AI & LLM usage policy.
Last updated: 08 Jul 2026
This policy describes how 3D4U („3D4U", „we") uses artificial intelligence tools and Large Language Models („LLMs") in its business, and how we handle personal data that flows through them. It is aligned with Regulation (EU) 2016/679 (GDPR), Regulation (EU) 2024/1689 (EU AI Act) and Directive 2002/58/EC (ePrivacy).
1. When we use AI/LLM tools
We use AI/LLM tools as assistive tools in selected steps of our workflow, e.g.:
- drafting and translating website and marketing copy;
- generating or refining sketches, descriptions and CAD concepts;
- technical support, summarising e-mail threads and internal notes;
- classifying inquiries and helping to prepare customer replies.
AI/LLM tools never make autonomous decisions that produce legal or similarly significant effects on you (Art. 22 GDPR). All final decisions (quotes, order acceptance, delivery, complaint handling) are taken by a human.
2. Classification under the EU AI Act
The tools we use fall under general-purpose AI and minimal-risk systems as classified by the EU AI Act. We do not use AI for:
- biometric identification or categorisation of individuals;
- emotion recognition or social scoring;
- credit, employment or access-to-essential-services scoring;
- automated profiling with legal effects.
3. Tool inventory
Below is an indicative list of AI/LLM tool categories we may use. The exact set changes over time; an up-to-date list is available on request at 3d4uos@gmail.com.
| Purpose | Tool category | Example providers | Processing location |
|---|---|---|---|
| Writing & translation | Chat/LLM | OpenAI, Anthropic, Google, Mistral | EU / US (SCC + DPA) |
| Image/sketch generation | Text-to-image | OpenAI, Stability, Google | EU / US (SCC + DPA) |
| Speech recognition | Speech-to-text | OpenAI Whisper, Google STT | EU / US (SCC + DPA) |
| Development automation | AI code assist | Lovable AI Gateway, GitHub Copilot | EU / US (SCC + DPA) |
4. Personal data and lawful basis
When we forward personal data to an AI/LLM tool (e.g. the content of your message), the processing is based on:
- Contract performance or pre-contractual steps (Art. 6(1)(b) GDPR) — for handling your inquiries, quotes and orders;
- Legitimate interest (Art. 6(1)(f) GDPR) — for internal automation, summarisation and classification, with reasonable safeguards for your rights;
- Your consent (Art. 6(1)(a) GDPR) — where processing goes beyond what is necessary for the contract (e.g. publishing AI-assisted content that includes your input).
Special categories of data (Art. 9 GDPR — health, biometric, political views etc.) are never forwarded to LLM tools. Please do not share such data through our contact form or e-mail.
5. Transfers outside the EU/EEA
Some AI providers process data in the US or other third countries. We rely on:
- EU-U.S. Data Privacy Framework (adequacy under Commission Decision 2023/1795), where the provider is certified;
- Standard Contractual Clauses (SCC, Implementing Decision 2021/914) with supplementary technical and organisational measures;
- Data Processing Agreements (DPA) with providers acting as processors (Art. 28 GDPR).
6. Opting out of model training
Wherever technically possible we use enterprise/API plans where your input is not used to train the provider's models (e.g. OpenAI API, Anthropic API, Google Vertex AI). For tools whose default allows training, we have manually opted out. Policy references:
7. Accuracy and limitations
AI/LLM tools can produce inaccurate, outdated or misleading output („hallucinations"). Every technical fact, quote and recommendation we publish is human-reviewed before being sent or published. Customers must nevertheless independently verify a part's or recommendation's fitness for their specific use, particularly in safety-critical applications.
8. Labelling AI-generated content
In line with Article 50 of the EU AI Act, we visibly label content that is substantially AI-generated or altered (e.g. fully synthetic images, deepfake elements) where relevant. Minor interventions such as proofreading, translation or copy-editing do not require separate labelling.
9. Your rights
With respect to processing of your personal data through AI/LLM tools you have the same rights as for any other processing (see the Privacy Policy):
- access, rectification and erasure;
- restriction of processing and objection to legitimate-interest based processing;
- withdrawal of consent (where processing is consent-based);
- right not to be subject to a solely automated decision producing legal effects (Art. 22 GDPR) — we do not make such decisions;
- right to lodge a complaint with the supervisory authority — Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10 000 Zagreb, azop@azop.hr.
10. Security
Data forwarded to AI/LLM tools is transmitted over encrypted TLS channels. Access is restricted to authorised team members with two-factor authentication where available. Internal prompt logs are retained for a limited time and follow data minimisation principles.
11. Contact & changes
For questions about our use of AI/LLM tools and related data processing contact us at 3d4uos@gmail.com. We may update this policy to reflect changes in regulation and tooling; the last-modified date is shown at the top.
