1. Who is the controller responsible for the data processing?
The ExOne company (hereinafter referred to as "ExOne" or "We"), 127
Industry Boulevard, North Huntingdon, PA 15642, USA, is the controller
responsible for the processing of your personal data as defined in the EU
General Data Protection Regulation (GDPR). The ExOne company is
headquartered in North Huntingdon, PA, USA.
2. Collection of personal data when visiting our website
When you visit our website, we collect the following data, which is
technically required in order to display our website to you and to ensure
its stability and security (the legal basis is provided by Art. 6 (1)
letter (f) of the GDPR):
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (actual page)
Access status/HTTP status code
Volume of transmitted data per visit
Website from which the request originated
Operating system and its interface
Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer
when using our website. Cookies are small text files that are stored on the
hard drive that is designated by your browser, and which provide certain
information back to the server or site by which they were issued (us in
this case). Cookies cannot execute programs or transmit viruses to your
computer. They are used to make the overall web offering more user-friendly
and effective. The legal basis is Art. 6 (1) sentence 1 letter (f) of the
GDPR. You may configure your browser setting according to your preferences.
Please note that the functionality of this website may be limited when
Furthermore, ExOne collects and processes your personal data in the
following cases, among others:
When you contact us directly, e.g., via our website, by phone or
e-mail, and if you are interested in our products or services or have
Please help us keep your information up to data by informing us about
changes to personal data, particularly your contact information.
3. Why are we processing your data?
The data collected in the course of concluding a contract or rendering a
service is used for the purposes stated below.
A. Customer service
(Art. 6 (1) letters (b), (g), (f) of the GDPR)
ExOne uses your personal data for the processing of a request raised by you
(e.g., inquiries and complaints). For all aspects concerning the processing
of your request, we will contact you, e.g., in writing, by phone, messenger
services, or e-mail (depending on the contact details provided by you)
without obtaining separate permission.
ExOne also processes your personal data on this basis to further optimize
your experience with ExOne, e.g., to uniquely identify you when you contact
B. Compliance with legal obligations that ExOne is subject to
(Art. 6 (1) letters (c), (f) of the GDPR)
ExOne will also process personal data if a legal obligation exists.
The data collected is also used to ensure the operability of IT systems.
Ensuring operability includes the following tasks:
Backing up and restoring of data processed in IT systems
Detection and protection against unauthorized access to personal data
Incident and problem management for the elimination of malfunctions in
ExOne is subject to numerous other legal obligations. In order to comply
with these obligations, we will process your data to the extent required,
and we may forward your data to the responsible authorities within the
scope of statutory reporting obligations.
Furthermore, we will also process your data in the event of legal action,
if the legal dispute requires the processing of your data.
C. Internal data transfer at ExOne
Upon careful examination of your data, we may at times transfer your data
to other companies of ExOne, who will process the data under their own
D. Data transfer to selected third parties
Companies that the data may be transferred to include the following, if and
to the extent that the necessary data protection requirements are met:
Carefully selected and vetted service providers and business partners
that we work with in order to be able to offer you products and
services. For ExOne, we do so exclusively within the context of the
strict stipulations of commissioned data processing or on the basis of
To other third parties (e.g., public bodies) if we are legally bound to
4. How do we protect your personal data?
We use various safety measures, such as state-of-the-art encryption and
authentication tools, to protect and maintain the security, integrity, and
availability of your data.
Full protection against unauthorized access can not be guaranteed when
transmitting data over the Internet or a website, but we, our service
providers, and business partners make every effort to protect your personal
data pursuant to the valid data protection regulations by means of
physical, electronic, and procedural state-of-the-art security measures.
These measures include the following:
Strict access permission criteria to your data on the basis of the
need-to-know principle (limited to as few people as possible), and
exclusively for the intended purpose
Transfer of the collected data only in an encrypted format
Storage of the collected data only in an encrypted format
Firewall protection of IT systems for protection against unauthorized
access, e.g., by hackers
Continuous monitoring of access to IT systems in order to identify and
prevent the misuse of personal data
5. How long do we retain your data?
In compliance with Art. 17 of the GDPR, we will only retain your data for
the duration required for the respective purpose for which we process your
data. If we process data for several purposes, the data is automatically
deleted or saved in a format which does not allow any direct conclusions to
be drawn about your person, as soon as the last specific purpose has been
met. ExOne has developed an in-house deletion concept in order to ensure
that your data is deleted in compliance with the data minimization
principle and Art. 17 of the GDPR. The basic principles provided by this
deletion concept for the deletion of your personal data is presented in the
Use for fulfillment of a contract
For the fulfillment of contractual obligations, the data collected from you
may be retained for the duration for which the contract is in force as well
as 6 or 10 years beyond its validity depending on the character and scope
of the contract, in order to comply with statutory storage obligations and
to be able to clarify potential inquiries and claims after expiry of the
Use for validation of claims
Data which we deem necessary to verify or dispute claims or which may be
required for criminal prosecution or to pursue claims against you, us, or
any third party, may be retained by us for as long as proceedings could
Use for customer service
The data collected from you may be retained for 3 to 10 years after
collection for the purpose of customer service, unless you request the
deletion of this data and if there are no contractual or statutory storage
obligations that contradict this request for deletion.
Who is granted international access to your data and how do we protect the
ExOne is an international company. Personal data is preferably processed
within the EU by ExOne employees and service providers commissioned by us.
If data is processed in countries outside the EU, ExOne will ensure through
standard contracts, including suitable technical and organizational
measures, that your personal data is processed in accordance with the
European data protection standard.
For some countries outside the EU, e.g., Canada and Switzerland, the EU has
already defined a comparable data protection standard. Due to the
comparable data protection standard, the transfer of data to these
countries does not require separate permission or a separate agreement.
