Platform upgraded. Please re-register to continue accessing our community! Sign Up Now >
Privacy policy
Terms of Service
Referral Program Terms
3D Model
SolidWorks Inventor

GDPR Data Protection Policy

Last Updated: December 28, 2025

3DMecWorks is committed to protecting the privacy and data rights of all individuals in the European Economic Area (EEA), United Kingdom, and Switzerland under the General Data Protection Regulation (GDPR).

1. Data Controller Information

Data Controller: 3DMecWorks
Website: https://3dmecworks.net
Email: info@3dmecworks.net
Subject Line for GDPR Requests: "GDPR Data Request"

2. Legal Basis for Processing

2.1 We Process Your Data Under:

Legal Basis Purpose Data Types
Contract Performance Providing subscription services, processing downloads, managing account Name, email, payment info, usage data
Legitimate Interest Platform security, fraud prevention, service improvement IP address, device info, usage patterns
Consent Marketing emails, analytics cookies, newsletters Email, preferences, behavior data
Legal Obligation Tax compliance, legal requests, regulatory requirements Transaction records, tax info

3. Your GDPR Rights

3.1 Right to Access (Article 15)

  • Request a copy of your personal data
  • Receive data in structured, machine-readable format (JSON or CSV)
  • Learn how your data is processed
  • Response Time: Within 30 days

3.2 Right to Rectification (Article 16)

  • Correct inaccurate personal data
  • Complete incomplete data
  • Update profile information anytime via account settings

3.3 Right to Erasure / "Right to be Forgotten" (Article 17)

  • Request deletion of your personal data
  • We will delete data unless legal obligations require retention
  • Note: Content you uploaded and distributed to users cannot be recalled from users who already downloaded it

3.4 Right to Data Portability (Article 20)

  • Receive your data in portable format
  • Transfer data to another service provider
  • Provided as JSON or CSV file

3.5 Right to Object (Article 21)

  • Object to processing based on legitimate interest
  • Object to direct marketing anytime (we will stop immediately)
  • Object to profiling and automated decision-making

3.6 Right to Withdraw Consent (Article 7)

  • Withdraw consent for marketing emails (unsubscribe link in every email)
  • Withdraw cookie consent via browser settings
  • Does not affect lawfulness of processing before withdrawal

3.7 Right to Lodge a Complaint (Article 77)

  • File complaint with your local data protection authority
  • Contact information for EU supervisory authorities: EDPB Members List

4. How to Exercise Your Rights

4.1 Submit a GDPR Request

Email us at: info@3dmecworks.net

Subject line: "GDPR Data Request"

Include:

  • Your full name and registered email
  • Specific right you wish to exercise (access, deletion, etc.)
  • Proof of identity (to prevent unauthorized requests)
  • Any relevant details about your request

4.2 Response Timeline

  • Standard Response: Within 30 days
  • Complex Requests: Up to 60 days (we will notify you of extension)
  • No Fees: Requests are free (excessive requests may incur reasonable fee)

5. Data We Collect

Data Type What We Collect Purpose Retention Period
Account Data Name, email, password (encrypted), profile information Account creation and management Until account deletion or 2 years of inactivity
Payment Data Billing name, payment method (via Stripe/PayPal), transaction history
Note: Credit card details stored by Stripe/PayPal (PCI-DSS compliant), NOT by us		 Processing subscriptions and payments 7 years (tax and legal compliance)
Usage Data Downloads, uploads, search queries, page views Service improvement, analytics, recommendations 2 years

6. Data Sharing and Transfers

6.1 We Share Data With:

Third Party Purpose GDPR Safeguards
Stripe & PayPal Payment processing Standard Contractual Clauses, PCI-DSS certified
AWS / Cloud Hosting Data storage and hosting GDPR-compliant data centers, encryption
Email Service Provider Transactional and marketing emails GDPR-compliant, Data Processing Agreement

6.2 International Data Transfers

  • Transfer Mechanism: Standard Contractual Clauses (SCCs) approved by EU Commission
  • Data Location: Primarily EU/EEA servers; some services may use US servers with GDPR protections
  • Adequacy Decisions: We transfer to countries with EU adequacy decisions where applicable

7. Data Retention

7.1 Retention Periods

  • Active Accounts: Data retained while account is active
  • Inactive Accounts: Deleted after 2 years of inactivity (with notice)
  • Payment Records: 7 years (legal and tax obligations)
  • Marketing Data: Until consent withdrawn + 6 months
  • Logs and Security Data: 1 year

8. Data Security

8.1 Security Measures (Article 32)

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backups: Encrypted daily backups with secure retention
  • Employee Training: Regular GDPR and security training

9. Data Breach Notification (Article 33-34)

9.1 In Case of Data Breach:

  • Authority Notification: Within 72 hours to relevant supervisory authority
  • User Notification: Without undue delay if high risk to your rights
  • Breach Details: Nature of breach, likely consequences, mitigation measures

10. Children's Privacy

  • Minimum Age: 18 years old required
  • No Knowingly Collected Data: From anyone under 18
  • Parental Notification: If we discover underage data, we will delete it and notify parents

11. Contact for GDPR Requests

To exercise your GDPR rights or for data protection inquiries:

We use cookies to personalize your experience. By continuing to visit this website you agree to our use of cookies

More