Privacy Policy

Privacy Policy

At Prisma3D, provided by WondaPix Technologies GmbH, we care about your personal information. So, we have prepared this Privacy Policy to explain how we collect, use and share it.

With this Privacy Policy, WondaPix Technologies GmbH (hereinafter “we“) informs you (hereinafter “you“) as the person responsible within the meaning of the data protection laws. As a German company, we are subject to the General Data Protection Regulation (hereinafter “GDPR“) and the German Federal Data Protection Act (hereinafter “BDSG“) as well as the German Telecommunications-Telemedia Data Protection Act (hereinafter “TTDSG”). We additionally comply with other country-specific data protection laws. Please find more information in section 2.2.

This Privacy Policy explains how we process personal data when you use the website https://prisma3d.net/ (hereinafter “website”) and the Prisma3D app (hereinafter “app”; collectively referred to as “services”). It also informs you about your rights regarding the processing of your personal data.

We ask you to carefully read the following Privacy Policy. The privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our services and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

1. Information about us as controllers of your data
2. Definitions
3. User and Data Subject Rights under the GDPR
4. Other country-specific data protection laws
5. Child and Educational Usage
6. Information about the data processing

1. Information about us as controllers of your data

Controller

The party responsible for the services (the „controller“) for purposes of data protection law is:

WondaPix Technologies GmbH
Spicherenstr. 3
81667 Munich
Germany

Email: info@prisma3d.net

The controller’s data protection officer is:

Joana Haase

Email: privacy@prisma3d.net

Hosting

For the hosting of our website we use the services of the 1blu AG, Riedemannweg 60, D-13627 Berlin (hereinafter “1blu”). 1blu’s servers are located in Frankfurt a.M., Germany.

Data Security

We do not pass on your personal data to third parties unless you have consented to the passing on of data or the operator is entitled or obliged to pass on data due to legal provisions and/or official or court orders.

We secure our services and other systems by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. These are adapted according to the current state of the art. In particular, all of our content is transmitted in encrypted form.

Our services may contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, the operators of the linked website are responsible for the processing of your personal data on these websites. Please make sure you are aware of the applicable data protection conditions before submitting personal data to these websites.

2. Definitions

App means “Prisma3D” software/mobile applications

CCPA means the California Consumer Privacy Act of 2018

Child or Children means children under age 13 in the U.S. and children under age 16 outside the U.S.

GDPR means the General Data Protection Regulation, a European Union law that governs the processing and protection of personal data within the EU and EEA.

Controller refers to the entity responsible for the services covered by this Privacy Policy: WondaPix Technologies GmbH

Third Party refers to any external entity, organization, or service provider that receives data from us for specific purposes, such as analytics, performance monitoring, or service optimization. In our case, third parties may include services like Mixpanel, Google Analytics, or the Google Play Store. All data shared with third parties is anonymized and does not constitute personal data.

Personal Data means any information relating to an identified or identifiable individual. This includes your name, e-mail address and, where applicable, your address and telephone number as well as your IP address and online identifiers. Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing functional and user-friendly services, including its contents, and the services offered there.

Processing refers (per Art. 4 No. 1 GDPR) to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

3. User and Data Subject Rights under the GDPR

With regard to the data processing to be described in more detail below, users and data subjects have the right

• to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
• to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
• to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
• to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
• to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

Addresse of competent data protection supervisory authority:

Postfach 1349, 91504 Ansbach, Deutschland

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

If you have any questions, comments or requests regarding the collection, processing and use of your personal data, or to exercise your rights as set out above, please contact us by email at privacy@prisma3d.net or by letter at the above address.

4. User and Data Subject Rights under the GDPR

4.1. United States – California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

1. Right to Know – You may request details about:

1. The categories of personal data we collect, use, disclose, and sell.
2. The specific pieces of personal information we have collected about you.
3. The categories of sources from which your data is collected.
4. The business purpose for collecting or sharing your data.
5. The third parties with whom we share personal information.
6. Right to Delete – You may request that we delete your personal data, subject to certain legal exceptions.
7. Right to Opt-Out of Sale or Sharing of Personal Data – We do not sell personal data for direct marketing purposes. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link.
8. Right to Correct Information – You may request that we correct inaccurate personal data we hold about you.
9. Right to Limit Use of Sensitive Personal Data – If we process sensitive personal data (e.g., geolocation, racial or biometric data), you may request to restrict its use to only necessary business purposes.
10. Right to Non-Discrimination – We do not treat users differently for exercising their rights under CCPA.

How to Exercise Your Rights

To submit a request to access, correct, or delete your personal data, you can email us at privacy@prisma3d.net

For verification, we may request additional information to confirm your identity before processing your request.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy unless required by law.

