Privacy Policy

Last updated: April 2026

1. Data Controller

Roax3D is the data controller responsible for your personal data. For any privacy-related questions, contact us at privacy@roax3d.com.

2. What Data We Collect

We collect the minimum data necessary to operate our store and fulfill your orders:

  • Order data: Name, email address, shipping address, order history, payment status
  • Contact form data: Name, email, and message content when you contact us
  • Technical data: IP address, browser type, and pages visited (via server logs)

We do not store credit card numbers or payment details. All payments are processed securely by Stripe.

3. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance: Processing your orders, shipping products, handling returns
  • Legal obligation: Tax and accounting records as required by Belgian law
  • Legitimate interest: Improving our website, preventing fraud
  • Consent: Marketing emails (only with your explicit opt-in)

4. How We Use Your Data

  • To process and deliver your orders
  • To send order confirmations and shipping updates
  • To respond to your inquiries via the contact form
  • To comply with legal and tax obligations
  • To send marketing emails (only with your explicit consent, and you can unsubscribe at any time)

5. Third-Party Processors

We share your data with the following trusted third parties, solely for the purposes described:

  • Stripe (Ireland/US) — Payment processing. See Stripe Privacy Policy
  • Supabase (US) — Database and image storage hosting
  • Vercel (US) — Website hosting
  • Shipping carriers (bpost, DPD, etc.) — Name and address for delivery

Where data is transferred outside the EU/EEA, appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

6. Data Retention

  • Order data: Retained for 7 years (Belgian tax/accounting requirements)
  • Contact form messages: Retained for 1 year, then deleted
  • Marketing consent records: Retained until you withdraw consent
  • Server logs: Automatically deleted after 30 days

7. Your Rights (GDPR)

Under EU General Data Protection Regulation (GDPR), you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate or incomplete data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Restriction — Restrict processing of your data
  • Portability — Receive your data in a structured, machine-readable format
  • Object — Object to processing based on legitimate interest
  • Withdraw consent — Withdraw marketing consent at any time

To exercise any of these rights, email privacy@roax3d.com. We will respond within 30 days.

8. Cookies

We use only essential cookies required for the website to function:

  • Cart data: Stored locally in your browser (localStorage) to remember your shopping cart
  • Admin session: A session cookie for admin login (not applicable to customers)

We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS), secure payment processing via Stripe, and access controls on our database.

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Belgium, this is the Data Protection Authority (Gegevensbeschermingsautoriteit) at www.gegevensbeschermingsautoriteit.be.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.