OPPO Store Privacy Policy
OPPO Store Privacy Notice
Effective Date: [*] 2026
Welcome to the OPPO Store! Unumplus Limited, registered in the United Kingdom with its registered office at 7 Albert Buildings, 49 Queen Victoria Street, London, United Kingdom, EC4N 4SA, together with its affiliates (hereinafter, “OPPO”, “we”, or “us”), is committed to protecting and respecting your privacy.
We process your personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (“DPA 2018”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (“PECR”), and the Data (Use and Access) Act 2025 (“DUAA 2025”), together with any guidance issued by the Information Commissioner’s Office (“ICO”).
We may collect, process and store your personal data (“Your Information”) when you use our website and application (“Platform”). By doing so, you expressly accept this Privacy Notice. This Notice explains how we manage your data, your rights, and our security measures. Please read it carefully before using the Platform or providing any information.
1. How we collect your information and what types of information we collect
The information we collect depends on the Services you use, the context in which you interact with us, the choices you make, and the products and services you view and use. We may collect your information, which includes:
1.1 Personal information you provide to us directly
You may provide us with personal information directly; in such cases, you are generally free to choose what personal information you wish to provide. However, if personal information is required for the provision of our Services and you decide not to provide it, we may not be able to deliver the requested Services to you. The personal information we collect directly from you may include, for example:
1.1.1 Account information: To place an order on our Platform, you will need to create an account and sign in. Before registering, you must accept the HeyTap Account Privacy Notice: https://muc.heytap.com/agreement/privacy-policy/account/oversea/v20240331/index.html?language=en-US. HeyTap will collect your mobile phone number, email address, password, profile picture, username and other data.
1.1.2 User rewards, coupons and other benefits associated with your account.
1.1.3 Contact information (including your name, home/shipping address, telephone number or other contact details).
1.1.4 Order information (including proof of purchase, order number, shipping address, order amount, telephone number, name, delivery tracking number and purchase history).
1.1.5 Payment information (including name, banking details, credit card, debit card or other payment information). We generally do not collect payment card information; only in certain circumstances may we request your bank card details to provide you with after-sales service.
1.1.6 Commercial information (including records of products or services purchased, obtained or considered, or other purchasing or consumption histories or trends).
1.1.7 User group identity information (e.g., university students). In exceptional circumstances, we may ask you to verify group identity information through third parties.
1.1.8 Information when you communicate with us (including chat history, complaints and other communications between you and us).
Shared information (including information or content you post, display or share on the Platform).
1.2 Information collected automatically
1.2.1 User device information (including IMEI number, Android ID, model number, serial number, IP address, MAC address, etc.) and how you interact with the Platform.
1.2.2 Internet or other similar network activity (including information about a consumer’s interaction with a website, application or advertisement).
1.2.3 Advertising ID (including Google advertising ID).
1.3 Personal information we obtain from third parties
We may obtain personal information about you from third parties. For example, to the extent permitted by law, we may obtain information about you from public or commercial sources. If you interact with us through a social network or a third-party service, we may receive information from the social network.
2. How we use your information
2.1 We will use your personal information for the following purposes:
2.1.1 To create, maintain, administer and send you notifications about your account, programmes or other subscriptions in which you participate.
2.1.2 To manage your orders, respond to requests for information or services, provide customer service and otherwise communicate with you.
2.1.3 To track and confirm your online orders, and to process refunds, returns and exchanges.
2.1.4 To facilitate and manage your participation in promotional activities such as sweepstakes, contests and reward programmes.
2.1.5 To market and advertise our Services, support our marketing activities and initiatives, and provide recommendations to our customers.
2.1.6 To send advertisements, which may include personalised advertisements.
2.1.7 To provide and improve our Services, including user registration in a Service, user identification and authentication to enable activation, interaction with our Services and personalisation of the user experience.
2.1.8 To verify your eligibility and the benefits of the group discount programme.
2.1.9 To implement and improve the security and protection features of our Services, and to protect ourselves against and identify fraudulent and illegal activities, legal claims and other liabilities.
2.1.10 To comply with and enforce applicable legal requirements, contractual obligations, relevant industry standards and OPPO policies.
2.1.11 To send you notifications about changes to any Service we offer or provide, or to any of our policies.
2.2 Where we intend to use personal information for purposes not covered in this Privacy Notice, we will notify you and ensure that such use of your personal information is lawful.
3. How we use cookies and similar technologies
3.1 Cookies are small text files that the websites you visit store on your device. They typically contain identifiers, commonly used information and other details. For example, cookies may reduce the number of authentications required and improve your experience when browsing different pages of our website. Otherwise, you may not be identified as the same person and may be asked to re-enter your authentication information when signing in to our website.
