Please confirm your location to see relevant content.

Data Ethics Policy

1. Introduction

This policy describes 3Shape’s approach to data ethics and the principles applying to how 3Shape processes data in an ethical, responsible, and transparent manner. 3Shape takes its responsibility as data controller seriously as we wish to be perceived as a respected, competent, and decent business partner that complies with legislation in force and monitors developments in good data ethics. 3Shape’s data ethics policy must ensure this.

2. Background

Personal data and data in general is more important to companies than ever before and personal data is increasingly processed and stored in line with ever more stringent documentation. The widespread use and value of data places heavy demands on companies and their employees’ ability to process data. 3Shape stores many types of data as well as large volumes of data. For 3Shape it is essential that our customers and the surrounding world can have confidence in our ethical handling of data. 3Shape’s data ethics policy makes our approach to data processing even clearer.

3. Scope

The ethical handling of data and personal data is a concern common to all 3Shape business units. 3Shape’s data ethics policy is based on the personal data that we store and process, but the policy also applies to other data processed by 3Shape. The policy comprises the entire group and encompasses all employees. The activities concerning data ethics are operationalized through internal policies and business procedures.

4. Data ethics

The data ethics policy is based on 3Shape’s processing of customer data, its internal efforts and 3Shape’s external environment. In connection with its final report to the government in November 2018 the Danish Expert Group on Data Ethics introduced the data ethics value compass which organizations are encouraged to use in their efforts to pursue an ethical data policy. 3Shape’s data ethics policy is summarized in section 6 below using the data ethics value compass.

Customers

3Shape’s data ethics policy rests on the premise that data provided by customers belongs to customers and is processed within the scope of the law. There must be transparency around 3Shape’s storage of data with regard to the individual customer to ensure the customer’s integrity.

Storage and use of personal data

3Shape’s data subjects are entitled to request for instance insight into their personal data. In connection with a request, 3Shape must disclose e.g., which personal data we store and process about the data subject and on which basis such processing takes place. In order to ensure the data subject’s selfdetermination over data stored about them, 3Shape works continuously to ensure that data is processed in the most structured manner possible so that there is always an overview of which data is stored and processed about the individual.

Misuse and leaks

3Shape’s storage and processing of personal data must protect data subject’s rights and dignity and at the same time ensure confidence and prevent misuse. 3Shape works consistently to protect the data subjects against misuse, e.g., by means of leaks, in order to prevent third parties from being able to use any kind of data.

Deletion of data

3Shape works continuously to ensure that personal data and other data that is no longer relevant is deleted. The ongoing deletion is to ensure that 3Shape does not retain more information about the data subjects than is necessary.

3Shape’s internal efforts

Employees contribute to ethical and responsible processing of personal data and other data and their contribution is a precondition for 3Shape’s business partners and the outside world to maintain trust in 3Shape’s overall processing of data. Consequently, 3Shape has strengthened the organization in this area in recent years.

Efforts regarding EU’s General Data Protection Regulation (GDPR) and information security

3Shape takes responsibility for its data processing. This is also why 3Shape invests time and resources on an ongoing basis in proper storage and processing of customer data. 3Shape has a dedicated GDPR specialist tasked with helping 3Shape’s Data Protection Officer (DPO) to oversee and analyze 3Shape’s processing activities focusing on GDPR compliance. Similarly, 3Shape has an information security team which is tasked with helping 3Shape’s Security Director to ensure a high level of data security. The fact that these efforts fall under the responsibility of the DPO and the Security Director helps to ensure that the entire data area is handled properly and continues to be given priority.

Employee obligations

All employees at 3Shape are responsible for ensuring that 3Shape processes data in an ethically correct manner. This applies in particular to employees whose daily work involves personal data and in connection with advisory services. At 3Shape constant focus is on ensuring that personal data is processed in the most structured manner possible, and that data is deleted when no longer relevant. 3Shape puts continuous efforts into training and educating employees to ensure that its employees process data correctly.

External environment

In addition to its customer relationships, 3Shape has a broad interface with the surrounding world. Consequently, we are conscious of our wider responsibility also with regard to ethical data processing.

Third party requirements

In its collaboration with third parties, for instance data processing centers, 3Shape ensures that third parties protect customer data. 3Shape enters into data processing agreements with relevant third parties and follows up and checks that third parties comply with the data processing agreement requirements as regards processing and storage.

Data – also a social responsibility

At 3Shape we are aware of our corporate social responsibility, also when it comes to data ethics and data processing. This is why we collaborate with the authorities and fulfil our obligations to make data available when requested to do so.

5. Responsibility and follow-up

The Board of Directors is responsible for preparing and updating this policy. The Board of Directors assesses on an ongoing basis and at least once a year whether the policy should be updated. The day-to-day activities concerning data ethics are carried out in 3Shape’s business units. 3Shape’s reporting on data ethics is the responsibility of a number of functions in the company, including Legal, IT, the DPO and the Security Director, which report significant risks to 3Shape’s Senior Leadership Team.

6. 3Shape’s data ethics summarized using the data ethics value compass

Self-determination

The starting point of 3Shape’s work with ethical processing of data will always be that data provided by data subjects belongs to the data subjects. This ensures the best selfdetermination for data subjects.

Equality and fairness

3Shape will always refrain from using data in a manner which is discriminatory or does not respect human rights.

Dignity

3Shape will always ensure the dignity of data subjects by not using data against data subjects’ interests and will ensure good data protection practices in terms of leaks and misuse.

Progressiveness

3Shape’s data processing involving efficient ethical data solutions must promote a positive development in society. Therefore, 3Shape collaborates with industry experts and business partners to ensure that the most efficient and ethical data solutions are chosen and built.

Responsibility

Everyone at 3Shape must work to ensure responsible and ethical processing of data. As a result, systematic efforts are made with regard to data processing both as regards data collection and data processing.

Diversity

In connection with data system design at 3Shape, we ensure that all data user groups can safely use 3Shape’s systems, internal as well as external, so that the system design creates an equal and dignified basis for everyone.