PRIVACY POLICY
Last updated June 08, 2026
This Privacy Policy describes how Factory3D V.O.F. (“Factory3D”, “we”, “us”, “our”) collects,
uses, and protects your personal data when you visit
https://factory3d.nl
(the “Site”) or use our related services. We are committed to protecting your privacy in
accordance with the EU General Data Protection Regulation (GDPR ā Regulation 2016/679) and the
Dutch Implementation Act (UAVG ā Uitvoeringswet Algemene Verordening Gegevensbescherming).
We sell 3D printed products and offer limited design services and printing on demand.
Please read this Privacy Policy carefully. By using our Site or services, you acknowledge
that you have read and understood this policy.
If you have any questions or concerns, you may contact us at any time at
business@factory3d.nl.
TABLE OF CONTENTS
1. WHO WE ARE
Factory3D V.O.F. is the data controller (verwerkingsverantwoordelijke)
for all personal data processed through our Site and services. As data controller, we determine
the purposes and means of processing your personal data, and we are responsible for doing so
in compliance with the GDPR and the UAVG.
Factory3D V.O.F.
Pastoor Erasstraat 16
5281 GW Boxtel
Noord-Brabant, Netherlands
Email: business@factory3d.nl
Website: https://factory3d.nl
VAT number: NL869405044B01
Pastoor Erasstraat 16
5281 GW Boxtel
Noord-Brabant, Netherlands
Email: business@factory3d.nl
Website: https://factory3d.nl
VAT number: NL869405044B01
We are not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR, as we
are a small business that does not carry out large-scale or systematic processing of personal
data. For all privacy-related questions and requests, you may contact us directly at the
email address above.
2. WHAT DATA WE COLLECT
We collect and process the following categories of personal data:
Data you provide directly
- Identity data: first name, last name, and username or similar identifier if you create an account.
- Contact data: billing address, delivery address, email address, and telephone number.
- Financial data: payment method details such as card type or bank account number. Note: card and payment credentials are processed directly by our payment service providers (PayPal, Visa/Mastercard networks, iDEAL/Wero). We do not store full payment card numbers on our own systems.
- Transaction data: details of products you have ordered or purchased, order status, delivery information, and order history.
- Account data: login credentials (email and hashed password) if you register an account on our Site.
- Communications data: messages, emails, enquiries, and other correspondence you send us, including customer service interactions.
- Design and customisation data: files, designs, specifications, or instructions you submit when ordering a custom print or design service.
Data collected automatically
- Technical data: IP address, browser type and version, device type, operating system, time zone, and referring URLs.
- Usage data: pages visited, time spent on pages, links clicked, and other interaction data regarding how you use our Site.
- Cookie data: data collected through cookies and similar tracking technologies. See Section 6 for full details.
Data we do not collect
We do not intentionally collect any special categories of personal data as defined in Article 9
GDPR (such as data relating to racial or ethnic origin, political opinions, religious beliefs,
health, biometric data, or sexual orientation). We also do not knowingly collect personal data
from children under the age of 16 (see Section 10).
3. HOW AND WHY WE USE YOUR DATA
Under Article 6 GDPR, we must have a lawful basis (grondslag) for every processing
activity. The table below sets out the purposes for which we use your personal data, the data
categories involved, and the legal basis we rely on.
| Purpose | Data categories used | Legal basis (GDPR Art. 6) |
|---|---|---|
| Processing and fulfilling your orders (including confirming receipt, printing, and shipping) | Identity, contact, financial, transaction | Contract ā Art. 6(1)(b) |
| Processing payments and handling refunds or disputes | Identity, financial, transaction | Contract ā Art. 6(1)(b) |
| Managing your user account | Identity, contact, account | Contract ā Art. 6(1)(b) |
| Arranging delivery of products through shipping providers | Identity, contact, transaction | Contract ā Art. 6(1)(b) |
| Customer service and resolving complaints or disputes | Identity, contact, communications, transaction | Contract / Legitimate interest ā Art. 6(1)(b)(f) |
| Complying with Dutch tax and bookkeeping obligations (Belastingdienst / AWR) | Identity, financial, transaction | Legal obligation ā Art. 6(1)(c) |
| Detecting and preventing fraud, abuse, and security incidents | Identity, technical, financial | Legitimate interest ā Art. 6(1)(f) |
| Improving and maintaining our website and services | Technical, usage, cookie | Legitimate interest ā Art. 6(1)(f) |
| Sending you marketing communications about our products and promotions (only where you have opted in) | Identity, contact | Consent ā Art. 6(1)(a) |
| Website analytics and performance measurement (non-essential cookies) | Technical, usage, cookie | Consent ā Art. 6(1)(a) |
Where we rely on legitimate interests (Art. 6(1)(f) GDPR), we have assessed
that our interests are not overridden by your fundamental rights and freedoms. You have the
right to object to this type of processing at any time (see Section 8).
