Privacy policy

Information on the collection of personal data

  1. We inform you in the following about the collection of personal data when using our website. Personal data are defined as all data pertaining to you personally, e.g., name, address, email addresses, user behaviour.
  2. Controller pursuant to Art. 4 (7) of the General Data Protection Regulation (hereinafter “GDPR”) is
    3U HOLDING AG
    Frauenbergstraße 31–33
    35039 Marburg
    Germany
    Telephone: +49 (0)6421 999 0
    Telefax: +49 (0)6421 999 1222
    email: info@3u.net

    You can contact our Data Protection Officer as follows:
    3U HOLDING AG
    Data Protection Officer
    Frauenbergstraße 31-33
    35039 Marburg
    Germany
    email: datenschutz@3u.net

  3. If we use the services of an external provider for individual functions of our offering, or if we would like to use your data for advertising purposes, we will inform you in detail about the processes involved, as per below. In this context, we will also cite the criteria determined for the duration of data retention.

Contact via email

  1. When you contact us via email, the personal data you provide us with (e.g., name, enquiry, email address, telephone number) will be used for the purpose of responding to your enquiry and stored by us for any eventual queries. We will not pass these data on to third parties without your consent.
  2. We will retain the data you send us when contacting us until you request us to delete them, revoke your consent to storing them, or if the purpose for storing the data no longer applies (e.g., after processing your request has been completed). Statutory requirements – legal retention periods in particular – remain unaffected.
  3. These data are processed on the basis of Art. 6 (1) lit. b GDPR if your request is in the context of fulfilling a contract or for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been solicited.

Collection of personal data on visiting our website

 When using the website purely for information, i.e. if you do not register with us or provide us otherwise with information, we will only collect the personal data which your browser sends to our server. If you would like to view our website, we collect the data below which we require for technical reasons to display the website to you and, based on Art. 6 (1) lit. f GDPR and in accordance with Section 25 German Telecommunications-Telemedia Data Protection Act (TTDSG), to guarantee its stability and security:

    • IP address
    • Date and time of your request
    • Time zone difference to Greenwich Mean Time (GMT)
    • Request content (specific page)
    • Access status/HTTP status cod
    • Data volume transmitted
    • Website from where the request was initiated
    • Browser
    • Operating system and its graphic user interface
    • Language and version of the browser software
  2. In addition to the aforementioned data, our website cookies will be stored on your computer when you use our website. Cookies are small text files placed on your hard disk and allocated to the browser you use and by means of which certain information is sent (in this case, by us). Cookies are not able to execute any programs or transmit viruses to your computer. The serve the purpose of making the Internet offering more user friendly and effective overall. The use of these cookies is also based on Art. 6 (1) s. 1 lit. f GDPR and 25 Abs. 2 TTDSG.

 Use of cookies:

 This website used the following types of cookies whose scope and function are explained in the following:

    • Transient cookies (see b)
    • Persistent cookies (see c)
  2. Transient cookies are automatically deleted when you close your browser. They include session cookies in particular. These session cookies store a so-called session ID used to allocate the various queries of your browser to the joint session. This enables your computer to be recognised again if you return to the website. Session cookies are deleted when you log out or close your browser.
  3. Persistent cookies are automatically deleted after a prescribed period that may differ depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
  4. We use cookies which are technically necessary and without which your visit to our website would not be possible. Furthermore, if we should use cookies which are not technically necessary we will ask for your consent.
  5. The lawful basis for using technically necessary cookies to display and facilitate the requisite functions of our website is Section 25 (2) TDDSG and Art. 6 (1) s. 1 lit. f GDPR (legitimate interest). Inasmuch as we do not use technically necessary cookies for the display and the requisite functions of our website, we will ask for your consent. The lawful basis for using these cookies is Section 25 (1) s.1 TDDSG and Art. 6 (1) s. 1 lit. a GDPR.
  6. Most browsers accept cookies automatically. Nevertheless, you can configure your browser not to accept cookies being stored on your computer or to have a message always displayed before a new cookie is set. The complete deactivation of cookies may lead to you not being able to use all the functions of our website, however.
  7. All the cookies used, the description of legally required information on the individual cookies and the (de)activation of your consent(s) are listed below:

 Integration of EQS Group’s share price

We have integrated iFrames (share price display) provided by EQS Group AG, Karlstraße 47, 80333 Munich (“EQS”) into our website.

EQS’s Stock Tool records your IP address in order to display the share price to you using an iFrame. No other customer data, such as browser information, location etc. are requested. The IP address is automatically deleted in cycles after 30 days. No personal data is transmitted to non-EU countries.