Please click here to
contact us regarding the specific safety measures in place for the transfer
of your data to other countries.
ExOne uses a variety of service provides to assist in the provision of the
listed services and uses, who are commissioned by ExOne within the context
of the strict stipulations of data protection regarding the processing of
6. Your data protection rights
You as the data subject have certain rights in accordance with the GDPR and
other relevant data protection provisions. The following section explains
the rights of data subjects according to the GDPR. Depending on the type
and scope of your request, please submit it to us in writing.
According to the GDPR, as the data subject, you particularly have the
following rights vis-à-vis ExOne:
Right to access (Art. 15 GDPR):
You may request from us at any time information about the data we keep on
you. This information may include the data categories processed by us, the
purpose for which the data is processed, the origin of the data if we did
not collect it directly from you, and, if applicable, the recipients to
whom we have transmitted your data. You may request a free copy of your
data from us. If you request additional copies, we reserve the right to
bill you for these additional copies.
Right to rectification (Art. 16 GDPR):
You may request us to correct your data. Will will take appropriate
measures to ensure that your data that is stored and continuously processed
by us is correct, complete, and up-to-date, on the basis of the most
current information available to us.
Right to erasure ('right to be forgotten') (Art. 17 GDPR):
You may request us to delete your data, insofar as the legal prerequisites
to do so exist. According to Art. 17 of the GDPR, this may be the case if
the data concerning you is no longer required for the purposes for
which it was collected or otherwise processed;
you have withdrawn your consent, which is a fundamental requirement for
the processing of data, and if no other legal basis exists for the
you object to the processing or your data and no overriding legitimate
reasons for the processing exist, or if you object to the processing of
data for the purpose of direct marketing;
the data was processed unlawfully;
the processing is not required to ensure compliance with a statutory
obligation which requires us to process your data;
in particular in regard to storage periods in order to assert, exercise
or defend against legal claims.
Right to restriction of processing (Art. 18 GDPR):
You may request us to limit the processing of your data if
you contest the accuracy of the data, in particular for the period we
require to validate the accuracy of the data;
the processing is unlawful and you decline the deletion of your data
and opt for a limitation of use instead;
we no longer require your data, but you require the data to assert,
exercise, or defend against legal claims;
you have objected to the processing while it has not been determined
whether our justified reasons outweigh yours.
Right to data portability (Art. 20 GDPR):
Insofar as it is technically feasible, we will transfer your data to a
different data controller if so requested by you. However, you are only
entitled to this right if the processing of data is based on your consent
or if required to execute a contract. In place of receiving a copy of your
data, you may also request that we forward the data directly to a different
data controller designated by you.
Right to object (Art. 21 GDPR):
You may object to the processing of your data at any time for reasons that
may arise of special situations, as long as the processing of data is based
on your consent or on our legitimate interest or those of a third party. In
this case, we will cease the processing of your data. The latter does not
apply if we can show compelling grounds for the processing which outweigh
your interests or if we require your data to assert, exercise, or defend
Time limits for fulfillment of rights of data subjects
In principle, we make every effort to process inquiries within 30 days.
However, this time period may be exceeded for reasons arising from the
specific right of the data subject or due to the complexity of your
Limitation of information concerning compliance with data subject's
In some situations, we may not be able to provide information about all of
your data due to statutory requirements. If we are required to decline your
request for information, we will inform you about the reason for rejection
at the same time.
Complaint to supervisory authorities
ExOne takes your concerns and rights very seriously. However, if you
believe that we have not adequately addressed your complaints or concerns,
you have the right to lodge a complaint with the relevant data protection
7. Contact details for ExOne data protection office
If you have any questions about the processing of your personal data,
please use our Contact form
or contact us at the addresses provided below:
The ExOne Company
127 Industry Blvd
North Huntingdon, Pennsylvania 15642
8. Use of Google Webfonts
This website uses fonts provided by Google LLC, 1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA, to ensure that our contents are correctly
displayed and visually appealing throughout all browsers (Google Webfonts).
The legal basis is Art. 6 (1) sentence 1 letter (f) of the GDPR. The Google
fonts are locally installed on our server. No connection is made to
9. Use of Google Analytics
We use Google Analytics on our website, a website analysis service provided
by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
("Google"). In this context, pseudonymized user profiles are created and
cookies are used. The information generated by the cookie about your use of
this website, such as
1. Browser type/version
2. Operating system used
3. Referrer URL (previously visited website),
4. Host name of the accessing computer (IP address)
5. The time of the server request
is stored on the servers of Google in the USA. This information is used to
analyze how the website is used, compile reports on the activities on the
website, and in order to provide services related to the use of the website
and Internet for the purpose of market research and to personalize the
design of these websites. This information may also be transferred to third
parties, if required in the jurisdiction, or if third parties are
commissioned to process this data. Under no circumstances will your IP
address be linked to any other data held by Google. The IP addresses are
anonymized so that allocation is not possible (IP masking).
You may prevent the installation of cookies by configuring your browser
software accordingly. However, please note that this may limit the
functionality of this website.
Google Analytics is used for the purpose of optimizing and tailoring the
design of our website. This represents a legitimate interest within the
meaning of Art. 6 (1) letter (f) of the GDPR.
You can prevent the collection and processing by Google of site-related
data generated by the cookie (including your IP address) by downloading and
installing a browser add-on
As an alternative to the browser add-on - particularly for browsers on
mobile devices - you may also prevent the collection by Google Analytics by
clicking on the following link: disable Google Analytics. This will set an
opt-out cookie, which prevents the collection of your data when you visit
this website. The opt-out cookie is stored on your device and it applies
only to this browser and our website. If you delete the cookies in this
browser, you must place the opt-out cookie again.
Further information about data protection related to Google Analytics is