Privacy policy | 3S Consult GmbH

Status 16.05.2025

Who we are

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is

3S Consult GmbH

Osteriede 8-10

30827 Garbsen

Garbsen, Germany

+49 05131 -4980-0

info@3sconsult.de

www.3sconsult.de

Contacting the data protection officer

The data protection officer of the controller is

DataCo GmbH

Sandstr. 33

80335 Munich

Munich, Germany

+49 89 7400 45840
www.dataguard.de

On this page we inform you about the processing of your personal data on the website.

How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use or share your personal data when we have a legitimate purpose and a legal basis for doing so.

What do we mean by legal basis?

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) -You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. For more information on how you can withdraw your consent, please refer to the subsections “Exercising your rights” in the following sections of this Privacy Policy.

Contract (Art. 6 para. 1 sentence 1 lit. b GDPR) -We need to use your data to fulfill a contract you have with us. Alternatively, it is necessary to use your data because we have asked you to do so or you have taken certain steps yourself before entering into this contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – We must use your data to comply with the law.

Vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) -The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm.

Public task (Art. 6 para. 1 sentence 1 lit. e GDPR) -The processing of your data is necessary for the performance of a task carried out in the public interest or because it is covered by a task defined by law, e.g. for a statutory function.

Legitimate interests (Art. 6 para.1 p.1 lit. f GDPR) -The processing of your data is necessary to support a legitimate interest that we or another party have, only if your own interests do not prevail.

Please note that we may not be able to provide you with our website services if your data is processed to fulfill a contract or legal obligation and you do not provide the requested data.

Data sharing and international transfers

As explained in this Privacy Policy, we use various service providers to help us provide our services and keep your data secure. When we use these service providers, it is necessary for us to share your personal data with them.

We have concluded agreements with all service providers to whom we pass on your data, which oblige them to protect your data.

If your personal data is transferred outside the EU, we will ensure that your personal data receives an equivalent level of protection, either because the country to which your data is transferred has an “adequate” standard of data protection according to the European Commission, or by using another safeguard, such as an enhanced contractual arrangement, i.e. the Standard Contractual Clauses (SCCs) adopted by the European Commission.

For example, when we use US service providers, we rely on either the SCCs or the EU-US Data Privacy Framework, depending on the provider. You can request a copy of the SCCs we have entered into with our service providers by sending an email to the email address provided in this Privacy Policy.

Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller

  1. the right to information (Art. 15 GDPR)

You have the right to request confirmation from us as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this data and to the following information:

  • Processing purposes
  • Categories of personal data
  • Recipients or categories of recipients
  • the planned storage period or the criteria for determining this period
  • the existence of the rights to rectification, erasure, restriction or objection
  • Right to lodge a complaint with the competent supervisory authority
  • If applicable, origin of the data (if collected from a third party)
  • If applicable, the existence of automated decision-making including profiling with meaningful information about the logic involved, the scope and the expected effects
  • If applicable, transfer of personal data to a third country or international organization
  1. right to rectification (Art. 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to request that the personal data be corrected or completed without undue delay.

  1. right to restriction of processing (Art. 18 GDPR)

If one of the following conditions is met, you have the right to request that the processing of your personal data be restricted:

  • You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data.
  • In the case of unlawful processing, you oppose the erasure of the personal data and request the restriction of their use instead.
  • We no longer need your personal data for the purposes of the processing, but you require your personal data for the establishment, exercise or defense of legal claims, or
  • after you have lodged an objection to the processing, for the duration of the examination as to whether our legitimate reasons outweigh your reasons.
  1. right to erasure (“right to be forgotten”) (Art. 17 GDPR)

If one of the following reasons applies, you have the right to demand that your personal data be erased without undue delay

  • Your data is no longer necessary for the processing purposes for which it was originally collected.
  • You withdraw your consent and there is no other legal basis for the processing.
  • You object to the processing and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 (2) GDPR.
  • Your personal data is processed unlawfully.
  • The deletion is necessary to fulfill a legal obligation under Union law or the law of the Member State to which we are subject.
  • The personal data was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

Please note that the above reasons do not apply if processing is necessary:

  • For exercising the right of freedom of expression and information;
  • For compliance with a legal obligation or for the performance of a task carried out in the public interest to which we are subject.
  • For reasons of public interest in the area of public health.
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
  • For the establishment, exercise or defense of legal claims.
  1. right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request transmission to another controller.

  1. right to object to certain data processing (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

  1. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

A list of the competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Provision of the website and creation of log files

  1. description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected and stored in cookies

  • Status of the language selection
  • Status of consent to cookie storage
  • Session ID

This data is stored in the log files of our system.

This data is not stored together with other personal data of the user.

  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

  1. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

  1. Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

  1. Exercising your rights

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user can object to this. Whether the objection is successful must be determined as part of a weighing of interests.

