Effective date: November 10, 2025
Who we are: 3DS Inc. (trading as Top3DShop) (“we”, “us”, “our”)
Controller: 3DS Inc. (Top3DShop)
2020 Eye St #8, Bakersfield, CA 93301, USA
Email: sales@top3dshop.com | USA: +1 (888) 871-17-51 | CZ: +420 228 881 334 | UK: +44 808 304 58 41
Establishments in EEA/UK:
UK VAT: 429 4832 71 — Richmond House, Lawnswood Business Park, Leeds LS16 6QY, UK (Contact: Egor Driagin, sales@top3dshop.com)
CZ VAT: CZ686581300 — Slezská 857/45, 130 00 Praha 3-Vinohrady, Czechia (Contact: Vasilii Kiselev, sales@top3dshop.com)
Data Protection Officer (DPO): Egor Driagin (sales@top3dshop.com).
This Policy covers https://top3dshop.com and any pages where it is published or linked. We sell to, and provide support in, the EEA, UK, USA, and Canada.
Account / checkout / quotes / support / RMA: name, email, phone, company (optional), billing and shipping addresses, order contents, comments/ticket content, serial numbers and issue description (for support), photos/videos you upload for diagnosis.
Payments & financing: we receive tokens/status from payment or financing providers; they hold full payment/credit data. See Section 6 (Vendors).
Marketing sign-ups / reviews: email address, marketing preferences; review text, rating, name/handle, optional photos.
Device and usage: IP address (used for geolocation), user agent, referrer, timestamps, language/country, pages viewed, events.
Security/anti-abuse: signals used to detect bots/fraud (incl. reCAPTCHA where implemented).
Cookies & similar tech: see Section 5 (Cookies).
Manufacturers/partners: when you request product info, support, or a quote via a manufacturer, we may receive your contact details and interest.
Couriers and payment/financing providers: transactional updates and confirmations.
Events/trade shows: when you ask us to contact you.
We do not intentionally collect special-category data (e.g., health, biometrics).
| Purpose | Examples of data | Lawful basis | Notes |
|---|---|---|---|
| Order processing & delivery | Identity, contact, addresses, order details | Contract (Art. 6(1)(b)); Legal obligation for tax/invoices | Necessary to perform the sale; certain records must be kept. |
| Customer support, warranty & RMA | Contact details, order/serial, problem description, media you supply | Contract | Manufacturers may act as independent controllers when diagnosing/repairing; see Section 6 & 8. |
| Payments (Stripe/PayPal) | Payment tokens/status, masked card meta | Contract; Legitimate interests (fraud prevention) | Processors store full payment data; we do not. |
| Financing (BNPL) (Klarna/Affirm) | Identity/contact, order totals/items, addresses, risk signals | Contract (to obtain financing) | BNPL providers are independent controllers for credit/risk decisions. |
| Fraud prevention & security | IP, device/usage, server logs, reCAPTCHA signals | Legitimate interests | Necessary to secure services; proportionate retention. |
| Analytics (GA4) | Pseudonymous usage/events | Consent (EEA/UK) | GA4 runs only after opt-in; retention 14 months. |
| Advertising/remarketing (Google Ads, Meta Pixel) | Online identifiers, events, UTM | Consent (EEA/UK) | Disabled until you allow “Marketing” cookies; withdraw anytime. |
| Email marketing | Email, marketing preferences | Consent (EEA/UK) | Unsubscribe anytime; soft-opt-in used only where permitted by law. |
| Reviews/UGC | Review text, rating, optional photos | Legitimate interests and/or Contract | Displaying genuine customer feedback and enabling you to post reviews. |
Balancing test (LI): We process security/fraud data and publish reviews in ways users reasonably expect, with minimal intrusion and opt-outs where applicable.
Certain personal data are necessary to enter into or perform a contract with you (for example, your name, contact details and shipping address to deliver an order, or basic issue details to handle a warranty claim). If you choose not to provide information that is required, we cannot provide the requested service (for example, process your purchase or complete support/RMA). For optional fields, we will indicate that they are optional and there is no consequence for leaving them blank.
We share personal data only as needed for the purposes above:
Payment processors: Stripe, PayPal.
Financing providers (BNPL): Klarna, Affirm.
Analytics/ads: Google (GA4/Ads/Tag Manager), Meta (Pixel).
Reviews: REVIEWS.io.
CRM/support: Bitrix24 (contact/lead management, web forms).
