Privacy Policy - Makeseum

Privacy Policy

This page explains how Makeseum processes personal data when you use our website, request a quote, contact us, create an account, place an order, or otherwise interact with our services.

Data controller

For the purposes described in this Privacy Policy, Makeseum acts as the data controller for personal data processed through the website and related services.

  • Controller:Makeseum Ltd.
  • Address:Sofia, 150 "St. Kliment Ohridski" Blvd., Bulgaria
  • UIC:206985852
  • Email:hello@makeseum.com

What data we may collect

Depending on how you use the website, Makeseum may process some or all of the following categories of personal data:

  • contact details such as name, email address, phone number, company name, billing data, shipping data, or invoice data
  • account data such as login email, encrypted password, account status, and security-related account records
  • order and quote data such as uploaded files, manufacturing preferences, project notes, quantity, material choices, delivery selections, and communication history
  • payment-related information necessary to process an order, while full card details are processed by the payment provider and are not stored by Makeseum
  • technical and security data such as IP address, session identifiers, browser or device information, login events, and anti-abuse or fraud-prevention signals
  • marketing or analytics preference data where you consent to optional cookies, newsletter opt-in, or related tracking tools

Why we process personal data

Makeseum processes personal data only where there is a valid legal basis to do so. The main purposes and legal bases are:

Contract and pre-contract steps
to prepare quotes, respond to enquiries, create accounts, process orders, arrange production, handle shipping, and provide customer support. Legal basis: steps prior to entering into a contract and performance of a contract.
Legal obligations
to issue invoices, keep accounting and tax records, respond to lawful requests, and meet other mandatory legal requirements. Legal basis: compliance with a legal obligation.
Security, fraud prevention, and service protection
to protect the website, prevent abuse, secure accounts, investigate suspicious activity, and maintain reliable operations. Legal basis: Makeseum’s legitimate interests in security and business continuity.
Consent-based processing
to use optional analytics or marketing cookies, handle newsletter opt-in, or process other activities that rely on consent. Legal basis: your consent, which you may withdraw where applicable.

Who may receive personal data

Makeseum does not sell personal data. Data may be shared only where necessary with service providers, processors, or authorities relevant to the service. Depending on the case, this may include:

  • payment providers such as Stripe for processing online payments
  • courier or shipping providers such as Econt or Speedy for delivery and shipment handling
  • email and communication service providers such as SendGrid for transactional or opted-in email communication
  • website, infrastructure, anti-bot, and security providers such as Cloudflare and related service providers
  • analytics or advertising partners such as Google Analytics, Microsoft Clarity, or Meta where optional tracking has been enabled through consent
  • professional advisers, accountants, IT providers, or competent public authorities where disclosure is legally required or reasonably necessary

How long we keep data

Makeseum keeps personal data only for as long as reasonably necessary for the relevant purpose, unless a longer retention period is required by law.

  • contact enquiries are typically kept for as long as needed to answer the request and manage related follow-up
  • incomplete checkout or order information may be kept for a limited period to allow completion, fraud review, and support follow-up
  • completed order, invoice, and accounting records may be retained for the legally required accounting and tax period
  • security logs, login records, and technical protection data may be retained for a reasonable period needed to detect abuse, investigate incidents, and secure the platform

Where specific legal retention periods apply, Makeseum will retain the relevant data for that period and then delete, anonymise, or otherwise limit further processing as appropriate.

Cookies, analytics, and tracking technologies

Makeseum uses necessary cookies and may also use optional analytics or marketing technologies depending on your choices in the cookie banner or preferences tool.

Optional tools currently used on the site may include Google Analytics, Microsoft Clarity, and Meta Pixel, subject to your consent settings where required.

For more specific information about cookie categories and preference controls, please see our Cookie Policy.

View Cookie Policy

Your rights

Subject to applicable law, you may have the right to:

  • request access to personal data we hold about you
  • request correction of inaccurate or incomplete personal data
  • request deletion of personal data where there is a valid legal basis for erasure
  • request restriction of processing in certain situations
  • object to processing based on legitimate interests, where applicable
  • withdraw consent at any time for processing that depends on consent, without affecting earlier lawful processing

You may also have the right to data portability and the right to lodge a complaint with a competent supervisory authority if you believe your data has been processed unlawfully.

Security and data protection measures

Makeseum takes reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. However, no online system can guarantee absolute security.

If you send technical files, models, or project attachments to us, please avoid including unnecessary personal data inside those files unless it is genuinely needed for the project.