Use of cookies

  1. description and scope of data processing

When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager.

Cookies are text files or information in a database that are stored on your hard disk and assigned to the browser you are using so that certain information can flow to the location that sets the cookie. Below we describe the type of cookies we use:

We use technically necessary cookies, which are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.

The following data is stored and transmitted by the technically necessary cookies

  • Status of the language selection
  • Status of consent to cookie storage
  • Session ID
  1. purpose of the data processing

The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.

We require the technically necessary cookies for the following applications

  • Functionality of the website
  1. legal basis for data processing

The provisions of the Telecommunications Digital Services Data Protection Act (TDDDG) apply to the storage of information in the end user’s terminal equipment and/or access to information already stored in the end user’s terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, cookies are stored and accessed on your terminal equipment on the basis of Section 25 (2) No. 2 TDDDG. This storage and access to the information in your end device serves to make it easier for you to use our website and to be able to offer you our services as you have requested. Some functions of our website do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted at the end of the session (e.g. logging out or closing the browser) or after a specified period of time. Information on different storage periods for cookies can be found in the following sections of this privacy policy.

If cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. In this case, the basis for storing and accessing information is Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. Art. 6 para. 1 lit. a), Art. 7 GDPR. You can revoke your consent at any time with effect for the future or subsequently grant it again by configuring your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by making the appropriate settings in your browser software. Please note that the browser settings you make only apply to the browser you are using. If personal data is processed following the storage of and access to the information on your end device, the provisions of the GDPR apply. Information on this can be found in the following sections of this privacy policy.

Email contact

  1. description and scope of data processing

You can contact us via the email address provided on our website. In this case, the user’s personal data transmitted with the email will be stored.

The data is used exclusively for processing the conversation.

purpose of data processing

In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.

  1. legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to respond to your request sent by email in the best possible way.

If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

  1. duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

  1. Exercising your rights

If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

  1. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option of exercising your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures that use technical specifications. 8. right to revoke the declaration of consent under data protection law You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

All personal data stored in the course of contacting us will be deleted in this case.

Contact form

  1. description and scope of data processing

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

The following data is stored when the message is sent:

  • Email address
  • Surname
  • First name
  • Telephone/mobile phone number
  • Company name
  • Date and time
  1. purpose of data processing

The processing of personal data from the input mask of the contact form or via the e-mail address provided serves us solely to process the contact.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

  1. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to respond to your inquiry that you send to us via the contact form in the best possible way. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

  1. duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

  1. Exercising your rights

If the user contacts us via the input mask in the contact form, they can object to the storage of their personal data at any time in the following manner:

  1. right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option of exercising your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures that use technical specifications. 8. right to revoke the declaration of consent under data protection law You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

All personal data stored in the course of contacting us will be deleted in this case.

Application by email and application form

There is an application form on our website that can be used for electronic applications. If an applicant makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are

  • Surname
  • First name
  • e-mail address

Alternatively, you can also send us your application by e-mail. In this case, we collect your e-mail address and the data you provide in the e-mail.

Your data will not be passed on to third parties. The data will be used exclusively for processing your application.

  1. Purpose of data processing

We process the personal data from the application form solely for the purpose of processing your application. If you contact us by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serves to prevent misuse of the application form and to ensure the security of our information technology systems.

  1. Legal basis for data processing

The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 para. 1 sentence 1 lit. b Alt. 1 GDPR and § 26 para. 1 sentence 1 BDSG.

  1. duration of storage

After completion of the application process, the data will be stored for up to 6 months. Your data will be deleted after 6 months at the latest. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Use of company presences in professional networks

  1. scope of data processing

The company website is used for applications, information/PR and active sourcing. We have no information on the processing of your personal data by the companies jointly responsible for the corporate presence. Further information can be found in the privacy policy of

  • LinkedIn

We provide information on our site and offer users the opportunity to communicate.

The company website is used for applications, information/PR and active sourcing.

We have no information on the processing of your personal data by the companies jointly responsible for the corporate presence. Further information can be found in the privacy policy of

LinkedIn:

https://www.linkedin.com/legal/privacy-policy

If you carry out an action on our company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public.

  1. Legal basis for data processing

The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest here is to respond to your inquiry in the best possible way and to be able to provide the requested information.

If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

  1. Purpose of the data processing

The purpose of our company website is to inform users about our services. Every user is free to publish personal data through activities.

  1. Duration of storage

The data generated by the company website is not stored in our own systems.

  1. Exercising your rights

You can object to the processing of your personal data that we collect as part of your use of our corporate presence at any time and assert your rights as a data subject as set out in the “Your rights” section of this privacy policy. To do so, please send us an informal email to the email address stated in this privacy policy.

