steps before entering into it.

5.3. Payment handling

Data may be processed to enable payment for an order.

Payments may be handled by external payment operators, in particular Mollie or other operators available in the store.

The controller does not need to have access to full payment card details. Such data may be processed directly by the payment operator in accordance with its own security rules and privacy policy.

The legal basis for processing is the performance of the sales contract and the controller’s legitimate interest in handling settlements and transaction security.

5.4. Delivery and logistics handling

Personal data may be transferred to entities carrying out delivery, courier brokers, carriers, logistics companies, warehouse operators or other entities involved in delivery.

Data is processed to deliver the order, handle the shipment, contact the recipient, determine delivery costs and handle possible transport claims.

The legal basis for processing is the performance of the sales contract and the controller’s legitimate interest.

5.5. Invoicing and tax obligations

Personal data may be processed to issue invoices, accounting documents, keep accounting and tax records and comply with legal obligations.

The legal basis for processing is compliance with a legal obligation to which the controller is subject.

5.6. Customer contact

Personal data may be processed to answer enquiries, handle correspondence, clarify matters, prepare information about a product, order, payment, delivery, complaint or return.

The legal basis for processing is the controller’s legitimate interest in communication with customers and users, and in some cases also performance of a contract or taking steps before entering into it.

5.7. Complaints and returns

Personal data may be processed to handle complaints, returns, withdrawal from the contract, non-conformity of goods with the contract, warranty claims and communication with the customer in these matters.

The legal basis for processing is compliance with legal obligations of the controller, performance of the contract, and the controller’s legitimate interest in defending against claims and pursuing claims.

5.8. Store security and fraud prevention

Technical data, such as IP address, system logs, session data and user activity information, may be processed to ensure store security, detect abuse, protect against attacks, prevent fraud and ensure proper website operation.

The legal basis for processing is the controller’s legitimate interest.

5.9. Pursuing and defending claims

Personal data may be processed to establish, pursue or defend claims, including claims related to the sales contract, payment, delivery, complaint, return, violation of terms and conditions or violation of law.

The legal basis for processing is the controller’s legitimate interest.

5.10. Own marketing

Personal data may be processed for the purpose of marketing the controller’s own products or services if permitted by law or if the user has given appropriate consent.

If marketing is conducted electronically, for example through a newsletter, e-mail messages or other marketing communications, separate user consent may be required.

The user may withdraw marketing consent at any time.

6. Cookies and similar technologies

OPParts Online may use cookies and similar technologies.

Cookies are small files stored on the user’s device that may be used to ensure proper website operation, remember settings, handle the cart, login, security, analytics or other website functions.

The store may use the following categories of cookies:

  • necessary cookies — required for website operation, cart, login, session and security;
  • functional cookies — allowing the store to remember user settings, such as language or currency;
  • analytics cookies — helping understand how the website is used;
  • marketing cookies — used only if implemented and if required consent is obtained.

The user may manage cookies through browser settings or a cookie consent tool, if available on the website.

Disabling some cookies may affect store operation, in particular the cart, login or payments.

If the store uses or will use analytics, marketing, advertising tools or external scripts requiring user consent, detailed information about such tools and the possibility to give or withdraw consent will be made available in the cookie consent panel or in separate cookie information.

7. Recipients of personal data

Personal data may be transferred to entities supporting the controller in running the store and fulfilling orders.

Recipients of data may include in particular:

  • hosting and IT infrastructure providers;
  • store software providers;
  • payment operators, in particular Mollie or other operators available in the store;
  • banks and payment institutions;
  • courier companies, logistics brokers, carriers and delivery operators;
  • accounting and tax service providers;
  • legal, tax or audit advisors;
  • e-mail, communication and customer service providers;
  • entities handling complaints, returns or technical matters;
  • public authorities, if required by applicable law.

Data is transferred only to the extent necessary to achieve a specific purpose.

Entities processing data on behalf of the controller should act on the basis of appropriate agreements or other mechanisms required by data protection laws.

8. Transfers of data outside the European Economic Area

Due to the global nature of the store, use of external service providers, payments, hosting, IT tools, communication or delivery, personal data may in certain cases be transferred outside the European Economic Area.

If data is transferred outside the European Economic Area, the controller applies appropriate safeguards required by law, such as European Commission adequacy decisions, standard contractual clauses or other permitted mechanisms.

The user may obtain more information about the safeguards used by contacting the controller.

Transfer of data outside the European Economic Area may occur in particular where necessary for delivery, payment handling, customs clearance, contact with a carrier, handling an order outside the EEA or using technology providers with their registered office or infrastructure outside the EEA.

9. Data retention period

Personal data is stored for the period necessary to achieve the purposes for which it was collected, and then for the period required by law or necessary to secure claims.

Data related to a customer account is stored for the duration of the account, and after its deletion for the period necessary to secure claims or comply with legal obligations.

Data related to orders is stored for the order fulfilment period and then for the period required by tax, accounting and limitation laws.

Data related to invoices and accounting documents is stored for the period required by tax and accounting regulations.

Data related to complaints and returns is stored for the period of handling the case and then for the limitation period for claims.

Data processed on the basis of consent is stored until consent is withdrawn, unless there is another legal basis for further processing.

Technical data and system logs may be stored for the period necessary to ensure security, diagnostics, abuse detection and claim protection.

If the exact data retention period cannot be indicated in advance, the controller determines it based on the purpose of processing, applicable law, limitation periods and the need to ensure security and accountability of store operations.

10. Rights of the data subject

The data subject has rights provided for in personal data protection laws.

