Skip links

HOME       PRIVACY POLICY

Privacy Policy of 3PM Services GmbH

3PM Services GmbH (hereinafter “3PM” or “we”) is pleased that you are visiting our website. We take the protection of your personal data during processing in accordance with the statutory data protection regulations very seriously.

The following declaration provides you (hereinafter also referred to as “customer”, “data subject”, “applicant” or “user”) an overview of how we ensure this protection and what type of data is collected for what purpose.

I. Name and address of the responsible persons

The responsible party within the meaning of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and other national data protection laws (in Germany: Federal Data Protection Act hereinafter referred to as “BDSG”) of the member states as well as other data protection regulations is:

3PM Services GmbH
Leipziger Square 3
10117 Berlin
Germany
Tel.: +49 30 275 70 79 0
Fax: +49 30 275 70 79 20,
E-mail: info@3pm-services.com

II. Contact details of the data protection officer

Grant Thornton AG
Wirtschaftsprüfungsgesellschaft
Sebastian Barg
Johannstrasse 39
40476 Düsseldorf
Germany
Telephone: +49 211 9524 8548

You can reach our data protection officer at sebastian.barg@de.gt.com or via our postal address (number I) with the addition “Data Protection Officer”.

III. Terms and Definitions

The definitions of terms and definitions are based on the GDPR, the BDSG and other data protection regulations. In particular, the definitions of Art. 4 and Art. 9 GDPR shall apply.

IV. General principles and data subject rights

  1. Scope of the processing of personal data

As a matter of principle, we process your personal data only to the following extent, insofar as this is necessary for the provision of our web and online services, including functional Internet pages:

    • Users of our website, customers, interested parties, applicants, participants of (online) events.
    • Contact enquiries
  1. Legal basis

Insofar as personal data are processed on the basis of the data subject’s consent, Art. 6 (1) a GDPR is the legal basis for such processing.

Where personal data is processed for the performance of a contract to which the data subject is a party, the legal basis is Art. 6(1)(b) GDPR; this also applies to processing necessary for the performance of pre-contractual measures.

If processing of personal data is carried out for compliance with a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR is the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR is the legal basis.

If processing is carried out to protect our legitimate interests or those of a third party and the interests, fundamental rights and freedoms of the data subject are not overridden; Art. 6 (1) (f) of the GDPR is the legal basis for the processing.

  1. Possible recipients of personal data

In order to provide our web and online services as well as for the general provision of our services, we sometimes use IT service providers, IT developers, external consultants, cloud or archiving service providers, who may act on our behalf and according to instructions in the course of providing the services (so-called order processors). These service providers may receive personal data or get in touch with personal data in the course of providing the service and constitute third parties or recipients within the meaning of the GDPR.

In such a case, we ensure that our service providers take sufficient security measures, that appropriate technical and organisational measures are in place and that processing operations are carried out in such a way that they comply with the relevant data protection provisions and ensure the protection of the rights of data subjects (cf. Art. 28 GDPR).

In addition, we process your personal data within various departments of 3PM that are involved in the execution of the respective business processes; to the extent permitted, we also process data for promotional purposes outside of the execution of the business. We may also be obliged by law to make our collected data available to public authorities (e.g. tax authorities, state criminal investigation authorities, social security authorities). As far as legally permissible, we process personal data with cooperation partners, sponsors and business conference participants.

  1. Processing of personal data in third countries

Your personal data is generally processed within the European Union (hereinafter “EU”) or the European Economic Area (hereinafter “EEA”). Only in exceptional cases (e.g. in connection with the involvement of service providers for the provision of web analytics services) may information be transferred to third countries. Third countries are countries outside the EU and/or EEA in which an adequate level of data protection in accordance with European requirements cannot be assumed without further ado.

If the information transferred also includes personal data and is not transferred pseudonymised or anonymised, we ensure before such a transfer that an adequate level of data protection is guaranteed in the respective third country or at the respective recipient in the third country. This can result from a so-called “adequacy decision” of the European Commission or be ensured by using the so-called “EU standard contractual clauses”.

  1. Data deletion and storage period

Personal data of the data subjects will be deleted if the data is no longer required for the respective processing purposes or the legal basis for the storage no longer applies. Instead of deletion, data may be stored under restriction of processing if this is provided for by the European or national legislator in Union regulations, laws or other provisions, in particular e.g.

