Privacy Policy

Opendepot (“we”, “us”, or “our”) operates a business-to-business (B2B) digital marketplace facilitating structured bulk inventory transactions between registered businesses.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our platform (the “Platform”).

This Policy applies to all users accessing the Platform.

1. Data Controller

The data controller is:

[Company Name OÜ]
A private limited company incorporated in the Republic of Estonia
Email: support@opendepot.com

For privacy-related inquiries, contact: support@opendepot.com

2. Scope

The Platform is intended exclusively for business users. We process personal data of:

• Company representatives
• Account administrators
• Authorized users
• Business contacts

We do not knowingly collect data from consumers or minors.

3. Lawful Basis for Processing

We process personal data under the following legal bases pursuant to the GDPR (EU) 2016/679 and, where applicable, the UK GDPR:

• Contractual necessity – to provide and operate the Platform
• Legal obligation – to comply with applicable tax, accounting, and anti-fraud laws
• Legitimate interests – to maintain security, prevent fraud, and improve services
• Consent – for marketing communications and optional cookies

4. Categories of Data Collected

4.1 Account Data

• Full name
• Business email address
• Phone number (for account security)
• Company name and registration details
• Role and access permissions

4.2 Business Verification Data

• Company registration documents
• Tax identification number
• Authorized signatory information

Verification data is collected solely to maintain a secure B2B trading environment.

4.3 Transaction Data

• Purchase and sale records
• Transaction amounts and timestamps
• Commission records
• Delivery coordination details

4.4 Payment-Related Data

All payments are processed through licensed third-party payment service providers.

Opendepot does not store full credit or debit card details.

We receive only:

• Transaction confirmation
• Amount and currency
• Reference identifiers

Where required for payout purposes, limited bank account details (such as IBAN and account holder name) may be stored securely and accessed only by authorized personnel.

4.5 Technical Data

• IP address
• Browser type
• Device information
• Access timestamps

4.6 Communications Data

• Support correspondence
• Platform notifications

5. How We Use Your Data

We use personal data to:

• Create and manage accounts
• Verify business users
• Facilitate transactions between buyers and sellers
• Coordinate delivery processes
• Process commissions
• Maintain platform security
• Prevent fraud and misuse
• Comply with legal obligations
• Improve platform functionality
• Send marketing communications (with consent)

6. Payment Processing

All financial transactions are processed by regulated third-party payment service providers.

Opendepot:

• Does not hold or custody user funds
• Does not provide banking services
• Does not operate as a payment institution

Payment providers may independently conduct identity verification and compliance checks in accordance with applicable financial regulations.

7. Data Sharing

We may share data:

• With transaction counterparties (limited to necessary business details)
• With licensed payment service providers
• With hosting and infrastructure providers
• With email, SMS, and support service providers
• With authorities where required by law
• In the event of a merger or business transfer

All service providers process data under data processing agreements.

8. International Transfers

As an Estonia-based company operating internationally, personal data may be transferred within the European Economic Area (EEA), the United Kingdom, and other jurisdictions.

Where required, transfers outside the EEA or UK are safeguarded using:

• Standard Contractual Clauses (SCCs)
• Appropriate technical and organizational measures

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy and to comply with legal obligations.

Typical retention periods:

• Account data: Duration of account + up to 5 years
• Transaction records: Up to 7 years (for tax and accounting compliance)
• Verification documents: As required by applicable compliance laws
• Marketing consent records: Duration of consent

After retention periods expire, data is securely deleted or anonymized.

10. Your Rights

Under the GDPR and UK GDPR, you have the right to:

• Access your data
• Correct inaccurate data
• Request deletion (subject to legal retention obligations)
• Restrict processing
• Object to processing based on legitimate interest
• Withdraw consent at any time
• Request data portability
• Lodge a complaint with a supervisory authority

Estonia: Andmekaitse Inspektsioon
United Kingdom: Information Commissioner’s Office (ICO)
Germany: Relevant state data protection authority

To exercise your rights, contact: support@opendepot.com

We respond within one month, as required by law.

11. Automated Decision-Making

Opendepot does not make decisions producing legal or similarly significant effects solely through automated processing.

Platform analytics may be used to improve user experience but do not determine user rights or transaction eligibility.

12. Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Encrypted data transmission (SSL/TLS)
• Role-based access controls
• Account authentication safeguards
• Secure hosting infrastructure

While no system is completely secure, we continuously monitor and improve our security practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via email or Platform notification before taking effect.

Continued use of the Platform constitutes acceptance of the updated Policy.

14. Contact

For privacy-related inquiries:

support@opendepot.com