The lawful basis for the associated data processing is Art. 6 (1) f. GDPR.  The legitimate interest consists in informing our shareholders and interested parties of our share price.

Newsletter

If you subscribe to our newsletter we will be able to send you information about our current interesting offers. The lawful basis for this is your consent pursuant to Art. 6 (1) lit. a GDPR.

When our company’s newsletter is subscribed to, data in the respective input template is sent for processing to the data controller. The so-called “double opt in” process is used for subscriptions. What this means is that, after registering, you will receive an email which requests confirmation of your having registered.

When subscribing to our newsletter, the user’s IP address along with the date and time of registration are stored. This procedure prevents the misuse of services or of the email address of the person concerned. The data will not be passed on to third parties, with one exception: if there is a statutory obligation to transfer the data. The data are used exclusively for dispatching the newsletter. Anyone subscribing can terminate their subscription to the newsletter at any time. Similarly, consent to saving personal data can be withdrawn at any time. All newsletters contain a link for this purpose.

Use of Brevo

We use Brevo to dispatch our newsletters. The provider is the German company Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. The dispatch of newsletters is also organised and analysed with the aid of Brevo. The data you provide when subscribing to the newsletter are stored on Sendinblue’s servers in Germany. If you do not wish Brevo to analyse data, you will need to unsubscribe to the newsletter. We provide a link in all newsletters for you to do this. Emails sent by Brevo include what is known as a tracking pixel for the purpose of analysis. This pixel connects up with the Sendinblue servers when an email is opened and determines whether newsletter content has been viewed. Furthermore, we can ascertain through Brevo whether and which links were clicked in the newsletter. Links in the email can optionally be set as tracking links and used to count your clicks. The lawful basis for data processing pursuant to Art. 6 (1) lit. a GDPR. The recipient of the data is Sendinblue GmbH. No data are transferred to non-EU countries.
The data you have provided in the context of consenting for the purpose of receiving the newsletter are held by us until such time as you cancel the newsletter and, following such cancellation, will be deleted from our servers as well as from Sendinblue servers. Data we keep for other purposes (e.g., email addresses for the member area) will remain unaffected.

You have the possibility of revoking your consent to data processing at any time with effect for the future. The lawfulness of data processing activities already carried out shall remain unaffected by such revocation.
If you require more detailed information about data processing we recommend that you view the company’s privacy policy at: https://www.brevo.com/de/datenschutz-uebersicht/

Cookiebot

We use the Consent Management Software Cookiebot of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This allows us to obtain and manage consent from the web users to data processing.

When you consent to the use of cookies, your personal data are processed and stored via these cookies. If you agree to the use of cookies, this consent (Art. 6 (1) lit. a GDPR) also forms the lawful basis for the use of cookies and for processing your data. The Cookiebot is used to manage and basically enable your consent preferences. Using the Cookiebot is required for compliance with a statutory obligation to which we are subject (Art. 6 (1) pg 1 lit. c GDPR in conjunction with Art. 7 (1) GDPR).

In the event that you permit cookies, the following data are transferred to Cybot, stored and processed:

  • IP address (anonymised)
  • Date and time of your consent
  • Our website URL
  • Technical browser data
  • Encrypted, anonymous key
  • Cookies the use of which you have consented to (as proof of consent)

The following cookies are set by Cookiebot once you have given your consent to the use of cookies:

Name: CookieConsent
Purpose: Proof of your consent is stored in this cookie. This enables our website to read and follow the current status when the website is visited in the future.
Storage period: after one year

You can see which cookies are set in the Cookie declaration at https://www.cookiebot.com/de/cookie-declaration/.

Cybot is the recipient of your personal data. All data collected are transferred, stored and relayed exclusively within the European Union. Your personal data are deleted on a running basis after twelve months or directly after the contract between ourselves and Cybot has been terminated
You have the right to access your personal data at any time and to delete them. You can prevent data collection and data storage by rejecting the use of cookies through the cookie notification. Your browser offers another option for prohibiting data processing. You can find more information on Cookiebot’s data privacy at: https://www.cookiebot.com/de/privacy-policy/.