    • to comply with statutory retention obligations (e.g. the German Fiscal Code (§ 147 AO) or the German Commercial Code (§ 257 HGB), currently between 6 and 10 years), and/or
    • if there is a legitimate interest in storing the data (e.g. during the course of limitation periods for the purpose of a possible legal defence (§§ 195 ff. BGB-German Civil Code, currently between 3 to 30 years).

The data will be deleted at the latest when a storage period prescribed by the aforementioned standards expires, unless further storage by us is necessary and there is a legal basis for this.

  1. Categories of data

With regard to the type of personal data concerned, we essentially distinguish between the following categories:

a) Master data

Master data is data about your company and / or your person that you provide to us. This includes in particular company, first name, last name, e-mail address and telephone number.

b) Meta and log files

Meta and log files are, for example, IP addresses, session IDs, browser types, information on the operating system and time of the request.

c) Applicant data

Applicant data is personal data that you provide to us as part of the application process. This includes in particular first name, surname, date of birth, marital status, professional qualifications and certificates.

  1. Data subject rights

The GDPR grants certain rights to persons affected by the processing of personal data (so-called data subject rights, in particular Art. 12 to 22 GDPR). If you would like to make use of one or more of these rights listed below, you can contact us at any time. As a data subject, you have the following rights in particular:

a) Right to information pursuant to Art. 15 GDPR

You may request information from the controller as to whether and to what extent personal data concerning you has been or is being processed.

b) Right of rectification according to Art. 16 GDPR

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

c) Right to erasure according to Art. 17 GDPR

You may request the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay, unless one of the exceptions provided for in the GDPR applies or other legal retention obligations require the controller to retain the data in question.

d) Right to restriction of processing pursuant to Art. 18 GDPR

Under the conditions regulated in the GDPR, you may request the restriction of the processing of personal data concerning you.

e) Right to data portability pursuant to Art. 20 GDPR

You have the right to obtain the personal data concerning you that you have provided to the controller and the processing of which is based on consent or on a contract (e.g. also the requested preparation of a contract, Art. 6 para. 1 lit. b Alt. 2 GDPR) with you, in a structured, common and machine-readable format. In addition, you have the right, under the conditions regulated by the GDPR, to transfer this data to another controller without hindrance from the controller to whom the personal data was provided. In exercising this right, you also have the right to have the personal data relating to you transferred directly from one controller to another controller, where this is technically feasible. This must not affect the freedoms and rights of other persons.

f) Right of objection pursuant to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. In the event of an objection, the personal data concerning you will no longer be processed for these purposes.

g) Right to revoke consent pursuant to Art. 7 (3) GDPR

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. You can revoke your consent at any time here.

h) Right of complaint pursuant to Art. 77 GDPR

In the event of suspected and committed violations of data protection regulations, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the suspected violation. The right of appeal is without prejudice to other administrative or judicial remedies.

Our competent data protection supervisory authority is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
Germany
Phone: +49 30 138 890
Fax: +49 30 2155050
E-mail: mailbox@datenschutz-berlin.de

However, you can also submit your complaint to any other supervisory authority. You can find the contact details of other data protection supervisory authorities at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

  1. No obligation to provide personal data

We do not make the conclusion of contracts, the fulfilment of our online offers or the possibility of applications due to job vacancies dependent on you providing us with personal data beforehand. As a customer, interested party, website visitor, applicant or other participant, there is no legal or contractual obligation for you to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data.

V. Data collection through informational use of our website

  1. Description and scope of data processing

Each time our website is accessed, our systems automatically collect data and information from the computer system of the accessing computer. The following log files are processed:

    • IP address (anonymised)
    • Directory protection user (anonymised)
    • Date and time
    • Pages called up
    • Status code
    • Amount of data
    • Referrer URL
    • User Agent
    • Called host name
  1. Purpose and legal basis of data processing

The temporary storage of the IP address and, if applicable, other log files by the systems each time our Internet pages are called up is necessary to enable the website to be made available to your computer. This is required for addressing the communication traffic between the user and our web and/or online offer or is necessary for the use of our web and/or online offer. The legal basis for this data processing – i.e. for the duration of your visit to our website – is Art. 6 para. 1 Letter b or f of the GDPR and § 96 Telecommunications Act (TKG) or § 15 para. 1 German Telemedia Act (TMG).