Further information on exercising your rights can be found here:

LinkedIn:

https://www.linkedin.com/legal/privacy-policy

Hosting

The website is hosted on servers of a service provider commissioned by us.

Our service provider is:

STRATO AG, Otto-Ostrowski-Strasse 7 , 10249 Berlin, Germany

Further information on the processing of personal data by Strato can be found at: https://www.strato.de/datenschutz/

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is

  • only session cookie – session ID is stored

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest in processing this data is to display our website without errors and to optimize its functions.

The website server is geographically located in Germany.

Integrated third-party services

We use various service providers to provide the services we offer on the website.

In general, we have a legitimate interest in sharing your data with the relevant service providers if these services are essential for the provision of the basic service offered on the website in order to provide the relevant website service.

If such services are required for additional services, enhanced functions or additional purposes, your personal data will only be shared with service providers if you give your consent.

Use of Contact Form 7

  1. scope of the processing of personal data

We use the WordPress plugin Contact Form 7 from RockLobster LLC, Sakai 810-0001 Fukuoka Prefecture Chuo-ku Tenjin 1-chome 8-1, Fukuoka City Hall, Japan (hereinafter: RockLobster) to manage contact forms on our online presence. Entered form data is transmitted by email. This allows personal data to be stored and analyzed, in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and operating system). Data may be transmitted to RockLobster servers in Japan. With regard to Japan, there is an adequacy decision of the European Union.

You can find it here:

https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=OJ:L:2019:076:TOC

Further information on the processing of data by Contact Form 7 can be found here:

https://contactform7.com/privacy-policy/

  1. Purpose of the data processing

The purpose of using the Contact Form 7 plugin is to improve the user-friendliness of our online presence. We use this plug-in to easily create, integrate and present contact forms in an appealing way.

  1. Legal basis for the processing of personal data

The legal basis for the processing of users’ personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

  1. duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.

  1. Exercising your rights

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You can prevent the collection and processing of your personal data by Contact Form 7 by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript(https://noscript.net/) or Ghostery(https://www.ghostery.com) in your browser.

Further information on objection and removal options in relation to Contact Form 7 can be found at

https://contactform7.com/privacy-policy/

Use of OpenStreetMap

1.Scope of the processing of personal data

We use the OpenStreetMap plugin from the OpenStreetMap Foundation,OpenStreetMap Foundation St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom (hereinafter: OpenStreetMap).
We use the OpenStreetMap plugin to visually display geographical data and embed it on our online presence. The following data is processed by OpenStreetMap:
-IP address
-Geographical data (point lines and areas with associated attributes and GPS tracking data)
-Communication-related data
-Session metadata
-User ID and login name
-Time& date of access
-E-mail address linked to the account
-Network access data
The provider of this online presence has no influence on the data transfer. Furthermore, a session cookie is set. the website, API servers, databases and the servers for supporting services are currently located in the United Kingdom and the Netherlands.
Further information on the processing of data by OpenStreetMaps can be found here:
https://wiki.osmfoundation.org/wiki/Privacy_Policy

  1. purpose of data processingThe use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the online presence.
  2. legal basis for the processing of personal dataThe legal basis for the processing of users’ personal data is generally the user’s consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
  3. duration of storageWe have no information about the duration of storage.
  4. exercising your rightsYou have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
    You can prevent the collection and processing of your personal data by OpenStreetMap by preventing the storage of third-party cookies on your computer, by using the “Do Not Track” function of a supporting browser, by deactivating the execution of script code in your browser or by using a script blocker such as NoScript ( ).B. NoScript(https://noscript.net/) or Ghostery(https://www.ghostery.com) in your browser.
    Further information on objection and removal options vis-à-vis OpenStreetMap can be found at:
    https://wiki.openstreetmap.org/wiki/Privacy_Policy

Use of Polylang

  1. description and scope of data processing

We use Polylang from WP SYNTEX from 28 Allée Jean Sébastien Bach (38090) Villefontaine, France. Polylang is a multilingual plugin for WordPress. We use Polylang to present our online presence in different languages. When you visit our website, Polylang stores a cookie on your device to save the language setting you have selected.

Further information about the collection and storage of data by Polylang can be found here: https://polylang.pro/privacy-policy/

  1. Purpose of the data processing
  1. legal basis for data processing

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in addressing visitors to our online presence in their native language.

  1. duration of storage

Polylang stores cookies on your end device that save the language code of the last page you visited. This information is stored by default for a period of 1 year.

  1. Exercising your rights

You can prevent the collection and processing of your personal data by Polylang by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript(https://noscript.net/) or Ghostery(https://www.ghostery.com) in your browser.

Further information on objection and removal options against Polylang can be found at

https://polylang.pro/privacy-policy/

This privacy policy was  created with the support of DataGuard.