3DMarketShop 3DMarketShop
Přihlásit se Registrace

Privacy Policy

Last updated: 2026-05-10

This Privacy Policy explains how GNN prospects s.r.o. (IČO 08256462), operating the 3DMarketShop online marketplace, processes personal data in line with Regulation (EU) 2016/679 (GDPR) and the Czech Personal Data Processing Act No. 110/2019 Coll.

1. Data controller

GNN prospects s.r.o., Kurzova 2222/16, 104 00 Prague, Česká republika · IČO 08256462 · info@3dmarketshop.com. We have not appointed a Data Protection Officer — the criteria of Art. 37 GDPR do not apply to our scale of processing.

2. Data we collect

  • Účet email, nickname, password hash, country, language, avatar (optional).
  • Panel prodejce company name, IČO, DIČ (optional), business address.
  • Objednávka delivery address, phone, items ordered, payment method (we do not store full card numbers — Stripe handles that).
  • Žádná oznámení messages between Buyers and Sellers, support tickets.
  • Technical data: IP address, browser, session cookies.

3. Purposes and legal bases

Performance of contract (Art. 6(1)(b) GDPR) — to fulfil orders, deliver products, and provide support. Legal obligation (Art. 6(1)(c)) — VAT invoicing and accounting. Legitimate interest (Art. 6(1)(f)) — fraud prevention, platform security, off-platform deal detection. Consent (Art. 6(1)(a)) — for marketing emails (if you opt in).

4. Recipients and processors

We share necessary data with the Sellers fulfilling your orders (delivery address, phone) and with the following processors, all under data-processing agreements:

  • Stripe Payments Europe Ltd. — card payments (Ireland).
  • Zásilkovna s.r.o. / Packeta a.s. — shipment & tracking (Czech Republic).
  • [TODO: hosting provider — confirm AWS/Hetzner/etc. before launch]
  • Resend (Drift Inc.) — transactional email delivery (Delaware, USA — under EU Standard Contractual Clauses).

All processors are located within the EU/EEA or covered by adequate-level decisions or Standard Contractual Clauses.

5. Retention periods

Account data — until deletion request, then 30 days. Order and accounting data — 10 years (Czech accounting and VAT statutes). Communications — 3 years from last message. Technical logs — 12 months.

Váš košík

Under GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent at any time. To exercise these rights, write to info@3dmarketshop.com. We respond within 30 days. If you believe we mishandle your data, you may lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ, uoou.cz).

7. Cookies

We use only strictly necessary cookies (session, CSRF, language preference, theme) — these do not require consent under EU law. We do not use analytics, tracking, or advertising cookies. Self-hosted fonts and assets mean no third-party CDN cookies either.

8. Security

We use HTTPS everywhere, hashed passwords, role-based access control, automated backups, and a Content Security Policy with rate-limited authentication. We notify affected Users without undue delay in case of a personal-data breach, in line with Art. 33–34 GDPR.

9. Contact

Privacy questions or requests: info@3dmarketshop.com.

[TODO: confirm hosting provider; review with Czech-qualified data-protection counsel]