Processing and storage of the IP address and log files beyond the communication process is carried out for the purpose of ensuring the functionality of our web and online offers, for the purpose of optimising these offers and for ensuring the security of our information technology systems. The legal basis for storing the IP address for these purposes beyond the communication process is Art. 6 para. 1 letter f GDPR or § 109 TKG.

The provider or the provider uses the log data only for statistical evaluations for the purpose of the operation, security and optimisation of the offer. However, the provider reserves the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications.

  1. Term of storage

The data is stored for as long as it is necessary to achieve the aforementioned processing purposes. In the case of the collection of data for the provision of the website, this is the case when the respective session – i.e. the website visit – has ended. Additional storage of the aforementioned log files, including the anonymised IP address, for the purpose of system security and optimisation of our web and online services takes place for a maximum period of 60 days from the end of the page access by the user.

  1. Opportunity to object

The collection of log files for the provision of our website, including their storage within the aforementioned limits, is absolutely necessary for the operation of the website and the individual functions stored there. Therefore, there is no possibility of objection on the part of the user of the website. This does not apply to the processing of log files for analysis purposes. Here, the possibility of objection – depending on the web analysis tools used and the type of data analysis (personal / anonymous / pseudonymous) – is governed by section IV. 7 following) of this data protection declaration.

VI. E-mail contact and contact form

  1. Description and scope of data processing

To contact us, you can use the e-mail addresses provided on our website or our contact form. If you make use of these options, personal data will be processed and stored by us for the purpose of answering the enquiry. In this context, we process first name, last name and e-mail address in particular. We do not pass on this data without your consent.

  1. Purpose and legal basis of data processing

The processing of this data is based on. Art. 6 para. 1 letter b GDPR and / or on our legitimate interests, pursuant to Art. 6 para. 1 letter f GDPR. The processing of data transmitted in the course of an enquiry is based on Art. 6 (1) (a) GDPR.

  1. Duration of storage

The data are generally deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Insofar as data is no longer required for the fulfilment of contractual or legal obligations, including commercial and tax law retention obligations, as well as for the pursuit of legitimate interests, i.e. for the preservation of evidence within the framework of the legal statute of limitations, it is regularly deleted.

VII. Contractual obligations for our services

  1. Description and scope of data processing

Within the scope of the performance of our services, we process personal data. The purposes of the data processing depend in detail on the specific order and the contractual documents.

  1. Purpose and legal basis of data processing

In order to fulfil our contractual obligations arising from the services we offer, we process your personal data on the basis of Art. 6 (1) (b) of the GDPR.

  1. Duration of storage

The data is stored for as long as it is necessary to achieve the aforementioned processing purposes. As a rule, we store our contract documents for ten years after termination of the contract.

VIII. Download function

  1. Description and scope of data processing

In order to use some of the services on our website, you must download documents using the download function. In doing so, we process the following data, among others:

    • Meta and log files for the download of press releases
    • Meta and log files for the download of application documents
  1. Purpose and legal basis of data processing

The processing of this data is based on your consent pursuant to Art. 6 para. 1 letter a, Art. 6 para. 1 letter b and / or Art. 6 para. 1 letter f GDPR. You can revoke your consent at any time here.

  1. Duration of storage

The data will be stored for as long as it is necessary to achieve the aforementioned processing purposes. In the case of the collection of data for the provision of the website and traceability of downloads, storage takes place for the purpose of system security and optimisation of our web and online offers for a maximum period of 60 days from the end of the page access by the user.

IX. Layout, social media and direct links

  1. Layout – Web Fonts

For the uniform display of fonts, we use so-called “web fonts”, which are provided by Adobe Inc. (https://fonts.adobe.com/typekit) for the uniform display of fonts. When you access our site, your browser loads the required web fonts into your browser cache in order to display the page content (e.g. texts and fonts) correctly. For this purpose, your browser must establish a connection to the servers of Adobe Inc. This enables Adobe Inc. to know that your IP address has accessed our website. The use of web fonts is in the interest of a uniform presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) of the GDPR. If your browser does not support web fonts and/or you block the web fonts via your browser, a standard font from your computer will be used.

