Privacy policy

Last updated: May 28, 2026

This Privacy Policy explains how DR-I S.R.L. ("we", "us"), operator of the 3DR-I store at dr-i.tech, collects, uses, and protects your personal data when you visit our website, place an order, or interact with us.

We comply with the EU General Data Protection Regulation 2016/679 ("GDPR"), Italian Legislative Decree 196/2003 as amended by D.Lgs. 101/2018, and applicable international data protection laws.

1. Data Controller

DR-I S.R.L.
Registered office: Viale Vincenzo Lamberti, snc, 81100 Caserta (CE), Italy
Operating address (warehouse): Via Dalmazia 10, 13100 Vercelli (VC), Italy
VAT: IT04678810617
Email: info@dr-i.tech

2. Personal Data We Collect

You provide directly:

Account and order information (name, surname, email, password, billing and shipping addresses, phone number where provided)
Payment information (processed by our payment providers — we do not store card numbers)
Communications (emails, messages)
For custom orders: design briefs, references, files you send us

Collected automatically:

Device and browser information
IP address and approximate location
Pages visited, products viewed, actions taken
Cookies and similar technologies (see our cookie banner)

From third parties:

Authentication data if you sign in via Google, Apple, or similar providers
Marketing engagement data from our email and ad platforms

3. How We Use Your Data and Legal Bases

To fulfil your order: processing payment, manufacturing, shipping, customer support — legal basis: contract performance (GDPR Art. 6(1)(b))
To improve our products and site: analytics, debugging, conversion optimisation — legal basis: legitimate interest (Art. 6(1)(f))
For marketing: newsletters, product launches, promotional offers — legal basis: consent (Art. 6(1)(a)), revocable at any time
For tax and accounting: invoice retention, fiscal compliance — legal basis: legal obligation (Art. 6(1)(c))
For fraud prevention and security: monitoring suspicious activity — legal basis: legitimate interest (Art. 6(1)(f))

4. Sharing With Third Parties

We share data only with vetted providers, under data processing agreements:

Shopify Inc. — e-commerce platform
Payment processors (Stripe, PayPal, and similar) — payment processing
Shipping carriers (BRT, GLS, DHL, Poste Italiane, and similar) — order delivery
Email and marketing providers — transactional and promotional emails
Analytics providers (Google Analytics, Shopify Analytics, and similar) — usage statistics
Cloud hosting providers — infrastructure
Accounting and tax service providers — invoice and tax compliance

We do not sell your personal data.

5. International Data Transfers

Some providers operate outside the EU/EEA. Transfers are protected by:

EU Commission adequacy decisions where available
Standard Contractual Clauses (SCCs) approved by the European Commission
Additional safeguards as required by GDPR

6. Data Retention

Order and customer account data: 10 years from the last transaction (Italian tax law requirement)
Marketing data: until you withdraw consent or 24 months of inactivity, whichever comes first
Support communications: 3 years from last contact
Anonymised analytics: indefinitely

7. Your Rights Under GDPR

You have the right to:

Access the personal data we hold about you
Rectify inaccurate or incomplete data
Erase your data ("right to be forgotten"), subject to legal exceptions (e.g., tax records)
Restrict processing
Port your data to another provider
Object to processing based on legitimate interest or for direct marketing
Withdraw consent at any time, without affecting the lawfulness of prior processing
Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali — www.garanteprivacy.it)

To exercise any right, email info@dr-i.tech. We respond within 30 days.

8. Cookies

We use cookies and similar technologies. You control your preferences via the cookie banner shown on first visit, and can change them at any time via the "Cookie preferences" link in our footer.

9. Children

Our services are not directed at children under 16. We do not knowingly collect data from children. If you believe we have, contact info@dr-i.tech and we will delete the data.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit, restricted access controls, and regular security reviews. No system is 100% secure: in case of a data breach affecting your rights and freedoms, we will notify you and the Garante within 72 hours as required by GDPR Art. 33–34.

11. Changes to This Policy

We may update this policy. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via email or a prominent notice on the site.