3.2 Our Services may use cookies and other technologies such as pixel tags and web beacons (collectively, “Cookies”). We cannot access cookies that we have not installed ourselves.
3.3 We and our third-party partners use cookies to better understand user behaviour, identify which sections of our website you have visited, and measure and improve the effectiveness of our services. You can manage or delete cookies according to your preferences. However, please note that some of our services may be designed to require the use of cookies, so disabling them may affect your ability to use these services or some of their features.
3.4 If you would like detailed information on the use of cookies and other tracking technologies, please read our Cookies Policy published on the website of your country.
4. How long do we retain your information?
We will only store your personal information for as long as necessary to fulfil the purposes of collection set out in this Privacy Notice, unless a longer retention period is required by law. If the law requires us to retain your personal information beyond this period (for example, for tax or commercial reasons), we will delete it at the end of such period.
Once the retention period expires, we will delete or anonymise your personal information.
In the United Kingdom, the principal statutory retention drivers we take into account include the Companies Act 2006 and the record-keeping requirements of HM Revenue & Customs (typically requiring records to be kept for at least 6 years), the Limitation Act 1980 (under which contract claims in England and Wales may generally be brought within 6 years; 5 years for prescription under Scottish law), and the Consumer Rights Act 2015.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from its unauthorised use and disclosure, the purposes for which we process the personal information, and the applicable legal requirements.
5. How we share your information
We may share, transfer or disclose your information to:
5.1 Affiliated companies: We may share your information with our affiliated companies, which may include any entity that directly or indirectly controls, is controlled by, or is under common control with us.
5.2 Our partners and suppliers: We may need to share, transfer or disclose your information to our technical, commercial, marketing and delivery partners and suppliers. This information may be stored, processed or used to provide continuous services, create accounts, fulfil sign-in requirements, notify you of new offers or updates (including software updates and patches), process payments, provide one-time password (OTP) services and use messaging services to deliver your purchase.
5.3 Persons who acquire our assets or business: If we sell or transfer, in whole or in part, any of our businesses or assets, your information may form part of that sale or transfer, but will remain subject to the commitments made in this Privacy Notice (unless you subsequently consent otherwise).
5.4 Legal and regulatory authorities: We may be required to disclose your information due to legal or regulatory requirements. In such cases, we reserve the right to disclose your information to comply with our legal obligations, including, but not limited to, complying with court orders, warrants or discovery requests. We may also disclose your personal information to (a) law enforcement agencies; (b) comply with judicial proceedings, court orders or legal processes served on us or the Platform; (c) enforce or apply this Privacy Notice, the Terms and Conditions or other policies or agreements; (e) conduct insolvency proceedings involving all or part of the business or assets related to the information; (f) respond to claims relating to the infringement of third-party rights by any information; or (g) protect our rights, property, personal safety or that of the public. Please note that we may not notify you before or after disclosures made in accordance with this section.
Notwithstanding the foregoing, we will not be liable for the actions or omissions of third parties with whom you share your information, nor will we be liable and/or subject to liability for any additional information that you choose to provide directly or indirectly to any of the third parties when requesting or activating their services and products, whether directly or indirectly, through the Platform or otherwise.
6. Third parties and their products and services
The Platform may contain links to third-party websites, products and/or services. You may choose to visit them or not. However, if you decide to do so, your use of these websites will be subject to their terms and conditions and privacy policies, which you may consult on their websites or by contacting them.
We do not control the privacy and data protection policies of our partners. Therefore, before submitting your information to our partners, please read and understand their privacy policies and terms and conditions, as you will be subject to them and your remedies will lie against such partners or third parties whose websites you visit or whose services and products you request or activate.
7. Legal basis for processing your data
Our processing of your personal information, as described in the “How we use your information” section, is based on the following legal grounds:
7.1 To enter into or perform a contract with you: We rely on this specific legal basis in the following cases: to create, maintain, administer and send you notifications about your account, programmes or subscriptions in which you participate; to manage your orders, respond to requests for information or services, provide customer service and otherwise communicate with you; to track and confirm your online orders, and to process refunds, returns and exchanges; to verify your eligibility and the benefits of the group discount programme; to send you notifications about changes to any Service we offer or provide, or to any of our policies.
7.2 Compliance with a legal obligation: we may be required to process personal information to comply with our legal obligations, for example, where we are required to retain information for commercial or tax law purposes.
