Privacy Policy

If you use our website your personal data will be processed, which is why we are required to inform you about specific processing conditions in accordance with Art. 13 General Data Protection Regulation (GDPR). We are happy to fulfil this obligation with this Privacy Policy:

For the sake of greater transparency we will start by explaining general terms relating to the processing of personal data. The specific duties to provide information under Art. 13 GDPR are fulfilled under B.

Personal data is all data that can be related to you personally, for example, name, address, email addresses, user behaviour.

If personal data is processed by a provider on behalf of a processor, the conclusion of a data processing agreement (DPA) is required in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

If you have given your consent for the processing of data in accordance with Art. 6(1)(a) GDPR, § 25(1) Telemedia Data Protection Act (TDDDG) or Art. 9(2)(a) GDPR, you can revoke this consent at any time vis-à-vis us by contacting us, Art. 7(3) GDPR. The revocation of consent does not affect the legality of processing based on consent up to the point of revocation.

The EU-US Data Privacy Framework is an agreement on the exchange of data between the European Union and the United States of America. It ensures the rights of data subjects whose data is processed in the USA. An adequacy decision, as defined in Art. 45 of the GDPR, has been adopted by the European Commission, according to which an adequate level of protection has been determined. Providers can opt to undergo self-certification. If certification is obtained, the data transfer to this US provider is covered by the adequacy decision.

The data controller pursuant to Art. 4 (7) GDPR is the

3dsupply GmbH & Co. KG, Umlostraße 50c, 33649 Bielefeld

represented by 3dsupply Beteiligungs-Gesellschaft mbH, ibid, in turn represented by Managing Director Marius Laabs, ibid

Email: [email protected]

Telephone: +49 521 44818650 

(please refer to our 'Company Information').

You have the following rights vis-à-vis us as outlined in I. with respect to your personal data: 

You also have the right to lodge a complaint to a data protection supervisory authority about our processing of your personal data.

The competent supervisory authority is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestraße 2-4

40213 Düsseldorf

Telephone: +49 211 38424 0

Email: [email protected]

For reasons of better transparency, we fulfil these duties to provide information in each case when explaining the specific processing activity. 

We host the content of our website with the following provider:

Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen.

When you visit our website, the provider records various log files including your IP addresses. For details, please refer to the provider’s Privacy Policy: https://www.hetzner.com/legal/privacy-policy.

We have concluded a DPA with the aforementioned provider.

This site uses SSL or TLS encryption to ensure security and protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. An encrypted connection can be identified by the browser’s address line changing from ‘http://’ to ‘https://’ and by the presence of a lock symbol in the browser’s address bar. If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

The site provider automatically collects and stores information in so-called ‘server log files’, which your browser automatically transmits to us. These are:

This data is not merged with other data sources.

This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – the server log files must be recorded for this purpose.

When you use our website, we, in addition to using the aforementioned data, utilise technical aids for a variety of functions, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter you can choose whether to accept cookies in general or whether you would like to select particular additional functions. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical perspective before going into more detail about your individual choices by describing technically necessary cookies and cookies that you can voluntarily select or deselect.

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can be transferred to the organisation that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer. Instead, they are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis are explained below: Transient cookies: Such cookies, especially session cookies, are automatically deleted when you close the browser or log out. They contain a so-called session ID. In this way, various requests from your browser can be assigned to the shared session and your computer can be recognised when you return to our website.

Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies that have been set and their duration at any time in your browser settings and delete them manually.

Other technologies: These functions are not based on cookies but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. The result is also that we can use the technologies described below. Here, too, you can of course consent or object.

Mandatory functions that are technically necessary to display the website: The website’s technical structure requires us to use technologies, in particular cookies. Without these technologies our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager.

Optional cookies if you grant your consent: We only set various cookies with your consent, which you can select when you first visit our website using the Cookie Consent Tool. The functions are only activated with your consent and may be used in particular to enable us to analyse and improve visits to our website, to make it easier for you to use our website via different browsers or end devices, to recognise you when you visit our website or to place advertising (possibly also to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for this processing is Art. 6(1)(1)(a) GDPR, § 25(1) TDDDG.

You can revoke your consent at any time without this affecting the legality of the processing up to the point of revocation.

The functions we use, which you can select and revoke individually via the Consent Manager, are described below.

We use the tag manager of the provider Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. With the help of the Tag Manager, we can integrate statistical and analysis tools on our website. The tag manager itself does not store any cookies and does not have any analysis functions. The Tag Manager therefore only records your IP address. Google acts as a processor and we have concluded a corresponding contract with Google.

The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. The provider is an active participant in the EU-US Data Privacy Framework, which defines rules for the secure transfer of data to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46(2), (3) GDPR, which are intended to ensure that data processing is harmonised with European standards. In an implementing decision the EU Commission assessed these clauses as appropriate safeguards for the transfer of personal data to the USA. Further information from the provider can be found at: https://policies.google.com/privacy/frameworks?hl=en.