Manufacturers/partners: to fulfil drop-ship orders, provide technical support, or manage warranties (e.g., Modix, Raise3D, Unitree, and other brands we sell).
Couriers: UPS, FedEx, DHL for shipping and delivery notifications.
Hosting/infrastructure: InterServer (USA).
Authorities: where required by law, court order, or to protect rights.
We require processors to contractually protect personal data and act only on our instructions. Some recipients are independent controllers for their own services (e.g., payment/financing providers, some analytics/advertising tools, couriers, manufacturers for support/warranty).
We operate internationally. When personal data is transferred outside the EEA/UK, we use appropriate safeguards such as:
Standard Contractual Clauses (SCCs) and the UK Addendum (where applicable);
vendors’ EU-US Data Privacy Framework certification (where applicable); and
supplementary measures (TLS in transit, encryption at rest, access controls, and data minimization).
You can request more information about these safeguards at sales@top3dshop.com.
We use a consent banner (Silktide Consent Manager) with Accept all / Reject all and granular categories. In the EEA/UK, non-essential cookies (analytics, advertising, social widgets) only load after your opt-in. You can change or withdraw your choices at any time via the persistent “Cookie settings” control (cookie icon and footer link).
We also integrate Google Consent Mode v2 so that your choices control whether analytics/ads tools may read/write cookies.
Essential: required to provide the site and checkout (cannot be switched off).
Analytics: help us understand usage (e.g., GA4).
Marketing: ads/retargeting and measurement (e.g., Google Ads, Meta Pixel).
Functional (as applicable): review widgets and similar tools.
Actual names and durations may vary by your browser/device and our configuration.
| Provider | Examples of cookies / storage | Category | Typical duration | Purpose |
|---|---|---|---|---|
| Google Analytics 4 (GA4) | _ga (2y), _ga_<container> (2y), _gid (24h) |
Analytics | 24h–2y | Usage analytics after consent; GA4 does not log/store IP; geolocation derived at collection; retention set to 14 months. |
| Google Ads | _gcl_au (90d), _gcl_aw (90d), _gcl_dc (90d) |
Marketing | up to 90d | Ads/attribution after consent. |
| Meta Pixel | _fbp (90d), _fbc (up to 2y if coming from ad) |
Marketing | 90d–2y | Ads/measurement after consent. |
| Google reCAPTCHA (if present on forms) | _GRECAPTCHA (≈6m) |
Essential/Security (or Consent in EEA/UK if not strictly necessary) | up to 6m | Bot mitigation; loads only where needed and in line with consent. |
| REVIEWS.io | widget/session cookies (vary) | Functional/Analytics | session–1y | Display and submit reviews; may set cookies to run embedded widgets. |
| Stripe/PayPal/Klarna/Affirm | session cookies (vary) | Essential (when chosen) | session–varied | Enable chosen payment/financing method. Only load when you use the method. |
Change your choices: Use the “Cookie settings” control at any time to enable/disable categories. If you disable a category, we will stop future reads/writes and may clear known cookies associated with that category.
The vendors below either act as our processors (on our instructions) or as independent controllers for their own services. Follow each link for details on how they process data. “Transfer mechanism” indicates our typical safeguard approach for EEA/UK transfers.
| Vendor | Official link(s) | Role | Main purpose(s) | Example data types | Transfer mechanism |
|---|---|---|---|---|---|
| Google Analytics 4 (GA4) | support.google.com/analytics | Processor | Site analytics | Online identifiers, events, coarse geo (derived) | SCCs and/or DPF (where applicable) |
| Google Tag Manager (GTM) | marketingplatform.google.com/about/analytics/tag-manager/use-policy/ | Processor | Tag container; does not collect analytics by itself | Minimal runtime info; deployed tags control collection | SCCs and/or DPF (where applicable) |
| Google Ads | policies.google.com/privacy | Independent controller for ads | Ads/remarketing & attribution (after consent) | Click/conversion IDs, events | SCCs and/or DPF (where applicable) |
| Google reCAPTCHA | policies.google.com/privacy | Processor (security) | Bot mitigation on forms | IP/device & interaction signals | SCCs and/or DPF (where applicable) |
| Meta (Facebook) Pixel | facebook.com/legal/terms/businesstools | Independent controller | Ads/measurement (after consent) | Cookie IDs, events | SCCs and/or DPF (where applicable) |
| Stripe | stripe.com/privacy | Processor / independent controller for its compliance | Payments | Tokenized payment data, fraud signals | SCCs and/or DPF (where applicable) |
| PayPal | paypal.com/privacy | Independent controller | Payments | Payer identity/contact; transaction refs | SCCs and/or DPF (where applicable) |
| Klarna | klarna.com/international/privacy-policy/ | Independent controller | BNPL financing | Identity/contact, order details, risk | SCCs and other safeguards |
| Affirm | affirm.com/privacy | Independent controller | BNPL financing | Identity/contact, order details, credit/risk | SCCs and other safeguards |
| REVIEWS.io | reviews.io/legal | Dual role (processor/controller) | Review invitations & widgets | Email (invite), review text/rating/media | SCCs/UK addendum and other safeguards |
| Bitrix24 | bitrix24.com/privacy | Processor | CRM, forms, lead management | Contact/lead records, ticket content | SCCs/DPF (hosting region dependent) |
| InterServer | interserver.net/privacy-policy/ | Processor | Hosting/infrastructure | Server & app logs, stored site data | SCCs/other safeguards (US hosting) |
We also share limited data with manufacturers we resell (e.g., Modix, Raise3D, Unitree, among others) as needed for drop-ship fulfilment, support, or warranty. In fulfilment, manufacturers typically act as our processors; for technical support/warranty they generally act as independent controllers.
