Privacy Policy

3RD ApS ("3RD", "we", "us" or "our") respects your privacy and is committed to protecting personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and other applicable data protection legislation.

This Privacy Policy describes how we collect, use, disclose and protect personal data in connection with our SaaS platform and related services (the "Services").

1. Data Controller

3RD ApS

Pilestræde 52A

DK-1112 Copenhagen K

Denmark

CVR: [insert CVR]

Email: info@get3rd.com

2. What Personal Data Do We Collect?

We collect and process the following categories of personal data:

2.1 Account Information

• Name, email address, phone number
• Company information (company name, business registration number, address)
• Job title and role in the organization
• Login credentials (encrypted password)

2.2 Payment Information

• Billing information (name, address, business registration number)
• Payment data is processed by our payment provider Stripe as an independent data controller

2.3 Usage Data

• Log data (IP address, browser type, device information)
• Interaction data (features used, clicks, navigation)
• Performance data (response times, error reports)
• Session data (login times, duration)

2.4 Customer Content

• Prompts, queries and instructions
• Configurations, brands, markets and settings
• Feeds, data and other input to the Services
• Output generated through the Services

2.5 Communications

• Support requests and correspondence
• Feedback, suggestions and reviews
• Marketing communications (if you have given consent)

3. How Do We Collect Personal Data?

We collect personal data through:

• Directly from you: When you create an account, fill out forms, contact support or use the Services
• Automatically: Through cookies, log files and similar technologies when you access the Services
• From third parties: From payment providers, authentication services (SSO) or other integrated services

4. Purposes and Legal Basis for Processing

We process personal data for the following purposes:

4.1 Provision of Services

• Purpose: Operation, maintenance and delivery of the Services
• Legal basis: Performance of contract (GDPR Art. 6(1)(b))

4.2 Payment Processing

• Purpose: Billing, payment processing and accounting
• Legal basis: Performance of contract (GDPR Art. 6(1)(b))

4.3 Support and Communication

• Purpose: Responding to inquiries, providing technical support and customer service
• Legal basis: Performance of contract (GDPR Art. 6(1)(b)) and legitimate interest (GDPR Art. 6(1)(f))

4.4 Product Development and Improvement

• Purpose: Analysis of usage data, debugging, optimization and development of new features
• Legal basis: Legitimate interest (GDPR Art. 6(1)(f))

4.5 Security and Abuse Prevention

• Purpose: Security monitoring, prevention of abuse, fraud detection
• Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) and legal obligation (GDPR Art. 6(1)(c))

4.6 Marketing

• Purpose: Sending newsletters, product updates and marketing materials
• Legal basis: Consent (GDPR Art. 6(1)(a)) – can be withdrawn at any time

4.7 Legal Compliance

• Purpose: Compliance with legal requirements, accounting rules and government requests
• Legal basis: Legal obligation (GDPR Art. 6(1)(c))

5. Disclosure of Personal Data

We only disclose personal data in the following situations:

5.1 Sub-processors

We use reliable third-party providers to deliver the Services:

• Cloud hosting: AWS, Google Cloud Platform (EU regions)
• AI/LLM providers: OpenAI, Anthropic, Google (process Customer Content to generate Output)
• Payment processing: Stripe (independent data controller)
• Analytics and monitoring: Tools for system monitoring and debugging
• Support tools: Customer support and helpdesk systems

An updated list of sub-processors is available at:

https://trust.get3rd.com/subprocessors

5.2 Legal Requirements

We may disclose information if required by law, court order or government request.

5.3 Business Transfers

In the event of a merger, acquisition or sale of assets, personal data may be transferred as part of the transaction.

5.4 Consent

We may disclose information with your explicit consent.

6. International Transfers

Personal data may be transferred to and processed in countries outside the EU/EEA, including the USA, when we use third-party LLMs.

We ensure appropriate safeguards through:

• EU Commission Standard Contractual Clauses (SCC)
• Adequacy decisions
• Other GDPR-approved transfer mechanisms

7. Retention of Personal Data

We retain personal data only as long as necessary:

• Account information: Retained while your account is active
• Customer Content: Retained during subscription period + 30 days after termination
• Billing information: 5 years after transaction date (accounting law)
• Support requests: 2 years after closure
• Marketing data: Until consent is withdrawn or data is outdated
• Log and security data: 12 months

After expiration of retention periods, personal data is deleted or anonymized.

8. Your Rights

Under GDPR, you have the following rights:

8.1 Right of Access (Art. 15)

You can request a copy of the personal data we process about you.

8.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete information.

8.3 Right to Erasure (Art. 17)

You can request deletion of your personal data (the "right to be forgotten").

8.4 Right to Restriction (Art. 18)

You can request restriction of processing in certain situations.

8.5 Right to Data Portability (Art. 20)

You can request to receive your data in a structured, machine-readable format.

8.6 Right to Object (Art. 21)

You can object to processing based on legitimate interest.

8.7 Right to Withdraw Consent

You can withdraw consent at any time for marketing communications.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Danish Data Protection Agency:

Datatilsynet

Carl Jacobsens Vej 35

2500 Valby

Denmark

Email: dt@datatilsynet.dk

To exercise your rights, contact us at:

info@get3rd.com

9. Security

We implement technical and organizational security measures to protect personal data:

• Encryption in transit (TLS/SSL)
• Access control and authentication
• Regular security monitoring
• Employee training in data protection
• Incident response procedures
• Regular security reviews

No method of transmission or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your personal data.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Necessary cookies: For login, session management and basic functionality
• Functional cookies: To remember preferences and settings
• Analytical cookies: To analyze usage and improve the Services
• Marketing cookies: For targeted marketing (only with consent)

You can manage cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Services.

Read more in our Cookie Policy: https://trust.get3rd.com/cookies

11. Children's Privacy

The Services are not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you are under 18, you must not use the Services or provide us with personal data.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Services at least 30 days before taking effect.

The latest version is always available at:

https://trust.get3rd.com/privacy

By continuing to use the Services after changes take effect, you accept the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our processing of personal data, please contact us:

3RD ApS

Pilestræde 52A

DK-1112 Copenhagen K

Denmark

Email: info@get3rd.com

*This Privacy Policy is part of 3RD's legal framework. For additional information, see:*

• Terms and Conditions: https://trust.get3rd.com/terms
• Data Processing Agreement: https://trust.get3rd.com/dpa
• AI Policy: https://trust.get3rd.com/ai