This Data Processing Addendum ("DPA") supplements the 3DIMLI Terms of Services for customers who use 3DIMLI to sell, deliver, or manage digital products and require processor terms for personal data handled through the service.
This DPA applies when 3DIMLI processes personal data on behalf of a customer in connection with the 3DIMLI platform, including account management, storefront operations, digital order fulfillment, support workflows, analytics, and related platform features.
For customer-controlled data processed through the platform, the customer acts as the controller or business, and 3DIMLI acts as the processor or service provider.
Where 3DIMLI determines the purposes and means of processing for its own platform operations, legal compliance, fraud prevention, security, billing, or service improvement, 3DIMLI acts as an independent controller and that processing is governed by our Privacy Policy.
The subject matter of the processing is the operation of the 3DIMLI digital commerce platform on behalf of the customer.
Depending on how the service is used, personal data processed under this DPA may include:
Data subjects may include customers, sellers, buyers, support contacts, and platform visitors whose data is processed through the service.
3DIMLI will process personal data only on documented instructions from the customer, unless otherwise required by applicable law.
The customer's use of the platform, configuration of storefront features, API usage, support requests, and administrative actions through the dashboard or approved integrations constitute documented instructions for the purposes of this DPA.
3DIMLI maintains reasonable technical and organizational measures designed to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, alteration, disclosure, or access.
3DIMLI may use subprocessors to deliver the service, such as infrastructure, storage, analytics, email, payment, and support vendors.
3DIMLI remains responsible for the performance of its subprocessors with respect to their processing obligations under this DPA and will require subprocessors to protect personal data through written obligations appropriate to the services they provide.
Taking into account the nature of the processing, 3DIMLI will provide reasonable assistance to the customer in responding to requests from data subjects where required under applicable privacy laws.
Customers remain responsible for determining whether a request is legally valid and for responding to their end users, except where the law requires 3DIMLI to respond directly.
If 3DIMLI becomes aware of a confirmed security incident affecting personal data processed under this DPA, 3DIMLI will notify the customer without undue delay and provide reasonably available information needed for the customer to assess the incident and meet any applicable reporting obligations.
Where personal data is transferred across borders, 3DIMLI will use reasonable measures designed to ensure the transfer is made in accordance with applicable data protection laws, including contractual protections where appropriate.
Upon termination of the relevant services, 3DIMLI will delete or return personal data processed on behalf of the customer, unless retention is required by law or reasonably necessary for security, fraud prevention, dispute resolution, tax, accounting, or backup obligations.
Residual copies in backups will remain protected and deleted in the ordinary course of retention and backup rotation.
Questions about this DPA or requests for a signed copy can be sent to connect@3dimli.com.
By continuing to use the service under the 3DIMLI Terms of Services, customers acknowledge this DPA as the standard data processing addendum for the platform unless otherwise agreed in writing.
