Privacy Policy

Last updated: 28 June 2026

This Privacy Policy explains how I handle personal data through Accessible3D. I collect the data I need to run the website, process orders, answer messages, prepare quotes, provide downloads, prevent abuse, meet legal duties, and improve the service when you have consented to statistics cookies. I do not sell personal data.

1. Data controller

I am the data controller for Accessible3D:

• EA consulting v/Edis Adilovic
• Pantheonsgade 5, 2. sal, 5000 Odense C, Denmark
• CVR number: 41699981
• Email: edis@accessible3d.io

2. Personal data I collect and why

When you visit the website

The server may record technical log data such as IP address, requested page, time, browser type, device information, referring page, and error data. I use this to keep the website secure, diagnose faults, prevent abuse, and maintain the service. Legal basis: my legitimate interest in security and operations.

When you place an order

I receive the information needed to handle your order: name, email address, delivery address, billing details where relevant, phone number where required by the carrier, order contents, prices, tax information, shipping method, checkout consents, and order messages.

I use this to confirm the order, deliver physical products, provide download links, handle payment status, answer support questions, handle returns and complaints, document the sale, and meet tax and bookkeeping obligations. Legal basis: performance of a contract, legal obligations, and my legitimate interest in documenting and protecting the transaction.

Payment is handled by Stripe. Your card or payment details go directly to Stripe. I do not see or store your full card number. I receive payment status, payment reference, fraud or security signals where relevant, and enough payment information to manage the order, refund, or complaint.

When you withdraw from a purchase

If you use the withdrawal button on the website, or the order lookup, I process the order number and email address you enter to find your order. When you confirm a withdrawal, I record the withdrawal itself: the items withdrawn, the date and time, the name and email you provide or confirm, and the IP address it was sent from. I process the same information if you withdraw by email or using the standard withdrawal form. Legal basis: legal obligation (the consumer right of withdrawal and my duty to acknowledge it on a durable medium), performance of a contract, and my legitimate interest in preventing abuse of the withdrawal and lookup function.

When you buy a digital download

I may record the digital product bought, download link, download attempts, timestamps, IP address connected to downloads, and the consent and acknowledgement you gave if you chose immediate delivery and accepted losing the withdrawal right when download begins. Legal basis: performance of a contract, legal obligation where consumer law requires proof of consent, and my legitimate interest in preventing abuse of download links.

When you request a print quote

To prepare a quote, I may ask whether you are a private customer or a company, your name, company name, CVR or VAT number where relevant, email address, phone number, your full delivery address (street, postal code, city and country), uploaded 3D file, preferred material, quantity, deadline, and notes about the print.

I use your country to work out VAT and feasibility, and your full delivery address to quote shipping and post your print to you. Collecting it with your request means I do not have to ask for it separately by email later. When you click "Proceed", I record that you accepted my terms (the date and terms version) and email a copy of your request, including these details and a link to your file, to myself so I can prepare your final quote. Legal basis: steps taken at your request before a contract, performance of a contract if the quote becomes an order, and my legitimate interest in preparing accurate quotes and preventing misuse.

When you request a custom design

To handle a custom design request, I may collect your name, email address, phone number, company name and CVR or VAT number where relevant, your full delivery address (street, postal code, city and country), design brief, measurements, reference images, sketches, accessibility needs you choose to share, and messages about the request.

I use this to understand the idea, discuss scope, prepare a price, create the design if accepted, quote shipping, deliver the finished piece, and provide support. Collecting your delivery address with the request means I do not have to ask for it separately later. Legal basis: steps taken at your request before a contract, performance of a contract if the request becomes an order, and my legitimate interest in documenting the design process.

Do not send medical information, information about disability, photos of people, or other sensitive personal data unless it is genuinely needed for the request. If you send sensitive information, I handle it only as needed for the request and delete it when it is no longer needed, unless I must keep it for legal reasons.

When you contact me

If you email me, use a contact form, or reply to an order email, I process your name, contact details, message, order number where relevant, and any files or screenshots you send. I use this to answer you and handle the matter. Legal basis: my legitimate interest in responding, steps before a contract, performance of a contract, or legal obligation depending on the message.

When you subscribe to the newsletter

To subscribe, I collect your first and last name and email address, and record the signup, confirmation, consent, source, and unsubscribe status. I use your name only to address newsletters to you personally. I use double opt-in for newsletter signups. Every newsletter has an unsubscribe link. Legal basis: your consent.

If you unsubscribe, I keep a minimal suppression record so I do not add you again by mistake. You can ask me to delete that record too, unless I need it to document consent, unsubscribe status, or a legal dispute.

When you comment on the blog

If comments are enabled and you leave a comment, I collect the name, email address, comment text, IP address, and technical anti-spam data submitted with the form. Your public name and comment may be shown publicly after approval. Your email address is not shown publicly. Legal basis: your consent by submitting the comment and my legitimate interest in moderation and abuse prevention.

3. Uploaded 3D files and reference material

Uploaded 3D files, reference images, sketches, measurements, and briefs may contain information about you or someone else. I process them only to prepare a quote, check printability, create or produce the order, provide support, document the transaction, and meet legal duties.

I do not publish, sell, or reuse customer-submitted files as Accessible3D products unless you have clearly agreed to that separately.

If your upload contains third-party personal data or intellectual property, you are responsible for having the right to send it to me for the requested purpose.

4. Cookies, local storage, and similar technologies

Strictly necessary storage

The website may use necessary cookies or local storage to remember your basket, cookie choice, form state, security checks, checkout session, and similar functions needed to provide the service. These are used without consent where they are strictly necessary.

