Privacy Policy for ThunderstruckNC
1. Introduction
At ThunderstruckNC, accessible via thunderstrucknc.com, we are deeply committed to protecting the privacy and personal data of our users and customers. We understand the importance of safeguarding your personal information and are dedicated to transparency, accountability, and upholding your fundamental data protection rights. This Privacy Policy outlines the types of data we collect, how we process it, your rights under applicable privacy laws, and how you may exercise those rights.
Please read this policy carefully to understand how we handle your personal data. If you have any questions, you may contact us at [email protected].
2. Scope and Role of Data Controller
This Privacy Policy applies to personal data collected through thunderstrucknc.com and any related services, including account registration, purchases, support inquiries, and marketing communications. ThunderstruckNC operates as the “data controller” for all personal data collected through our website, products, and services. This means we determine the purposes for which and the means by which your data is processed, in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
3. Categories of Data We Collect and Process
We may collect, use, store, and transfer various categories of personal data depending on your interactions with our website and services. These include:
a) Usage Data
Data about how you interact with our website, such as IP address, browser type, access time, pages viewed, referral URLs, device identifiers, and other diagnostic data.
b) Account Data
Personal data provided when creating an account or making a purchase, including name, billing address, shipping address, email address, and phone number.
c) Profile Data
Preferences, behavioral information, purchase history, marketing communication preferences, and other details related to user interaction and personalization.
d) Communication Data
Records of communications with us, such as support requests, inquiries, email correspondence, and call history.
e) Technical Data
Information about your device and connection, including system settings, operating system, screen resolution, and browser configuration.
f) Transaction Data
Details about your payments and transactions, which may include billing details, payment method (e.g., transaction ID from third-party processors), and delivery information.
g) Preference Data
Information relating to your product interests, opt-in marketing choices, and levels of engagement with promotional campaigns.
4. Legal Bases for Processing (GDPR Compliance)
We process personal data under the following lawful bases:
– Contractual Necessity: To fulfill our contractual obligations, such as delivering purchased products and responding to support requests.
– Legitimate Interests: For website functionality, customer service improvements, security, fraud prevention, and understanding customer behavior (where such interests do not override your data protection rights).
– Consent: For marketing communications, certain cookies, and where otherwise explicitly required by law.
– Legal Obligation: Where processing is necessary to comply with legal or regulatory requirements.
5. Your Rights Under GDPR and CCPA
Subject to the conditions and limitations set forth in applicable law, you have the following rights regarding your personal data:
– Right of Access: Request a copy of your personal data we hold.
– Right to Rectification: Correct inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your data where legitimate grounds exist.
– Right to Restriction: Ask us to limit how we use your data in certain circumstances.
– Right to Data Portability: Obtain and reuse your data for your own purposes across different services.
– Right to Object: Object to certain data processing, including direct marketing.
– Right to Withdraw Consent: Revoke any consent you have previously provided.
– Right Not to Be Discriminated Against: Under the CCPA, for exercising any of your consumer rights.
California residents may also request details about the categories and specific pieces of personal information we collect, disclose, or sell (note: we do not “sell” personal data as defined under CCPA).
To exercise any of the above rights, contact us at [email protected].
6. Data Security Measures
We implement comprehensive security measures to protect your personal data, including:
– Encryption (HTTPS, TLS protocols) to secure data in transit.
– Role-based access control and authentication mechanisms.
– Regular data backups and secure storage solutions.
– Data protection training for employees and contractors.
– Monitoring for unauthorized access or vulnerabilities.
Despite our efforts, no electronic transmission or storage system is completely secure. We encourage you to take appropriate precautions when providing your data online.
7. International Data Transfers
Your data may be stored or processed outside your jurisdiction, including in countries that may not offer the same level of data protection. In cases of international data transfers, we use standard contractual clauses approved by the European Commission or rely on other legal mechanisms to ensure your data receives a level of protection consistent with your local laws.
8. Data Retention
We retain your personal data only for as long as reasonably necessary to fulfill the purposes we collected it for, including to satisfy legal, regulatory, tax, accounting, or reporting obligations. Generally, our retention periods are:
– Usage Data: up to 12 months
– Account Data: retained for the life of the customer account and up to 6 years after termination
– Profile and Preference Data: 3 years from last activity
– Communication Data: 3 years from last contact
– Technical Data: up to 12 months
– Transaction Data: retained for 7 years for compliance purposes
After these periods, we securely delete or anonymize the data, unless legal or technical reasons require longer retention.
9. Cookie Policy
We use cookies and similar technologies to enhance your experience, analyze site traffic, and personalize content and ads. Cookies used on thunderstrucknc.com include:
– Essential Cookies: Required for site functionality and security.
– Functional Cookies: Help recall preferences (such as language or location).
– Analytics Cookies: Provide insight into site usage and performance (e.g., Google Analytics).
– Performance Cookies: Enhance user experience by speeding up content delivery and ensuring optimal resource access.
10. Cookie Management and Your Choices
Upon your first visit to thunderstrucknc.com, you will be offered the ability to manage your cookie preferences through our Consent Management Platform. You may choose to accept or reject non-essential cookies. You can also control cookies through your browser settings. Note that disabling cookies may affect the functionality of some parts of the site.
We comply with both GDPR and CCPA requirements by providing clear opt-in/opt-out choices, proper disclosures, and respecting “Do Not Track” and GPC signals where supported.
11. Children’s Privacy
Our services are not directed to children under the age of 13. We do not knowingly collect personal data from children under 13 without appropriate parental or guardian consent. If we become aware that we have inadvertently collected data from a child, we will promptly delete such information.
12. Policy Updates
We reserve the right to modify or update this Privacy Policy at any time to reflect legal requirements, industry standards, or changes to our services. Continued use of thunderstrucknc.com after a revision signifies your acceptance of the updated terms. Material changes will be communicated through an appropriate channel, such as by email or a notice on our website.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us at:
ThunderstruckNC
Email: [email protected]
We are committed to processing your data in accordance with applicable privacy laws and regulations, including the GDPR and CCPA. If you believe your rights have been violated, you also have the right to lodge a complaint with your local data protection authority.
Your trust matters to us. We encourage you to reach out with any privacy-related questions, and we will respond promptly and respectfully.