Data protection information

Data protection information from 3D-Shape GmbH for www.3d-shape.com
Valid as of May 25, 2018

1. Controller and data protection officer
(1) The controller in accordance with Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR) or service provider in accordance with § 13 of the German Telemedia Act (TMG) is:

3D-Shape GmbH
Am Weichselgarten 21
91058 Erlangen

(2) The data protection officer for the controller can be contacted at:

ISRA VISION AG
The Group Data Protection Officer
Industriestraße 14
64297 Darmstadt
Email: dataprivacy@isravision.com

2. Source of personal data
We process your personal data which we receive from you during the course of your visit to our website, as part of your contacting us by email or via a contact form.

3. Categories of the processed personal data
(1) If you visit or use our website strictly for informative purposes, i.e. if you do not register or provide us with information in another form, we only collect the personal data which your browser passes on to our server. When you want to view our website, we collect the following data which is required from a technical standpoint to display our website to you and which ensures its stability and security:
- your IP address,
- date, time and duration of your visit,
- content of your request (specific page),
- respectively transmitted data volume and access status (files transmitted / not transmitted),
- website from which the request comes,
- your browser type,
- your operating system,
- your device type.
This data is solely used for internal statistical purposes.

4. Other functions and offers on our website
(1) Along with the purely informative use of our website, we also offer different services which can be used when of interest to you. This generally requires that you provide additional personal data, which we then use to perform the respective service and to which the previously defined principles on data processing apply.
(2) When contacting us by email, the following personal data must be given: name, telephone number and email address.
This personal data is saved by us for the purpose of responding to your request.

5. Categories of recipients of personal data
(1) Some of the above-mentioned processes and services are performed on our behalf by third-party service providers which have been carefully selected according to data protection principles. These external service providers are bound to our instructions and are checked on a regular basis.
(2) With regard to transferring data to other recipients, we shall only provide information on you when legal provisions require this, you have consented or when we are authorized to transfer such data. If these requirements are met, recipients of personal data may include:
public bodies and institutions (e.g. financial authorities, law enforcement authorities) when there is a legal or official obligation,
other companies within the Group.

6. Purposes for which personal data is to be processed and legal basis for processing
We process your personal data in compliance with the respectively applicable statutory data protection regulations. The processing is lawful when the following conditions are met:
Consent (Article 6, Para. 1 (a) of the GDPR):
The processing of personal data is lawful when the consent to process the data for defined purposes (e.g. processing of your query, use of the data for marketing purposes) has been given. The granted consent can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent that were issued to us before the GDPR entered into force, hence before May 25, 2018.
Based on compliance with contractual obligations (Article 6, Para. 1 (b) GDPR):
We process personal data in order to fulfill our contractual obligations or to carry out precontractual measures performed upon request. The purposes of the data processing primarily arise from your query.
Based on compliance with legal obligations (Article 6, Para. 1 (c) GDPR):
3D-Shape GmbH is subject to various legal obligations. These include:
Commercial and tax-related retention regulations in accordance with the German Commercial Code and Tax Code.
Compliance with tax law-related control and notification obligations.
For the purposes of legitimate interests (Article 6, Para. 1 (f) GDPR):
If required, we process your personal data beyond the actual fulfillment of the contract to safeguard our legitimate interests or those of third parties. Examples:
Assertion of legal claims and defense in case of legal disputes,
Ensuring IT security and IT operations,
For the analysis and improvement of the use of our website.

7. The intention of transferring personal data to a third country or an international organization
An active transferring of personal data to a third country shall only take place when this has been explicitly pointed out as part of the above-mentioned services.

8. Criteria for specifying the duration for which the personal data is stored
(1) The data is stored in accordance with legal provisions governing data processing and in consideration of statutory retention periods. We process and use your personal data exclusively for the purposes you have authorized and for as long as the data is required for these purposes.
(2) If the personal data is no longer needed for the purpose or to comply with legal obligations, such data will generally be deleted unless their temporary and possibly restricted processing is required for the following purposes:
Compliance with commercial and tax-related retention obligations: The German Commercial Code (HGB) and the Tax Code (AO) shall be named in this regard. These stipulate retention or documentation periods of up to 10 years.
The preservation of evidence under the statutory limitation regulations. In accordance with §§ 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, this can be up to 30 years under special circumstances.

9. Your data protection rights
(1) Every affected person has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in accordance with Article 21 GDPR and the right to data portability as per Article 20 GDPR. The restrictions in accordance with §§ 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right of access and the right to erasure. Furthermore, there is a right to lodge a complaint with a responsible data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG).
(2) You can revoke the consent granted to us for the processing of personal data at any time with effect for the future. This also applies to the revocation of declarations of consent that were issued to us before the General Data Protection Regulation entered into force, hence before May 25, 2018.
(3) You have the right, based on reasons arising from your special situation, to assert your objection to the processing of data related to your person, collected based on Article 6, Para. 1 (e) GDPR (data processing carried out in the public interest) and Article 6, Para. 1 (f) GDPR (data processing for the purposes of legitimate interests) at any time.
Should you file an objection, we shall no longer process your personal data, unless we can provide verification of the legitimate grounds for the processing that override your interests, rights and freedoms, or when the processing serves the assertion, execution or defense of legal claims.
The objection is free of form and should be directed to:

ISRA VISION AG
The Group Data Protection Officer
Industriestraße 14
64297 Darmstadt
Email: dataprivacy@isravision.com

10. Obligation for the provision and possible consequences of a non-provision of personal data
Within the scope of using our offers, you must provide the personal data which is required to fulfill the purpose or which we are obligated to collect by law. Without this data, we will generally not be able to conclude the contract with you or execute such contract.

11. Data security
We also use technical and organizational security measures to protect incoming or collected personal data, in particular against accidental or intentional manipulation, loss, destruction or against attacks by unauthorized persons. Our security measures are continuously improved in line with technological advances.

12. Changes to the data protection information
We develop and optimize our services on an ongoing basis. Therefore, new functionalities may be added. Should this influence the way we process your personal data, we will inform you of this in our data protection information in a timely manner.