Privacy Policy

Data Controller Information

Data Controller: Eksaria
Address: Maksimirska 40, Zagreb, Croatia
Email: contact@eksaria.com
IBAN: HR8623400091160819603
OIB (VAT ID): HR07499344328
Data Protection Officer: contact@eksaria.com

For any questions regarding your personal data or this privacy policy, please contact us using the information above.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

• Personal Data: While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). This includes your email address for account creation and your shipping information for order fulfillment.
• 3D Models: We temporarily handle the 3D model files (STL, OBJ, 3MF) you upload to provide a price estimate and to fulfill your printing order. These files are not shared with third parties and are deleted from our active servers after a reasonable period post-order completion.
• Order Information: We collect information about the print settings you select (material, color, quality, etc.) and your order history. This is linked to your user account to provide the "My Orders" feature.
• Payment Information: We use Stripe to process payments. We do not store your full credit card information on our servers. The transaction is handled by the respective payment processor, and we only store a record of the transaction for order fulfillment and history.
• Cookies and Similar Technologies: We use cookies and similar technologies to enhance your experience, provide essential functionality, and improve our services. You can manage your cookie preferences through our cookie consent banner or in your account settings. For detailed information about our use of cookies, please see our cookie policy below.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill your orders and provide our services
• Legitimate Interest: Processing for business operations, security, and service improvement
• Consent: For optional cookies and marketing communications (where applicable)
• Legal Obligation: Processing required by law (e.g., tax records, fraud prevention)

Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Information: Retained for the duration of your account plus 2 years after deactivation
• Order History: Retained for 7 years for tax and legal compliance
• 3D Model Files: Deleted within 30 days after order completion
• Payment Records: Retained for 7 years for financial compliance
• Communication Records: Retained for 3 years for customer service purposes

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (Firebase, Stripe) are located. These transfers are made in accordance with GDPR requirements:

• Transfers to countries with adequate data protection levels
• Use of Standard Contractual Clauses (SCCs) for transfers to the US
• Ensuring our service providers maintain appropriate security measures

Use of Data

Eksaria uses the collected data for various purposes:

• To provide and maintain the Service
• To manage your account and fulfill your orders
• To process payments
• To communicate with you about your orders or inquiries
• To provide customer support
• To monitor the usage of the Service and improve its functionality

Data Security

The security of your data is our top priority. We implement industry standard security measures to protect your personal and payment information:

• All data is encrypted during transmission and storage
• Secure authentication and access controls protect your account
• Payment processing is handled by certified providers (Stripe)
• Regular security updates and monitoring

Your Data Rights

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data:

• Right of Access: You can request a copy of all personal data we hold about you. Contact us at contact@eksaria.com to request your data.
• Right to Rectification: You can request correction of inaccurate or incomplete personal data. You can update some information directly in your profile settings, or contact us for other corrections.
• Right to Erasure: You can request deletion of your personal data and account. Contact us at contact@eksaria.com to request account deletion.
• Right to Data Portability: You can request your data in a structured, machine readable format. Contact us at contact@eksaria.com to request data export.
• Right to Restrict Processing: You can request that we limit how we use your personal data. Contact us directly for this request.
• Right to Object: You can object to processing based on legitimate interests. Contact us directly for this request.
• Right to Withdraw Consent: You can withdraw consent for optional data processing at any time through your profile settings or by contacting us.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data properly.

To exercise any of these rights, contact us at contact@eksaria.com. We will respond within 30 days of receiving your request.

Cookie Policy

We use the following types of cookies on our website:

• Essential Cookies: These cookies are necessary for the website to function and cannot be disabled. They include authentication, security, and basic functionality cookies.
• Functional Cookies: These cookies enable enhanced functionality and personalization, such as shopping cart, language preferences, and order management.
• Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.
• Marketing Cookies: These cookies are used to track visitors across websites to display relevant and engaging advertisements.

You can manage your cookie preferences at any time through our cookie consent banner or in your account settings. Your consent is stored locally and can be withdrawn at any time.

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you without undue delay, unless the breach is unlikely to result in a risk to your rights and freedoms.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.