Privacy Policy

Last updated: 20 March 2026

PartsZA respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 ("POPIA"), and other applicable South African laws. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit or use our website, place an order, contact us, or otherwise interact with us.

If you do not agree with this Privacy Policy, please do not use this website.

1. Who we are

This website is operated by PartsZA, a brand of BMParts (Pty) Ltd.

Business name: BMParts (Pty) Ltd trading as PartsZA

Website:https://www.partsza.co.za

Email: sales@partsza.co.za
Phone: +27 11 609 2020 / +27 71 470 6921

For purposes of POPIA, BMParts (Pty) Ltd is the responsible party in relation to the personal information described in this Privacy Policy.

2. Information we collect

We may collect the following categories of personal information:

2.1 Information you provide directly

• Full name

• Email address

• Phone number

• Billing address

• Delivery address

• Company name, if applicable

• Order details

• Messages, support queries, and correspondence

• Payment-related information needed to process orders

2.2 Information collected automatically

When you use our website, we may automatically collect:

• IP address

• Browser type and version

• Device information

• Operating system

• Referring website

• Pages viewed

• Date/time of visit

• Usage and navigation data

• Cookie and similar tracking data

2.3 Information from third parties

We may receive information from:

• Payment processors

• Couriers and delivery partners

• Website analytics providers

• Advertising or remarketing platforms

• Fraud prevention or security service providers

3. How we use your personal information

We process personal information for lawful business purposes, including to:

• Create and manage your account

• Process and fulfill orders

• Collect payment and manage refunds

• Arrange delivery and provide shipping updates

• Respond to enquiries and customer support requests

• Verify identity and prevent fraud

• Maintain website security and performance

• Improve our products, services, and user experience

• Send order confirmations, service notifications, and transactional communications

• Send marketing communications where permitted by law or where you have consented

• Comply with legal, tax, accounting, and regulatory obligations

• Enforce our terms, policies, and legal rights

We will only process personal information where we have a lawful basis to do so under applicable law, including where processing is necessary to perform a contract, comply with a legal obligation, protect a legitimate interest, or where you have given consent where required. POPIA requires lawful, minimal, purpose-specific processing and accountability by the responsible party.

4. POPIA compliance statement

We are committed to processing personal information in accordance with the conditions for lawful processing under POPIA, including:

• Accountability

• Lawful and minimal processing

• Purpose specification

• Further processing limitation

• Information quality

• Openness

• Security safeguards

• Data subject participation

We take reasonable steps to ensure that personal information is relevant, accurate, complete where necessary, and not misleading, having regard to the purpose for which it is processed. POPIA sets out eight conditions for lawful processing and gives data subjects specific rights regarding their personal information.

5. Cookies and similar technologies

We may use cookies, pixels, tags, and similar technologies to:

• Keep the website functioning properly

• Remember preferences

• Analyse traffic and performance

• Improve site usability

• Support marketing and remarketing activities

You can usually control cookies through your browser settings. Disabling cookies may affect website functionality.

6. Marketing communications

We may send you promotional communications about products, offers, or updates where permitted by law. You may opt out of marketing communications at any time by:

• Clicking the unsubscribe link in an email

• Contacting us directly using the details above

We will not send direct marketing by electronic means where consent is required unless that consent has been obtained, or where another lawful basis under applicable law applies.

7. Sharing your personal information

We may share personal information with trusted third parties where necessary for the purposes described above, including:

• Payment gateways and payment processors

• Courier, logistics, and delivery providers

• Hosting, infrastructure, and cloud service providers

• Ecommerce, website, and analytics service providers

• Fraud detection and cybersecurity providers

• Accountants, auditors, legal advisors, and insurers

• Regulators, authorities, or law enforcement where required by law

We do not sell your personal information.

All third-party operators processing personal information on our behalf are expected to apply appropriate confidentiality and security measures.

8. Cross-border transfers

Some of our service providers may store or process personal information outside South Africa. Where cross-border transfers occur, we will take reasonable steps to ensure that the recipient is subject to laws, binding agreements, or safeguards that provide an adequate level of protection consistent with POPIA. POPIA regulates cross-border flows of personal information and requires appropriate protection when information is transferred outside the Republic.

9. Data security

We take appropriate, reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include:

• Secure hosting environments

• Access controls

• Password protection

• Restricted staff access

• Encryption where appropriate

• Backups and system monitoring

• Service-provider security controls

No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. POPIA requires responsible parties to secure the integrity and confidentiality of personal information using appropriate, reasonable technical and organisational measures.

10. Retention of personal information

We retain personal information only for as long as reasonably necessary to fulfill the purpose for which it was collected, including for:

• Order fulfillment

• Customer support

• Record-keeping

• Legal, tax, and accounting compliance

• Fraud prevention

• Dispute resolution

• Enforcement of agreements

When personal information is no longer required, we will delete, destroy, anonymise, or de-identify it in accordance with applicable law and our internal retention practices.

11. Your rights

Subject to applicable law, you may have the right to:

• Request access to your personal information

• Request correction or updating of inaccurate or incomplete information

• Request deletion or destruction of personal information where appropriate

• Object to certain processing

• Withdraw consent where processing is based on consent

• Lodge a complaint with the Information Regulator

POPIA gives data subjects rights of access, correction, deletion/destruction in appropriate circumstances, and objection, and the 2025 regulations note that requests for correction or deletion should be reasonably accessible to data subjects.

To exercise any of these rights, please contact us at:

Email: sales@partsZA.co.za
Subject line: Privacy Request

We may need to verify your identity before processing your request.

12. Information Officer

Our Information Officer is responsible for overseeing privacy and data protection matters.

Information Officer contact: Stan Andreev  mail@partsZA.co.za

If you wish, you can replace this with your registered Information Officer’s full name and dedicated email address.

13. Children’s personal information

Our website and services are not intentionally directed at children, and we do not knowingly collect personal information from children except where permitted by law and necessary for a lawful purpose. Where required, we will obtain consent from a competent person or rely on another lawful basis recognised under applicable law.

14. Third-party links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party websites. You should review their privacy policies separately.

15. Complaints

If you believe that your personal information has been processed unlawfully or in a way that infringes your rights, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the South African Information Regulator, which is the authority empowered to monitor and enforce compliance with POPIA.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, our services, or our processing activities. The updated version will be posted on this page with a revised "Last updated" date.

17. Contact us

If you have any questions about this Privacy Policy or how we handle personal information, contact us at:

PartsZA / BMParts (Pty) Ltd
Email: sales@partsza.co.za
Phone: +27 11 609 2020 / +27 71 470 6921
Website:https://www.partsza.co.za