Privacy Policy regarding the processing of personal data
iPrintat considers the protection of your personal data a fundamental commitment. We therefore dedicate all necessary resources and efforts to processing your data in full compliance with Regulation (EU) 2016/679 ("the General Data Protection Regulation" or "GDPR") and any other legislation applicable on the territory of Romania. Since one of the core principles of this framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us in connection with our products and services, including through this website (iprintat.ro).
We reserve the right to update and modify this Privacy Policy periodically to reflect any changes in how we process your personal data or any changes in legal requirements. In the event of any such change, we will display the updated version on our website, so we encourage you to check the content of this Privacy Policy from time to time.
1. Who we are and how you can contact us
iPrintat is the commercial name of the entity that operates this website, established and operating in Bucharest, Romania, providing fabrication and engineering services (3D printing, 3D scanning, CNC, carbon work, engineering & R&D, prototyping, 3D modeling, electronics and project management). For the purposes of data protection legislation, we act as a data controller when processing your personal data. For any privacy-related question, request, or to exercise your GDPR rights, please contact us at csiprint@iprintat.ro or via the contact form available on the Contact page. We aim to reply to all data-protection requests within one month, as required by GDPR.
2. What categories of personal data we process
In general, we collect your personal data directly from you, so you have control over the information you provide. When you submit a quote, scanning, contact or any other form on this website, we collect: full name, email address, phone number, city, project description (free-text), and any reference files, photos, 3D models, G-code, CAD files, or external links you choose to share. When you contact us by email, phone or WhatsApp, we process the data you choose to send us (typically: your name, contact details, message content and any attachments). If you accept cookies via the cookie banner, we may also collect technical information about your visit (IP address, browser type, pages viewed, approximate location, device data). Detailed information is available in our Cookie Policy. We do NOT collect or process special categories of personal data (health, biometric, racial, ethnic, religious, political, sexual orientation, or trade-union data). We do NOT knowingly process data of minors under 16 years of age. We do NOT process payment-card data on this website — there is no online checkout. If you proceed with an order, invoicing is handled separately by bank transfer or other offline means.
3. Purposes and legal bases of processing
We process your personal data for the following purposes, each with its own legal basis under Art. 6 GDPR: (a) Preparing your quote, technical estimate or feasibility analysis for the requested service — based on your explicit consent given by checking the consent box on the form (Art. 6(1)(a) GDPR) and on the need to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR). (b) Responding to your enquiries through email, phone or messaging apps (WhatsApp) for clarifications — same legal bases as above and our legitimate interest in answering messages received through the website (Art. 6(1)(f) GDPR). (c) Delivering the ordered service if you proceed with a project — based on the performance of the contract concluded between us (Art. 6(1)(b) GDPR). (d) Issuing invoices, keeping accounting records and complying with tax obligations — based on our legal obligations under Romanian law (Art. 6(1)(c) GDPR). (e) Defending our legitimate interests (site security, fraud prevention, virus scanning of uploaded files, defending against legal claims) — based on our legitimate interest, with appropriate balancing measures (Art. 6(1)(f) GDPR). We do NOT use your data for marketing purposes. We do NOT send newsletters, promotional emails, or commercial offers unless you have specifically requested information about a related service. We do NOT engage in profiling or automated decision-making with legal effects on you.
4. Who we share your data with (recipients)
We never sell, rent, trade, publish or otherwise disclose your personal information, project description or uploaded files for marketing, advertising, profiling or any commercial purpose. Your data stays with iPrintat. The limited list of trusted sub-processors that may have technical access to your data, strictly to operate this website and deliver our service, is: • Hosting and backend infrastructure: Supabase (EU region) — database, file storage, edge functions and authentication for the admin panel. Bound by GDPR-compliant data-processing agreements. • Email delivery: Resend — for transmitting notification emails about your submission to our team and confirmation messages to you. • Web hosting and CDN: Lovable / Vercel — for serving the website. • Messaging: WhatsApp / Meta — only if you choose to contact us through that channel, and limited to the data you send through that channel. We may also disclose information when we are legally obliged to do so by a competent Romanian or EU authority (court order, lawful police request, tax inspection, etc.), or to defend our rights in justice. We do NOT share data with marketing networks, advertising platforms, data brokers or social networks for commercial purposes.
5. International transfers of data
Our primary infrastructure is located in the European Union and your data is stored on EU-based servers. Where any sub-processor uses servers outside the EEA (typically the United States for certain email-delivery or CDN edge nodes), such transfers are protected by the European Commission Standard Contractual Clauses (SCCs) or by the EU–U.S. Data Privacy Framework, ensuring an equivalent level of protection in line with Chapter V GDPR.
6. Retention period
We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected: • Quote requests that do NOT turn into a project: typically deleted within 12 months from the last interaction, unless an earlier deletion is requested. • Quote requests that turn into a confirmed project: kept for the duration of the project plus the period required by Romanian fiscal and accounting law (currently up to 10 years for invoiced transactions, in accordance with Law 82/1991 on accounting). • Uploaded reference files (3D models, CAD, photos, G-code): kept only as long as necessary to evaluate the request and produce the ordered service, deleted on request or after a reasonable retention period. • Contact form messages: typically kept up to 24 months from the last interaction. • Server access logs (for security): up to 90 days. • Consent records (for proof of GDPR compliance): kept as long as the related processing operation continues, plus the limitation period. You can ask us to delete your data earlier at any time, subject to overriding legal obligations.
7. Security of processing
We apply technical and organisational measures appropriate to the risk in order to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include: HTTPS/TLS encryption in transit, encryption at rest on managed cloud infrastructure, strict access control for our team (only authorised personnel can access submissions), virus and malware scanning of every uploaded file, regular backups, and the principle of data minimisation (we only ask for the information strictly necessary).
8. Your rights under GDPR
In accordance with Regulation (EU) 2016/679 you have the following rights, which you can exercise free of charge at any time: • Right of access (Art. 15) — obtain confirmation of whether we process your data and a copy of it. • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data. • Right to erasure / "right to be forgotten" (Art. 17) — request deletion of your data when no longer needed or when you withdraw consent. • Right to restriction of processing (Art. 18). • Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format. • Right to object (Art. 21) — object to processing based on our legitimate interests. • Right to withdraw consent at any time, without affecting the lawfulness of previous processing. • Right not to be subject to a decision based solely on automated processing, including profiling, with legal or similarly significant effects (Art. 22). We do not carry out such processing. To exercise any of these rights, contact us at csiprint@iprintat.ro. We will respond within one month, in accordance with GDPR.
9. Right to lodge a complaint
If you consider that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Romanian Supervisory Authority — Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), B-dul G-ral. Gheorghe Magheru nr. 28-30, sector 1, București, anspdcp@dataprotection.ro, www.dataprotection.ro. You also have the right to seek judicial remedies before the competent Romanian courts.
10. Cookies and similar technologies
For details about the cookies and similar local-storage technologies used on this website, including how to manage them, please consult our separate Cookie Policy available on this site.
11. Changes to this Privacy Policy
We may update this Privacy Policy occasionally to reflect changes in our practices, services or in applicable Romanian / EU law. The most recent version will always be available on this page, with the "Last updated" date below. Material changes will be highlighted on the homepage or via a banner.
Last updated: May 2026