Threedy GmbH takes your legitimate interests in data protection very seriously and observes the provisions of the European General Data Protection Regulation (GDPR), the German Telemedia Act and, where applicable, the provisions of other applicable data protection regulations.
Threedy GmbH handles the data transmitted by you carefully and with due diligence. As far as data of any kind is collected, processed, or used, this is always done within the scope of the applicable legal provisions or after obtaining explicit consent from you.
Protecting the individual’s privacy on the Internet is crucial to the future of Internet-based business models and the move toward a true Internet economy. Threedy GmbH has created this privacy statement to demonstrate its firm commitment to the individual’s right to privacy. This policy outlines Threedy GmbH's personal information handling practices for this website.
This Privacy Statement covers this website and all other sites that reference this Privacy Statement. Some Threedy GmbH entities may have their own, possibly different, privacy statements. We encourage you to read the privacy statements of each of the websites you visit.
The controller according to Art. 4 Para. 7 of the General Data Protection Regulation (GDPR) is:
Threedy GmbH
Goebelstrasse 1-3
64293 Darmstadt
Germany
District court: Darmstadt HRB 101013
VAT ID: DE 335408826
Phone: +49 6151 155-0
Email: info@threedy.io
You can contact Threedy GmbH's data protection officer at:
Threedy GmbH
Thomas Fletschinger
Email: privacy(at)threedy.io
Global Privacy Fundamentals
Our privacy practices reflect current global principles and standards on handling personal information. These principles include notice of data use, choice of data use, data access, data integrity, security, onward transfer, and enforcement/oversight. Threedy GmbH abides by the EU General Data Protection Regulation (GDPR)
Consent
By using this website, you consent to the electronic collection and use of the information as described here. If Threedy GmbH decides to make changes to this Privacy Statement, we will post the changes on this site so that you will always know what information we collect, and how we use it.
From time to time, as may be required by applicable law, we may also seek your explicit consent to process certain data and information collected on this website or volunteered by you.
Types of data, purposes of processing and categories of data subjects
In the following, we inform you about the type, scope and purpose of the collection, processing and use of personal data.
1. types of data we process
usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact data (telephone number, e-mail, fax, etc.), content data (text entries, videos, photos, etc.),
2. purposes of the processing pursuant to Art. 13 (1) c) GPDR
processing contracts, optimizing the website technically and economically, providing easy access to the website, optimizing, and statistically evaluating our services, improving the user experience, making the website user-friendly, marketing / sales / advertising, compiling statistics, preventing SPAM and abuse, customer service and customer care, processing contact enquiries, providing websites with functions and content, uninterrupted, secure operation of our website,
3. categories of data subjects according to Art. 13(1)(e) GDPR
Visitors/users of the website, customers, suppliers, interested parties, employees.
The data subjects are collectively referred to as "users".
To serve you better and understand your needs and interests, Threedy GmbH collects, exports, and uses personal information with adequate notice and consent, along with required filings with data protection authorities, when applicable.
When you visit our website, we may record your IP address and use cookies and other Internet technologies (referred to below as "Automated Tools" and "Embedded Web Links") to gather general information about our visitors and their interests. The technologies used and the information collected are described in more detail below.
We may further collect and process any information and data that you volunteer to us, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums, or when you make purchases.
Use and Purpose of Collected Personal Data
The information Threedy GmbH collects to understand your needs and interests helps Threedy GmbH deliver an optimized and personalized experience. Threedy GmbH will use such information only as described in this Privacy Statement. We will not subsequently change the way your personal data is used without your consent unless this is otherwise permitted by law.
We always process your personal data for a specific purpose.
Legal basis for the processing of personal data
Below we inform you about the legal basis for the processing of personal data:
If we have obtained your consent for the processing of personal data, Art. 6 (1) p. 1 lit. a) GDPR is the legal basis.
If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, which are carried out at your request, Art. 6 (1) S. 1 lit. b) GDPR is the legal basis.
