Privacy Policy

I. Name and Address of the Joint Controllers

The joint controllers within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations are:

II. Agreement on Joint Controllership (Art. 26 GDPR)

ventx GmbH and ventx Solutions GmbH have entered into an agreement on the joint processing of personal data in accordance with Art. 26 GDPR.

In this agreement, the primary responsibility is regulated as follows:
ventx GmbH is primarily responsible for the technical administration, website maintenance, and processing of data subject requests.
Regardless of this internal regulation, you can assert your data subject rights (access, erasure, etc.) with either of the two controllers.

Presentation of the Essential Contents of the Art. 26 Agreement

The following presents the essential contents of the agreement on joint controllership in accordance with Art. 26 of the General Data Protection Regulation (GDPR) between ventx GmbH and ventx Solutions GmbH:

1. Principle of Joint Controllership

ventx GmbH and ventx Solutions GmbH are jointly responsible for all data processing operations in connection with the operation of this joint website and the products and services offered via it (Art. 26 GDPR).

The purpose of the joint processing is the presentation, promotion, and sale of products and services of both companies within the framework of the cooperation.

2. Division of Duties

The partners have divided the duties and responsibilities for compliance with the GDPR among themselves as follows:

3. Upholding Data Subject Rights

Regardless of the internal distribution of responsibilities, data subjects (users) can assert their rights (such as the right to access, erasure, or objection) with either of the two controllers.

For the quick and efficient processing of these requests, it has been internally agreed that:

ventx GmbH is the central point of contact for all inquiries regarding the exercise of data subject rights (Art. 12 et seq. GDPR) and coordinates the requests.

ventx Solutions GmbH undertakes to forward all necessary information to ventx GmbH without delay to ensure a timely response to user requests.

III. General Information on Data Processing

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly takes place only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

IV. Provision of the Website

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling device.
The following data is collected:

1. Information about the browser type and version used

2. The user's operating system

3. The user's internet service provider

4. The user's IP address

5. Date and time of access

6. Websites from which the user's system accesses our website

7. Websites that are accessed by the user's system through our website

The legal basis for the temporary storage of the data is our legitimate interest pursuant to Art. 6(1)(f) GDPR. The temporary storage of data by the system is necessary to enable delivery of the website to the user's device. For this purpose, the user's data must be stored for the duration of the session. The recipients of the data are the controller and our technical service provider, Amazon Web Services (AWS). We have concluded a data processing agreement with AWS for this purpose. To display our website quickly worldwide, Amazon Web Services uses a globally distributed computer network for the provision and processing of data. The data is deleted as soon as it is no longer required for the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session is ended. The collection of data for the provision of the website is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

V. Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. For more information on how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en. However, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before this. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

The legal basis for the processing of the data is the user's consent (Art. 6(1)(a) GDPR) and our legitimate interest pursuant to Art. 6(1)(f) GDPR.

The use of Google Analytics is for the purpose of improving the quality of our website and its content. This allows us to learn how the website is used and thus to constantly optimize our offer. The recipients of the data are the controller and Google. We have concluded a data processing agreement with Google for this purpose. Your data is processed by Google in the USA. Google has submitted to the EU-US Privacy Shield agreement. The data is deleted as soon as it is no longer required for the purpose of its collection, but no later than after 14 months.

VI. Google reCaptcha

We use the Google service reCaptcha to determine whether a human or a computer is making a particular entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website you are visiting on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the described data processing is Art. 6(1)(f) of the General Data Protection Regulation. We have a legitimate interest in this data processing to ensure the security of our website and to protect us from automated input (attacks).

VII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

1. Right of access

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing exists, you can request the following information from the controller:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to this processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information about the origin of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or completion against the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

3. Right to restriction of processing

You can request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or

(4) if you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

You can request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay where one of the following grounds applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing was based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.

(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.

(4) The personal data concerning you have been unlawfully processed.

(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defense of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients by the controller.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in the context of the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

8. Right to withdraw the data protection consent declaration

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the controller,

(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.

However, these decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.