Privacy policy

 

Last updated: 24 February 2026

Data Controller

The controller of personal data is Mieszko Cedro, operating as a sole trader under the trade names ThunderParts and HexHive.
Correspondence address: ul. Stefana Grota-Roweckiego 21, 72-200 Nowogard, Poland.
Tax ID (NIP): 8561834936
REGON: 543932080
Contact email: info@thunderparts.eu

Scope of Processed Data

We process personal data provided by Customers in connection with the use of the online store and placing orders, in particular: first and last name, email address, phone number, delivery address (including addresses outside the European Union), billing details, order and payment data, as well as IP address and data relating to activity in the store (e.g. order history, device and browser data – to the extent resulting from the use of the e-commerce platform).

Purposes of Data Processing

Personal data are processed for the purpose of:

  • processing orders and sales contracts,

  • handling payments and shipping, including domestic deliveries, deliveries within the European Union and deliveries to third countries (outside the EU),

  • contacting Customers regarding their orders,

  • handling complaints and returns,

  • fulfilling accounting and tax obligations,

  • conducting correspondence with Customers,

  • ensuring the proper functioning of the online store and the security of services.

Legal Basis for Processing

Personal data are processed on the basis of:

  • Article 6(1)(b) GDPR – for the performance of a sales contract or to take steps at the request of the data subject prior to entering into a contract,

  • Article 6(1)(c) GDPR – for compliance with legal obligations arising from tax and accounting regulations,

  • Article 6(1)(a) GDPR – where consent has been given (e.g. consent to receive marketing communications),

  • Article 6(1)(f) GDPR – for the purposes of the legitimate interests pursued by the controller, in particular handling inquiries, conducting correspondence, pursuing or defending legal claims, and ensuring service security.

Recipients of Data

Personal data may be disclosed to entities cooperating in the fulfillment of orders and operation of the store, in particular payment service providers, courier companies and logistics operators providing domestic, EU and international deliveries (including deliveries to the United States), the e-commerce platform provider Shopify, and entities providing accounting and IT services.
These entities process personal data on the basis of data processing agreements or other GDPR-compliant legal mechanisms.

Transfer of Data Outside the EU

In connection with international order fulfillment and the use of the Shopify platform, payment systems and analytical tools, personal data may be transferred to third countries (outside the European Union), in particular to the United States.
Such transfers are carried out with appropriate safeguards required under the GDPR, in particular on the basis of standard contractual clauses, adequacy decisions, or other lawful data protection mechanisms.

Data Retention Period

Personal data are stored for the period necessary to achieve the purposes for which they were collected, and thereafter for the period required by applicable law, in particular tax and accounting regulations.
Data processed on the basis of consent are stored until the consent is withdrawn.

Rights of Data Subjects

Data subjects have the right to:

  • access their personal data,

  • rectify personal data,

  • erase personal data (the “right to be forgotten”),

  • restrict processing,

  • data portability,

  • object to processing,

  • withdraw consent at any time (where processing is based on consent).

To exercise the above rights, please contact the Controller at: info@thunderparts.eu.

Cookies

The store uses cookies for technical, analytical and functional purposes.
Users can manage cookies via their web browser settings and through the consent management tools available in the store.

Complaints

Data subjects have the right to lodge a complaint with the President of the Personal Data Protection Office in Poland (PUODO) or with the competent supervisory authority in the country of their habitual residence, place of work, or the place of the alleged infringement, including in third countries, in accordance with applicable law.