If the processing is necessary for the fulfillment of a legal obligation to which we are subject (e.g., legal retention obligations), Art. 6 para. 1 p. 1 lit. c) GDPR is the legal basis.
If the processing is necessary to protect vital interests of the data subject or another natural person, Art. 6 (1) S. 1 lit. d) GDPR is the legal basis.
If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms are not overridden in this respect, Art. 6 (1) S. 1 lit. f) GDPR is the legal basis.
Disclosure of personal data to third parties and processors
As a matter of principle, we do not pass on any data to third parties without your consent. If this should nevertheless be the case, then the disclosure is made based on the previously mentioned legal grounds, e.g., in the case of the disclosure of data to online payment providers for the fulfillment of the contract or due to a court order or because of a legal obligation to hand over the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.
We also use processors (external service providers, e.g., for web hosting of our websites and databases) to process your data. If data is disclosed to processors as part of a contract processing agreement, this is always done in accordance with Art. 28 GDPR. In doing so, we carefully select our processors, regularly monitor them and have been granted a right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and comply with the data protection regulations according to BDSG n.F. and GDPR.
Deletion of data and storage period
Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as you revoke your consent to the processing or the purpose for the storage no longer applies or the data is no longer required for the purpose, unless their continued storage is necessary for evidentiary purposes or is precluded by statutory retention obligations. This includes, for example, retention obligations under commercial law for business letters in accordance with Section 257 (1) of the German Commercial Code (HGB) (6 years) and retention obligations under tax law for documents in accordance with Section 147 (1) of the German Fiscal Code (AO) (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion or fulfillment of a contract.
What data do we collect and why?
With the help of the collected data Threedy GmbH would like to offer you an optimal personal support. Threedy GmbH uses your data exclusively as described in this statement. Any subsequent change in the purpose of use is subject to your express consent unless the change is otherwise legitimized by applicable legal provisions.
We always process your personal data for a specific purpose.
In particular we process your personal data for the following purposes:
To manage our relationship with you, e.g., through our databases, in which we collect data about you from our various sources to get an overview of the collaboration; also, to improve and individualize our understanding of your preferences and our communication with you.
To process your orders and deliver the products and services that you have ordered.
To implement tasks in preparation of or to perform existing contracts.
To evidence transactions and ensure transparency on transfers of value.
To provide you with appropriate and current information about research as well as our products and services.
To improve the quality of our products and services by adapting our offering to your specific needs.
To answer your requests and provide you with efficient support.
To manage communications and interactions with you.
To track our activities (e.g., measuring interactions or sales, number of appointments/calls, issues discussed, documents presented).
To invite you to events sponsored or used by us (e.g., speaker events, conferences);
To grant you access to our specified IT systems so that you can use certain services of Threedy GmbH.
To manage our IT resources, including infrastructure management and business continuity.
To preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, internally defined contribution caps, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
Archiving and record keeping.
To support recruitment inquiries.
Billing and invoicing; and
any other purposes imposed by law and authorities.
In certain cases, we are legally obliged to transfer certain data to the requesting government agency (institution or authority). The legal basis for the processing is Art. 6. Para. 1 (c) GDPR and Art. 24 Para. 2, No 1 of the German Federal Data Protection Act
In some cases, business partners require personal information from our customers. This is usually done for the purpose of order fulfillment (e.g., in case of complaints). This is expressly provided for by law. In this case, Threedy GmbH remains responsible for the protection of your data – in addition, the processor may also be responsible. The service provider works strictly in accordance with our instructions, which Threedy GmbH ensures by means of strict contractual regulations.
To fulfil legal obligations to record, document and report to the responsible authorities.
Provision of our website and creation of log files
If you only use our website for informational purposes (i.e., no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
IP address.
Internet service provider of the user.
Date and time of access.
Browser type.
Language and browser version.
Content of the retrieval.
Time zone.
Access status/HTTP status code.