7.3 Legitimate interests: the processing of your personal information may also be necessary for our legitimate interests. (1) To provide and improve our Services, including user registration in a Service, user identification and authentication to enable activation, interaction with our Services and personalisation of the user experience. (2) To market and advertise our Services, support our marketing activities and initiatives, and provide recommendations to our customers. (3) To implement and improve the security and protection features of our Services, and to protect ourselves against and identify fraudulent and illegal activities, legal claims and other liabilities.
7.4 Consent: We may process your personal information with your consent, especially for promotional activities. You have the right to withdraw or revoke your consent at any time. Withdrawing your consent does not affect the lawfulness of the use we made of your personal information prior to withdrawal. If you have given us your consent to use your personal information, we will only use it for the purposes specified in the consent statement. Please note that, because our processing is based on your consent, if you withdraw or revoke it, we may no longer be able to provide you with the related services. However, withdrawing or revoking your consent will not have any negative consequences for you.
8. How your information is stored and transferred globally
Your information will be stored in Europe. In addition, we use our resources and servers worldwide to provide our Services. We have data centres in the USA, France, Singapore, India and Indonesia, which means that, in accordance with applicable law, your personal information may be transferred to countries or regions outside the location where you use or access our Services.
Where your personal information is transferred to a jurisdiction outside the United Kingdom, we will ensure that appropriate safeguards are in place under the UK GDPR, including one or more of the following: (a) the recipient is located in a country or territory benefitting from adequacy regulations made by the UK Secretary of State under section 17A of the DPA 2018 (for example, the EEA Member States benefit from such adequacy regulations); (b) the transfer is made under the UK International Data Transfer Agreement (“IDTA”) or the International Data Transfer Addendum to the EU Standard Contractual Clauses issued by the ICO, supported by a transfer risk assessment where appropriate; (c) where the transfer is to a recipient certified under the UK Extension to the EU–US Data Privacy Framework; or (d) where none of the above safeguards is available, we will rely on a derogation provided for in Article 49 of the UK GDPR, including your explicit consent where appropriate.
9. How we protect your information
9.1 We have implemented reasonable technical and organisational security measures to protect the information we collect and store about you. While we take reasonable steps to protect your information, no website, network, internet transmission, computer system or wireless connection is completely secure.
9.2 We will strictly control access to Your Information and only grant access to those of our employees who need to know how to process such information, and to authorised personnel of the companies responsible for handling services on our behalf.
9.3 The security of your information is fundamental to us. We will therefore protect it by implementing security measures, such as encryption of data in storage and in transit, to prevent unauthorised access, use or disclosure.
9.4 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO without undue delay and, where required, no later than 72 hours after becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also inform you without undue delay, in accordance with Articles 33 and 34 of the UK GDPR.
- Your rights in relation to your information
We strive to offer you choices regarding the information we collect about you. We have created mechanisms to provide you with the following control over your information:
Right of access: You may request access to the information we collect and store about you.
Right of rectification: If you consider that the personal data we process about you is inaccurate or incomplete, you have the right to request that we make rectifications without undue delay and that we complete your personal data where appropriate.
Right of erasure: You may submit a request to us to delete your personal data. We are required to delete it without undue delay in certain circumstances, for example, where we no longer have legal grounds to process it to the extent required by applicable laws and regulations. Please note that deleting all data from your device does not mean that all data collected and processed by OPPO about you has been deleted. Therefore, we encourage you to contact us.
Right to restriction of processing: You have the right, in certain circumstances, to request that we temporarily restrict the processing of your personal data, for example, where you contest the accuracy of such personal data while we verify its accuracy. We will only retain the data necessary, or process what is necessary, to ensure that we comply with your restriction request going forward.
Right to data portability: You have the right to obtain a copy of your personal data in a structured, commonly used and machine-readable format, and to transmit such data to another provider, or to have the data transmitted to another provider, in certain circumstances.
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to any processing based on legitimate interests. If you object to the processing of your personal data, we will stop processing it, unless we can demonstrate compelling legitimate grounds for continuing to process it that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. You may object to direct marketing activities at any time and for any reason.
Right to withdraw consent: If you have given us your consent to process your personal data, but subsequently change your mind, you have the right to withdraw it at any time. Withdrawing your consent does not affect the lawfulness of the use we made of your data before you withdrew it. If you wish to withdraw your consent to receive promotional communications, you may unsubscribe using the method described in each promotional message. If you withdraw your consent, we may no longer be able to provide you with the corresponding service.