The legal basis is our legitimate interest to quickly and easily integrate various analysis and statistics tools in accordance with Art. 6(1)(f) GDPR. If we request your consent, the processing is based on Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time without restriction.

We use the visitor action pixel of the provider Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland to measure the conversion of visitors to our website. Through conversion measurement, the behaviour of the site visitor can be tracked after they have been redirected to our website by clicking on a Facebook ad. In this way, the efficiency of advertising measures can be determined using Facebook for statistical purposes and for market research, which is beneficial for the optimisation of future advertising measures.

We do not have access to data collected in this manner. As such, we cannot draw any conclusions about the identity of the individual visitor. The provider processes this data and can also establish a connection to any user profile you may have with the provider. The provider therefore also uses this data for its own advertising purposes. We have no influence over this.

The legal basis for the use of Facebook Pixel is our legitimate interest in effective advertising measures using social media within the meaning of Art. 6 (1)(f) GDPR. If we request your consent, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with. § 25 I TDDDG. You have the right to revoke your consent at any time, without restriction. The provider also processes your data in the USA. The provider is an active participant in the EU-US Data Privacy Framework, which defines rules for the secure transfer of data to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46(2), (3) GDPR, which are intended to ensure that data processing is harmonised with European standards. In an implementing decision, the EU Commission assessed these clauses as appropriate safeguards for the transfer of personal data to the USA. Further provider information can be found at https://facebook.com/privacy/policy/.

By granting your consent, you can subscribe to our newsletter which we use to inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

We use the so-called 'double opt-in procedure' to register you for our newsletter.

This means that after you have been registered we will send an email to you at the specified email address. In it, we will ask you to confirm that you are the owner of the specified email address and that you wish to receive the notifications. If you do not confirm your registration within 24 hours your information will be blocked and automatically deleted after one month. We also store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6(1)(1)(a) GDPR, § 25 para. 1 TDDDG.

You can revoke your consent to distribution of the newsletter at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter email, by email to [email protected] or by sending a message to the contact details provided in the imprint.

To send our newsletter, we use the ‘Mailchimp’ tool from the provider The Roclet Science Group LLC, 675 Ponce de Leon Ave, NE Suite 5000, Atlanta, GA 30308 USA. This enables us to get in touch with newsletter subscribers and optimise your user behaviour to improve our offer.

The provider receives the following personal data from us for this purpose: Email address and, if provided, name and telephone number. The provider also collects information about your end device, the browser used, date and time as well as browser activities.

Mailchimp acts as a processor for the distribution of newsletters. We have concluded a corresponding order data agreement with the provider. 

Further information from the provider can be found at: https://www.intuit.com/privacy/statement/. 

Subject to statutory documentation or retention obligations, the data will be deleted if you revoke your consent to receive the newsletter. The data will also be deleted when the contract between us and the provider is terminated. 

The aforementioned data is usually transferred to a server of the provider in the USA and processed there. In principle, the USA is an unsafe third country within the meaning of Art. 44 GDPR. Nevertheless, the EU-US Privacy Framework includes an adequacy decision adopted by the European Commission under Art. 45 GDPR, according to which an adequate level of protection has been determined. The provider has opted for self-certification as an active member.

We have different profiles across social media platforms. We operate the websites of the following providers:

We use the technical platform and services of the providers for these information services. Please be advised that you use our social media profiles and their features at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your end device in the form of cookies. This information is used to provide us as the operator of the accounts with statistical information about the interaction with us.

The data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. The providers Meta and X (through X Corp.) are active participants in the EU-US Data Privacy Framework, for which the European Commission has determined an adequate level of protection within the meaning of Art. 45 GDPR. 

We do not know how the social media platforms use the data from your visit to our account and your interactions with our posts for their own purposes, how long this data is stored and whether data is shared with third parties. Data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons integrated into websites enable the platforms to record your visits to these websites and assign them to your respective profile. This data can be used to offer you customised content or advertising. If you do not want this you should log out or deactivate the ‘stay logged in’ function, delete the cookies on your device and restart your browser.

As the provider of the information service, we only process the data from your use of our service that you provide to us and that require interaction. For example, if you ask a question that we can only answer by email we will store your information in accordance with the general principles of our data processing, which we describe in this Privacy Policy. The legal basis is our legitimate interest in the advertising and presentation of our company in accordance with Art. 6(1)(1)(f) GDPR.

To exercise your rights as a data subject, you can contact us or the provider of the social media platform. If one party is not responsible for responding or must receive the information from the other party, we or the provider will then forward your enquiry to the respective partner. Please contact the operator of the social media platform directly if you have any questions about profiling and the processing of your data when using the website. If you have any questions about the processing of your interaction with us on our site, please write to the contact details which we have provided above.

What information the social media platform receives and how it is used is described by the providers in their privacy policies (see link in the table above). There you will also find information about contact options and the setting options for advertisements. Further information on social networks and how you can protect your data can also be found at www.youngdata.de.

You have the opportunity to apply to us via email at [email protected]. We collect your email address and any other personal data you provide, such as your first name, surname, telephone number, photo, CV, cover letter or references. The purpose of the processing is to process your application and subsequently contact you.

The legal basis for processing is pre-contractual measures relating to your application pursuant to § 26 (1) German Federal Data Protection Act (BDSG) in conjunction with Art. 6(1)(b), Art. 88 GDPR. Art. 6(1)(b), Art. 88 GDPR.

If an employment relationship is not concluded, we process the applicant data to protect our legitimate interest in a defence against legal claims and as evidence within the meaning of Art. 6(1)(f) GDPR.

We will delete your applicant data at the latest at the end of the third year after completion of the application process, subject to statutory retention obligations or further processing rights.

We operate a web shop on our website at www.3dsupply.de. If you wish to purchase an item in our web shop, you must provide your personal data, which is essential for concluding a contract and for processing your order. Mandatory information required for the processing of contracts is marked separately with an asterisk symbol; further information can be provided voluntarily. Mandatory information is: Email address, first name, surname, street, house number, postcode, city and country. For payment, you can provide your payment details to our payment service provider or we can also pass your payment details on to our principal bank, whereby these third parties are each independently responsible for processing the payment. The legal basis for this is the fulfilment of the contract pursuant to Art. 6(1)(1)(b) GDPR. If you provide information that is not part of the aforementioned mandatory information, this is done on the basis of you being able to revoke your consent at any time, without restriction, in accordance with Art. 6(1)(a) GDPR.

Due to commercial and tax law requirements, we must store your address, payment and order data for a period of ten years. This is derived, among other things, from § 147 Paragraph 2 in conjunction with Paragraph 1 No. 1.4 of the Tax Code and from § 257 Paragraph 4.1 of the German Commercial Code (HGB).

To prevent unauthorised access to your personal data by third parties, the order process is encrypted using TLS technology.

If you wish, you can create a customer account, which allows us to save your data for future purchases. When creating an account under 'Register' (https://3dsupply.de/en/eigener-shop), the data you provide will be stored on a revocable basis. You can delete all other data, including your user account, at any time in the customer area. The legal basis is your right to revoke consent at any time, without restriction, in accordance with Art. 6(1)(a) GDPR.

You can carry out the payment process via various payment service providers:

The respective provider receives the following personal data for this purpose: Name, address, email address, telephone number, device used, geolocation data, bank details. The provider stores your data until payment processing is completed, including the processing of refunds, receivables management and fraud prevention. 

Providers carry out a credit check for certain services, such as direct debit payments, to ensure solvency. The provider will thus pass on your aforementioned data to credit agencies.

You also have the option to make an advance payment. In this case, your personal data will not be shared with any of the providers. Your bank details (account holder, IBAN, sort code, name of bank) are provided to us with your bank transfer.

If you use the Stripe online payment system (a. No. 4), you have the option to pay with your credit card via the provider’s payment system. Stripe then forwards your data to the respective credit card provider. These are the following providers:

The legal basis for processing is the fulfilment of the contract pursuant to Art. 6(1)(b) GDPR.

The payment services are both data controllers and processors. As data controllers, they use your transmitted data to fulfil regulatory obligations under financial law. As processors, the payment services carry out the transaction on our behalf within their payment networks. In this respect, the payment services act as processors, and we have concluded a DPA with the providers.

We will store your data until the transaction is completed. This also includes the time required to process refunds, receivables management and fraud prevention. Your data will then be deleted subject to statutory retention obligations or retention rights.

You have the option to visit https://3dsupply.de/en/eigener-shop to create your own partner shop. If you use this option, we will store the data required for the settlement of payments for orders placed until you permanently delete your partner shop.

Furthermore, we store the voluntary data you provide for the duration of your use of the partner shop unless you delete it beforehand. You can manage and change all details in the protected customer area (under ‘Account’). To create a partner shop, you must create a customer account with us. This requires an email address and a password. The assignment of an individual name is the only information required for creating a partner shop.

You can then sign in with your login details and upload your own designs in the ‘Admin" area of your web shop and offer them for sale. In order to receive payment for sales, you must enter additional personal data under ‘Shop settings’. This applies to the following personal data: Name, contact person, street, house number, postcode, city, country, telephone number, IBAN.

We store the data received via the partner shop for the duration of the contractual relationship and, subject to conflicting retention obligations or retention rights, for a period of three years from the end of the contractual relationship. Due to commercial and tax law requirements, we must store your address, payment and order data for a period of ten years. This is derived, among other things, from § 147 Paragraph 2 in conjunction with Paragraph 1 No. 1.4 of the Tax Code and from § 257 Paragraph 4.1 of the German Commercial Code (HGB).

The legal basis is the fulfilment of the contract pursuant to Art. 6 (1)(1)(b) GDPR.