Amount of data.
Websites from which the request came.
Operating system.
A storage of this data together with other personal data of you does not take place.
This data is used for the purpose of user-friendly, functional, and secure delivery of our website to you with functions and content as well as its optimization and statistical evaluation.
The legal basis for this is our legitimate interest in data processing, which also lies in the above purposes, according to Art. 6 para. 1 p.1 lit. f) GDPR.
For security reasons, we store this data in server log files for a storage period of days. After this period, they are automatically deleted, unless we need to keep them for evidence purposes in the event of attacks on the server infrastructure or other legal violations.
IP Addresses
We use IP addresses to help diagnose problems, to administer our website, and to gather demographic information. We may also use IP addresses or other information you have shared on this website to determine which pages on our sites are being visited and topics that may be of interest so we can provide you with information about relevant products and services. We use the insights gained to offer you an optimized range of information on our products and services. As a matter of principle, Threedy GmbH will aggregate such data only in an anonymous way and will not tie it to a particular individual unless he or she has given consent.
Threedy GmbH will only gather information related to your visit to the Threedy GmbH website. We do not track or collect personal information from your visits to websites of companies or entities outside the Threedy GmbH group of companies.
Cookies
a) We use cookies on our website(s). These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies cannot do damage to your computer and do not contain viruses, Trojans, or any other malware. The information stored in the cookie pertains to the specific device used. This, however, does not give us direct knowledge of your identity. The use of cookies serves to make using our online services more pleasant for you. For example, we use what are known as session cookies to determine that you have already visited individual pages on our website. These are automatically deleted after leaving our website.
b) In addition, to further improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our website again to use our services, we will automatically determine that you have already visited our website and what inputs and settings you have made to avoid having to re-enter them.
c) Furthermore, we use cookies to statistically record the use of our website and to analyze it for the purpose of optimizing our website offerings. These cookies enable us to automatically determine that you have visited our website before.
d) The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and the interests of third parties under Art. 6 Para.1 Sent. 1 (f) GDPR.
e) Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer or that a notice is displayed before a new cookie is created. Disabling cookies completely, however, may mean that you will not be able to all the features on our website.
Cookies are otherwise stored on your computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
Here you can find information about deleting cookies by browser:
Chrome: https://support.google.com/chrome/answer/95647
Safari: https://support.apple.com/guide/mdm/managing-safari-cookies-mdmf7d5714d4/web
Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Internet Explorer: https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies
Email Addresses
If you choose to give us your email address or submit it through our contact form, we will communicate with you via email. We do not share your email address with third parties. You can opt out from receiving future emails from Threedy GmbH at any time.
External Service Providers
We work with service providers that process certain data on our behalf. This is done exclusively in accordance with the applicable data protection laws. In particular we have entered into commissioned data processing agreements with our service providers which satisfy the requirements of Art. 28 GDPR.
Data Transfer, Transfer to a Third Country
Your personal data will not be transferred to third parties for any purposes other than those set out below. We will only transfer your personal data to third parties if:
a) You have given your express consent in accordance with Art. 6 Para. 1 Sent. 1 (a) GDPR, Art. 26 Para. 2 German Federal Data Protection Act (BDSG),
b) The transfer is necessary in accordance with Art. 6 Para. 1 Sent. 1 (f) GDPR for the purpose of asserting, exercising, or defending legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
c) in the event that there is a legal obligation to transfer the data pursuant to Art. 6 Para. 1 Sent. 1 (c) GDPR and
d) this is legally permissible and necessary under Art. 6 Para. 1 Sent. 1 (b) GDPR, Art. 26 Para. 1 German Federal Data Protection Act (BDSG) for the execution of a contractual relationship with you or for pre-contractual measures at your request.
Transfer to a third country or an international organization is not intended and there is no automated decision making unless otherwise provided in this Privacy Statement.