Right to lodge a complaint with the ICO: You have the right to lodge a complaint with the Information Commissioner’s Office regarding our handling of your personal data, or to seek a judicial remedy. You can contact the ICO at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; helpline: 0303 123 1113; website: https://ico.org.uk/make-a-complaint/. We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so we encourage you to contact us first.
Right to deactivate your HeyTap account: We grant you the right to delete your HeyTap account. You may go to https://id.heytap.com/v2/index.html, select “Deactivate my account” and follow the instructions. We will complete the review and permanently delete the account within 3 working days. This means that your account will have a 3-day deactivation period, during which you can sign in and reactivate it at any time. If you successfully sign in again within those 3 working days, your deletion request will be automatically cancelled. After 3 days, your account will be permanently deleted, and the associated personal data and information will be deleted or anonymised.
Please note that, after you submit a deletion request, we may need to review it manually to ensure that it meets the applicable requirements. Once your request meets the requirements, we will help you complete the process.
The OPPO Store has been integrated with the account services. Please note that account cancellation is irreversible; once cancelled, we will no longer be able to provide you with the related services. Therefore, before submitting a deletion request, please make sure that your account is secure and meets the following conditions: (1) it has no incomplete orders, outstanding balances or active after-sales requests; (2) the account is not involved in any ongoing complaint, claim or litigation.
After deletion of your account, we will delete or anonymise your associated personal information, such as marketing authorisations, subscription preferences and message history not related to assets. However, please note that, by virtue of legal requirements, legal obligations or legitimate business interests, certain data will be retained as follows:
(1) Legal retention of essential records: In accordance with applicable local and EU regulations (including tax, commercial and consumer protection laws), essential records such as order history, exchange records, loyalty points and financial balances will be blocked or restricted. This means that the data will be technically isolated from regular commercial processing and retained solely for the purpose of complying with legal obligations, such as: (A) handling requests for returns, repairs or refunds during mandatory warranty periods; (B) maintaining records for financial reconciliation and verification of remaining assets (e.g., exchange history or loyalty balances). These records will remain available throughout the statutory limitation periods prescribed by local laws. For example, in Spain, this period generally extends from 5 to 6 years; in France, commercial and accounting records are generally retained for up to 10 years.
(2) Security and Anonymisation: For any data retained on the grounds set out above, we implement strict desensitisation measures. Your user ID will be reset to a non-linkable “Guest Mode”, and your phone number and email address will be anonymised, thereby ensuring that such data can no longer be used to re-identify you, directly or indirectly.
You may exercise your rights as a data subject through the methods made available on the Platform, the methods mentioned in this Privacy Notice, or by contacting us using the contact details set out in the “Contact Us” section.
Please note that, for security reasons, we may verify your identity before processing your request in accordance with any of the rights described above. In principle, we will not charge any fee if your request is reasonable. However, depending on the circumstances, we may impose a fee to cover our costs in the case of repeated requests or requests that exceed reasonable limits. We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or radically changing an existing practice), may harm the legal rights and interests of third parties, or are highly impracticable. In addition, we may be unable to respond to your request if doing so could seriously harm your legitimate rights and interests or those of other persons and organisations.
11. How we process children’s personal information
Our Platform and Services are primarily aimed at adults, and we will not knowingly collect personal information from minors without verifiable parental consent. We consider a minor to be any person under the age of 18 (or the equivalent minimum age for full legal capacity in the relevant jurisdiction). We believe that it is the responsibility of parents to supervise their children’s activities. Minors may not use our services to purchase products from the Platform without the consent of their parents or guardians. If you believe that your child has provided us with personal information without verifiable parental consent, please contact us using the contact details on the “Contact Us” page.
12. Contact Us
If you have any questions, concerns or requests relating to this Privacy Notice or our data protection practices, you may contact the relevant data controller through the following means:
Unumplus Limited
(a) Postal address: 7 Albert Buildings, 49 Queen Victoria Street, London, United Kingdom, EC4N 4SA
(b) Email: privacy.uk@oppo.com
You may also contact our Data Protection Officer through the following means:
Collegium Auditores GmbH
(a) Postal address: Haufeld 2a, 53721 Siegburg, Germany
(b) Email: datenschutz@collegium-auditores.de
13. How this Privacy Notice is updated
We may update this Privacy Notice from time to time, so we recommend that you review it periodically to stay informed of any changes. Your continued access to or use of the Platform, as well as your continued use of the Services (whether actively or passively) provided through, or accessed via, the Platform, will be deemed your acceptance of this Privacy Notice and of any future version or amendment thereof.






















