Privacy Policy

As of: March 2026

1. Data Controller

SteadiParts GmbH Buchenweg 10, 85232 Bergkirchen, Germany Email: info@steadiparts.com Phone: +49 (0) 8131 3386285

2. Overview of Processing

We only process personal data insofar as it is necessary for the provision of our marketplace and our services. Processing is carried out on the basis of the GDPR and the BDSG.

3. Data Collected

We collect and process the following personal data:

  • Registration data: Name, email address, password (encrypted)
  • Profile data: Username, profile picture, location (optional)
  • Transaction data: Purchase and sales history, payment information (via Stripe)
  • Communication data: Messages between buyers and sellers
  • Usage data: IP address, browser type, access times, pages visited

4. Purpose of Processing

  • Provision and operation of the marketplace
  • Processing of purchases and sales including secure payments
  • User account management and authentication
  • Communication between users
  • Compliance with legal obligations

5. Legal Basis

  • Art. 6(1)(b) GDPR: Performance of contract (marketplace use, purchase processing)
  • Art. 6(1)(f) GDPR: Legitimate interest (security, fraud prevention)
  • Art. 6(1)(a) GDPR: Consent (newsletter, optional features)
  • Art. 6(1)(c) GDPR: Legal obligation (tax law, commercial law)

6. Third-Party Providers and Processors

Supabase (Database & Auth)
Supabase Inc., USA — Hosting of our database and authentication. Privacy policy: supabase.com/privacy
Stripe (Payments)
Stripe Inc., USA — Payment processing and buyer protection services. Stripe is PCI DSS Level 1 certified. Privacy policy: stripe.com/privacy
Vercel (Hosting)
Vercel Inc., USA — Hosting and delivery of the website. Privacy policy: vercel.com/legal/privacy-policy

For transfers to the USA, the EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR apply.

7. Cookies

We use technically necessary cookies for authentication and language settings. These cookies are required for the operation of the website and cannot be disabled.

  • Session cookie: Authentication (Supabase Auth)
  • Locale cookie: Language preference

8. Data Retention

Personal data is deleted as soon as the purpose of storage ceases to apply. Account data is removed upon account deletion. Transaction data is stored in accordance with commercial and tax law retention periods (6–10 years).

9. Your Rights

You have the right at any time to:

  • Access your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

Please direct inquiries to: info@steadiparts.com

10. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach.