3DLabs
Legal

Privacy Policy

Version 1.0 · Published 1 May 2026

1. Who we are

3DLabs(“we”, “us”) is the data controller for personal data collected through this website. We are registered with the ICO.

Contact: contact@3dlabsdoncaster.co.uk

Address: United Kingdom

2. Data we collect and why

DataPurposeLegal basisRetention
Name, email, phoneQuote correspondenceContract (Art. 6(1)(b))Contract duration + 1 year
Project specs, filesManufacturing your orderContract (Art. 6(1)(b))Files: 30 days post-completion
Invoice data (amounts, dates, numbers)HMRC financial recordsLegal obligation (Art. 6(1)(c))7 years (Taxes Management Act 1970)
T&C / privacy acceptance timestampsConsent audit trailLegal obligation (Art. 6(1)(c))7 years
Marketing opt-inPromotional emailsConsent (Art. 6(1)(a))Until withdrawn
Cookie consent (hashed IP)PECR complianceLegal obligation1 year
IP address (hashed)Security / rate limitingLegitimate interests (Art. 6(1)(f))90 days

3. Data processors

We share data with the following processors under data processing agreements:

  • Stripe — payment processing
  • Resend — transactional email delivery
  • Vercel — hosting (EU region)
  • Upstash — rate-limiting (EU region)
  • UploadThing — 3D model file storage

We do not sell your data to third parties.

4. Your rights under UK GDPR

  • Right of access (Art. 15) — request a copy of your data at any time
  • Right to erasure (Art. 17) — request deletion; financial records retained under HMRC obligation
  • Right to rectification (Art. 16) — contact us to correct inaccurate data
  • Right to withdraw consent — unsubscribe from marketing at any time
  • Right to complain — lodge a complaint with the ICO at ico.org.uk

For access and erasure you can use our self-service data request form — verified by email, actioned immediately. For any other right, email contact@3dlabsdoncaster.co.uk. We respond within 30 days.

5. Cookies

We use essential cookies only by default. Optional analytics and marketing cookies require your consent. See our Cookie Policy.

6. International transfers

Your data is processed primarily in the EU/UK. Where processors operate outside the UK, we ensure appropriate safeguards (UK SCCs or adequacy decisions) are in place.

7. Security

We use TLS encryption, hashed IP addresses, rate limiting, and role-based access controls. File uploads are deleted 30 days after order completion.

8. Changes

We will notify you of material changes by email (active orders) and by updating the version number above. Continued use constitutes acceptance.