Privacy Policy

3E Company Environmental, Ecological and Engineering, LLC and its affiliates (“3E,” “we,” or “us”) respects your concerns about privacy. This Privacy Notice (“Privacy Notice”) outlines how we, when acting as a data controller, collect, use, disclose and otherwise process your personal data when you interact with us as a representative of our business customers and business partners, such as information we collect through our websites, social media accounts, mobile applications (collectively, our “Digital Properties”), when you use our products and services, contact our hotline, or otherwise engage with us online or offline.

If you are a job applicant, 3E’s Global Job Candidate Privacy Notice should be read together with this Privacy Notice.

The Privacy Notice describes the categories of personal data we collect, how we use and secure that personal data, when we may disclose it to third parties, and when we may transfer it outside of your home jurisdiction. This Privacy Notice also describes your rights regarding the personal data we hold about you, including your rights to access, correct, object to or restrict processing of, obtain portable copies of, and request deletion of your personal data.

We will only process your personal data as described in this Privacy Notice unless otherwise permitted or required by applicable law.

Updates: We may update this Privacy Notice from time to time. Any updated Privacy Notice will be effective when posted. Please check this Privacy Notice periodically for updates. If you do not agree with the changes, you may discontinue your interactions with us.

1. How We Obtain Information About You

We may collect personal data about you from the following sources:

Directly From You. We may collect personal data you provide directly to us , including when you contact us through Digital Properties or customer hotline, interact with us at events or tradeshows, sign up for offers or newsletters, register an account, communicate with us, participate in webinars or virtual meetings, engage in sales or customer support calls (which may be recorded in accordance with applicable law), provide content or data into our products or dashboards, or submit content for processing through our AI-enabled features.
Data Collected Automatically and Through Tracking Technologies. We may automatically collect information or inferences about you, such as through cookies and other tracking technologies. This may include information about how you use and interact with our Digital Properties or otherwise interact with us and our products, and information from and about your device, internet usage, and Digital Property activity.
From Third Parties. We may collect personal data from third parties, such as business partners or authorized resellers of 3E products, public sources, social media companies, or from others interacting with us.

We may combine information that we receive from the various sources described in this Privacy Notice, including third party sources, and use or disclose it for the purposes identified below.

2. Information We Collect

The type of personal data we collect depends on how you interact with us. We may collect the following types of personal data:

Basic identifiers, such as your name, email address, telephone number, and business contact information.
Commercial information, such as purchase or subscription information, information about products you or your business contacts order or are interested in, and other commercial or financial information.
Product and Customer Data, such as data generated or submitted when you use our products. This may include account and login details, organization information and user roles, documents and other content you upload, form entries, configuration and feature metadata, and event or audit logs.
Electronic information/internet activity, such as data gathered by technology when you visit our website, use our mobile application, or interact with us online (such as IP address, browser information, operating system type, device type). For more information about cookies and other device data, please see Section 6 of this Privacy Notice.
Professional or employment-related information, such as job title, organization, or other professional information.
Audio and audiovisual recordings, such as recordings of customer support or sales calls, product demos, webinars, training sessions, or virtual meetings (subject to applicable law and consent requirements).
Marketing and communications data, such as newsletter preferences, webinar registrations, email engagement data (opens, clicks), survey responses, and other marketing interaction data.
AI data, such as data used as input for artificial intelligence or machine learning processing and any inferences, summaries, classifications, or other derived data or outputs produced by those systems.

3. How We Use Personal Data

We limit the personal data we collect to what is necessary and proportionate for the purposes described in this Notice.