Where we rely on consent (Art. 6(1)(a) GDPR), you may withdraw your consent
at any time without affecting the lawfulness of any processing carried out prior to withdrawal.
See Section 8 for how to exercise this right.
We do not sell, rent, or trade your personal data to third parties. We may share your data
with the following categories of recipients, only to the extent necessary for the relevant purpose:
- Payment service providers: PayPal Europe S.Ć r.l. et Cie S.C.A., Visa/Mastercard card-payment processors, and iDEAL/Wero providers. These parties process your payment details as independent data controllers under their own privacy policies. We recommend reviewing their policies for full details.
- Shipping and logistics providers: Your name, delivery address, and order details are shared with the postal or courier service responsible for delivering your order.
- Web hosting and infrastructure providers: Our Site is hosted on servers. Personal data may be stored on those servers as a normal part of website operation. We ensure appropriate data processing agreements are in place with our hosting provider.
- Analytics providers: We may use website analytics tools to understand how visitors use our Site. Where such tools set non-essential cookies, we only use them with your consent (see Section 6).
- Accounting and bookkeeping software: We use MoneyMonk to maintain our financial records. Invoice and transaction data ā including your name and address ā may be stored in this software to meet our obligations under Dutch bookkeeping law.
- Legal, regulatory, and governmental authorities: We may disclose personal data to law enforcement, tax authorities, or other public bodies where required by law or in response to a lawful and binding request.
- Business successors: In the event of a merger, acquisition, or sale of (part of) our business, personal data may be transferred to the relevant successor entity, subject to the same level of protection as described in this policy.
Where third parties process personal data on our behalf as processors, we ensure that written
data processing agreements (verwerkersovereenkomsten) are in place as required by
Article 28 GDPR. These agreements oblige processors to process data only on our documented
instructions and to implement appropriate security measures.
5. INTERNATIONAL DATA TRANSFERS
We primarily process your data within the European Economic Area (EEA). Some of our
third-party service providers (for example, certain payment processors or cloud infrastructure
providers) may transfer or store personal data outside the EEA.
Where such transfers occur, we ensure that appropriate safeguards are in place in
accordance with Chapter V GDPR, including:
- Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision 2021/914); or
- An adequacy decision by the European Commission confirming that the recipient country provides an equivalent level of data protection; or
- Other appropriate safeguards as permitted under Article 46 GDPR.
You may request more information about the specific safeguards applicable to any transfer
of your personal data by contacting us at
business@factory3d.nl.
Our Site uses cookies and similar tracking technologies. A cookie is a small text file
placed on your device when you visit a website. We use cookies in accordance with the
Dutch Telecommunications Act (Telecommunicatiewet, Art. 11.7a) and the GDPR.
Types of cookies we use
- Strictly necessary cookies: These are essential for the website to function, for example to keep your shopping cart active or maintain your login session. These cookies cannot be disabled and do not require your consent under Art. 11.7a Telecommunicatiewet.
- Functional cookies: These remember your preferences (such as recently viewed items or notification settings) to improve your experience. We ask for your consent before placing these cookies.
- Analytics cookies: These help us understand how visitors use our Site (pages visited, time on page, traffic sources) so we can improve our services. We ask for your consent before placing these cookies.
- Third-party cookies: Payment providers (such as PayPal) may place their own cookies on your device when you use their checkout services. These are governed by the respective third party’s privacy policy, not ours.
Managing your cookie preferences
When you first visit our Site, you will be asked for your consent to place non-essential
cookies via a cookie notice. You can change or withdraw your preferences at any time by:
- Adjusting your browser settings to block or delete cookies (note that this may affect the functionality of our Site); or
- Contacting us at business@factory3d.nl to update your preferences.
7. HOW LONG WE KEEP YOUR DATA
We retain personal data only for as long as necessary for the purpose for which it was
collected, or as required by applicable law. The table below sets out our standard retention
periods. After the applicable period, data is securely deleted or anonymised.
| Category of data | Retention period | Reason |
|---|---|---|
| Order records, invoices, and related transaction data (name, address, amounts) | 7 years from date of invoice | Dutch tax and bookkeeping law (Art. 52 Algemene Wet inzake Rijksbelastingen / AWR) |
| Account data (if you have a registered account) | Duration of your account, plus 2 years after your last purchase or login | Contractual relationship and legitimate interest |
| Customer service communications | 2 years after the matter is resolved | Legitimate interest (dispute resolution and warranty claims) |
| Custom design files submitted for print orders | Until the order is fulfilled, plus 90 days | Order fulfilment and potential reprint or warranty claims |
| Marketing preferences and consent records | Until you withdraw consent or unsubscribe, plus 1 year | GDPR consent accountability requirement (Art. 7(1)) |
| Website analytics and server logs | Up to 90 days | Security monitoring and service improvement |
8. YOUR RIGHTS UNDER THE GDPR
Under the GDPR and the Dutch UAVG, you have the following rights with respect to your
personal data. To exercise any of these rights, please contact us in writing at
business@factory3d.nl.
