1. Who is the controller responsible for the data processing?
ExOne Operating, LLC (hereinafter referred to as "ExOne" or "We"), 127 Industry Boulevard, North Huntingdon, PA 15642, USA, is the controller responsible for the processing of your personal data as defined in the EU General Data Protection Regulation (GDPR). ExOne Operating, LLC is a wholly-owned subsidiary of Desktop Metal, Inc.
2. Collection of personal data when visiting our website
When you visit our website, we collect the following data, which is technically required in order to display our website to you and to ensure its stability and security (the legal basis is provided by Art. 6 (1) letter (f) of the GDPR):
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (actual page)
Access status/HTTP status code
Volume of transmitted data per visit
Website from which the request originated
Operating system and its interface
Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when using our website. Cookies are small text files that are stored on the hard drive that is designated by your browser, and which provide certain information back to the server or site by which they were issued (us in this case). Cookies cannot execute programs or transmit viruses to your computer. They are used to make the overall web offering more user-friendly and effective. The legal basis is Art. 6 (1) sentence 1 letter (f) of the GDPR. You may configure your browser setting according to your preferences. Please note that the functionality of this website may be limited when doing so.
Furthermore, ExOne collects and processes your personal data in the following cases, among others:
When you contact us directly, e.g., via our website, by phone or e-mail, and if you are interested in our products or services or have another request.
Please help us keep your information up to data by informing us about changes to personal data, particularly your contact information.
3. Why are we processing your data?
The data collected in the course of concluding a contract or rendering a service is used for the purposes stated below.
A. Customer service
(Art. 6 (1) letters (b), (g), (f) of the GDPR)
ExOne uses your personal data for the processing of a request raised by you (e.g., inquiries and complaints). For all aspects concerning the processing of your request, we will contact you, e.g., in writing, by phone, messenger services, or e-mail (depending on the contact details provided by you) without obtaining separate permission.
ExOne also processes your personal data on this basis to further optimize your experience with ExOne, e.g., to uniquely identify you when you contact us.
B. Compliance with legal obligations that ExOne is subject to
(Art. 6 (1) letters (c), (f) of the GDPR) ExOne will also process personal data if a legal obligation exists.
The data collected is also used to ensure the operability of IT systems. Ensuring operability includes the following tasks:
Backing up and restoring of data processed in IT systems
Detection and protection against unauthorized access to personal data
Incident and problem management for the elimination of malfunctions in IT systems
ExOne is subject to numerous other legal obligations. In order to comply with these obligations, we will process your data to the extent required, and we may forward your data to the responsible authorities within the scope of statutory reporting obligations.
Furthermore, we will also process your data in the event of legal action, if the legal dispute requires the processing of your data.
C. Internal data transfer at ExOne
Upon careful examination of your data, we may at times transfer your data to other companies of ExOne, who will process the data under their own responsibility.
D. Data transfer to selected third parties
Companies that the data may be transferred to include the following, if and to the extent that the necessary data protection requirements are met:
Carefully selected and vetted service providers and business partners that we work with in order to be able to offer you products and services. For ExOne, we do so exclusively within the context of the strict stipulations of commissioned data processing or on the basis of your consent.
To other third parties (e.g., public bodies) if we are legally bound to do so.
4. How do we protect your personal data?
We use various safety measures, such as state-of-the-art encryption and authentication tools, to protect and maintain the security, integrity, and availability of your data.
Full protection against unauthorized access can not be guaranteed when transmitting data over the Internet or a website, but we, our service providers, and business partners make every effort to protect your personal data pursuant to the valid data protection regulations by means of physical, electronic, and procedural state-of-the-art security measures. These measures include the following:
Strict access permission criteria to your data on the basis of the need-to-know principle (limited to as few people as possible), and exclusively for the intended purpose
Transfer of the collected data only in an encrypted format
Storage of the collected data only in an encrypted format
Firewall protection of IT systems for protection against unauthorized access, e.g., by hackers
Continuous monitoring of access to IT systems in order to identify and prevent the misuse of personal data
5. How long do we retain your data?
In compliance with Art. 17 of the GDPR, we will only retain your data for the duration required for the respective purpose for which we process your data. If we process data for several purposes, the data is automatically deleted or saved in a format which does not allow any direct conclusions to be drawn about your person, as soon as the last specific purpose has been met. ExOne has developed an in-house deletion concept in order to ensure that your data is deleted in compliance with the data minimization principle and Art. 17 of the GDPR. The basic principles provided by this deletion concept for the deletion of your personal data is presented in the following.
Use for fulfillment of a contract
For the fulfillment of contractual obligations, the data collected from you may be retained for the duration for which the contract is in force as well as 6 or 10 years beyond its validity depending on the character and scope of the contract, in order to comply with statutory storage obligations and to be able to clarify potential inquiries and claims after expiry of the contract.
Use for validation of claims
Data which we deem necessary to verify or dispute claims or which may be required for criminal prosecution or to pursue claims against you, us, or any third party, may be retained by us for as long as proceedings could have commenced.
Use for customer service
The data collected from you may be retained for 3 to 10 years after collection for the purpose of customer service, unless you request the deletion of this data and if there are no contractual or statutory storage obligations that contradict this request for deletion.
Who is granted international access to your data and how do we protect the data? ExOne is an international company. Personal data is preferably processed within the EU by ExOne employees and service providers commissioned by us.
If data is processed in countries outside the EU, ExOne will ensure through standard contracts, including suitable technical and organizational measures, that your personal data is processed in accordance with the European data protection standard.
