PRIVACY POLICY

REACDIF LIMITED — PRIVACY POLICY

Company: REACDIF LIMITED
Company No: 17063022
Registered Address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Data Controller Contact: hello@reacdif.pro

Effective Date: 2 March 2026
Version: 2.0

This Privacy Policy explains how REACDIF LIMITED ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the Reacdif platform (the "Service"). We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy should be read alongside our Terms of Service and License Agreement, which governs your use of the platform.

1. WHO WE ARE

REACDIF LIMITED is the data controller for all personal data collected through the Reacdif platform. This means we determine the purposes and means of processing your personal data.

If you have any questions about how we handle your data, please contact us at hello@reacdif.pro.

2. WHAT DATA WE COLLECT

We collect the following categories of personal data:

2.1 Account and Identity Data
- Full name
- Email address
- Username
- Country of residence
- Business name (if applicable)
- VAT registration number (if applicable, for B2B customers)

2.2 Payment and Transaction Data
- Billing address and country
- Transaction history and purchase records
- Subscription status and billing period

Note: Payment method details (card numbers, bank details, PayPal credentials) are collected directly by Paddle.com Market Limited, our payment processor, acting as Merchant of Record. REACDIF LIMITED does not directly receive or store full payment instrument details. Please refer to Paddle's Privacy Policy for how your payment data is handled.

2.3 Technical and Usage Data
- IP address
- Browser type and version
- Operating system
- Device type
- Pages visited and time spent on the platform
- Download activity logs (product name, date, and time of download)
- Login timestamps and session data

2.4 Communication Data
- Emails and messages you send to us (including support requests)
- Feedback and suggestions you submit

2.5 Cookie Data
Please refer to Section 9 (Cookies) of this policy for details on cookies we use.

3. HOW WE USE YOUR DATA — LEGAL BASIS

We process your personal data on the following legal bases under UK GDPR:

3.1 Performance of a Contract (Article 6(1)(b))
We process your data to perform our contractual obligations to you, including:
- Creating and managing your account
- Processing payments and managing subscriptions
- Delivering digital products you have purchased
- Providing customer support
- Sending transactional emails (purchase confirmations, download links, receipts, billing notices, and policy updates that materially affect your subscription)

3.2 Legal Obligation (Article 6(1)(c))
We process certain data to comply with legal requirements, including:
- UK tax obligations and HMRC reporting requirements
- Responses to lawful requests from law enforcement or regulatory authorities
- Retention of financial records as required by UK company law

3.3 Legitimate Interests (Article 6(1)(f))
We process data based on our legitimate business interests, including:
- Detecting and preventing fraud, account sharing, and licence violations
- Monitoring platform security and performance
- Improving our products and services
- Maintaining records of licence agreements for intellectual property enforcement
- Analysing aggregated, anonymised platform usage data to improve user experience

3.4 Consent (Article 6(1)(a))
Where we process data on the basis of consent (e.g., for marketing communications), you may withdraw your consent at any time by contacting us at hello@reacdif.pro or using the unsubscribe link in any marketing email.

4. WHO WE SHARE YOUR DATA WITH

We do not sell your personal data to third parties. We share your data only in the following limited circumstances:

4.1 Paddle.com Market Limited (Payment Processor)
Payment processing for the Reacdif platform is conducted by Paddle.com Market Limited, registered in Ireland, and its affiliate Paddle.com Inc., registered in the United States. Paddle acts as Merchant of Record for all transactions, meaning Paddle is an independent data controller for the payment and billing data it collects from you directly at checkout.

REACDIF LIMITED receives only limited order confirmation data from Paddle (e.g., transaction ID, product purchased, subscription status). We do not receive or store your full payment instrument details.

Your use of Paddle's checkout is governed by Paddle's own Privacy Policy, available at https://www.paddle.com/legal/privacy. We encourage you to review it before completing a purchase.

4.2 Hosting and Infrastructure Providers
We use third-party hosting and cloud infrastructure services to operate the platform. These providers may process your data as data processors on our behalf and are bound by appropriate data processing agreements.

4.3 Legal and Regulatory Authorities
We may disclose personal data to law enforcement agencies, courts, or regulatory authorities where required to do so by applicable law, or where disclosure is necessary to protect our legal rights or the rights of others.

4.4 Business Transfers
In the event of a merger, acquisition, sale of assets, or restructuring of REACDIF LIMITED, your personal data may be transferred to the relevant third party as part of that transaction. You will be notified in advance of any such transfer.

We require all third parties who process data on our behalf to implement appropriate technical and organisational security measures and to process your data only in accordance with our instructions.

5. INTERNATIONAL DATA TRANSFERS

REACDIF LIMITED is based in the United Kingdom. Some of our third-party service providers may be based outside the UK or the European Economic Area (EEA). Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including (where applicable) reliance on the UK's adequacy regulations or standard contractual clauses.

