Politica de confidențialitate

Last updated: 02.03.2026

This Privacy Policy explains how OBD Profi (“we”, “us”, “our”) collects and processes personal data when you use our website, contact us, and place orders. We process personal data in accordance with the GDPR (Regulation (EU) 2016/679), Polish data protection laws, and applicable EU ePrivacy rules regarding cookies/marketing.

1) Data Controller (who is responsible)

Controller: OBD Profi
Address: [Address], Poland
Email: info@obdprofi.com

If you have any questions, or you want to exercise your GDPR rights, contact us using the details above.

2) Scope

This Privacy Policy applies to:

  • visitors to our website;
  • customers who place orders via our WooCommerce store;
  • people who contact us via email/contact forms;
  • people who subscribe to marketing communications (newsletter/SMS, if offered).

3) Personal data we collect

Depending on how you interact with the site, we may collect:

3.1 Data you provide to us
  • Identity and contact data: name, email, phone number, billing and shipping address
  • Order data: products ordered, order number, order history, delivery information, returns/complaints
  • Account data (if you create an account): username, password (stored in hashed/encrypted form by the website system), saved addresses
  • Support data: emails, messages, chat/contact form submissions, attachments
3.2 Data collected automatically
  • Technical data: IP address, device type, browser type, operating system, language, approximate location (based on IP)
  • Usage data: pages viewed, clicks, session duration, referral source
  • Cookie and tracking data: identifiers and events related to analytics/advertising/marketing (depending on your cookie choices)

We do not intentionally collect special categories of personal data (e.g., health data) and we do not knowingly collect data from children.

4) Purposes and legal bases (why we use your data)

We only process personal data when we have a legal basis under GDPR.

4.1 To provide the website and core e-commerce functions

Examples: cart, checkout, account login, fraud prevention, website security.
Legal basis: legitimate interest (Art. 6(1)(f)) and/or contract (Art. 6(1)(b)).

4.2 To process orders and deliver goods

Examples: order confirmation, shipping, delivery updates, handling returns/complaints.
Legal basis: contract (Art. 6(1)(b)).

4.3 Payments and fraud prevention

Examples: payment authorization, chargeback handling, risk checks.
Legal basis: contract (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)).

4.4 Legal obligations (accounting, tax, consumer law)

Examples: invoices, records, responding to lawful requests.
Legal basis: legal obligation (Art. 6(1)(c)).

4.5 Customer support and communications

Examples: answering questions, assisting with delivery issues, managing disputes.
Legal basis: contract (Art. 6(1)(b)) and/or legitimate interest (Art. 6(1)(f)).

4.6 Marketing communications (newsletter / promotional emails / SMS if used)

We send marketing communications only where legally permitted (typically opt-in).
Legal basis: consent (Art. 6(1)(a)).
You can withdraw consent at any time (see Section 10).

4.7 Analytics and advertising measurement

Examples: Google Analytics, Google Pixel/event tracking to measure performance and improve marketing.
Legal basis: consent (Art. 6(1)(a)) where required by ePrivacy rules and local implementation.

5) Dropshipping / fulfillment model (sharing your data to deliver your order)

We use a dropshipping fulfillment model. This means that, to deliver your order, we must share necessary data with third-party suppliers and logistics partners.

Typically shared:

  • your name;
  • shipping address;
  • phone number (if required by the courier);
  • email (if required for delivery notifications);
  • ordered product and quantity.

Some suppliers and logistics providers may be located outside the EEA. See Section 9 for international transfers.

6) Who we share data with (categories of recipients)

We may share personal data with:

6.1 E-commerce platform and hosting
  • WooCommerce / WordPress service providers (site operation, order processing, plugins)
6.2 Analytics and advertising providers
  • Google Ireland Limited (Google Analytics, Google Pixel / measurement).
    Depending on configuration and services used, data may be processed by Google LLC in the United States.
6.3 Marketing automation provider
  • Omnisend (Soundest Ltd.) – email marketing and automation (e.g., newsletters, marketing campaigns, and—if enabled—cart/checkout-related messages). Omnisend may process your contact details and interaction data based on your settings/consents.
6.4 Payment providers

We share necessary transaction data with the payment method you choose at checkout (e.g., PayPal).
We do not store full payment card details; these are handled by the payment provider.

6.5 Suppliers, fulfillment and logistics partners
  • product suppliers (to fulfill orders);
  • couriers and delivery companies (to deliver and provide tracking).
6.6 Professional advisors and authorities
  • accountants, legal advisors (where needed);
  • authorities and regulators (where required by law).

We do not sell your personal data.

7) Cookies and similar technologies

We use cookies and similar technologies. Some are necessary to make the site work; others are optional and used only if you consent (where required).

7.1 Types of cookies
  • Strictly necessary cookies: enable core site functions such as cart, checkout, and security. These cannot be disabled via cookie consent because the site cannot function properly without them.
  • Analytics cookies (Google Analytics): help us understand how visitors use our site, so we can improve it.
  • Marketing cookies (Google Pixel and marketing features): help us measure ad performance and show more relevant advertising.
  • Marketing/automation cookies (Omnisend, where applicable): help us measure campaign performance and automate marketing flows.
7.2 Cookie consent / preferences

Where required by law, optional cookies are loaded only after you provide consent via our cookie banner/settings. You can change your preferences at any time via [Cookie Settings link] (add this link in your website footer or cookie banner).

7.3 Google Analytics opt-out

You can also opt out of Google Analytics by using the official browser add-on:
Google Analytics Opt-out Browser Add-on

8) Communications and marketing rules

  • Newsletter / promotions: Only if you opt in (or where otherwise legally permitted).
  • Unsubscribe: Every marketing email includes an unsubscribe link. You can also unsubscribe by contacting us.
  • Transactional messages: We may send non-marketing emails necessary to perform the contract (e.g., order confirmation, shipping updates). These do not require marketing consent.

Abandoned cart messages: If we send abandoned cart reminders via Omnisend, we do so according to your consent status and applicable law/settings. You can opt out of marketing at any time.

9) International transfers (outside the EEA)

Some of our service providers, suppliers, or logistics partners may process data outside the EEA (for example, if goods are shipped directly from partners located outside the EEA, or if certain IT providers process data in the United States).

When we transfer personal data outside the EEA, we rely on appropriate legal mechanisms such as:

  • EU Standard Contractual Clauses (SCCs); and/or
  • adequacy decisions or other recognized transfer frameworks where applicable; and/or
  • where strictly necessary, transfers that are required for the performance of a contract (e.g., sending shipping details to a non-EEA supplier to deliver your order), in line with GDPR provisions.

You may request additional information about safeguards by contacting us.

10) Your GDPR rights

You have the right (subject to conditions) to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion of your data;
  • restrict processing;
  • object to processing based on legitimate interest;
  • data portability (when processing is based on consent or contract and carried out by automated means);
  • withdraw consent at any time (where processing is based on consent).

To exercise your rights, contact us at info@obdprofi.com.

You also have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

11) Data retention (how long we keep data)

We keep personal data only for as long as needed for the purposes described:

  • Orders, invoices, tax records: kept for the period required by applicable tax/accounting laws.
  • Customer support records: kept as necessary to handle requests and defend potential legal claims.
  • Marketing data: kept until you unsubscribe/withdraw consent, or until it is no longer necessary.
  • Analytics and cookie data: kept according to tool settings and your consent choices.

12) Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission or storage is completely secure.

13) Third-party links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies before providing personal data.

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The newest version will be published on this page with an updated “Last updated” date.

Coș de cumpărături