4.2. Brazil – Lei Geral de Proteção de Dados (LGPD

Brazil’s LGPD (Law No. 13,709/2018) governs the processing of personal data, granting users:

• The right to access, correct, or delete their personal data.
• The right to data portability to another service provider.
• The right to object to data processing in certain cases.
• The right to withdraw consent at any time.

Brazilian users can exercise their rights by contacting privacy@prisma3d.net

4.3 Canada – Personal Information Protection and Electronic Documents Act (PIPEDA)

Under PIPEDA, Canadian users have the right to:

• Be informed about how their personal data is collected and used.
• Request access to their data and correct inaccuracies.
• Withdraw consent for data processing.
• File a complaint with the Office of the Privacy Commissioner of Canada (OPC).

For requests regarding your personal data, contact privacy@prisma3d.net

4.4 Australia – Privacy Act 1988 & Australian Privacy Principles (APPs)

The Privacy Act 1988 and the Australian Privacy Principles (APPs) regulate personal data handling in Australia, granting users:

• The right to know why their data is collected and how it is used.
• The right to access and correct their data.
• The right to opt-out of direct marketing.
• The right to complain to the Office of the Australian Information Commissioner (OAIC) if their privacy is violated.

Australian users can contact us at privacy@prisma3d.net to exercise their rights.

5. Child and Educational Usage

Definition of a Child

• In accordance with U.S. laws, a child is defined as any individual under the age of 13
• In all other countries, a child is defined as any individual under the age of 16

Data Collection and Privacy Protection

• We do not collect, store, or process any personal data from children.
• Analytics services are disabled for child users to ensure no tracking of behavior or personal data.
• Any advertisements displayed are family-friendly and personalized ads are turned off for children.

Content Usage and Storage

• All content provided by Prisma3D in the Prisma3D mobile app is family-friendly.
• Users can freely import content into the app, but all projects and imported content are stored locally on the user’s device.
• No content is transferred to the servers of WondaPix Technologies GmbH.
• Parents and educational institutions are responsible for monitoring the content created by children within the app.

Website and Online Services

• Our website services (such as bug report forms, contact forms, etc.) are only directed to adults (18 years or older).
• Users must confirm they are 18+ before using any online service that requires submitting data.
• If you believe your child has provided personal information without your consent, please contact us at privacy@prisma3d.net, and we will promptly delete the data.

5.1 Compliance with U.S. Educational and Child Protection Laws

FERPA (Family Educational Rights and Privacy Act)

• Prisma3D does not collect or store educational records or student personal data, ensuring compliance with FERPA regulations for educational institutions.
• Schools and educators using Prisma3D must ensure compliance with FERPA requirements regarding student privacy.

CIPA (Children’s Internet Protection Act)

• Prisma3D does not collect, share, or distribute any content or personal data, ensuring compliance with CIPA.
• Our app does not include harmful content, inappropriate online interactions, or data tracking.

6. Information about the data processing

Your data processed when using our services will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Logfiles

Personal data also includes information about your use of the services. In this context, we or our hosting provider 1Blu collect the following personal data:

• Your IP address,
• your internet service provider,
• date and time of the request,
• content of the request,
• access status/HTTP status code,
• scope of the data transfer,
• browser, operating system and its interface, language and version of browser software,
• brand and type of device
• as well as other connection data and sources that you retrieve.

This is usually done by using log files.

We use this data to protect our legitimate interests,

• to display the services on your device,
• to ensure the functionality of the services,
• to optimise our services,
• to ensure the security of our information technology systems.

Access to this data is in accordance with § 25 Para. 2 No. 1 TTDSG. The legal basis for the data processing is Art. 6 Para. 1 lit. f) GDPR.

Cookies

a) (Session) cookies

We use cookies to provide our services. Cookies are small text files or other storage technologies stored on your computer by your browser. A cookie usually contains the name of the service from which the cookie data is sent, information about the age of the cookie and an alphanumeric identifier (Cookie ID). These cookies process certain specific information about you, such as your browser, location data, or IP address.

This processing makes our website and app more user-friendly, efficient, and secure, allowing us, for example, to display our website and app in different languages.

Within the scope of the services, we use cookies that are absolutely necessary so that we can provide you with the services (hereinafter “necessary cookies“). Necessary Cookies are set when you access the Services. We use Necessary Cookies that are strictly necessary for the operation of the Services in order to protect our legitimate interest in displaying the Services on your terminal device and storing your cookie settings. The provision of the services or certain functions of the services would not be possible without the use of the necessary cookies. Access to this data is in accordance with § 25 para. 2 no. 2 TTDSG. The legal basis for the processing of the data collected with the help of necessary cookies is Art. 6 para. 1 p. 1 lit. f DSGVO.

