Privacy Policy
Our website address is: https://www.ghamak.com/
This Privacy Policy describes the policies and procedures Ghamak follows to collect, use and disclose your information when you use our services. In this policy you will also find information about your privacy rights and how the law protects your personal data.
This Privacy Policy relates to personal data that you provide to us or that we obtain from you through our website and through our accounts on Patreon, MyMiniFactory, and other online marketplaces in which we have a store (e.g. Etsy).
We may amend this Privacy Policy from time to time. This Privacy Policy was last amended in June 2022.
What Personal Data do we process?
This Privacy Policy provides information on the processing of personal data of visitors who register to our newsletter, on customers who purchase products via our online store, on patrons who support Ghamak on the platform Patreon.com, and on visitors to our stores on other online platforms such as MyMiniFactory and Etsy. Such personal data may include contact details, information on the products purchased, and clicking behaviour. We also place cookies (after obtaining your consent, if required). More information on this can be found in our Cookie Policy.
Below you can find a non-exhaustive list of Personal Data we process in respect of current and prospective customers:
- Email address;
- Name and shipping address details;
- Telephone number;
- Products purchased;
- website visits and clicking behaviour;
- IP address;
- duration and time of visit to the website;
- use of social media.
For what purposes do we process Personal Data?
We process Personal Data for the purposes of providing our services in the context of fulfilling purchase orders, and in order to comply with legal obligations.
Personal Data provided by current or prospective customers are processed for the following purposes:
- administrative processes relating to fulfillment of purchase orders;
- administrative processes relating to the filing of tax reports;
- to enable Ghamak to send newsletters and other surveys;
- to resolve customer support tickets initiated by the customers;
- to track customers who should receive Loyalty rewards, discounts and other promotional offers.
The personal data provided by visitors to our websites is processed for the following purposes:
- to compile user statistics;
- to secure and improve our websites;
- to improve our services.
Basis for processing
GDPR sets out the lawful bases that allow us to process your Personal Data. In the case of Ghamak, the basis for processing Personal Data will be one of the following, depending on the specific personal data: a legal obligation, a contract, a legitimate interest, or consent. In case you don’t provide certain personal data, you may not be able to experience all the services offered by Ghamak.
Contracts: we need to process personal data to be able to perform certain contracts. Examples include the processing of personal data in connection with the performance of a contract between Ghamak and a freelancer, and the processing of personal data in connection the fulfillment of an order.
Legal obligation: based on Dutch legislation and regulations, including the General Administrative Law Act and tax legislation, we must process certain personal data (in particular: retain or provide data).
Legitimate interest: we process personal data if this is necessary to promote the legitimate interests of Ghamak. For example, in the interest of identifying Resellers who have a valid commercial license to sell 3D printed models owned by Ghamak.
Consent: if the processing of personal data is not covered by one of the aforementioned bases, we will request your consent to process certain personal data. You can withdraw your consent at any time.
Personal Data processing
Ghamak will endeavours to process your data solely within the European Union (‘EU’) by storing your data on servers or computers located in the EU wherever possible.
When we engage the services of data processors, we require that they store personal data on servers located in the EU. Where this is not possible, we will take the necessary measures to provide an appropriate level of security for the protection of your personal data.
Your rights about your Personal Data
If we process your personal data, you have the following rights, depending on the circumstances: the right to access your personal data, the right to rectification of your personal data, the right to their erasure, and the right to restriction of processing of your personal data. In some cases, you also have the right to object to the processing of your personal data or the right to request the transfer of your personal data. To make a request relating to any of these rights, please contact our Data Protection Officer (DPO) at .
In order to fulfill your requests about the rights mentioned above, we may ask you to provide us with documentation to confirm your identity in relation to the Personal Data involved in your request.
Access and rectification of Personal Data: you can contact us to access and rectify your Personal Data.
Erasure: the GDPR offers the possibility to have your personal data erased under specific circumstances. Our DPO will assess whether such a request can be implemented. In some cases, we might need to retain your personal data, e.g. to comply with a legal obligation or to ensure (by means of a one-off action) that you no longer receive messages from us.
Restriction of processing: you can request us to restrict the processing of your Personal Data if you believe the Personal Data we have about you are inaccurate, or if you believe that our processing of your personal data is unlawful.
Objection to processing: If we process your personal data on the basis of a legitimate interest, you can object to the further use of your personal data, on grounds relating to your particular situation.
Objection to electronic messages: If you no longer wish to receive Ghamak Newsletter, you can unsubscribe from it by clicking on the unsubscribe link in the email you received from us.
How do we protect your Personal Data?
We have a security policy to ensure that your data is protected against loss or any form of unlawful processing. We take appropriate physical, technical and organisational measures to protect data. Collaborators who have to handle your Data to provide their services have a duty of confidentiality. When we engage a third party (such as an accounting firm or a fulfillment company) in order to process your Personal Data, we always check that this third party has an adequate level of security.
If, despite this strict security, an incident should occur, we will resolve the incident as soon as possible and take measures to ensure it cannot happen again. We report data breaches that pose a risk to the rights and freedoms of data subjects to the Dutch Data Protection Authority.
How long do we retain your personal data?
We will not retain your personal data for any longer than necessary for the purposes for which we use them. By law, we are required to retain certain data for a specific period. We will pseudonymise or anonymise your personal data, if possible.
Does Ghamak share your Personal Data?
The basic principle is that your Personal Data will only be used by Ghamak. In a number of cases, we share your personal data with other parties such as government agencies or third parties.
In some cases, we have a legal obligation or might be ordered by a court to share personal data with government agencies. This may include, for example, the Tax and Customs Administration, the police or a regulatory authority. Ghamak is careful in providing personal data and only provides the personal data it is legally obliged to provide.
Ghamak shares personal data with third parties to support the performance of its tasks. This may include, for example, a software supplier, an external administration office, or other service providers who need personal data to be able provide their services. Ghamak makes written agreements with these parties regarding the processing and security of personal data.
Questions and complaints
If you have any questions about how we process your personal data, please let us know by sending an email to . We will be happy to assist you.
If you have reasons to believe that your personal data is being processed in breach of the GDPR, you can submit a complaint to our DPO by sending an email to .
The DPO is the link between Ghamak and the external regulatory authority (the Dutch Data Protection Authority). The DPO acts independently, has a duty of confidentiality and may consult or seek advice from the Dutch Data Protection Authority regarding your complaint.
About Ghamak
Ghamak has licensed its platforms to Maki Games BV to handle the administrative tasks related to its commercial activities. The controller within the meaning of the General Data Protection Regulation (GDPR) in respect of the data processing discussed in this Privacy Statement is Maki Games BV. This means that the management of Maki Games BV (hereinafter also ‘we’, ‘us’ or ‘our’) decides which personal data will be processed, for what purpose, and in which manner. Maki Games BV has the responsibility to ensure careful and fair processing of your personal data.