Use of Google DoubleClick

This website uses Google’s DoubleClick online marketing tool. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services within the region of Europe. Google DoubleClick cookies are set on the basis of Art. 6 (1) lit. a GDPR.
DoubleClick sets cookies for the purpose of placing advertisements relevant to the user, improving reports on campaign performance, or for avoiding showing the user the same adverts multiple times. Google uses a cookie ID to record which adverts are activated through which browser, which prevents the same adverts being displayed on multiple occasions. Furthermore, DoubleClick uses cookie IDs to record so-called conversions connected with advert requests. This is the case when a user views a DoubleClick advert and then accesses the advertiser’s website using the same browser and buys something from the website. Based on the marketing tool, your browser automatically establishes a direct connection with Google’s server. We do not have any influence on the scope and further use of the data which Google collects using this tool and therefore inform you accordingly about what we know: By harnessing DoubleClick, Google obtains information that you have accessed the respective part of our website or have clicked one of our adverts. If you are registered with a Google service, Google can allocate the session to your account. Even if you are not registered with Google, or not logged in, there is a possibility that the provider obtains and stores your IP address.
In the event that personal data are transferred to the US, Microsoft has agreed to observe the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/. You can find out more about how data are processed through Google DoubleClick by viewing the Privacy Policy at https://policies.google.com/privacy?hl=en-US

Use of Google Analytics

a) This website uses Google Analytics, a web analysis service provided by Google LLC. (for Europe: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland – “Google”). Google Analytics uses cookies which are text files stored on your computer to analyse how you use the website. Information generated by the cookie on your use of this website is generally transferred to a Google server in the US and stored there. We have activated IP anonymisation on this website. Google will therefore truncate your IP address at a prior point in time within member states of the European Union or in other countries party to the Agreement on the European Economic Area. The full IP address is only transmitted in exceptional cases to Google servers in the US and truncated there. Google will use this information on behalf of this website’s operator to analyse your use of the website, to compile reports on website activities and to provide other services connected with the use of the website and of the Internet in respect of the website operator. Accordingly, Google is a processor within the meaning of Art. 4 no. 8 GDPR. An agreement pertaining to processing by a processor pursuant to Art. 28 GDPR has been concluded. Google Analytics cookies are set on the basis of Art. 6 (1) lit. a GDPR.
b) The IP address sent by your browser in the context of Google Analytics is not combined with other Google data.
c) You can prevent cookies being stored by changing the settings in your browser software. Please note that, in this case, you may not be able to use all functions of this website to the full extent. You can also prevent the collection of your data on the use of the website generated by the cookie (including your IP address) and Google’s processing of these data by clicking the following link and downloading and installing the browser plug: https://tools.google.com/dlpage/gaoptout?hl=de.
d) This website uses Google Analytics with the “_anonymizeIp ()” extension. IP addresses are therefore processed in a truncated form, which excludes the possibility of data being linked to a specific individual. If the data collected makes personal identification possible, prevention is immediate, and the personal data promptly deleted.
e) We deploy Google Analytics to analyse the use of our website and improve it on a regular basis. The statistics gained from this process enable us to improve our offering and to make it more interesting for you as a user.
f) In the event that personal data are transferred to the US, Microsoft has agreed to adhere to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
g) This website also uses Google Analytics for the cross-device analysis of visitor traffic routed via a user ID. You can deactivate cross-device analysis of your usage in your customer account under “My Data”, “Personal Data”.

Use of Google Web fonts

This page uses what are known as web fonts made available by Google for the purpose of uniform display. When you access this page, your browser loads the necessary web fonts in your browser cache in order to display the text and fonts correctly. In this context, we keep the fonts locally so that no personal data is transferred to Google. If your browser does not support web fonts, your computer will use a standard font. You can find more information on Google web fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy.
Use of Google Maps
a) We use the Google Maps application via an API on this website. This enables us to display an interactive map directly on the website and to facilitate your use of the map function. Provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
b) Google Maps is deactivated the first time you visit this website so as to guarantee data protection on this website. Direct connection to Google servers is only established if you yourself activate Google Maps (consent pursuant to Art. 6 (1) lit. a GDPR). This serves to prevent your data being transferred to Google upon your first visit to the website.
c) After activation, Google Maps will store your IP address and information on your location. These data will then generally be sent to a Google server in the US and stored there. Once Google Maps has been activated this website’s provider has no influence data transfers. In the event that personal data are transferred to the US, Microsoft has agreed to observe the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
d) You can find more information on how user data are used by viewing Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
Use of Google Tag Manager
This website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Website tags are managed using Google Tag Manager, enabling connection with other services of our online offering. Consequently, the Tag Manager itself (which implements the tags) does not create any user profile or store any cookies, for instance. Google is only given information on the user’s IP address which is necessary for executing Google Tag Manager. The lawful basis for data processing is your consent pursuant to Art. 6 (1) lit. a GDPR. In the event that personal data are transferred to the US, Microsoft has agreed to observe the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/. You can obtain further information on Google Tag Manager on the website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy; types of processing and processed data: https://privacy.google.com/businesses/adsservices; data processing terms for Google advertising products and standard contractual clauses for non-EU country data transfers: https://business.safety.google/adsprocessorterms.