  1. Social media and direct links via “Shariff”.

We have integrated buttons of various social networks on our website. These buttons provide you with various functions by means of which you can share information with your contacts on the respective third-party portal. Their subject and scope are determined by the operators of the social networks.

To better protect your personal data, we use the c’t project “Shariff” for the technical and graphical implementation of the following social media platforms and direct links. Shariff replaces the usual (share) buttons of the social networks and thereby protects surfing behaviour. Shariff only integrates these (share) buttons of the social networks on our website as a graphic that contains a link to the corresponding social network. By clicking on the corresponding graphic, you will be redirected to the service of the respective network. The Shariff button only establishes direct contact between the social network and our visitors when the visitor actively clicks on the Share button. Only then will your data be transmitted to the respective social network. If, on the other hand, the Shariff button is not clicked, no exchange takes place between you and the social networks. Shariff supports the following browser types: Firefox, Google Chrome, Internet Explorer/Edge and Safari.

This data is processed on the basis of Art. 6 (1) (a) and (f) of the GDPR so that we can offer you the opportunity to interact with the social networks and other users, improve our offer and make it more interesting for you as a user.

Please note that we are not the provider of the social networks and have no influence on the data processing by the respective providers. Furthermore, we have no knowledge of the content of the transmitted data or its use by the respective provider. You can find more information on the handling of your data in the respective data protection notices of the providers of the social networks:

a) LinkedIn

The function of the social network LinkedIn is integrated on our website. This function is offered by LinkedIn Ireland Limited, 77 Sir John Rogerson’s Quay, Dublin 2, Ireland. In the process, data is also transferred to LinkedIn. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. If you are logged in to LinkedIn, LinkedIn can assign the visit to your LinkedIn account. The purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, can be found in LinkedIn’s privacy policy. You can find further information on this in LinkedIn’s data protection declaration at
http://www.linkedin.com/static?key=privacy_policy.

b) Xing

Our website includes the function of the Xing service, which is operated by XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. When you activate and use the button, your browser establishes a direct connection with the Xing servers. The content of the button is transmitted by Xing directly to your browser, which then integrates it into the website. By activating the button, Xing receives the information that you have accessed the corresponding page of our website. If you are logged in to Xing, Xing can assign the visit to your Xing account. The purpose and scope of the data collection and the further processing and use of the data by Xing as well as your rights in this respect and setting options for protecting your privacy can be found in Xing’s privacy policy. You can find further information on this in Xing’s data protection declaration at
https://privacy.xing.com/de/datenschutzerklaerung.

X. Integration of Google Maps

We have embedded the map display service Google Maps on our website for an interactive map function. We technically cover the consent to the processing of your personal data Google Maps via our cookie query. If you reject our cookies, you will not be able to use the Google Maps services. For more information on our cookies, please see section X. and our Cookie Policy.

  1. Description and scope of data processing

We use the services of Google Maps. This allows us to show you interactive maps directly on our website and enables you to use the map function conveniently. By visiting the website, Google receives information that you have called up the corresponding sub-page of our website.

  1. Purpose and legal basis of data processing

The processing of this data is based on your consent pursuant to Art. 6 para. 1 letter a GDPR. We request your consent via so-called cookies. If you refuse our cookies, the Google map display service will not be available to you.

  1. Duration of storage

Further information on the purpose, scope and storage period of the data collection and its processing by Google can be found in the data protection declaration. There you will also find further information on your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy.

  1. Passing on of your data

Your data will be passed on irrespective of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

XI. Third-party cookies and analysis tools

Cookies

  1. Description and scope of data processing

We use so-called “cookies” on our website. Cookies are small text files that your Internet browser places and stores on your computer and through which certain information flows to the body that sets the cookie. They are used to optimise our website and our offers.

Most of these are so-called “session cookies”, which are deleted again after the end of your visit. In some cases, however, these cookies provide information to automatically recognise you. This recognition is based on the IP address stored in the cookies, but these cannot directly identify a user.