Threedy GmbH may also share such information with business partners, service providers, authorized third-party agents, or contractors in order to provide a requested service or transaction, including processing orders, providing customer support, or providing you with information on products and services that may be of interest to you.
We do not sell or rent your personal data to third parties for marketing purposes unless you have granted us permission to do so.
Threedy GmbH may respond to subpoenas, court orders, or legal process by disclosing your personal data and other related information, if necessary. We also may choose to establish or exercise our legal rights or defend against legal claims.
Circumstances may arise where, whether for strategic or other business reasons, Threedy GmbH decides to sell, buy, merge, or otherwise reorganize businesses. Such a transaction may involve, in accordance with applicable law, the disclosure of personal information to prospective or actual purchasers. It is Threedy GmbH's practice to seek appropriate protection for information in these types of transactions.
We may collect and possibly share personal data and any other additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of Threedy GmbH's terms of use, or as otherwise required by law.
Data transfer to third countries
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data is therefore predominantly processed by companies to which the GDPR applies. If, however, processing is carried out by services of third parties outside the European Union or the European Economic Area, these must meet the special requirements of Art. 44 et seq. GDPR. This means that the processing takes place based on special guarantees, such as the officially recognized determination by the EU Commission of a level of data protection corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called "standard contractual clauses".
Analysis Tools
The tracking measures listed below and used by us are carried out based on Art. 6 Para. 1 Sent. 1 (f) GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. Furthermore, we use tracking measures to statistically record the use of our website and to analyze it for the purpose of optimizing our website offerings. These interests are considered legitimate within the meaning of the afore mentioned provision. For the respective data processing purposes and data categories, please refer to the corresponding tracking tools described in detail below.
Privacy Statement for the use of Fathom Analytics
This website uses the Fathom analytics service. Fathom is not based on "cookies." No cookies are set and no personal information about you is stored. Fathom is therefore completely compliant with the GDPR. The use of Fathom is based on Art. 6 (1) lit. f GDPR. The site operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both the web offer and marketing campaigns. The Fathom privacy policy can be found here: https://usefathom.com/privacy
Privacy Statement for the Use of Youtube plugins
Our website uses plugins from the YouTube site operated by Google. The operator of this site is: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information on the handling of user data, please refer to YouTube's privacy policy at: https://marketingplatform.google.com/about/analytics/terms/us/, overview of data protection: https://support.google.com/analytics/answer/6004245?hl=en, as well as the privacy policy: https://policies.google.com/privacy?hl=en&gl=en.
If you do not wish to participate in the tracking process, you can generally deactivate the automatic setting of cookies in your browser settings. You can also block cookies specifically for conversion tracking by modifying your browser settings so that cookies from the domain "googleadservices.com" are not permitted.
Further information as well as Google's privacy policy can be found here und here.
Privacy Statement for the Use of Google ReCAPTCHA
We have integrated the anti-spam function "reCAPTCHA" from "Google" (provider: Google Ireland Limited, Reg. No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland).
Data category and description of data processing: Usage data (e.g., website accessed, IP). By using "reCAPTCHA" in our forms, we can determine whether the input was made by a machine (robot) or a human. When using the service, your IP address and possibly other data required for this purpose may be transmitted to Google servers in the USA.
Purpose of processing: Prevention of spam and abuse as well as our economic interest in optimizing our website.
Legal basis: If you have given your consent ("opt-in") for processing of your personal data by means of "reCaptcha" from the third-party provider, then Art. 6 para. 1 p. 1 lit. a) GDPR is the legal basis. In addition, the legal basis is our legitimate interest in data processing in accordance with Art. 6 para. 1 p.1 lit. f) GDPR, which lies in the above purposes.
Data transfer/recipient category: third-party providers in the USA. Storage period: until the cookies are deleted by you as the user.
You can find more information about Google ReCAPTCHA at https://www.google.com/recaptcha/ and in Google's privacy policy at: https://policies.google.com/privacy.