Specifically:
- Paddle.com Market Limited is based in Dublin, Ireland (EEA). Transfers of order data to Paddle are covered by the UK's adequacy decision for the EEA.
- Paddle.com Inc. is based in the United States. Such transfers are conducted under appropriate safeguards including standard contractual clauses or equivalent mechanisms.
- Hosting and infrastructure providers may also be located outside the UK/EEA. We ensure all such providers are bound by appropriate data processing agreements and transfer mechanisms.

6. HOW LONG WE KEEP YOUR DATA

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law:

- Account data: Retained for the duration of your account and for up to 3 years after account closure, to handle any disputes or legal claims.
- Transaction and financial records: Retained for a minimum of 6 years in accordance with UK company law and HMRC requirements.
- Download activity logs: Retained for the duration of your account plus 3 years, for licence enforcement purposes.
- Support communications: Retained for up to 2 years after the resolution of the relevant issue.
- Marketing consent records: Retained until consent is withdrawn, plus a reasonable period thereafter.

When data is no longer required, it is securely deleted or anonymised.

7. YOUR RIGHTS UNDER UK GDPR

You have the following rights in relation to your personal data. To exercise any of these rights, please contact us at hello@reacdif.pro:

7.1 Right of Access (Article 15)
You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

7.2 Right to Rectification (Article 16)
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

7.3 Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to request deletion of your personal data where:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw your consent (where consent was the legal basis)
- You object to processing and there is no overriding legitimate interest
- The data has been processed unlawfully
Note: This right is subject to exceptions where we are required by law to retain the data.

7.4 Right to Restriction of Processing (Article 18)
You have the right to request that we restrict how we process your data in certain circumstances.

7.5 Right to Data Portability (Article 20)
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.

7.6 Right to Object (Article 21)
You have the right to object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

7.7 Rights Related to Automated Decision-Making
We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects. If this changes, we will update this Privacy Policy and notify you in advance.

Response timeframe: We will respond to all valid requests within one calendar month. In complex cases, this may be extended by a further two months, with prior notification.

8. HOW WE PROTECT YOUR DATA

8.1 Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:

- HTTPS encryption for all data transmitted through the platform
- Access controls limiting data access to authorised personnel only
- Regular security assessments of our infrastructure
- Payment processing handled by Paddle, a PCI DSS Level 1 certified Merchant of Record, ensuring your payment data never touches our servers

While we take all reasonable steps to protect your data, no internet transmission or electronic storage system is completely secure. You are responsible for keeping your account credentials confidential.

8.2 Personal Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with Article 33 UK GDPR.
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 UK GDPR.

Notification will be made via the email address registered to your account.

9. COOKIES

REACDIF LIMITED uses cookies and similar tracking technologies to operate and improve the platform. Cookies are small text files stored on your device when you visit our website.

Where required by the UK Privacy and Electronic Communications Regulations (PECR), we will obtain your consent before placing non-essential cookies on your device. You can manage or update your cookie preferences at any time via the cookie preference panel on our website. Note that disabling certain cookies may affect the functionality of parts of the platform.

Categories of cookies we use:

9.1 Strictly Necessary Cookies
Required for the platform to function (e.g., session management, login authentication, shopping cart). These cannot be disabled as they are essential to the operation of the Service.

9.2 Analytical / Performance Cookies
Help us understand how visitors interact with the platform (e.g., pages visited, time on page, error rates). We use this data to improve the user experience. These cookies require your consent and are only placed after you have accepted them via our cookie consent tool. Where third-party analytics services are used, this will be disclosed in our cookie preference panel.

9.3 Functional Cookies
Allow the platform to remember your preferences (e.g., language, currency display). These require consent where they are not strictly necessary.

9.4 Marketing / Targeting Cookies
If we use any advertising or retargeting tools in future, these will be disclosed here and will only be placed with your explicit consent. We do not currently use marketing or targeting cookies.

10. CHILDREN'S PRIVACY

The Reacdif platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18 without verified parental consent, we will delete that data promptly.

11. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated to you via email at least 30 days before they take effect. Non-material changes (such as clarifications or formatting corrections) may be made without prior notice. The current version of this policy is always available on the Reacdif website.

Continued use of the platform after changes take effect constitutes acceptance of the revised policy.

12. HOW TO COMPLAIN

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with:

Information Commissioner's Office (ICO)
United Kingdom's data protection supervisory authority
Website: www.ico.org.uk
Helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at hello@reacdif.pro.

13. CONTACT US

For any questions, requests, or concerns relating to this Privacy Policy or the processing of your personal data, please contact:

REACDIF LIMITED
Data Protection Enquiries
71-75 Shelton Street, Covent Garden
London WC2H 9JQ
United Kingdom
Email: hello@reacdif.pro

Last Updated: 2 March 2026
Version: 2.0

PRIVACY POLICY

Parametric Bench A-1 | CNC furniture design for DIY

Parametric Sofa A-4 | Wavy Wooden MDF Sofa Design File for CNC

Parametric Bench A-10 | Modern Wooden Seating CNC Design Files for DIY Makers

Parametric Coffee Table A-6 | Modern Organic CNC Furniture Plans for DIY Makers