We also use web analysis tools (“performance cookies”) to analyse the online platform. In doing so, we can process usage data of the online platform with the help of cookies and thus gain knowledge about the use of our online platform (e.g. number of accesses, number of users).

Advertising cookies or targeting cookies are used to offer website users tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers. Sharing cookies are used to improve the interactivity of our website with other services (e.g. social networks).

  1. Purpose and legal basis of data processing

Any use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) (a) of the GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your explicit consent to do so in accordance with Art. 6 (1) (a) of the GDPR.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. Our website uses transient, (e.g. “session cookies”) persistent and third party cookies, the storage periods of which are explained below. In addition, we refer to our Cookie Policy.

  1. Duration of storage

Transient cookies are automatically deleted when you close the browser.

These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a set period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Third-party analysis tools

Our website uses the Google Analytics analysis tool from a third-party provider with anonymisation function. Usually, the analysis tools use cookies in order to be able to create evaluations.

Analysis cookies are used to improve the quality of our website and its content. Through analysis cookies, we learn how the website is used and can thus constantly optimise our offer. Analysis cookies are only used if the user has given his or her consent; the legal basis for the processing of personal data using analysis cookies is therefore Art. 6 (1) a of the GDPR. You can independently revoke your consent at any time by rejecting or deleting our cookies. You can find an overview and additional information on the third-party analysis tools we use in our Cookie Policy.

XII. Data processing in the application procedure

  1. Description and scope of data processing

When providing application documents by sending application documents to us by e-mail or any other communication channel, personal data and, if applicable, special personal data are processed for the purpose of conducting an application procedure. In the course of the application procedure, we receive the following personal data from you, among others:

    • First name and surname
    • Your address
    • E-mail address
    • Your telephone number
    • Curriculum vitae
    • Certificates and proof of qualification
    • If applicable, data on physical limitations (severe disability, voluntary indication)

In addition, the data you provide may be special personal data in accordance with Art. 9 GDPR, which is subject to special protection.

  1. Purpose and legal basis of data processing

We process your personal data to decide whether to establish an employment relationship with you. At the same time, the data serve as the basis for the implementation of any employment relationship that may be established (Section 26 (1) sentence 1 BDSG, Art. 6 (1) (b) GDPR). In cases where the processing of your personal data goes beyond the purpose of carrying out the application process, it must be legitimised by individual consent. Therefore, insofar as you have given us consent to process your personal data, the respective consent is the legal basis for the processing referred to therein (Section 26 (2) BDSG, Art. 6 (1) (a) GDPR). This concerns in particular your consent to:

    • Processing of your personal data for a period longer than six months after completion of the application procedure (in the event of rejection).

You can revoke your consent at any time with effect for the future. As far as the specific purpose allows, we process your personal data pseudonymised or anonymised.

  1. Recipients of personal data

Your personal data will only be passed on if confidentiality is maintained and only if a legal basis permits this. Within the data controller, only those departments that require your data to carry out the application process will receive your data. This primarily concerns combined central departments that provide services for us within the scope of commissioned processing in accordance with Art. 28 of the GDPR.

  1. Obligation to provide personal data

As part of the application process, we need to process certain personal data in order to be able to check the professional and personal suitability of an applicant for a specific position and to ensure a fair application process compared to other applicants. Without providing this data, it will generally not be possible to carry out the application process. This does not apply to data that we process from you in the context of consent.

  1. Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you, which is carried out on the basis of Art. 6 (1) (e) and (f) of the GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

  1. Duration of storage

Where necessary, we will process your personal data for the duration of the application process. After the end of the application process, 3PM will store your personal data for six months in accordance with Art. 6 (1) (f) of the GDPR and taking into account the provisions of the General Equal Treatment Act. Insofar as you have given us your consent, we will also process your personal data beyond the aforementioned period.

XIII. Further information

Your trust is important to us. Therefore, we would like to answer any questions you may have regarding the processing of your personal data. If you have any questions that are not answered by this data protection declaration or if you would like more detailed information on any point, please contact us at any time at the following e-mail address: info@3pm-services.com.

We reserve the right to change the data protection declaration at irregular intervals in the context of the further development of data protection law and technological or organisational changes and will inform you of all significant changes, which have an effect on the use of your personal data. This data protection notice is current as of August 2021.