Social media presence
Data transfer/recipient category: social network
The data protection notices, information options and objection options (opt-out) of the respective networks / service providers can be found here:
- Twitter - Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
- XING - Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - privacy policy/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
- LinkedIn - Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) - Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-Out: https://www.linkedin.com/legal/cookie-policy
Links to Other Sites
Our website may contain links to other sites. Threedy GmbH is not responsible for the privacy practices or the content of other websites outside of Threedy GmbH.
Data Retention
Threedy GmbH will not retain your personal data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
Applicant Privacy Notice
(1) We process applicant data only for the purpose and in the context of the application procedure in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfil our (pre)contractual obligations within the scope of the application procedure pursuant to Art. 6 Para. 1 (b). GDPR, Art. 6 para. 1 (f) GDPR insofar as data processing becomes necessary for us, e.g., within the framework of legal proceedings (in Germany, Art. 26 of the German Federal Data Protection Act (BDSG) also applies).
(2) The application process requires that applicants provide us with their data. Necessary applicant data are personal details, postal and contact addresses and the documents accompanying the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.
(3) By submitting the application to Threedy GmbH, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this Privacy Statement.
(4) As far as special categories of personal data pursuant to Art. 9 Para. 1 GDPR are voluntarily disclosed in the application process, they are additionally processed in accordance with Art. 9 Para. 2 (b) GDPR (e.g., health data, e.g., severely disabled status or ethnic origin). As far as special categories of personal data pursuant to Art. 9 Para. 1 GDPR are requested from applicants in the application process, they are additionally processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g., health data, if these are required for exercising the profession).
(5) Applicants can submit their applications through the online portal or by e-mail to the following address recruiting@threedy.io.
(6) The data provided by applicants may also be made available to the extended Management Board as part of the review of the application documents received. In the event of a successful application, the data will be processed electronically by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted after 7 months. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
(7) Subject to a justified revocation by the applicant, the data will be deleted after the application process has been completed for 7 months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. With the applicant's consent, the data may be stored in the internal applicant pool.
Data Subject Rights
You have the right.
a) in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your personal data have been or will be disclosed, the planned storage period, the existence of the right to rectification, deletion, restriction or objection of processing of personal data, the right to lodge a complaint with a supervisory authority, the origin of your data where the personal data was not collected by us, and the existence of automated decision-making and, if applicable, meaningful information about the logic involved;
b) in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect data or the completion of your personal data stored by us.
c) to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
d) in accordance with Art. 18 GDPR to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims, or if you have filed an objection to the processing in accordance with Art. 21 GDPR.
e) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request its transfer to another person responsible.
f) in accordance with Art. 7 Para. 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing the data based on this consent in the future and
g) in accordance with Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of the registered office of our company.
The competent supervisory authority for data protection for Threedy GmbH is:
Hessen Aufsichtsbehörde
Der Hessische Datenschutzbeauftragte
Address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden
P.O. Box: 31 63, 65021 Wiesbaden
Phone: 0611 14080
Fax: 0611 1408 - 900
E-Mail: poststelle@datenschutz.hessen.de
Internet: http://www.datenschutz.hessen.de
For the assertion of the afore mentioned rights as well as for questions regarding data protection, you can contact the person responsible or send an email to dsb(at)weisser-griesshaber.de.
Right to Object
If your personal data are processed based on legitimate interests pursuant to Art. 6 Para. 1 Sent. 1 (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation, or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to exercise your right of withdrawal or objection, simply send an e-mail to privacy(at)threedy.io
Data Security
a) While you visit our website, we use the common SSL procedure (Secure Socket Layer) with the highest possible encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will resort to128-bit v3 technology instead. Whether an individual page of our website is transmitted in encrypted form is indicated by the display of the closed key/lock symbol in the lower status bar of your browser.
b) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Changes to This Privacy Statement
In the event of new developments such as changes to the applicable data privacy laws, we will, if necessary, update this privacy statement accordingly.
Last updated: January 2, 2023
