O3
Protégelo

Privacy Policy

Last updated: May 2026

1. Data Controller

O3 Protégelo SL, with registered address at Riera de la Salut, 30D, local 2, 08980 Sant Feliu de Llobregat, Barcelona, Spain, is the data controller responsible for the personal data collected through this website.

Contact email: info@o3protect.shop

Phone: 682 63 84 64

2. Data We Collect

We collect the data needed for the actual operation of the store:

  • B2C registration data: full name, DNI/NIF, email, phone, privacy confirmation and verification status.
  • B2B registration data: company name, contact person, NIF/CIF, tax address, email, phone and supporting PDF/DOCX document.
  • Order, shipping and billing data: address, city, province, postcode, country, NIF/CIF, products, quantities, prices, VAT, volume discounts and personalised discounts.
  • Vehicle data provided for each product, such as make and model.
  • Technical session, security and operation data: order identifiers, idempotency, correlation, logs, rate limiting, transactional email status and payment webhooks.
  • Payment data handled by Stripe, PayPal and Bizum. We do not store full card details; we retain session or order identifiers when necessary.

3. Purpose of Processing

Your data are used for the following purposes and legal bases:

  • Manage registration, access by magic link, email verification, manual B2B review and authorisation to buy. Basis: pre-contractual or contractual relationship and consent where applicable.
  • Process orders, calculate B2C/B2B prices, discounts, VAT, shipping, payments, invoicing and delivery. Basis: contract performance and legal obligations.
  • Send transactional emails about registration, access, order creation, pending payment, confirmed payment, failed payment, shipment or cancellation. Basis: contract performance and legitimate operational interest.
  • Protect the site against fraud, unauthorised access, form abuse, technical errors and malformed webhooks. Basis: legitimate interest in security and legal compliance.

4. Retention, Recipients and Technical Cookies

Orders, billing data and associated events are retained for the applicable legal periods. Accounts are retained while active, blocked or until deletion; B2B documents are retained while the request or account requires them. Confirmation tokens expire after 48 hours, magic links after 30 minutes, customer sessions after 7 days and admin sessions after 8 hours. Security and operation logs are retained for the time needed to protect the service.

5. User Rights

Your data may be accessed by providers required to deliver the service: Stripe, PayPal, Bizum or the banking entity, SMTP/email providers, hosting, database, technical storage, carriers and public administrations when legally required. We use necessary technical cookies: __Host-customer_token, __Host-admin_token, __Host-admin_mfa_token, __Host-admin_csrf_token, __Host-admin_csrf_session and the legacy admin_token cookie. No analytics or advertising cookies have been detected in the current logic.

  • Access to your personal data
  • Rectification of inaccurate data
  • Erasure of your data
  • Objection to processing
  • Restriction, portability and complaint to the Spanish Data Protection Agency (AEPD)

To exercise these rights, contact us at info@o3protect.shop

6. Security

We implement technical and organisational security measures such as httpOnly cookies, CSRF in the admin panel, rate limiting on sensitive routes, token hashing, session control, security headers and event logging. No measure eliminates risk completely, but it is reviewed to reduce unauthorised access, alteration, disclosure or destruction.