We may use personal data that you provide to us for the following purposes:

To provide you or your company with products and services, such as providing you the goods and services you or your company requests; providing customer service; processing or fulfilling orders and transactions, verifying customer information; communicating with you about your product, service, or subscription; responding to requests, complaints, and inquiries; and providing similar services and otherwise facilitating your relationship with us.
For our internal business purposes, maintaining or servicing accounts; operating our Digital Properties; and maintaining internal business records.
Product and service operation. When you use our products and services, we process product and telemetry data to analyze, operate, secure, maintain, and improve the Services, authenticate and administer accounts, enable product features, support customers, perform debugging and diagnostics, investigate incidents, and provide operational reporting.
For our internal research and product improvement purposes, such as verifying or maintaining the quality of our products or services; developing new products or services, improving our existing products and services; customizing advertisements to you and performing market research; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.
For legal, safety or security reasons, such as complying with legal and reporting requirements; investigating and responding to claims against the Company and its customers; protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity. Where required by applicable law, we will inform you of the specific lawful basis relied upon at the time your personal data is collected.
In connection with a corporate transaction, such as if we acquire, or some or all of our assets are acquired by, another entity, including through a sale in connection with bankruptcy and other forms of corporate change.
For marketing, such as marketing our products or services or those of our affiliates, business partners, or other third parties. For example, we may use personal data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events, webinars, or trade shows. You may unsubscribe to our email marketing via the link in the email or by contacting us as set forth in Section 13 below.
In a de-identified or aggregated format, we may also use or disclose your information in a de-identified or aggregated format for any purpose permitted by law.
Call recordings and support interactions. We may record support, sales, training, and demo calls for quality assurance, training, compliance, dispute resolution, and product improvement. Recording and retention will comply with applicable law and internal policies. Where required by law, we obtain consent or provide notice and an option to decline. If a participant objects, 3E personnel are instructed to stop recording.
Controller / Processor roles. Depending on the feature and the legal context, 3E may act as a controller or as a processor. Where 3E processes Customer Data as a processor, such processing is subject to our contractual Data Processing Agreement and customer instructions.

If you are an individual located in the EEA, the United Kingdom, or Switzerland, 3E processes personal data in compliance with the GDPR, ensuring a lawful basis for each processing activity. The basis varies depending on the data type and the context of our collection. Our processing activities typically fall under these lawful bases:

Contractual necessity, such as when processing is required to fulfill our contractual duties to you.
Legal obligation, such as processing data when it is necessary to comply with applicable laws or to protect the rights, safety, and property of 3E, our affiliates, customers, or third parties.
Legitimate interests, such as when we process data for purposes that are in our legitimate interests, such as securing our products or services, communicating with you, and improving our products or services. This processing is done only when these interests are not overridden by your data protection rights or your fundamental rights or freedoms.
Consent, such as when we process data when you have explicitly consented to such processing. When we rely on consent as the legal basis, you have the right to withdraw your consent for data processing at any time.

4. AI and automated processing.

We may use AI and machine learning to summarize communications, generate suggested content or recommendations, route support cases, and analyze product usage. We do not use AI to make solely automated decisions that produce legal or similarly significant effects without meaningful human involvement. AI features are implemented subject to minimization, oversight, and controls described in our internal AI Customer Notice. It explains product-level details, including that client or third-party data is not used to train external models, that AI features operate in secure enterprise environments, and available user/admin controls. Where 3E processes customer data for AI purposes we do so under our contractual Data Processing Agreement and in accordance with 3E’s AI Customer Notice (which requires minimisation, vendor safeguards and meaningful human review for material decisions). For more information see the 3E AI Customer Notice or contact genai@3eco.com or privacy@3eco.com.

5. Who may have access to your personal data

We may disclose personal data to third parties, including the categories of recipients described below:

To other companies in the 3E group of companies, which includes parents, corporate affiliates, subsidiaries, business units and other companies that share common ownership with 3E, including some 3E affiliates located outside of the United States.
Our service providers that work on our behalf which includes cloud hosting providers, CRM and ticketing systems, analytics and product-experience vendors (for example Google Analytics, Pendo and Heap), AI and automation service providers, call recording and conferencing platforms, marketing automation providers, and professional advisors. Processors process your data only under contract and are required to implement appropriate technical and organisational measures.
For legal, security, or safety purposes, we may disclose your information to third parties, law enforcement, or other government agencies to comply with law or legal requirements; to enforce or apply our Terms of Use and other agreements; to protect our rights and the property or safety of our users or third parties; and to professional consultants, such as accountants, lawyers, and financial advisors.
In connection with a corporate transaction, such as if we, sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).