For some countries outside the EU, e.g., Canada and Switzerland, the EU has already defined a comparable data protection standard. Due to the comparable data protection standard, the transfer of data to these countries does not require separate permission or a separate agreement.
Please click here to contact us regarding the specific safety measures in place for the transfer of your data to other countries.
ExOne uses a variety of service provides to assist in the provision of the listed services and uses, who are commissioned by ExOne within the context of the strict stipulations of data protection regarding the processing of data.
6. Your data protection rights
You as the data subject have certain rights in accordance with the GDPR and other relevant data protection provisions. The following section explains the rights of data subjects according to the GDPR. Depending on the type and scope of your request, please submit it to us in writing.
According to the GDPR, as the data subject, you particularly have the following rights vis-à-vis ExOne:
Right to access (Art. 15 GDPR):
You may request from us at any time information about the data we keep on you. This information may include the data categories processed by us, the purpose for which the data is processed, the origin of the data if we did not collect it directly from you, and, if applicable, the recipients to whom we have transmitted your data. You may request a free copy of your data from us. If you request additional copies, we reserve the right to bill you for these additional copies.
Right to rectification (Art. 16 GDPR):
You may request us to correct your data. Will will take appropriate measures to ensure that your data that is stored and continuously processed by us is correct, complete, and up-to-date, on the basis of the most current information available to us.
Right to erasure ('right to be forgotten') (Art. 17 GDPR):
You may request us to delete your data, insofar as the legal prerequisites to do so exist. According to Art. 17 of the GDPR, this may be the case if
the data concerning you is no longer required for the purposes for which it was collected or otherwise processed;
you have withdrawn your consent, which is a fundamental requirement for the processing of data, and if no other legal basis exists for the processing;
you object to the processing or your data and no overriding legitimate reasons for the processing exist, or if you object to the processing of data for the purpose of direct marketing;
the data was processed unlawfully;
the processing is not required to ensure compliance with a statutory obligation which requires us to process your data;
in particular in regard to storage periods in order to assert, exercise or defend against legal claims.
Right to restriction of processing (Art. 18 GDPR):
You may request us to limit the processing of your data if
you contest the accuracy of the data, in particular for the period we require to validate the accuracy of the data;
the processing is unlawful and you decline the deletion of your data and opt for a limitation of use instead;
we no longer require your data, but you require the data to assert, exercise, or defend against legal claims;
you have objected to the processing while it has not been determined whether our justified reasons outweigh yours.
Right to data portability (Art. 20 GDPR):
Insofar as it is technically feasible, we will transfer your data to a different data controller if so requested by you. However, you are only entitled to this right if the processing of data is based on your consent or if required to execute a contract. In place of receiving a copy of your data, you may also request that we forward the data directly to a different data controller designated by you.
Right to object (Art. 21 GDPR):
You may object to the processing of your data at any time for reasons that may arise of special situations, as long as the processing of data is based on your consent or on our legitimate interest or those of a third party. In this case, we will cease the processing of your data. The latter does not apply if we can show compelling grounds for the processing which outweigh your interests or if we require your data to assert, exercise, or defend legal claims.
Time limits for fulfillment of rights of data subjects
In principle, we make every effort to process inquiries within 30 days. However, this time period may be exceeded for reasons arising from the specific right of the data subject or due to the complexity of your inquiry.
Limitation of information concerning compliance with data subject's rights
In some situations, we may not be able to provide information about all of your data due to statutory requirements. If we are required to decline your request for information, we will inform you about the reason for rejection at the same time.
Complaint to supervisory authorities
ExOne takes your concerns and rights very seriously. However, if you believe that we have not adequately addressed your complaints or concerns, you have the right to lodge a complaint with the relevant data protection authority.
7. Contact details for ExOne data protection office
If you have any questions about the processing of your personal data, please use our Contact form or contact us at the addresses provided below:
The ExOne Company 127 Industry Blvd North Huntingdon, Pennsylvania 15642 USA
This website uses fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to ensure that our contents are correctly displayed and visually appealing throughout all browsers (Google Webfonts). The legal basis is Art. 6 (1) sentence 1 letter (f) of the GDPR. The Google fonts are locally installed on our server. No connection is made to Google's servers.
9. Use of Google Analytics
We use Google Analytics on our website, a website analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA ("Google"). In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as
1. Browser type/version
2. Operating system used
3. Referrer URL (previously visited website),
4. Host name of the accessing computer (IP address)
5. The time of the server request
is stored on the servers of Google in the USA. This information is used to analyze how the website is used, compile reports on the activities on the website, and in order to provide services related to the use of the website and Internet for the purpose of market research and to personalize the design of these websites. This information may also be transferred to third parties, if required in the jurisdiction, or if third parties are commissioned to process this data. Under no circumstances will your IP address be linked to any other data held by Google. The IP addresses are anonymized so that allocation is not possible (IP masking).
You may prevent the installation of cookies by configuring your browser software accordingly. However, please note that this may limit the functionality of this website.
Google Analytics is used for the purpose of optimizing and tailoring the design of our website. This represents a legitimate interest within the meaning of Art. 6 (1) letter (f) of the GDPR.
You can prevent the collection and processing by Google of site-related data generated by the cookie (including your IP address) by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on - particularly for browsers on mobile devices - you may also prevent the collection by Google Analytics by clicking on the following link: disable Google Analytics. This will set an opt-out cookie, which prevents the collection of your data when you visit this website. The opt-out cookie is stored on your device and it applies only to this browser and our website. If you delete the cookies in this browser, you must place the opt-out cookie again.