Use of YouTube

Our website incorporates the use of videos from the YouTube website. Provider of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites which incorporates YouTube, a connection will be established with YouTube servers. The YouTube server will be informed which of our websites you have visited. Furthermore, YouTube can store various cookies on your device. These cookies assist YouTube in obtaining information on visitors to our website. Among other purposes, this information is used for recording video statistics, improving user friendliness, and preventing attempts at fraud. The cookies remain on your device until you delete them. If you are logged into your YouTube account, YouTube can directly allocate your browsing habits to your personal profile. You can prevent this by logging out of your YouTube account. The lawful basis for using YouTube is your consent pursuant to Art. 6 (1) lit. a GDPR You can find more information on how user data are used by viewing YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de. In the event that personal data are transferred to the US, Microsoft has agreed to observe the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.

Use of Podigee

We use the Podigee service on our website based on the consent you have given pursuant to Art. 6 (1) lit. a GDPR. Podigee is a tool for music and podcasts. The service provider is the German company Podigee GmbH, Schlessische Straße 20, 10997 Berlin, Germany. You can find out more on how Podigee uses data by viewing the company’s Privacy Policy at https://www.podigee.com/en/about/privacy.

Data processing via social networks

We maintain publicly accessible profiles in social networks. Details on the social networks we use can be found below.

Social networks such as Twitter etc. can generally extensively analyse your user behaviour when you visit their websites, or a website with integrated social media content (e.g., like buttons or ad banners). Numerous processing processes relevant for data protection are triggered through visiting our social media contributions. In detail:

When you are logged into your social media account and visit our social media presence, the operator of the social media portal can allocate this visit to your user account. Under some circumstances, your personal data can also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, data are collected via cookies, for instance, which are saved on your device or by recording your IP address.

Data collected in this way enables social media portal operators to create user profiles which store your preferences and interests. Advertisements which may interest you can then be displayed both in and outside the respective social media presence. If you have an account with the relevant social network, advertisements of interest may be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing processes on the social media portals. Further data processing may then be carried out by the operators of social media portals depending on the provider. You can find details in the user terms and conditions and the privacy policies of the respective social media portals.

Lawful basis:
Our social media content is designed to guarantee as comprehensive an Internet presence as possible. This is based on legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks are based, where appropriate, on various lawful bases that are to be indicated by the social media network operators (e.g., consent within the meaning of Art. 6 (1) lit. a GDPR).

Controller and assertion of rights:
When you visit our social media content (e.g., on Twitter), we bear joint responsibility with the social media platform operator for the data processing operations triggered by this visit. You can fundamentally assert your rights (access, rectification, deletion, restriction of the processing, data portability and objection) both against us and against the social media portal operator (e.g., Twitter).

Please note that, despite joint responsibility with the social media portal operators, we are unable to exert full influence on the data processing operations of the social media portals. Our possibilities depend on the respective provider’s corporate policy.

Storage period:
The data which we capture directly via our social media presence are deleted by our systems, if you request us to delete them, withdraw your consent to storage, or the purpose for storing the data no longer applies. Stored cookies stay on your device until you delete them. Mandatory statutory provisions, retention periods in particular, remain unaffected.

We have no influence on the storage period of the data the social networks operators have stored for their own purposes. For details, please seek information from the operators of the social networks directly (e.g., view their privacy policies – see below).
Individual social networks:

YouTube

We maintain a channel with YouTube. The operator of the YouTube service is Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy

Twitter

We maintain a profile with Twitter. Operator of the Twitter social network is Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. Details on how they handle your personal data can be found in the Twitter privacy policy: https://twitter.com/en/privacy

LinkedIn

We maintain a profile with LinkedIn. Operator of the LinkedIn social network is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Details on how they handle your personal data can be found in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy

Data processing of applications

If you apply for a position with us, we process the information we receive in the context of the application procedure, e.g., by using the application itself, curriculum vitae, references, correspondence, along with information provided by telephone and verbal information. Along with your contact data, information on your education, your qualifications, your work experience and your skills are relevant. We will only assess you in terms of your suitability for the respective open position, so you do not have to send us a photo.
Your data will initially be used solely for carrying out the application procedure. If your application is successful, your data will form part of your personnel file and be used to facilitate the employment relationship and, in the event of its termination, be deleted in accordance with the rules and regulations governing employee records. If we are unable to offer you employment, we keep your data for processing up to six months after the decision has been sent in order to defend ourselves against any legal claims, in particular in the case of any purported disadvantage in the application procedure. If your costs are reimbursed or other transactions relevant for tax arise, the respective accounting records will be retained for the purpose of complying with budgetary and tax-related statutory obligations for record keeping in accordance with the respectively valid retention obligations. Our Personnel Department and the Recruiting Department initially have access to your data, along with the department that has the vacancy for which you have applied and, if appropriate, Accounting. Our administrators and processes have the technically necessary possibility of accessing the data processed by IT. These parties are bound by our strict instructions and are not permitted to process the data for their own purposes. In some cases, we have to disclose your personal data to third parties, such as to our bank, if your costs are to be reimbursed, or the post office if we communicate with you by written correspondence.
The lawful basis for data processing in the context of the application procedure and as part of personnel records consists of Section 26 (1) pg 1 German Federal Data Protection Act (BDSG) and Art. 6 (1) lit. b GDPR and, if you have given your consent, for instance by sending information not necessary for the application procedure, Art. 6 (1) lit a GDPR. The lawful basis for data processing following a rejection is Art. 6 (1) lit f GDPR. The lawful basis for budgetary and tax-related retention is Art. 6 (1) lit c GDPR in conjunction with Section 147 of the German fiscal code (AO). Legitimate interest in processing on the basis of Art. 6 (1) lit f GDPR pertains to defence against legal claims.
We do not generally need special categories of personal data within the meaning of Art.9 GDPR for the application process. We would therefore ask you in advance to refrain from providing us with information of this kind. If such information is relevant as an exception for the application process, we will process them together with your other application data. Such information may, for instance, relate to serious disability. You can voluntarily provide us with this information which we must then process in order to comply with our special obligations with regard to severely disabled persons. In this case, processing serves the purpose of exercising rights or complying with legal obligations under German labour law, the right to social security and social protection. The lawful basis of data processing in this case then consists of Art. 9 (2) lit. b GDPR, Sections 26 (3) BDSG, 164 German Social Code, Book IX. As an exception, it may be necessary, for the purpose of assessing your suitability for the envisaged activity, to obtain information on your health or a disability or information from the German Federal Central Criminal Register, i.e., concerning criminal records. The lawful basis for this is Section 26 BDSG. For our part, your data will not be used for automated decision-making or for profiling. Your data will be processed with us – or on behalf of us – solely in Germany.

Processing for the settlement of contractual or pre-contractual obligations (Art. 6 (1) lit. b) EU GDPR

Data security

The personal data we collect and store are treated confidentially and protected by suitable technical and organisational precautions against loss and changes, as well as against unauthorised access by third parties. Your personal data will be sent encrypted via the Internet. We use SSL encryption (Secure Socket Layer) for data transfers.

Automated decisions, profiling

We do not carry out automated decisions (including profiling) based on the personal data we collect when you visit our website.

Your rights

  1. You have the following rights vis-à-vis ourselves regarding your personal data:
    • Right to information (Art. 15 GDPR),
    • Write to rectification (Art. 16 GDPR) or deletion (art. 17 GDPR),
    • Right to restrict processing (Art 18 GDPR),
    • Write to object to processing (Art. 21 GDPR), more details under Item 6.
    • Write to data portability (Art. 20 GDPR).
  2. In addition, you have the right to lodge a complaint with a data protection supervisory authority on the processing of your personal data by us (Art. 77 GDPR).

Objection against or revocation concerning the processing of your data

If you have given your consent to the processing of your data, you can revoke such consent at any time. Revocation affects the admissibility of processing your personal data once you have notified us of such revocation.

  1. If we consider the processing of your personal data with regard to a balancing of interest, you can object to the processing. This is the case if processing is not necessary particularly when fulfilling a contract with you, as outlined by us respectively in the following description of the functions. If you choose to object, we would ask you to provide us with the reasons why we should not process your personal data as we do. In the event of your substantiated objection, we will investigate the matter and will either cease to process the data or make adjustments to our processing or demonstrate compelling legitimate grounds based on which we should continue with processing.

You can of course object to the processing of your personal data used for advertising and data analysis at any time. You can inform us of your objection to advertising using the following contact details: By post to 3U HOLDING AG, Frauenbergstraße 31–33, 35039 Marburg, Germany.

Alternatively, by telephone: +49 (0)6421 999 0 or via email to: info@3u.net

Version: 13/06/2023