3E does not sell personal data and does not share personal data for cross-context behavioral advertising as those terms are defined under applicable U.S. state privacy laws.

6. Cookies and Other Tracking Technologies

We and our authorized third parties use cookies, web beacons, pixels, session replay tools, and other tracking technologies to collect information about how you use our Digital Properties, Products and Services. These technologies may record product and service usage data, device and connection data (such as IP address, browser and OS type), page and feature interactions, session durations, clicks, and navigation paths.

Analytics and product-experience providers. We use analytics and product-experience providers — for example Google Analytics, Pendo, and Heap — to measure how users interact with our websites and products, run product experiments, and improve user experiences. These providers collect event and session telemetry and may set cookies or similar identifiers. We process and share such telemetry under contracts and Data Processing Agreements with those vendors.

Session replay. We may use session replay or behavioral analytics tools that capture interactions such as mouse movements, scrolling, clicks and form interactions to support usability analysis and troubleshooting. These tools are configured to avoid capturing sensitive fields where feasible. If you are concerned about specific data being captured in a session replay, contact privacy@3eco.com.

Cookie categories & legal basis. We use the following cookie categories: (1) essential/strictly necessary cookies; (2) functional cookies; (3) analytics/performance cookies; and (4) marketing cookies. Where required by applicable law (for example in the EU/EEA and UK), we obtain your consent before placing non-essential cookies or enabling non-essential analytics or product tracking. You can manage or withdraw consent through our cookie settings tool.

Anonymization and minimization. We configure analytics where feasible to support IP truncation/anonymization and to minimize collection of sensitive fields. Product analytics and AI inputs are subject to controls to limit the capture of sensitive personal data.

Opt-out. You may refuse or delete cookies through your browser or device settings. You can also opt out of Google Analytics collection via Google’s Analytics Opt-Out Browser Add-on and control third-party advertising preferences on industry opt-out platforms. If you are a customer, contact your account team or privacy@3eco.com to arrange product-level privacy controls or opt-out options.

7. Data Transfer

We may transfer the personal data that we collect about you to recipients in countries other than the country in which the personal data originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the personal data. When we transfer your personal data to recipients in other countries (such as the U.S.), we implement appropriate safeguards to protect your personal data in accordance with this Privacy Notice.

The U.S. Department of Commerce administers the Data Privacy Framework (“DPF”) Program, including processing submissions for self-certification and re-certification to the EU.-U.S. DPF Principles, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”). 3E will continue to participate in and comply with the relevant DPF Principles.

If the DPF becomes unavailable or is determined to be insufficient for particular transfers, we will, where necessary and permitted by applicable law, implement alternative safeguards (for example, Standard Contractual Clauses or other transfer mechanisms recognized under applicable law) and any supplementary measures that are appropriate in the circumstances.

If you are located in the United Kingdom (“UK”), European Economic Area (“EEA”) or Switzerland, 3E has certified to the EU-U.S. and Swiss-U.S. Data Privacy Frameworks for the transfer of personal data from the EEA and Switzerland, as well as the UK extension for the transfer of personal data from the United Kingdom to the United States, as described further in our Data Privacy Framework Notice. To learn more about the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, and the UK extension, please visit Data Privacy Framework. To view 3E’s certification, please visit https://www.dataprivacyframework.gov/list .

8. Your Rights and Choices

Depending on which laws apply to your personal data, you may have the following rights in relation to personal data that we hold about you:

To request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data.
To request that we rectify or update your personal data that is inaccurate, incomplete or outdated.
To request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
To request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;
Where you have given us consent to process your personal data, to withdraw your consent; and
To request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstance.

You may contact us at privacy@3eco.com or as described in the “How to Contact Us” section below to exercise your rights described above.

You also have the right to lodge a complaint with the data protection supervisory authority in your country. You can find the contact information of the data protection supervisory authority in your country here (for EU citizens) and here (for UK citizens).