We keep data only as long as needed for the purposes in this Policy:
Orders/invoices: 7 years (accounting/tax).
Payment tokens/meta & fraud records: up to 13 months after chargeback windows close.
Support/RMA/warranty: life of the case + up to 3 years (limitation periods).
Marketing subscribers: until you unsubscribe or after 24 months of inactivity.
Suppression list (opt-out): kept to honour opt-outs.
Analytics (GA4): 14 months.
Security logs: 180–365 days (rotation).
Lead lists (events/manufacturer referrals): 24 months unless re-permissioned.
Reviews/UGC: for the life of the listing, unless you remove it or request deletion.
Backups: limited-time rolling backups for disaster recovery.
Use the “Cookie settings” control to accept/decline non-essential cookies or withdraw your consent later. Consent Mode ensures your choice applies to our tags; we also endeavour to remove known cookies if you switch a category off.
You can exercise your rights to access, rectification, erasure, restriction, portability, and objection, and to withdraw consent at any time by emailing sales@top3dshop.com (subject: “Privacy request”). We will verify your identity and respond within one month (extendable by two months for complex/multiple requests with notice). Some data must be retained to meet legal obligations (e.g., invoices). You may also lodge a complaint with your local supervisory authority (or the UK ICO).
Right to know/access, correction, deletion: contact sales@top3dshop.com.
Opt-out of “sale”/“sharing” for cross-context behavioural advertising (California): set “Marketing” = Off in Cookie settings (and use the GPC signal if your browser supports it).
Sensitive data: we do not use sensitive data for inferring characteristics.
Appeals (where required by state law): if we deny a request, you can appeal via the same contact email.
Canada (Quebec Law 25): you can request access, rectification, and deletion; we rely on consent or other lawful bases per PIPEDA/Law 25.
Our site and products are intended for professional/educational use and are not directed to children. We do not knowingly seek consent from children below the relevant digital-consent age in the EEA/UK. If you believe a child provided us data, contact sales@top3dshop.com.
We apply appropriate technical and organizational measures to protect personal data, including TLS in transit, encryption at rest (where applicable), role-based access controls and MFA for staff tools, least-privilege, logging/monitoring, patch and vulnerability management, regular backups and disaster-recovery testing, staff training, incident response, and vendor risk reviews.
We do not make solely automated decisions that produce legal or similarly significant effects about you. Financing providers (Klarna/Affirm) may make automated credit or risk decisions as independent controllers; consult their notices and contact them to request human review where available. We conduct profiling for ads and email segmentation only with your consent in the EEA/UK and you can withdraw it at any time.
Some browsers offer “Do Not Track”; we currently respond to applicable Global Privacy Control (GPC) signals for state-law “sale/share” opt-outs by treating them as a request to disable Marketing cookies.
We may update this Policy from time to time. If we make material changes, we will post a banner on our site and update the Effective date above. Prior versions are available on request.
Email: sales@top3dshop.com
Postal: 3DS Inc. (Top3DShop), 2020 Eye St #8, Bakersfield, CA 93301, USA
Fulfilment (drop-ship): full name, email, phone, shipping address, ordered products.
Technical support/warranty: order number, product & serial, your description of the issue, photos/videos you supply, contact details and return address.
Couriers: name, shipping address, phone/email for delivery and tracking.
Update your browser to view this website correctly. Update my browser now