We will respond within one (1) month of receiving your request. For complex
or multiple requests, we may extend this period by a further two months, in which case we
will notify you within the first month.
- Right of access (Art. 15 GDPR): You have the right to obtain confirmation of whether we process personal data about you, and if so, to receive a copy of that data together with information on how and why we process it.
- Right to rectification (Art. 16 GDPR): You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure ā “right to be forgotten” (Art. 17 GDPR): You may request that we delete your personal data where there is no longer a lawful basis for us to retain it, subject to any legal retention obligations we are bound by (for example, the 7-year bookkeeping requirement).
- Right to restriction of processing (Art. 18 GDPR): You may ask us to restrict (limit) how we use your data in certain circumstances ā for example, while the accuracy of data is contested, or while an objection is pending.
- Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
- Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data where we rely on legitimate interests (Art. 6(1)(f)). You also have an absolute right to object to processing for direct marketing purposes at any time; we will immediately cease such processing upon receipt of your objection.
- Right to withdraw consent (Art. 7(3) GDPR): Where we process your data based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of any processing carried out before withdrawal. To withdraw consent for marketing communications, use the unsubscribe link in any email we send you, or contact us at business@factory3d.nl.
- Right not to be subject to solely automated decision-making (Art. 22 GDPR): We do not make any decisions about you that produce significant legal or similarly significant effects solely through automated processing without human involvement.
We will not charge a fee for handling your request unless the request is manifestly unfounded
or excessive. In such cases, we may either charge a reasonable administrative fee or decline
to act on the request, and we will explain our reasons. We may need to verify your identity
before we can respond to your request.
9. DATA SECURITY
We implement appropriate technical and organisational measures to protect your personal data
against accidental loss, unauthorised access, disclosure, alteration, or destruction, as
required by Article 32 GDPR. These measures include:
- Secure HTTPS/TLS encrypted connections on our Site;
- Password hashing and access controls limiting which persons can access personal data;
- Use of reputable, GDPR-compliant third-party service providers bound by data processing agreements; and
- Periodic review of our security practices.
Despite our best efforts, no method of data transmission or storage over the internet is
completely secure. We cannot guarantee the absolute security of your personal data.
In the event of a personal data breach that is likely to result in a risk to your rights
and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours of becoming
aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to
result in a high risk, we will also notify affected individuals without undue delay in
accordance with Article 34 GDPR.
10. CHILDREN’S PRIVACY
Our Site and services are not directed at minors. Under Dutch law (Article 8 UAVG), the
minimum age for a child to give valid consent to the processing of their personal data in
the context of information society services is 16 years. For children
under 16, consent must be given or authorised by a parent or legal guardian.
We do not knowingly collect or process personal data from individuals under the age of 16.
If you are aware that a child under the age of 16 has provided us with personal data without
appropriate parental consent, please contact us immediately at
business@factory3d.nl
and we will take prompt steps to delete such data from our records.
11. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our data practices,
applicable law, or our services. Any changes will be posted on this page with an updated
“Last updated” date at the top of the document. We encourage you to review this Privacy Policy
periodically.
If we make material changes that significantly affect your rights or the way we process your
data, we will take reasonable steps to notify you ā for example, by email or by displaying a
prominent notice on our Site ā prior to the change taking effect.
Your continued use of our Site or services after any changes have been posted constitutes
your acknowledgement of the updated Privacy Policy.
12. CONTACT US AND COMPLAINTS
If you have any questions, concerns, or requests relating to this Privacy Policy or our
data processing practices, please contact us. We will do our best to address your concern
promptly and transparently.
Factory3D V.O.F.
Pastoor Erasstraat 16
5281 GW Boxtel
Noord-Brabant, Netherlands
Email: business@factory3d.nl
Pastoor Erasstraat 16
5281 GW Boxtel
Noord-Brabant, Netherlands
Email: business@factory3d.nl
If you believe that we have not handled your personal data in accordance with the GDPR or
the UAVG, or if you are not satisfied with our response to a privacy request, you have the
right to lodge a complaint with the Dutch supervisory authority:
Autoriteit Persoonsgegevens (AP)
Hoge Nieuwstraat 8
2514 EL Den Haag
Netherlands
Website: https://www.autoriteitpersoonsgegevens.nl
Telephone: +31 (0)70 888 85 00
Hoge Nieuwstraat 8
2514 EL Den Haag
Netherlands
Website: https://www.autoriteitpersoonsgegevens.nl
Telephone: +31 (0)70 888 85 00
If you reside in another EU member state, you also have the right to lodge a complaint with
the data protection supervisory authority in your country of residence.