Privacy Policy

In summary…

  • We use your personal data to provide software products and services (including marketing communications, where you have requested them), manage our business, comply with our legal obligations, and improve and monitor the performance of our digital platforms
  • We may add your personal data to our contact database 
  • We have measures in place to safeguard your personal data when we transfer it outside the European Union
  • We take steps to minimise the amount of personal data we hold about you and to keep it secure
  • We delete your personal data when we no longer need it, and we have policies in place to govern when that is
  • You have a number of rights in relation to your personal data
  • We are happy to answer your questions about any of the above – please just send them to dpo@ux3d.io 

For further details about how we process your personal data you can read the notice below:

Index

  • About this notice
  • Our data protection responsibilities
  • What types of personal data do we collect and where do we get it from?
  • What do we do with your personal data, and why?
  • Who do we share your personal data with, and why?
  • Where is your personal data transferred to?
  • How do we keep your personal data secure?
  • How long do we keep your personal data for?
  • What are your privacy rights and how can you exercise them?

1. About this notice

  • For the purposes of this notice, the controller is UX3D GmbH, Neumarkter Str. 21, 81673 Munich, Germany, Phone: +49 89 2 15 44 25 80, Fax: 089215442588, E-Mail: info@ux3d.io (the controller is also referred to in this notice as “UX3D”, “we”, “our” and “us”). We have appointed a data protection officer (DPO). You can contact our DPO at dpo@ux3d.io
  • This notice explains how and why we use your personal data when we provide you with software and related services, when you use our websites and other digital platforms, and when we send you marketing communications.
  • In this notice, when we talk about personal data we mean any information that relates to an identifiable natural person – in this case, you.
  • You should read this notice, so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. If you have any questions about this notice, please contact info@ux3d.io.
  • Our data protection responsibilities
  • UX3D is a “controller” in relation to its use of your personal data. This is a legal term – it means that we make decisions about how and why we use your personal data and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws. We are required by law to give you the information in this notice.
  • What types of personal data do we collect and where do we get it from?
  • The personal information we process about you broadly falls into the following main categories: (i) Contact Information; (ii) Transaction Information; (iii) Marketing Preferences; and (iv) Browsing Information.
  • We collect your personal information from various sources. The table below sets out the different types of personal information that we collect and the sources we collect it from.
CategoryType of personal dataCollected from
Contact Information
  • Name

  • Address

  • Telephone number

  • Organisation details (eg your place of work, job title and organisation contact information)
  • You
    Transaction Information
  • Contact Information (see above)

  • Details relating to your purchase/lease of our products and services
  • Billing and payment information

  • You/your organisation’s banking details

  • IP address
  • You and your use of our digital platforms
    Marketing Preferences
  • Contact information (see above)

  • Marketing communications preferences
  • You
    Browsing Information
  • Information automatically generated through your use of our websites and other digital platforms

  • IP address

  • Information revealing the location of your electronic device
  • You and your use of our digital platforms

    Please note that if you do not provide us with your Contact Information we will not be able to provide you with any information you request, and if you do not provide us with your Contact Information, or Transaction Information, we will not be able to provide our products and services for you.
    What do we do with your personal data, and why?
    We use your personal data for a number of different purposes. We must always have a “lawful basis” (ie a reason, prescribed by law) for processing your personal data. The table below sets out the purposes for which we process the different categories of your personal data and the corresponding lawful basis for that processing. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.

    What do we do with your personal data, and why?

    We use your personal data for a number of different purposes. We must always have a “lawful basis” (ie a reason, prescribed by law) for processing your personal data. The table below sets out the purposes for which we process the different categories of your personal data and the corresponding lawful basis for that processing. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.

    Lawful basis

    Purposes of processingYour consentTo perform a contract with you To comply with a legal obligationFor our legitimate interests
    Contact Information
    Responding to your enquiries (e.g. when you submit a request via our “contact” form)xx
    (It’s important that we can respond to your enquiries)
    Transaction Information
    (This applies only to the web shop)
    Establishing you/your organisation as a customer on our systemsx
    Providing you/your organisation with products and servicesx
    Auditing whether you/your organisation complies with the terms of use (EULA) and licensing terms and conditions xx
    (It’s important that we can verify your compliance with the EULA)
    Taking payment from you in respect of our products and servicesx
    Marketing Preferences
    Sending you marketing communicationsx
    Browsing Information
    Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionalityx
    (We need to perform this limited routine monitoring to make sure our platforms work properly)
    For uniform representation of fontsx
    (A uniform and attractive presentation of our website is our legitimate interest)
    Contact Information, Transaction Information, Marketing Preferences and Browsing Information
    Managing, planning and delivering our business and marketing strategies x
    (As a tech firm, we need to use certain customer personal data for our business development strategies)
    Continuously reviewing and improving our products and services and developing new onesx
    (We have a legitimate interest in making sure that we are continuously improving our service offering)
    All categories
    Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activityx
    Complying with instructions from law enforcement agencies, any court or otherwise as required by lawx
    For our general record-keeping and customer relationship managementxxx
    (As a firm, we need to store customer related files so we can refer back to them)
    Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation xx
    (We have a legitimate interest in being able to sell any part of our business)
    Resolving any complaints from or disputes with youxx
    (We need to be able to try and resolve any complaint or dispute you might raise with us)

    Please note that Transaction Information will only be used in connection with the web shop and the use of the software.

    We do not process special categories of personal data.

    Cookies and similar technologies:

    Cookies EU
    Cookies UK
    Cookies CA
    Cookies US

    Who do we share your personal data with, and why?

    • Sometimes we share your personal data with third parties, including the following:other companies in or branches or offices of UX3D for the purposes set out in this privacy notice.
    • courts, where we are asked to respond to a court order or other binding requests;
    • regulatory authorities and law enforcement agencies, where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations; and
    • professional advisors (such as lawyers and accountants).

    These organisations will also use your personal data as a “controller” – they will have their own privacy notices which you should read, and they have their own responsibilities to comply with applicable data protection laws.

    • We also ask third party service providers to carry out certain business functions for us. These include:
    • IT support, cloud platform and data hosting providers who help us with the operation of our websites, mobile applications, and other systems and applications;
    • Stripe, who provides payment processing services (PayPal, credit card). Your cardholder and account data is sent directly to Stripe. Whenever you use the services of Stripe, the Stripe privacy policy applies in addition;
    • third party debt recovery organisations where we need to recover any money you owe us;
    • marketing service providers, including companies who send out surveys and marketing communications on our behalf; and
    • survey providers who help collate customer feedback for us.

    We will have in place an agreement with our service providers which will restrict how they are able to process your personal data and impose appropriate security standards on them.

    Where is your personal data transferred to?

    We will sometimes need to transfer your personal data outside the European Union. We will only make that transfer if:

    • that country ensures an adequate level of protection for your personal data;
    • the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data – this includes for example, the EU-US Privacy Shield which enables the secure transfer of personal data to the United States;
    • we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission.
    • the transfer is permitted by applicable laws; or
    • you explicitly consent to the transfer.

    If you would like to see a copy of any relevant provisions, please contact us.

    How do we keep your personal data secure?

    We will put in place appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.

    However please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk. You are responsible for keeping any passwords you use to access our platforms safe.

    How long do we keep your personal data for?

    We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:

    • any laws or regulations that we are required to follow; The most important legal obligations result from § 257 of the German Commercial Code (HGB) and § 147 of the German Fiscal Code (AO) and are for six and ten years respectively. The statutory periods of limitation can be up to thirty years according to §§ 195 ff. of the German Civil Code (BGB), whereby the regular period of limitation is three years;
    • whether we are in a legal or other type of dispute with each other or any third party;
    • the type of information that we hold about you; and
    • whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

    What are your privacy rights and how can you exercise them?

    Where our processing of your personal data is based on your consent (see table at paragraph ‎4.1 above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.

    Where our processing of your personal data is based on the legitimate interests (see table at paragraph ‎4.1 above), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
    You have the right to (subject to certain limitations):

    • access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;
    • require us to correct any inaccuracies in your personal data without undue delay;
    • require us to erase your personal data;
    • require us to restrict processing of your personal data;
    • receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (see table at paragraph ‎4.1 above) and where the processing is automated; and
    • object to a decision that we make which is based solely on automated processing of your personal data.

    Please contact us if you would like to exercise any of your privacy rights.

    We also encourage you to let us know if you have any concern about how we are processing your personal data so we can try to resolve your concerns. However, if you consider that we are in breach of our obligations under data protection laws, you are always entitled to submit a complaint with the Data Protection Supervisory Authority. Your competent Data Protection Supervisory Authority will depend on the state of your residence, your work or the alleged violation. A list of the supervisory authorities (for the non-public sector) with their addresses can be found here.