9. Data Security

We maintain reasonable technical and organizational measures to protect personal data appropriate to the risk, including encryption in transit and at rest where supported, access controls, logging and monitoring, vulnerability management, and regular security reviews. Processors who handle your data are contractually required to maintain appropriate security measures and are reviewed prior to engagement.

10. How Long We Keep Your Personal Data

We retain personal data only as long as is reasonably necessary to fulfil the purposes described in this Notice, to satisfy contractual obligations, to meet our legal or regulatory obligations, and to protect the legitimate interests of 3E and others (for example to investigate fraud or resolve disputes).

Customer account and contractual data. Retained for the duration of the customer relationship and for as long as necessary to satisfy contractual commitments, regulatory obligations, or to resolve disputes and enforce agreements.
Support interactions and call recordings. Retained only for as long as necessary to support quality, training, compliance and to satisfy any applicable legal requirements. Recording and retention practices are applied in line with the provided consent when required.
Product telemetry, logs and diagnostics. Retained in identifiable form only for the time needed to operate, stabilise and secure the service (including incident investigation and security monitoring). Where feasible and useful for long-term analysis, telemetry is retained in aggregated or anonymised form.
Marketing and communications data. Retained to manage subscriptions, preferences and communications until you withdraw consent or unsubscribe, subject to legitimate business or compliance needs.
AI inputs and derived outputs. Retained only for as long as necessary to provide AI features, to support model governance and improvement where permitted, and in accordance with our AI governance requirements; AI inputs, prompts and outputs are handled under the controls described in our AI policy and contractual commitments.
Operational notes and exceptions. Backups, archival copies, or system logs may remain for a limited additional time after deletion in production systems for disaster recovery and forensic purposes; such copies are subject to our security and access controls. Where applicable law, a valid legal obligation, litigation hold, or an internal investigation requires retention, we will retain the relevant records for the period required. Where we are processing Customer Data as a processor, retention will also be governed by the customer’s instructions and the Data Processing Agreement. See our Client Data Processing Agreement for details.

Customers and individuals may request information about applicable retention periods, request deletion or export of their personal data, or raise queries about specific product retention practices by contacting privacy@3eco.com or their 3E account representative.

11. Children’s Privacy

Interactions with us are intended for individuals 18 years of age and older. Our interactions are not directed at, marketed to, nor intended for children under 18 years of age. 3E does not knowingly collect any information, including personal data, from children under 16 years of age. If you believe that we have inadvertently collected personal data from a child under the age of 16, please contact us using the information in Section 12 below.

12. External Links

When interacting with us, you may encounter links to external sites or other online services. We are not responsible for the privacy practices and data collection policies for such third party services. You should consult the privacy notices of those third party services for details.

13. How to Contact Us Regarding Privacy Inquiries

If you have any questions or comments about this Notice or any issue relating to how we collect, use, or disclose personal data, or if you would like to exercise your data subject rights, you may contact us:

By email at: privacy@3eco.com

In writing at:
3E
Attention: Privacy Team
4520 East West Highway, Suite 440

Bethesda, MD 20814 USA

Our EU Representative

If you are located in the European Union (“EU”) and have any questions or comments about this Notice, any issue relating to your personal data, or if you would like to exercise your data subject rights, you may contact our EU representative. Please include your name and the name of the business (3E) to which your request refers.

By email at: privacy@3eco.com

In writing at:
3E Europe GmbH
Attention: Privacy Team
Bergheimer Str. 3
88677 Markdorf, Germany

Our UK Representative

If you are located in the UK and have any questions or comments about this Notice, any issue relating to your personal data, or if you would like to exercise your data subject rights, you may contact our UK representative. Please include your name and the name of the business (3E) to which your request refers.