In addition, we use cookies that are not absolutely necessary for the provision of the services (hereinafter “consent cookies“). However, consent cookies are only used if and insofar as you have previously given your consent for this via the cookie banner. The cookie banner is displayed the first time you access the services or when the term of your consent has expired. In the cookie banner, you can give your consent separately for each consent cookie. If you do not give your consent for the use of all or individual consent cookies, it cannot be guaranteed that you will be able to use all offers of the services without restriction or at all. Access to the data collected with consent cookies is in accordance with § 25 Para. 1 TTDSG. The legal basis for the use of the data obtained with the help of the consent cookies is Art. 6 para. 1 lit. a) DSGVO.

Furthermore, the legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our services. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.

When you close your browser, session cookies are deleted.

b) Third-party cookies

If necessary, our website and/or app may also use cookies from companies with whom we cooperate forthe purpose of advertising, analyzing, or improving the features of our services.

Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

c) Disabling/revoke cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.

Newsletter

If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties.

As said before the newsletter will only be sent if you give us the consent to do so. You give your consent in two steps: Firstly, you confirm that you wish to activate the newsletter dispatch by entering your e-mail address, ticking the box and then confirming. We will then send you an activation e-mail in which you click on a link to activate your e-mail address for receiving the newsletter. Only after finishing the Double-Opt-in-Process, the newsletter will be sent to your e-mail address.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.

You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent (e-mail: privacy@prisma3d.net) or click on the unsubscribe link contained in each newsletter.

Contact/Contact form

If you contact us via email, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all. The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.

You can also use the contact form within our services to send us suggestions or comments or to request information about our services. When you use the contact form for bug reports and feedback, the following mandatory information is transmitted to us:

• e-mail address,
• Discord Username

When you use the contact form for educational institutions, the following mandatory information is transmitted to us:

• name,
• e-mail address,
• name of school / educational institution

In addition, you can voluntarily provide further information about your request. We use this data exclusively to answer your enquiry and to send you information and advertising material if you have requested such. We use the voluntary information to address you personally.

Without this information, we process your data to protect our legitimate interest in offering you modern and convenient ways to contact us. The legal basis for the processing is Art. 6 Para. 1 lit. f) GDPR.

Your data will be deleted once we have fully answered your inquiry and if there is no further legal obligation, such as an order or contract resulted therefrom.

Bug Reports

If you contact us via the Bug Report Prisma3D Beta v2.0 contact form and gave your consent to our Bug Reporting Terms & Conditions, we will use your data for the purpose of further improving the Prisma3D app. To reproduce and fix bugs efficiently, we need to be able to contact you again after your bug report. Therefore, we collect your e-mail address and, if applicable, Discord account name as a mandatory field as of 22^nd January 2022. We will use the e-mail address and Discord account name solely for the purpose of contacting you regarding the bug. Once the bug is completely fixed and there is no legal retention period to keep your data, the bug report will be anonymized or deleted.

As you need to consent to this Privacy Policy and the Bug Reporting Terms & Conditions before you can submit a bug, the legal basis for this data processing is Art. 6 Para. 1 lit. a) GDPR.

User posts, comments, and ratings

We offer you the opportunity to post questions, answers, opinions, and ratings on our website, hereinafter referred to jointly as „posts.“ If you make use of this opportunity, we will process and publish your post, the date and time you submitted it, and any pseudonym you may have used.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent (e-mail: privacy@prisma3d.net)

In addition, we will also process your IP address and email address. The IP address is processed because we might have a legitimate interest in taking or supporting further action if your post infringes the rights of third parties and/or is otherwise unlawful.

In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in any legal defense we may have to mount.

Blog via WordPress

Within our services we utilize the WordPress platform for our blog, provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA (“WordPress”).

When you use our blog, WordPress sets cookies to enhance your user experience. These cookies capture essential functionalities, especially when commenting on our articles.

The commenting feature on our blog allows for the collection of certain data, such as your comment, the time of your comment’s creation, and, if not posted anonymously, the username you’ve chosen. The IP addresses of users leaving comments will also be stored. This is a precautionary measure for us in case there’s any infringement of third-party rights or unlawful comments.

According to WordPress, the data collected when you comment will not be merged with any other data that WordPress might have stored about you.

Further information on data protection with WordPress can be found at https://automattic.com/privacy/ .

We only use the WordPress commenting feature if, and insofar as, you have given your prior consent for this via the cookie banner or the comment submission form. The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.