Depending on the situation, the user may have the right to:

  • access their personal data;
  • receive a copy of the data;
  • rectify incorrect data;
  • complete incomplete data;
  • delete data;
  • restrict data processing;
  • data portability;
  • object to data processing;
  • withdraw consent, if processing is based on consent;
  • lodge a complaint with a supervisory authority.

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

The right to delete data, restrict processing, data portability or objection may be limited where the controller is obliged to continue processing data or where processing is necessary to establish, pursue or defend claims.

To exercise their rights, the user may contact the controller at: support@opparts.online.

11. Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the competent supervisory authority if they believe that the processing of their personal data violates data protection laws.

In Poland, the supervisory authority is the President of the Personal Data Protection Office. More information about how to lodge a complaint is available on the website of the Personal Data Protection Office.

If the user lives in another Member State of the European Union or the European Economic Area, they may also have the right to contact the supervisory authority competent for their country.

12. Voluntary provision of data

Providing personal data is voluntary, but in many cases necessary to use the store.

Failure to provide data required to fulfil an order may prevent placing an order, making payment, issuing an invoice, delivery, complaint handling or contact with the store.

Providing marketing data or giving consent to marketing communication is voluntary and is not a condition for placing an order, unless clearly stated otherwise in a specific form.

13. Automated decision-making, compliance checks and profiling

Personal data may be processed in an automated manner to the extent necessary for store operation, in particular for cart handling, payments, security, abuse detection, product presentation, search engine operation, customer account management and verification of basic order fulfilment conditions.

The store may use automatic technical mechanisms to verify delivery country, billing country, available delivery methods, available payment methods and restrictions resulting from law, sanctions, embargoes, export control or compliance policy. Such mechanisms may result in inability to quote delivery, inability to select a specific delivery or payment method, refusal to fulfil an order or the need to contact store support for additional verification.

The mechanisms referred to above are used to ensure that the store operates in compliance with applicable law, trade restrictions, sanctions and security requirements. They are not used for arbitrary assessment of customer credibility or for marketing profiling in a way that produces legal effects concerning the customer or similarly significantly affects the customer.

The controller does not make other decisions concerning users based solely on automated processing that would produce legal effects concerning them or similarly significantly affect them, except where necessary for entering into or performing a contract, required or permitted by applicable law, or where the user has given explicit consent.

If the user believes that an automatic delivery, payment, quotation or order block has been applied incorrectly, they may contact the store at support@opparts.online to clarify the matter.

The store may use basic functional personalisation, for example remembering currency, language, cart contents, account settings, recent searches or technical preferences. Such personalisation is used only to facilitate use of the store.

14. Data security

The controller applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, destruction, disclosure or improper use.

Security measures may include, among others, access control, IT system safeguards, backups, transmission encryption, permission restrictions, technical monitoring, software updates and incident handling procedures.

The user should protect account login details and not disclose them to third parties.

In case of suspected account security breach, the user should immediately contact the store.

15. Children’s data

OPParts Online is not directed to children and is not intended for independent use by minors.

Minors should use the store only with the consent and under the supervision of a parent or legal guardian, if required by law.

The controller does not intend to knowingly collect or process children’s personal data for marketing or commercial purposes. If the controller becomes aware that a child’s data has been provided without the required consent of a parent or legal guardian, it may take steps to delete the data or restrict processing, if required by applicable law.

16. Links to external websites

The store may contain links to external websites, payment services, carriers, logistics operators or other entities.

The controller is not responsible for privacy policies, content or data processing practices used by independent third parties.

Before using external services, the user should read the privacy policy of the relevant entity.

17. Newsletter and marketing communication

If the store provides a newsletter, subscription to the newsletter is voluntary.

Data provided when subscribing to the newsletter is processed to send commercial, marketing, promotional or informational communications concerning OPParts Online, if the user has given appropriate consent.

The user may unsubscribe from the newsletter at any time using the unsubscribe link available in an e-mail message or by contacting the store.

Unsubscribing from the newsletter does not affect the lawfulness of processing carried out before consent was withdrawn.

18. Data processed in B2B relationships

In the case of business customers, the controller may process data of persons acting on behalf of the entrepreneur, in particular owners, board members, proxies, employees, contact persons, persons responsible for purchasing, accounting, logistics or complaints.

Such data is processed to handle the commercial relationship, fulfil orders, communicate, issue invoices, arrange delivery, handle complaints, returns, settlements and secure claims.

The legal basis for processing may be the controller’s legitimate interest or performance of a contract where the natural person is a party to the contract.

19. Updating data

The customer should ensure that data provided to the store is up to date.

In case of a change of e-mail address, delivery address, telephone number, company data or invoice data, the customer should update the data in the account or inform the store.

The controller is not responsible for the consequences of the customer providing incorrect, outdated or incomplete data, subject to consumer rights arising from mandatory legal provisions.

20. Changes to the Privacy Policy

The controller may amend this Privacy Policy in the event of:

  • changes in law;
  • changes in store functionality;
  • changes in entities providing services to the controller;
  • implementation of new payment, delivery, analytics or communication methods;
  • the need to clarify information about data processing;
  • changes in the controller’s details.

The current version of this Privacy Policy is available on the OPParts Online website.

Changes to this Privacy Policy apply from the moment of publication, unless another date is indicated.

21. Contact regarding privacy

In matters concerning personal data, privacy, exercising user rights or questions about this Privacy Policy, you may contact the controller:

Multi Trade Hub Sp. z o.o.
ul. Osiedle 28
46-060 Prószków
Poland
E-mail: support@opparts.online
Telephone: +48 668 059 777

Cart

Your cart is empty.
Subtotal:
€0.00
View and edit cart Checkout