Statistics only with consent

If you consent, I use Google Analytics to understand how the website is used, which pages are visited, how visitors arrive, and how the shop performs. Google Analytics may set cookies such as _ga and similar cookies and process shortened IP address, page views, device information, approximate location, and shopping events.

I do not load Google Analytics unless you accept statistics cookies. You can change or withdraw your consent using the cookie settings link on the website. If you withdraw consent, I stop loading analytics and try to remove analytics cookies from your browser.

Payment and abuse prevention

Stripe may set cookies and use similar technologies on its checkout pages for payment processing, fraud prevention, security, and compliance.

Cloudflare Turnstile or similar anti-abuse checks may process technical signals from your browser to help tell real form submissions from automated abuse. I use this to protect forms, comments, newsletter signups, quote requests, and custom design requests.

5. Who receives or processes personal data

I share personal data only where needed to run the service, fulfil your request, meet legal duties, or protect the website.

• Stripe - payment processing, checkout, fraud prevention, refunds, and payment records.
• Brevo - transactional emails, order emails, newsletter emails, signup records, and unsubscribe handling.
• Google - analytics only if you have consented to statistics cookies.
• Cloudflare - Turnstile, security, and abuse prevention where used.
• Hosting providers - website hosting, database hosting, storage, backups, and server operations, currently in the EU where possible.
• Shipping carriers - delivery name, address, phone number where required, email where needed for delivery notices, parcel details, and customs information where relevant.
• Accounting, tax, legal, and administrative providers - only where needed for bookkeeping, tax, compliance, advice, disputes, or legal claims.
• Public authorities - where I am legally required to provide information, for example tax, customs, courts, police, or regulators.

Where a provider processes personal data for me, I use a data processing agreement where required. Some providers may also act as independent controllers for parts of their service, for example payment fraud prevention or legal compliance.

6. Transfers outside the EU and EEA

I try to use EU and EEA-based processing where practical. Some providers, especially global payment, analytics, email, security, and cloud providers, may process data outside the EU and EEA.

Where personal data is transferred outside the EU or EEA, I rely on lawful transfer mechanisms where required, such as an adequacy decision, the EU-U.S. Data Privacy Framework for certified providers, standard contractual clauses, or other safeguards allowed by data protection law.

7. How long I keep personal data

• Order, payment, invoice, tax, and bookkeeping records: kept for 5 years from the end of the financial year the material relates to, unless a longer period is required for a dispute or legal duty.
• Physical order fulfilment data: kept as part of the order record and deleted or minimised when no longer needed for delivery, support, accounting, or legal claims.
• Digital download records: kept as long as needed to provide access, document delivery and withdrawal consent, prevent abuse, handle support, and meet legal duties.
• Withdrawal records: the fact and details of a withdrawal are kept with the order record as consumer-law documentation; the IP address logged with a withdrawal is kept only as long as needed for abuse prevention or a legal claim, then deleted or anonymised.
• Quote requests and uploaded 3D files: deleted or anonymised no later than 60 days after the quote expires, is declined, or the related order is completed, unless I need to keep part of the material for the order, support, bookkeeping, or a legal dispute.
• Custom design requests, reference images, sketches, and briefs: deleted or anonymised no later than 60 days after the request is declined or the project is completed, unless I need to keep part of the material for the order, support, bookkeeping, or a legal dispute.
• Contact and support messages: kept as long as needed to answer and follow up. If the message concerns an order, complaint, warranty issue, legal claim, or tax matter, it may be kept with the relevant records.
• Newsletter subscription: kept until you unsubscribe or I stop the newsletter. A minimal suppression record may be kept after unsubscribe to respect your choice and document compliance.
• Blog comments: kept until the comment is removed or moderation no longer requires it. Email and IP data connected to comments are kept only as long as needed for moderation, abuse prevention, or legal reasons.
• Server logs and security logs: normally deleted or anonymised within 30 days, unless they are needed longer to investigate abuse, security incidents, fraud, downtime, or legal claims.
• Cookie consent records: kept as long as needed to remember and document your choice.

8. Your rights

Under data protection law, you may have the right to:

• receive information about how I process your personal data
• access the personal data I hold about you
• correct inaccurate or incomplete data
• delete data where I no longer have a lawful reason to keep it
• restrict certain processing
• object to certain processing, including processing based on legitimate interests
• receive data you gave me in a portable format where the conditions apply
• withdraw consent at any time where processing is based on consent

Write to edis@accessible3d.io if you want to use your rights. I may need to verify your identity before responding. I normally respond within one month.

You can complain to Datatilsynet, the Danish data protection authority, if you believe your data has been handled incorrectly. You can find Datatilsynet at datatilsynet.dk.

9. Security

I use reasonable technical and organisational measures to protect personal data, including access control, secure payment processing through Stripe, protected hosting, backups where needed, anti-abuse checks, and deletion routines. No online service can be guaranteed to be completely secure, but I work to keep the amount of data limited and protect it appropriately.

10. Children

Accessible3D is not aimed at children, and I do not knowingly collect personal data from children without appropriate permission. If you believe a child has sent personal data to me without permission, contact me so I can review and delete it where required.

11. Automated decisions

I do not use automated decision-making that has legal or similarly significant effects on you. Some systems, such as payment fraud checks, anti-spam tools, and security filters, may automatically flag or block activity to protect the website and payment process.

12. Changes to this policy

I update this Privacy Policy when my data handling, providers, legal duties, or website features change. The date at the top shows the current version.