If you want to stop the use of the WordPress commenting feature after giving your consent, you have the option to revoke your consent. You can revoke your consent at any time via the cookie settings or by refraining from using the commenting feature. However, we draw your attention to the fact that we cannot guarantee that you will be able to use all the functions of the blog without restrictions if you do not give or revoke your consent to the use of the WordPress commenting feature.

Google Fonts

Our website uses Google Fonts to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter “Google“).

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display.

Insofar as further independent processing of the data is carried out by Google Fonts, Google is solely responsible for this. However, we only use Google Web Fonts if and insofar as you have given your prior consent via the cookie banner. Access to the information takes place in accordance with § 25 Para. 1 s. 1 TTDSG. The legal basis for the processing of the data collected with Google Web Fonts is Art. 6 Para. 1 lit. a) GDPR. If you wish to prevent the use of Google Web Fonts after giving your consent, you have the option of revoking your consent.

Further information concerning the Privacy Policy of Google can be found under

https://policies.google.com/privacy

Further information concerning Google Webfonts can be found under

https://developers.google.com/fonts/faq/privacy

in particular on options for preventing the use of data.

Google Analytics

The mobile Prisma3D app uses Google Analytics. This is a service provided by Google. If you consent to enable tracking within the Prisma3D mobile app, the app is going to use Google Analytics 4 to track your user behavior. This is a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Irland (hereinafter “Google“).

Google Analytics uses cookies, which are text files placed on your device, to help the services analyse how users use them. The information generated by the cookie about your use of the services is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on the service, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of us, Google will use this information for the purpose of evaluating your use of the services, compiling reports on activity and providing other services relating to activity and internet usage to us. The IP address transmitted by your app as part of Google Analytics will not be merged with other Google data.

We would like to point out that the code “gat.anonymizeIp();” has already been added to Google Analytics on the services in order to ensure that IP addresses are only recorded anonymously (so-called IP masking).

We also use Google Analytics to analyse data from ads and the Double-Click-Cookie for statistical purposes.

Further information on data protection at Google can be found at https://policies.google.com/privacy?hl=de.

However, we only use Google Analytics, if and insofar as you have given your prior consent for this via the cookie banner. The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. The access to the information takes place in accordance with § 25 para. 1 p. 1 TTDSG. If you wish to prevent the use of Google Analytics after granting the corresponding consent, you have the option of revoking your consent. You can revoke your consent at any time via the cookie settings on the services. However, we draw your attention to the fact that we cannot guarantee that you will be able to use all the functions of the services without restriction or at all if you do not give or revoke your consent to the use of Google Analytics.

Google AdSense

We use the advertising tool Google AdSense from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google“).

Google AdSense enables us to display advertisements within our services. Google AdSense only shows you ads that match our content and are child safe. Google has its own algorithm that calculates which ads you will see based on what you are interested in. Google checks which advertisements are suitable for our services and for our users on the basis of your interests or your user behaviour and on the basis of our offer. For children und the age of 13 in the U.S. and under the age of 16 in other countries, the settings in Google AdSense are set to only show non-personalized ads. That means, that their user behaviour and data is not sent to Google. The ad settings in our app are set to General Audiences for every user. So, only ads are shown whose content is suitable for all audiences, including families and children.

Google AdSense may place and read cookies on the Prisma3D app or use web beacons to store data that they obtain from serving ads on the website as part of AdSense. Web beacons are small graphics that do log file analysis and log file recording. This enables statistical analysis for online marketing. Google may collect certain information about your user behaviour on the Prisma3D app through these cookies. This includes Information on how you interact with an ad (clicks, impression, mouse movements), Information on whether an ad has appeared in your app at an earlier time. This data helps us to avoid showing you an ad more than once. Google analyses information on how you interact with an ad (clicks, impression, mouse movements) as well as information on whether an ad has already appeared in your app at an earlier time. Google analyses and evaluates the data on the advertisements displayed and your IP address. Google uses the data primarily to measure the effectiveness of an ad and to improve the advertising offer. This data will not be linked to any personal data that Google may have about you through other Google services

Further information on data protection at Google can be found at https://policies.google.com/privacy.

We only use Google AdSense if and insofar as you have previously given your consent to this via the consent message in the Prisma3D app. The legal basis for this is Art. 6 para. 1 lit. a) GDPR. Access to the information takes place in accordance with § 25 para. 1 p. 1 TTDSG.

If you want to stop the use of Google AdSense after giving your consent, you have the option to revoke your consent. You can revoke your consent at any time via the “Manage” button within the mobile Prisma3D app. However, we draw your attention to the fact that we cannot guarantee that you will be able to use all the functions of the services without restriction or at all if you do not give or revoke your consent to the use of Google AdSense.