Privacy Policy

As of: March 2026

1. Data Controller

SteadiParts GmbH Buchenweg 10, 85232 Bergkirchen, Germany Email: info@steadiparts.com Phone: +49 (0) 8131 3386285

2. Overview of Processing

We only process personal data insofar as it is necessary for the provision of our marketplace and our services. Processing is carried out on the basis of the GDPR and the BDSG.

3. Data Collected

We collect and process the following personal data:

  • Registration data: Name, email address, password (encrypted)
  • Profile data: Username, profile picture, location (optional)
  • Transaction data: Purchase and sales history, payment information (via Stripe)
  • Communication data: Messages between buyers and sellers
  • Usage data: IP address, browser type, access times, pages visited

4. Purpose of Processing

  • Provision and operation of the marketplace
  • Processing of purchases and sales including secure payments
  • User account management and authentication
  • Communication between users
  • Compliance with legal obligations

5. Legal Basis

  • Art. 6(1)(b) GDPR: Performance of contract (marketplace use, purchase processing)
  • Art. 6(1)(f) GDPR: Legitimate interest (security, fraud prevention)
  • Art. 6(1)(a) GDPR: Consent (newsletter, optional features)
  • Art. 6(1)(c) GDPR: Legal obligation (tax law, commercial law)

6. Third-Party Providers and Processors

Supabase (Database & Auth)
Supabase Inc., USA — Hosting of our database and authentication. Privacy policy: supabase.com/privacy
Stripe (Payments)
Stripe Inc., USA — Payment processing and buyer protection services. Stripe is PCI DSS Level 1 certified. Privacy policy: stripe.com/privacy
Vercel (Hosting)
Vercel Inc., USA — Hosting and delivery of the website. Privacy policy: vercel.com/legal/privacy-policy
Meta (Conversions API)
Meta Platforms Ireland Ltd., Ireland — We transmit pseudonymised purchase events server-side (Conversions API) to measure and optimise our advertising. Personal identifiers such as the email address are hashed using SHA-256 before transmission. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reach measurement). Privacy policy: facebook.com/privacy/policy
Google Analytics
Google Ireland Ltd., Ireland — We use Google Analytics 4 for anonymous reach and usage statistics. Cookies and data transmission to Google are only activated after your explicit consent via the cookie banner; without consent, no data is collected. IP addresses are processed in truncated form. Legal basis: Art. 6(1)(a) GDPR (consent), revocable at any time. Privacy policy: policies.google.com/privacy

For transfers to the USA, the EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR apply.

7. Cookies

We use technically necessary cookies for authentication and language settings. These cookies are required for the operation of the website and cannot be disabled.

  • Session cookie: Authentication (Supabase Auth)
  • Locale cookie: Language preference

8. Data Retention

Personal data is deleted as soon as the purpose of storage ceases to apply. Account data is removed upon account deletion. Transaction data is stored in accordance with commercial and tax law retention periods (6–10 years).

9. Your Rights

You have the right at any time to:

  • Access your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

Please direct inquiries to: info@steadiparts.com

10. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach.