GDPR and data processing

Shapr3D complies with the EU’s General Data Protection Regulation (GDPR) requirements, ensuring data processing practices meet the highest legal standards.

Data Controller and Processor Roles

  • Controller vs. Processor: Shapr3D acts as a Data Processor on behalf of its clients (Data Controllers). This relationship is governed by our Data Processing Agreement (DPA) in accordance with GDPR Article 28.
  • Data Protection Measures: We implement appropriate technical and organizational measures to protect personal data in line with Article 32(1) of the GDPR.

Client Responsibilities

  • Legal Basis for Processing: Clients must ensure they have a valid legal basis for processing personal data, whether for contract performance, legitimate interest, or consent.
  • Data Subject Rights: Shapr3D assists clients in handling data subject requests, including access, correction, and deletion requests, as required by GDPR.

Data Breaches

  • Notification of Breaches: In the event of a personal data breach, Shapr3D will notify the client promptly and assist in meeting regulatory reporting obligations.
  • Remediation Efforts: Shapr3D will work to identify and resolve the cause of any breach to ensure data integrity and security moving forward.

Sub-Processing & Transfers

  • Third-Party Processors: Shapr3D only engages Sub-processors with prior client consent. All sub-processors are bound by GDPR-compliant agreements ensuring an equivalent level of data protection.
  • Data Transfers: Any transfer of personal data outside of the EEA will follow EU-approved Standard Contractual Clauses or equivalent safeguards.

 

To learn more about your rights, what kind of personal data we collect, and other related information about these types of policies, visit our Privacy Policy, Data Processing Agreement, and Terms and Conditions pages.

Return to top
Was this article helpful?
1 out of 2 found this helpful

Topics