Privacy & Cookie Policy | 3DMoose
Privacy Policy
Enstitü OÜ (doing business as “3DMoose”) (the “Company”), a global provider of digital products, software, and services, is committed to protecting the privacy and personal data of all users (“Users”) who access or use the Company’s website, applications, and platforms (collectively, the “Site”). This Privacy Policy describes the types of personal data the Company collects, for what purposes, the legal basis for processing, how the data is stored, protected, shared, and the rights of data subjects under applicable laws, including but not limited to the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other data protection frameworks applicable in jurisdictions where the Company operates or where its Users reside.
1. Data Controller and Contact Information
The data controller for the personal data collected through the Site is:
Enstitü OÜ (d/b/a 3DMoose)
Tartu maantee 67/1-13B, 10115 Tallinn, Estonia
Phone: +372 609 4167
Email: privacy@3dmoose.com
For inquiries, requests, or complaints regarding this Privacy Policy or the Company’s data processing practices, please contact the Company’s Data Protection Officer (“DPO”) at the email address above.
2. Scope of Policy
This Privacy Policy applies to all personal data collected directly from Users and automatically through the Site, including but not limited to information collected via registration forms, transaction records, cookies, analytics tools, and customer support interactions. It does not apply to personal data collected offline or by third parties not controlled by the Company.
3. Categories of Personal Data Collected
The Company collects the following categories of personal data:
- Identity Data: name, username, title, date of birth, national ID number or passport number where required for legal compliance.
- Contact Data: billing and shipping addresses, email address, telephone number, and social media handles.
- Account Data: login credentials, subscription details, purchase history, preferences, and profile settings.
- Payment Data: payment instrument details (e.g., card token, last four digits), transaction amounts, and billing information.
- Technical Data: IP addresses, device details, browser type and version, operating system, location data, and network provider.
- Usage Data: pages viewed, clickstream data, search terms, session duration, and feature usage.
- Marketing Data: user preferences, communication consents, and campaign tracking data.
- Support Data: correspondence, support tickets, and feedback.
4. Legal Basis for Processing
The Company processes personal data based on the following legal grounds:
- Performance of Contract: to fulfill obligations under User agreements, process orders, deliver services, and respond to support requests.
- Legal Compliance: to comply with legal obligations such as tax reporting, anti-money laundering (AML), sanctions screening, and recordkeeping.
- Legitimate Interests: for fraud prevention, network and information security, service improvement, and marketing, provided such interests are not overridden by Users’ rights.
- Consent: where required under laws such as GDPR, CCPA, and LGPD, for marketing communications, cookies not strictly necessary for service, and profiling.
- Vital Interests: to protect Users or other individuals’ life, health, or safety in emergency situations.
5. Purposes of Processing
The Company processes personal data for the following purposes:
- Provision and administration of services and products ordered by Users.
- Account creation, authentication, and management.
- Billing, payment processing, fraud detection, and financial reconciliation.
- Customer support, dispute resolution, and complaint handling.
- Site analytics, performance monitoring, and product improvement.
- Personalized marketing, including email campaigns, newsletters, and targeted advertisements.
- Legal compliance, including regulatory reporting, audit, and enforcement of terms of service.
- Security measures, including intrusion detection, incident response, and anti-fraud investigations.
6. Data Retention
Personal data is retained only for as long as necessary to fulfill the processing purposes or to comply with legal, regulatory, or contractual obligations. Retention periods are determined based on criteria such as:
- Statutory retention periods for tax, accounting, and corporate records.
- Duration of the User’s relationship with the Company.
- Limitation periods for legal claims.
- Consent withdrawal or account deletion requests.
7. Data Sharing and Transfers
The Company may share personal data with:
- Service Providers: payment processors (e.g., Stripe), hosting providers, analytics vendors, and email service providers under binding agreements.
- Affiliates and Subsidiaries: for global coordination of services, marketing, and compliance.
- Regulators and Law Enforcement: upon legal request, subpoena, court order, or as required for AML/CFT compliance.
- Business Partners: in connection with co-branded services or joint marketing initiatives, subject to User consent where required.
8. Cookies and Tracking Technologies
The Company uses cookies and similar technologies to enhance User experience, analyze traffic, and deliver personalized content. Categories include:
- Strictly Necessary Cookies: essential for site functionality and security.
- Performance and Analytics Cookies: enable performance metrics and usage analysis (e.g., Google Analytics).
- Functional Cookies: remember User preferences and settings.
- Targeting and Advertising Cookies: compile information about browsing habits to deliver relevant ads.
9. User Rights
Subject to applicable law, Users have the following rights:
- Access: obtain confirmation and a copy of personal data processed.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of personal data (“right to be forgotten”).
- Restriction: request restriction of processing in certain circumstances.
- Portability: receive data in a structured, commonly used, machine-readable format.
- Objection: object to processing based on legitimate interests or direct marketing.
- Withdraw Consent: withdraw consent where processing is based on consent.
10. Children’s Privacy
The Site is not intended for children under the age of 16. The Company does not knowingly collect personal data from minors. If the Company becomes aware that such data has been collected without parental consent, it will take steps to delete the data.
11. Security Measures
The Company implements administrative, technical, and physical safeguards to protect personal data against unauthorized access, disclosure, alteration, or destruction. Measures include encryption (TLS/AES-256), access controls, regular vulnerability scanning, and employee training on data protection.
12. International Users
For Users accessing the Site from outside Estonia, please note that your data will be transferred to and processed in Estonia and other countries where the Company or its service providers operate. By using the Site you consent to such transfers.
13. Changes to this Policy
The Company may update this Privacy Policy to reflect changes in law or business practices. The updated version will be posted on the Site with the “last updated” date. Continued use of the Site after changes constitutes acceptance of the new policy.
14. Contact Information
For any questions, requests, or concerns regarding this Privacy Policy, please contact:
Enstitü OÜ (d/b/a 3DMoose)
Tartu maantee 67/1-13B, 10115 Tallinn, Estonia
Phone: +372 609 4167
Registration Code: 14850305
VAT Number: EE102444771
Email: privacy@3dmoose.com