Privacy Policy
Privacy Policy
Table of contents
This Privacy Policy is drafted in compliance with Regulation (EU) 2016/679 (GDPR). Please read it carefully before using the site.
1. Data controller
The Data Controller for personal data processing is:
MarineLab3D
Email: info@marinelab3d.com
Website: marinelab3d.com
For any questions regarding the processing of your personal data, please contact us at the email address above.
2. Personal data collected
2.1 Data provided directly by you
- Purchase data: name, email address, billing/shipping address (even though products are digital)
- Payment data: handled entirely by Shopify Payments / Stripe — MarineLab3D does not have access to your card details
- Custom requests (briefs): email, name, project description and attached files provided voluntarily
- Communications: content of emails or messages sent to support
2.2 Automatically collected data
- IP address and browsing data (pages visited, session duration)
- Browser type, operating system, device
- Downloaded file access data (download token, date/time)
- Technical and analytics cookies (see section 8)
3. Purposes of processing
| Purpose | Data used | Legal basis |
|---|---|---|
| Order processing and management | Email, name, address | Contract performance |
| Delivery of purchased file (download link) | Email, download token | Contract performance |
| Customer support | Email, order history | Contract performance |
| Tax and accounting obligations | Purchase fiscal data | Legal obligation |
| Site security (fraud prevention) | IP, access data | Legitimate interest |
| Aggregate statistical analysis | Anonymous browsing data | Legitimate interest |
| Newsletter (with consent only) | Consent |
4. Legal basis for processing
The processing of your data is based on:
- Contract performance (Art. 6.1.b GDPR): to process orders and deliver purchased files
- Legal obligation (Art. 6.1.c GDPR): to comply with applicable tax and accounting obligations
- Legitimate interest (Art. 6.1.f GDPR): to ensure platform security and prevent fraudulent activity
- Consent (Art. 6.1.a GDPR): for marketing communications (newsletter), which can be withdrawn at any time
5. Data retention
| Data category | Retention period |
|---|---|
| Order and invoice data | 10 years (legal fiscal obligation) |
| Download tokens | 2 years from purchase |
| Support emails | 3 years from last communication |
| Browsing data / logs | 12 months |
| Newsletter consent | Until consent is withdrawn |
| Custom requests (briefs) | 3 years from request closure |
6. Recipients and international transfers
Your data may be shared with the following categories of recipients, to the extent necessary for the purposes indicated:
- Shopify Inc. (Canada/USA) — e-commerce platform. Extra-EU transfer protected by Standard Contractual Clauses (SCC). Shopify Privacy Policy
- Stripe Inc. / Shopify Payments — payment processing. No access to purchased file data.
- Supabase Inc. (USA) — creator database and download management. Data processed on EU servers (Frankfurt). Protected by SCC.
- Vercel Inc. (USA) — creator portal hosting. Edge servers in Europe. Protected by SCC.
- Resend Inc. — transactional email delivery (order confirmation, download links). No marketing data.
- Public authorities — only if required by law.
Creators who receive custom requests can see your email address and project description, but not your payment or shipping data.
7. Your rights (GDPR, Arts. 15-22)
You have the right to:
- Access (Art. 15): obtain confirmation that we are processing your data and receive a copy
- Rectification (Art. 16): correct inaccurate or incomplete data
- Erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal obligations
- Restriction (Art. 18): request restriction of processing in certain circumstances
- Portability (Art. 20): receive your data in a structured, machine-readable format
- Objection (Art. 21): object to processing based on legitimate interest or for direct marketing
- Withdraw consent: withdraw marketing consent at any time, without affecting prior processing
To exercise your rights, write to info@marinelab3d.com. We will respond within 30 days. You also have the right to lodge a complaint with the relevant data protection authority in your country of residence.
8. Cookies and tracking technologies
Technical cookies (necessary)
Required for site operation. No consent needed.
-
_session— cart and purchase session management (Shopify) -
_secure_session_id— session security (Shopify) - Creator portal authentication cookies (Supabase Auth)
Analytics cookies (optional)
Used to understand how visitors use the site. Activated only with consent.
- Google Analytics (if active) — anonymous aggregate data
- Shopify Analytics — anonymous purchase behaviour data
Marketing cookies (optional)
We do not currently use behavioural profiling or advertising cookies. If this changes, we will update this policy and request consent again.
You can manage cookie preferences through the banner shown on your first visit, or through your browser settings.
9. Minors
This site is not directed at persons under 16 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at info@marinelab3d.com so we can delete it.
10. Changes to this policy
We reserve the right to update this policy at any time, in particular in the event of regulatory changes or changes to the services offered. Changes will be published on this page with an updated date. For material changes, we will notify registered users by email.
We encourage you to check this page periodically. Continued use of the site after changes are published constitutes acceptance of those changes.
Privacy contact
For any questions about this policy or to exercise your rights: