Threedy GmbH takes your legitimate data protection concerns very seriously and observes the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telecommunications Digital Services Data Protection Act (TDDDG) and, if applicable, the regulations of others applicable data protection regulations.
Threedy GmbH handles the data transmitted by you carefully and with due diligence. As far as data of any kind is collected, processed, or used, this is always done within the scope of the applicable legal provisions or after obtaining explicit consent from you.
Protecting the individual’s privacy on the Internet is crucial to the future of Internet-based business models and the move toward a true Internet economy. Threedy GmbH has created this privacy statement to demonstrate its firm commitment to the individual’s right to privacy. This policy outlines Threedy GmbH's personal information handling practices for this website.
This Privacy Statement covers this website and all other sites that reference this Privacy Statement. Some Threedy GmbH entities may have their own, possibly different, privacy statements. We encourage you to read the privacy statements of each of the websites you visit.
The controller according to Art. 4 Para. 7 of the General Data Protection Regulation (GDPR) is:
Threedy GmbH
Goebelstrasse 1-3
64293 Darmstadt
Germany
District court: Darmstadt HRB 101013
VAT ID: DE 335408826
Phone: +49 6151 39 456 - 01
Email: info@threedy.io
You can contact Threedy GmbH's data protection officer at:
Threedy GmbH
Thomas Fletschinger
Email: privacy(at)threedy.io
Global Privacy Fundamentals
Our privacy practices reflect current global principles and standards on handling personal information. These principles include notice of data use, choice of data use, data access, data integrity, security, onward transfer, and enforcement/oversight. Threedy GmbH abides by the EU General Data Protection Regulation (GDPR)
Consent
By using this website, you consent to the electronic collection and use of the information as described here. If Threedy GmbH decides to make changes to this Privacy Statement, we will post the changes on this site so that you will always know what information we collect, and how we use it.
From time to time, as may be required by applicable law, we may also seek your explicit consent to process certain data and information collected on this website or volunteered by you.
Types of data, purposes of processing and categories of data subjects
In the following, we inform you about the type, scope and purpose of the collection, processing and use of personal data.
1. types of data we process
usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact data (telephone number, e-mail, fax, etc.), content data (text entries, videos, photos, etc.),
2. purposes of the processing pursuant to Art. 13 (1) c) GPDR
processing contracts, optimizing the website technically and economically, providing easy access to the website, optimizing, and statistically evaluating our services, improving the user experience, making the website user-friendly, marketing / sales / advertising, compiling statistics, preventing SPAM and abuse, customer service and customer care, processing contact enquiries, providing websites with functions and content, uninterrupted, secure operation of our website,
3. categories of data subjects according to Art. 13(1)(e) GDPR
Visitors/users of the website, customers, suppliers, interested parties, employees.
The data subjects are collectively referred to as "users".
To serve you better and understand your needs and interests, Threedy GmbH collects, exports, and uses personal information with adequate notice and consent, along with required filings with data protection authorities, when applicable.
When you visit our website, we may record your IP address and use cookies and other Internet technologies (referred to below as "Automated Tools" and "Embedded Web Links") to gather general information about our visitors and their interests. The technologies used and the information collected are described in more detail below.
We may further collect and process any information and data that you volunteer to us, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums, or when you make purchases.
Use and Purpose of Collected Personal Data
The information Threedy GmbH collects to understand your needs and interests helps Threedy GmbH deliver an optimized and personalized experience. Threedy GmbH will use such information only as described in this Privacy Statement. We will not subsequently change the way your personal data is used without your consent unless this is otherwise permitted by law.
We always process your personal data for a specific purpose.
Legal basis for the processing of personal data
Below we inform you about the legal basis for the processing of personal data:
If we have obtained your consent for the processing of personal data, Art. 6 (1) p. 1 lit. a) GDPR is the legal basis.
If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, which are carried out at your request, Art. 6 (1) S. 1 lit. b) GDPR is the legal basis.
If the processing is necessary for the fulfillment of a legal obligation to which we are subject (e.g., legal retention obligations), Art. 6 para. 1 p. 1 lit. c) GDPR is the legal basis.
If the processing is necessary to protect vital interests of the data subject or another natural person, Art. 6 (1) S. 1 lit. d) GDPR is the legal basis.
If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms are not overridden in this respect, Art. 6 (1) S. 1 lit. f) GDPR is the legal basis.
Disclosure of personal data to third parties and processors
As a matter of principle, we do not pass on any data to third parties without your consent. If this should nevertheless be the case, then the disclosure is made based on the previously mentioned legal grounds, e.g., in the case of the disclosure of data to online payment providers for the fulfillment of the contract or due to a court order or because of a legal obligation to hand over the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.
We also use processors (external service providers, e.g., for web hosting of our websites and databases) to process your data. If data is disclosed to processors as part of a contract processing agreement, this is always done in accordance with Art. 28 GDPR. In doing so, we carefully select our processors, regularly monitor them and have been granted a right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and comply with the data protection regulations according to BDSG n.F. and GDPR.
Deletion of data and storage period
Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as you revoke your consent to the processing or the purpose for the storage no longer applies or the data is no longer required for the purpose, unless their continued storage is necessary for evidentiary purposes or is precluded by statutory retention obligations. This includes, for example, retention obligations under commercial law for business letters in accordance with Section 257 (1) of the German Commercial Code (HGB) (6 years) and retention obligations under tax law for documents in accordance with Section 147 (1) of the German Fiscal Code (AO) (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion or fulfillment of a contract.
What data do we collect and why?
With the help of the collected data Threedy GmbH would like to offer you an optimal personal support. Threedy GmbH uses your data exclusively as described in this statement. Any subsequent change in the purpose of use is subject to your express consent unless the change is otherwise legitimized by applicable legal provisions.
We always process your personal data for a specific purpose.
In particular we process your personal data for the following purposes:
To manage our relationship with you, e.g., through our databases, in which we collect data about you from our various sources to get an overview of the collaboration; also, to improve and individualize our understanding of your preferences and our communication with you.
To process your orders and deliver the products and services that you have ordered.
To implement tasks in preparation of or to perform existing contracts.
To evidence transactions and ensure transparency on transfers of value.
To provide you with appropriate and current information about research as well as our products and services.
To improve the quality of our products and services by adapting our offering to your specific needs.
To answer your requests and provide you with efficient support.
To manage communications and interactions with you.
To track our activities (e.g., measuring interactions or sales, number of appointments/calls, issues discussed, documents presented).
To invite you to events sponsored or used by us (e.g., speaker events, conferences);
To grant you access to our specified IT systems so that you can use certain services of Threedy GmbH.
To manage our IT resources, including infrastructure management and business continuity.
To preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, internally defined contribution caps, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
Archiving and record keeping.
To support recruitment inquiries.
Billing and invoicing; and
any other purposes imposed by law and authorities.
In certain cases, we are legally obliged to transfer certain data to the requesting government agency (institution or authority). The legal basis for the processing is Art. 6. Para. 1 (c) GDPR and Art. 24 Para. 2, No 1 of the German Federal Data Protection Act
In some cases, business partners require personal information from our customers. This is usually done for the purpose of order fulfillment (e.g., in case of complaints). This is expressly provided for by law. In this case, Threedy GmbH remains responsible for the protection of your data – in addition, the processor may also be responsible. The service provider works strictly in accordance with our instructions, which Threedy GmbH ensures by means of strict contractual regulations.
To fulfil legal obligations to record, document and report to the responsible authorities.
Provision of our website and creation of log files
If you only use our website for informational purposes (i.e., no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
IP address.
Internet service provider of the user.
Date and time of access.
Browser type.
Language and browser version.
Content of the retrieval.
Time zone.
Access status/HTTP status code.
Amount of data.
Websites from which the request came.
Operating system.
A storage of this data together with other personal data of you does not take place.
This data is used for the purpose of user-friendly, functional, and secure delivery of our website to you with functions and content as well as its optimization and statistical evaluation.
The legal basis for this is our legitimate interest in data processing, which also lies in the above purposes, according to Art. 6 para. 1 p.1 lit. f) GDPR.
For security reasons, we store this data in server log files for a storage period of days. After this period, they are automatically deleted, unless we need to keep them for evidence purposes in the event of attacks on the server infrastructure or other legal violations.
IP Addresses
We use IP addresses to help diagnose problems, to administer our website, and to gather demographic information. We may also use IP addresses or other information you have shared on this website to determine which pages on our sites are being visited and topics that may be of interest so we can provide you with information about relevant products and services. We use the insights gained to offer you an optimized range of information on our products and services. As a matter of principle, Threedy GmbH will aggregate such data only in an anonymous way and will not tie it to a particular individual unless he or she has given consent.
Threedy GmbH will only gather information related to your visit to the Threedy GmbH website. We do not track or collect personal information from your visits to websites of companies or entities outside the Threedy GmbH group of companies.
Cookies
a) We use cookies on our website(s). These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies cannot do damage to your computer and do not contain viruses, Trojans, or any other malware. The information stored in the cookie pertains to the specific device used. This, however, does not give us direct knowledge of your identity. The use of cookies serves to make using our online services more pleasant for you. For example, we use what are known as session cookies to determine that you have already visited individual pages on our website. These are automatically deleted after leaving our website.
b) In addition, to further improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our website again to use our services, we will automatically determine that you have already visited our website and what inputs and settings you have made to avoid having to re-enter them.
c) Furthermore, we use cookies to statistically record the use of our website and to analyze it for the purpose of optimizing our website offerings. These cookies enable us to automatically determine that you have visited our website before.
d) The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and the interests of third parties under Art. 6 Para.1 Sent. 1 (f) GDPR.
e) Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer or that a notice is displayed before a new cookie is created. Disabling cookies completely, however, may mean that you will not be able to all the features on our website.
Cookies are otherwise stored on your computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
Here you can find information about deleting cookies by browser:
Chrome: https://support.google.com/chrome/answer/95647
Safari: https://support.apple.com/guide/mdm/managing-safari-cookies-mdmf7d5714d4/web
Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Internet Explorer: https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies
Email Addresses
If you choose to give us your email address or submit it through our contact form, we will communicate with you via email. We do not share your email address with third parties. You can opt out from receiving future emails from Threedy GmbH at any time.
External Service Providers
We work with service providers that process certain data on our behalf. This is done exclusively in accordance with the applicable data protection laws. In particular we have entered into commissioned data processing agreements with our service providers which satisfy the requirements of Art. 28 GDPR.
Data Transfer, Transfer to a Third Country
Your personal data will not be transferred to third parties for any purposes other than those set out below. We will only transfer your personal data to third parties if:
a) You have given your express consent in accordance with Art. 6 Para. 1 Sent. 1 (a) GDPR, Art. 26 Para. 2 German Federal Data Protection Act (BDSG),
b) The transfer is necessary in accordance with Art. 6 Para. 1 Sent. 1 (f) GDPR for the purpose of asserting, exercising, or defending legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
c) in the event that there is a legal obligation to transfer the data pursuant to Art. 6 Para. 1 Sent. 1 (c) GDPR and
d) this is legally permissible and necessary under Art. 6 Para. 1 Sent. 1 (b) GDPR, Art. 26 Para. 1 German Federal Data Protection Act (BDSG) for the execution of a contractual relationship with you or for pre-contractual measures at your request.
Transfer to a third country or an international organization is not intended and there is no automated decision making unless otherwise provided in this Privacy Statement.
Threedy GmbH may also share such information with business partners, service providers, authorized third-party agents, or contractors in order to provide a requested service or transaction, including processing orders, providing customer support, or providing you with information on products and services that may be of interest to you.
We do not sell or rent your personal data to third parties for marketing purposes unless you have granted us permission to do so.
Threedy GmbH may respond to subpoenas, court orders, or legal process by disclosing your personal data and other related information, if necessary. We also may choose to establish or exercise our legal rights or defend against legal claims.
Circumstances may arise where, whether for strategic or other business reasons, Threedy GmbH decides to sell, buy, merge, or otherwise reorganize businesses. Such a transaction may involve, in accordance with applicable law, the disclosure of personal information to prospective or actual purchasers. It is Threedy GmbH's practice to seek appropriate protection for information in these types of transactions.
We may collect and possibly share personal data and any other additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of Threedy GmbH's terms of use, or as otherwise required by law.
Data transfer to third countries
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data is therefore predominantly processed by companies to which the GDPR applies. If, however, processing is carried out by services of third parties outside the European Union or the European Economic Area, these must meet the special requirements of Art. 44 et seq. GDPR. This means that the processing takes place based on special guarantees, such as the officially recognized determination by the EU Commission of a level of data protection corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called "standard contractual clauses".
Analysis Tools
The tracking measures listed below and used by us are carried out based on Art. 6 Para. 1 Sent. 1 (f) GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. Furthermore, we use tracking measures to statistically record the use of our website and to analyze it for the purpose of optimizing our website offerings. These interests are considered legitimate within the meaning of the afore mentioned provision. For the respective data processing purposes and data categories, please refer to the corresponding tracking tools described in detail below.
Privacy Statement for the use of Microsoft Office 365 Products
We would like to inform you below about the processing of personal data in connection with the use of Office 365 products.
Purpose of Processing
We use the tool to conduct telephone conferences, online meetings, video conferences, surveys, and queries with our clients, cooperation partners, service providers, suppliers, customers, and participants.
1. Details of the Data Controller
When using Office 365 applications, personal data about you will be processed. Please note that this privacy notice only informs you about the processing of your personal data by us in connection with the joint use of Office 365 products. The controller in this respect is:
Threedy GmbH
Göbelstrasse 1–3
64293 Darmstadt
Local Court Darmstadt: HRB 101013
VAT ID: DE335408826
Contact
Phone: +49 (0) 2371 3 53 38 09
Email: info@threedy.io
Website: www.threedy.io
We have appointed an external Data Protection Officer:
Thomas Fletschinger
Threedy GmbH
Email: privacy(at)threedy.io
2. Additional Controllers
We use the Office 365 software of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). This is operated as a cloud application. In some cases, a user account must be created for use. Where this account was not set up by us and provided to you, Microsoft is the controller, or the party that provided you with the login credentials.
Microsoft also reserves the right to process user data for its own business purposes. In this context, Microsoft is an independent controller. We have only limited ability to influence Microsoft’s use of your usage data. We take all possible measures to minimize the transfer of your usage data to Microsoft but cannot completely prevent it.
For details and your rights against Microsoft, please see:
General: https://privacy.microsoft.com/de-de/privacystatement
Microsoft Teams: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy
We have concluded data protection agreements with Microsoft to guarantee a minimum level of protection, including agreements that personal data will generally be processed on servers in the EU. Some services may still involve transfers to the USA, considered by the EU to be an insecure third country. To ensure an adequate level of protection there, we have concluded Standard Contractual Clauses with Microsoft.
3. Data Processing for Technical Delivery of Services
Certain information is automatically processed when you use an Office 365 application:
IP address, technical information to ensure correct webpage delivery
Data required for authentication, license usage, logging, and misuse detection
Date and time of access
Type of access
For investigation and prosecution of violations:
If necessary to clarify unlawful or abusive use of Office 365 services or for prosecution, personal data may be forwarded to law enforcement, other authorities, injured third parties, or legal advisors. Disclosure may also occur to enforce terms of use or other claims. We are also legally required to provide information to certain public authorities (e.g., law enforcement, fine authorities, tax authorities).
Legal basis: Art. 6 (1) lit. f GDPR.
When using MS Forms for surveys:
Used for voluntary participation.
Customer input helps improve services.
Employee input helps improve working conditions.
Surveys are generally anonymous, with no link to names/usernames.
IP addresses are recorded for security but not linked to survey answers.
Please avoid providing identifiable information in free-text fields.
Legal basis: voluntary participation, Art. 6 (1) lit. a GDPR.
When using MS Forms for organizational purposes:
Used for organizational queries (e.g., care times, pickup times, meal preferences, scheduling).
Required data: name, date of birth.
Data is deleted once no longer needed.
Legal basis: contractual relationship, Art. 6 (1) lit. b GDPR; for sensitive data, consent under Art. 9 (2) lit. a GDPR.
When using MS Forms for exercises and quizzes:
Used for providing exercises, quizzes, and knowledge checks.
Collected data: name, user data if applicable, course attended.
Legal basis: training contract, Art. 6 (1) lit. b GDPR.
When using MS Teams:
Used for communication, training sessions, one-on-one or group meetings.
Participation may require login credentials.
Data collected (visible to others): username, display name, dial-in number, optional profile details (name, contact info, profile picture), communication content (text, audio, video).
If recorded, you will be notified.
Technical usage data (multi-factor authentication details, accessed files, activity logs, chats, notes, etc.) are also processed.
Legal basis: Art. 6 (1) lit. b GDPR if contractual, otherwise Art. 6 (1) lit. f GDPR (interest in effective online meetings).
4. Recipients / Data Sharing
Personal data processed with Office 365 products is not shared with third parties except in the cases described above.
5. Data Processing Outside the EU
Your data may be processed outside the EU/EEA, including in the USA and other third countries. Protection is ensured through Standard Contractual Clauses under Art. 46 (2) lit. c or d GDPR.
6. Data Deletion
Personal data is deleted when storage is no longer required, e.g., after fulfilling contractual obligations, retention periods, or defending/enforcing claims. Statutory retention periods take precedence. Usage data (login, IP addresses, metadata) may be stored by Microsoft for up to 90 days. Backup data is regularly overwritten.
7. Right to Lodge a Complaint
Under Art. 77 GDPR, every data subject has the right to lodge a complaint with a supervisory authority if they believe the processing of their personal data violates the GDPR.
Responsible authority in Hesse:
The Hessian Data Protection Commissioner
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
P.O. Box 31 63, 65021 Wiesbaden
Phone: 0611 14080
Fax: 0611 1408-900
Email: poststelle@datenschutz.hessen.de
Website: http://www.datenschutz.hessen.de
Privacy Statement for the use of Matomo Analytics
This website uses the Matomo analytics service. Matomo is not based on "cookies." No cookies are set and no personal information about you is stored. Matomo is therefore completely compliant with the GDPR. The use of Matomo is based on Art. 6 (1) lit. f GDPR. The site operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both the web offer and marketing campaigns. The Data Processing Agreement which regulates Matomo’s data processing activities can be found here: https://matomo.org/matomo-cloud-dpa/
Privacy Statement for the Use of Youtube plugins
Our website uses plugins from the YouTube site operated by Google. The operator of this site is: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information on the handling of user data, please refer to YouTube's privacy policy at: https://marketingplatform.google.com/about/analytics/terms/us/, overview of data protection: https://support.google.com/analytics/answer/6004245?hl=en, as well as the privacy policy: https://policies.google.com/privacy?hl=en&gl=en.
If you do not wish to participate in the tracking process, you can generally deactivate the automatic setting of cookies in your browser settings. You can also block cookies specifically for conversion tracking by modifying your browser settings so that cookies from the domain "googleadservices.com" are not permitted.
Further information as well as Google's privacy policy can be found here und here.
Privacy Statement for the Use of Google ReCAPTCHA
We have integrated the anti-spam function "reCAPTCHA" from "Google" (provider: Google Ireland Limited, Reg. No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland).
Data category and description of data processing: Usage data (e.g., website accessed, IP). By using "reCAPTCHA" in our forms, we can determine whether the input was made by a machine (robot) or a human. When using the service, your IP address and possibly other data required for this purpose may be transmitted to Google servers in the USA.
Purpose of processing: Prevention of spam and abuse as well as our economic interest in optimizing our website.
Legal basis: If you have given your consent ("opt-in") for processing of your personal data by means of "reCaptcha" from the third-party provider, then Art. 6 para. 1 p. 1 lit. a) GDPR is the legal basis. In addition, the legal basis is our legitimate interest in data processing in accordance with Art. 6 para. 1 p.1 lit. f) GDPR, which lies in the above purposes.
Data transfer/recipient category: third-party providers in the USA. Storage period: until the cookies are deleted by you as the user.
You can find more information about Google ReCAPTCHA at https://www.google.com/recaptcha/ and in Google's privacy policy at: https://policies.google.com/privacy.
Social media presence
Data transfer/recipient category: social network
The data protection notices, information options and objection options (opt-out) of the respective networks / service providers can be found here:
- Twitter - Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
- XING - Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - privacy policy/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
- LinkedIn - Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) - Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-Out: https://www.linkedin.com/legal/cookie-policy
Links to Other Sites
Our website may contain links to other sites. Threedy GmbH is not responsible for the privacy practices or the content of other websites outside of Threedy GmbH.
Data Retention
Threedy GmbH will not retain your personal data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
Applicant Privacy Notice
Information on Data Processing for the Application Process in accordance with Art. 13 GDPR
Collection and storage of personal data as well as the type, purpose, and use thereof
(1) We process applicant data solely for the purpose and within the scope of the application procedure in accordance with legal requirements.
The processing of applicant data takes place to fulfill our (pre-)contractual obligations within the application process as per Art. 6 (1) lit. b GDPR, insofar as data processing becomes necessary for us (e.g., in legal proceedings). In Germany, § 26 BDSG also applies.
If you contact us in the context of your application, we collect and process the following information on our own servers:
· Salutation, first name, last name, a valid email address
· Address
· Telephone number (landline and/or mobile)
· Information required for the application process
This data is collected for correspondence with you. Data processing is based on your application and is necessary under Art. 6 (1) sentence 1 lit. b GDPR for the proper handling of your application.
Your personal data will not be transferred to third parties.
(2) The application process requires applicants to provide us with their application data. Required application data includes personal details, postal and contact addresses, and the documents belonging to the application, such as cover letter, CV, and certificates. In addition, applicants may voluntarily provide us with further information.
(3) By submitting an application to Threedy GmbH, applicants consent to the processing of their data for the purposes of the application process in the manner and scope set out in this privacy policy.
(4) Insofar as applicants voluntarily provide special categories of personal data within the meaning of Art. 9 (1) GDPR during the application process, such data will also be processed in accordance with Art. 9 (2) lit. b GDPR (e.g., health data such as disability status or ethnic origin).
(5) Applicants can submit their applications to Threedy GmbH via the portal or by email. Please note, however, that emails are generally not sent in encrypted form and applicants themselves are responsible for encryption.
We therefore cannot take responsibility for the transmission path of the application between the sender and its receipt on our server.
If applicants have concerns regarding the security of sending application documents via email, we recommend sending the application documents by post.
Access to applicant data
The data you provide will be treated confidentially. In the context of a specific application, only persons involved in filling the position will have access to your data. These include in particular the HR staff of Threedy GmbH, the management, and the respective department heads.
(6) The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application.
Otherwise, if the application for a job offer is unsuccessful, the applicants’ data will be deleted. The data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
(7) Deletion will take place, subject to a legitimate withdrawal by the applicants, six months after completion of the application process, so that we can answer any follow-up questions about the application and comply with our obligations under the Equal Treatment Act.
If you have consented to the further storage of your personal data, we will include your data in our applicant pool. The data there will be deleted after two years.
If you are accepted for a position during the application process, the data from the applicant database will be transferred to our HR information system.
Invoices for any travel cost reimbursements will be archived in accordance with tax regulations.
Data Subject Rights
You have the right.
a) in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your personal data have been or will be disclosed, the planned storage period, the existence of the right to rectification, deletion, restriction or objection of processing of personal data, the right to lodge a complaint with a supervisory authority, the origin of your data where the personal data was not collected by us, and the existence of automated decision-making and, if applicable, meaningful information about the logic involved;
b) in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect data or the completion of your personal data stored by us.
c) to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
d) in accordance with Art. 18 GDPR to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims, or if you have filed an objection to the processing in accordance with Art. 21 GDPR.
e) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request its transfer to another person responsible.
f) in accordance with Art. 7 Para. 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing the data based on this consent in the future and
g) in accordance with Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of the registered office of our company.
The competent supervisory authority for data protection for Threedy GmbH is:
Hessen Aufsichtsbehörde
Der Hessische Datenschutzbeauftragte
Address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden
P.O. Box: 31 63, 65021 Wiesbaden
Phone: 0611 14080
Fax: 0611 1408 - 900
E-Mail: poststelle@datenschutz.hessen.de
Internet: http://www.datenschutz.hessen.de
For the assertion of the afore mentioned rights as well as for questions regarding data protection, you can contact the person responsible or send an email to privacy(at)threedy.io.
Right to Object
If your personal data are processed based on legitimate interests pursuant to Art. 6 Para. 1 Sent. 1 (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation, or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to exercise your right of withdrawal or objection, simply send an e-mail to privacy(at)threedy.io
Data Security
a) While you visit our website, we use the common SSL procedure (Secure Socket Layer) with the highest possible encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will resort to128-bit v3 technology instead. Whether an individual page of our website is transmitted in encrypted form is indicated by the display of the closed key/lock symbol in the lower status bar of your browser.
b) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Changes to This Privacy Statement
In the event of new developments such as changes to the applicable data privacy laws, we will, if necessary, update this privacy statement accordingly.
Last updated: August 28, 2025