Privacy Policy
Last Updated Date: June 16, 2026
1. Information We Collect & Data Controller
This Privacy Policy governs the data processing practices of Merton Auto Parts ("we," "us," or "our"). We are committed to protecting the privacy of our automotive aftermarket platform users. For buyers within the United States, we comply with federal frameworks and state-specific regulations including the California Consumer Privacy Act (CCPA/CPRA). For European Union and United Kingdom residents, the data controller pursuant to Art. 4 (7) GDPR is Merton Auto Parts (Contact: sales@mertonusa.com).
2. Data Collected via Automotive Applications
In addition to standard transactional data, our specialized Year/Make/Model (YMM) Vehicle Fitment Search Engine and parts compatibility modules may automatically process and link your vehicle profile selections to your active browsing session to ensure part compatibility and to reduce ordering friction.
- Vehicle Profile Mapping: Year, Make, Model, Trim, and Engine displacement details executed via search queries.
- Device & Telemetry Data: IP address, operational timestamps, browser technical string, and geo-location metrics for sales tax compliance.
3. Third-Party Data Transmission & Logistic Ecosystem
We leverage premium global and localized service providers to manage core platform transactions and operational logistics. Your data is only shared under strict data processing agreements:
3.1 E-Commerce Infrastructure
Our platform is hosted on SHOPLINE. They provide the fundamental cloud infrastructure and secure payment database tokens required to execute merchant transactions safely.
3.2 Core Domestic Logistics & Freight Carriers
To fulfill parts dispatch, parcel tracking numbers, delivery addresses, and customer phone contacts are synchronized with our integrated 3PL Enterprise Resource Planning (ERP) networks and native logistics channels including:
- Standard Parcel Channels: FedEx Ground, United Parcel Service (UPS), and United States Postal Service (USPS).
- Oversized LTL Freight Carriers: R+L Carriers, Estes Express Lines, and TForce Freight (mandatory phone validation applies for appointment schedules).
3.3 Payment Gateway Infrastructure
We process transactions via industry-standard, PCI-DSS compliant encryption networks. Core payment gateways include: Stripe Financial and PayPal Holdings Inc.
4. Supplemental US State Privacy Notice (CCPA/CPRA)
If you are a resident of California, the following provisions apply in accordance with the California Consumer Privacy Act as amended by the CPRA:
- Right to Know & Access: You have the right to request a structural breakdown of personal identity data categories collected over the prior 12 months.
- Right to Opt-Out of Sale or Sharing: We do not sell your personal data for monetary conversion. However, cross-contextual behavioral tracking via tracking pixels (Google Ads, Meta Pixel) may constitute "sharing" under state criteria. You may click the "Do Not Sell or Share My Personal Information" link in our platform footer to terminate behavioral metrics.
- Financial Incentives: Subscribing to our promotional newsletters for a 10% first-purchase coupon constitutes a voluntary financial incentive program. You can opt out at any time via unsubscribe toggles.
5. Data Retention & Legal Holds
We archive transactional files and order history profiles for as long as functionally necessary to satisfy warranty liabilities, continuous fitment customer support, and standard corporate fiscal reporting obligations under federal or state IRS oversight (retained up to 7 tax cycles).
6. Contact Details & Privacy Officer
To execute your right of access, rectification, or complete system data erasure, please route your formal identification and query to our internal data protection officer:
Email Contact: sales@mertonusa.com
Mailing Title: Data Protection Compliance Officer, Merton Auto Parts