By email at: datarequest@datarep.uk (quoting “3E” in the subject line)

In writing at:
DataRep
Attention: 3E – Privacy Notice
107-111 Fleet Street,
London,
EC4A 2AB
United Kingdom

US State Law Requirements

Certain U.S. state privacy laws provide residents with specific rights regarding their personal data. This Privacy Notice applies to residents of states that have enacted applicable privacy laws. If you are a resident of a state that provides such rights, you may have the right to request access to, correction of, deletion of, or a copy of your personal data, subject to applicable exceptions. Residents of certain states may also have the right to opt out of the sale of personal data, the sharing of personal data for cross-context behavioral advertising, or certain profiling activities. We do not sell or share (as those terms are defined under applicable state privacy laws) personal data. If you would like to exercise your privacy rights, you (or your authorized agent, where permitted by law) may contact us at privacy@3eco.com. CATEGORIES OF INFORMATION WE COLLECT

We may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. In the preceding 12 months, we may have collected the following categories of personal data :

DISCLOSURE OF PERSONAL INFORMATION FOR BUSINESS PURPOSES

In the preceding 12 months, we have disclosed the above categories of personal data and sensitive personal data for business purposes, including: (a) to provide you or your company with products and services, (b) for our internal business purposes; (c) for our internal research and product improvement purposes; (d) for legal, safety or security reasons; (e) in connection with a corporate transaction; and (4) for marketing, as well as for administrative purposes, to our service providers and contractors, including those for web analytics, data processing, auditing, and other administrative purposes. Our service providers and contractors are obligated not to disclose or use personal information outside of the business relationship with us or for purposes not permitted in their contract with us.

USE AND DISCLOSURE OF SENSITIVE PERSONAL DATA

We do not use or disclose sensitive personal information for purposes that would require us to provide a right to limit the use or disclosure of sensitive personal information under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”).

SUPPLEMENTAL INFORMATION FOR RESIDENTS OF CALIFORNIA

This section applies solely to residents of California and is provided pursuant to the CCPA.

(1) Right to Know

You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you:

(a) The categories of personal information we have collected about you;
(b) The categories of sources from which the personal data was collected;
(c) The business or commercial purpose for collecting, selling, or sharing personal data;
(d) The categories of third parties to whom we disclose personal data; and
(e) The specific pieces of personal data we have collected about you, subject to applicable exceptions .

(2) Right to Delete a

You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers and contractors to delete) your personal information from our records, unless an exception applies . If your request is denied, the response we provide to your verifiable consumer request will explain the reason for denying your request.

(3) Right to Correct

You have the right to request that we correct inaccurate personal data that we maintain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will correct the inaccurate personal data as required by law or inform you of the basis for denying your request.

(4) Right to Opt-Out of the Sale or Sharing of Personal Information

We do not sell or share (as those terms are defined under the CCPA) personal data and therefore do not provide a method to opt-out from such activities.

(5) Right to Limit Use of Sensitive Personal data

We do not use or disclose sensitive personal data for purposes other than those business purposes permitted under Section 1798.121 of the CCPA and therefore do not provide a method to limit such activities.

(6) Right to Non-Discrimination

We will not discriminate against you for exercising your rights under the CCPA.

Our Verification Process

Upon receipt of your request, we will take steps to verify your identity by matching the information you provide with information in our records. We may request additional information as necessary to verify your identity or process your request.

We will confirm receipt of your request within 10 business days and will respond within 45 calendar days, unless additional time is required. If we require more time (up to an additional 45 days), we will notify you of the reason and extension period. If we are unable to verify your identity, we may deny the request and will inform you of the reason. Authorized Agents

You may use an authorized agent to submit a request to know, request to delete, or request to correct on your behalf. The authorized agent can submit such requests on your behalf by contacting us at privacy@3eco.com.

We may require proof that you provided the authorized agent with signed permission to submit the request and may require you to verify your identity directly with us. Contact Information

If you have any questions or concerns about our privacy policies or information practices, including, but not limited to, the ways in which we collect and use your personal information, or your choices and rights regarding such use, or if you wish to exercise your data subject access rights, please do not hesitate to contact: privacy@3eco.com. This Privacy Notice may be found on www.3eco.com.