Last updated: April 10, 2026
Airbagdoc (“we”, “us”, “our”) operates https://airbagdoc.com and sells aftermarket automotive electronic products. This policy explains what personal data we collect, how we use it, who we share it with, and your rights under the General Data Protection Regulation (GDPR) and applicable consumer-protection laws.
1. Who we are
Data controller:
- MB Bitma
- Privacy contact: [email protected]
2. What data we collect
When you place an order
Name, billing and shipping address, email address, phone number, products purchased, order total and payment method. We do not store full card numbers — payment card data is handled directly by our payment processor (see §4).
When you create an account
Email address, username, hashed password, order history and saved addresses.
When you contact us
Name, email address and the content of your message.
When you browse the site
IP address, browser type, pages viewed, referring URL and cookies (see §6). This is collected by our hosting and CDN provider, Cloudflare, and by analytics cookies where you consent.
3. Why we use your data and the legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Processing your order, delivering products, providing customer support | Performance of a contract |
| Sending order status emails (confirmation, shipped, delivery) | Performance of a contract |
| Fraud prevention, security, maintaining the site | Legitimate interests |
| Marketing emails (only if you opt in) | Consent |
| Tax, accounting and consumer-protection compliance | Legal obligation |
4. Who we share your data with
- Payment processors — PayPal (and Braintree, where applicable) receive your name, email, billing address and payment details directly. See PayPal’s privacy policy.
- Shipping carriers — [SHIPPING CARRIER(S), e.g. DHL / UPS / Lithuanian Post] receive name, shipping address, phone and email for delivery.
- Hosting and CDN — Cloudflare (CDN, DDoS protection, DNS) and our server-hosting provider may process IP addresses and request logs.
- Analytics — Google Analytics.
We do not sell your personal data.
5. International transfers
Some of our providers (Cloudflare, PayPal, Google) may process data outside the European Economic Area. Transfers rely on Standard Contractual Clauses or equivalent GDPR-compliant safeguards.
6. Cookies
- Strictly necessary cookies — cart, checkout, login session. These cannot be disabled.
- Functional cookies — remember your preferences.
- Analytics cookies — Google Analytics — set only with your consent.
You can manage cookies via the consent banner or your browser settings.
7. How long we keep your data
- Order records: 10 years (accounting and VAT obligation under law).
- Customer account data: until you request deletion.
- Contact-form submissions: 24 months.
- Server logs: 30 days.
8. Your rights under GDPR
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (“right to be forgotten”), subject to legal retention obligations
- Restrict processing
- Data portability — receive your data in a machine-readable format
- Object to processing based on legitimate interests
- Withdraw consent at any time (for consent-based processing)
- Lodge a complaint with the supervisory authority in your country (the [COUNTRY] Data Protection Authority)
To exercise any right, email us. We respond within 30 days.
9. Security
We protect your data with HTTPS encryption, hashed passwords, restricted access to order data and regular security updates.
10. Children
Our site is not directed at children under 16, and we do not knowingly collect data from them.
11. Changes to this policy
We may update this policy to reflect legal or operational changes. Material changes will be notified on this page, and the “Last updated” date at the top will change.
12. Contact
- General support: [email protected]