Privacy Policy

Only the German version of this privacy policy is legally binding; the English translation is for informational purposes only.

Privacy notice according to Art. 13, 14 GDPR

Protecting personal data is an important concern for us. We process your personal data in accordance with legal requirements, in particular the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”). The following notices describe how we collect, store, and otherwise process your personal data in connection with:

  • your visit to our website (including use of our VATRIX Health Platform), hereinafter Part A
  • the initiation, establishment, and execution of a business relationship and/or contact with us for other reasons, hereinafter Part B

and what rights you have in this context, hereinafter Part C.

Responsible entity

Responsible for the processing of personal data is:

THE VATRIX GmbH

hereinafter “we” and/or “VATRIX”

Frohnstr. 2
40789 Monheim am Rhein
Germany

Contact person for data protection

We will answer all questions about data protection at:

mail@thevatrix.de
Click to copy

+49 (0) 69 34871650

Part A

Privacy notice for visitors to our website and use of our VATRIX Health Platform

1.Categories of data, purposes, and legal bases of processing

When using our website, we process the following personal data:

  • Information automatically sent to us by your browser or device, such as your IP address, device type, browser type, language and version, access status, previously visited websites, operating system and interface, visited subpages, and date and time of each visitor request.

We process your personal data for the following purposes:

  • Technical administration of the website (including detection and prevention of fraudulent or similar actions and attacks on our IT infrastructure, enabling user authentication, and other administrative purposes).

The legal basis for processing personal data for the above purpose is Art. 6(1)(f) GDPR (legitimate interest), regardless of whether a contractual relationship exists with you.

Additionally, we process your personal data for the following purposes:

  • Provision of online and service functionalities of the VATRIX Health Platform (to use the services and features of our VATRIX Health Platform).

This includes especially the processing of the following data:

  • Master data (name, address, and contact details), login data (email address, password, company affiliation), user interactions on the VATRIX Health Platform, information and documents entered/uploaded to the VATRIX Health Platform, data on the selected payment method (e.g., bank details, IBAN, type and amount of remuneration).

Please also note the processing activities described under Part B which generally apply to any form of business relationship with us.
If and to the extent that you provide additional information via contact forms or email, we also process these personal data.
Legal bases for the processing of personal data for the above purpose are Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest). Without processing personal data, we cannot provide our online service as intended. In particular, transmission of personal data such as the IP address is necessary to establish a connection.
In some cases, we explicitly ask for your consent to process your personal data. In such cases, the legal basis is your consent under Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

2.Cookies and analytics tools

a.

General information

Cookies are small text files stored by your browser on your device when you visit our website.
Depending on the type, cookies may not require consent or may require it. Non-consent cookies are especially those necessary to provide our online services. The legal basis for storing and accessing such cookies is § 25(2)(2) TDDDG. The further data processing is based on Art. 6(1)(f) GDPR (legitimate interests in providing the online service or IT security).
By contrast, consent-based cookies serve to customize user preferences and/or allow analysis of our online reach. You grant this consent when our website displays the . There, you can consent to the use of cookies on this website by clicking a button
The legal basis for processing data from consent-based cookies is your consent under § 25(1) TDDDG and Art. 6(1)(a) in conjunction with Art. 7 GDPR. These data include IP address, page views, time spent, and country of origin. These stats vary depending on the cookie or tool and help us optimize our offering.
You may change your decision about consent-based cookies anytime. You may also withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
Withdrawal of Cookie Consent
Use this link to withdraw your consent and display the cookie banner again:

b.

Use of non-consent cookies

We use the following non-consent cookies on our website, which are necessary to provide our online service:

Cookie ID

Duration

Description

cookie_consent

6 months

This cookie is used to remember the user's consent to the use of cookies on the website.

Please note these cookies are active regardless of your consent settings (see above).

c.

Use of consent-based cookies/tools

We also use the following consent-based cookies/tools on our website:

Google reCAPTCHA

Preferences & Technology

We use the service 'Google reCAPTCHA' (hereinafter 'reCAPTCHA') on this website. Provider is Google Ireland Limited ('Google'), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins as soon as the website visitor enters the website and gives consent to data processing. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor and mouse movements made by the user). The data collected during the analysis is forwarded to Google (also in the USA).
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG (consent), which we obtain from you as part of our cookie banner when you first visit our website.
More info on Google reCAPTCHA can be found in Google’s privacy policy and terms at:
Google Privacy Policyas of June 2025The company is certified under the 'EU-US Data Privacy Framework' (DPF), ensuring compliance with EU standards for data processing in the USA. More details are available from the provider here:
DPF certification informationas of June 2025

Cookie Language Selection

Preferences & Technology

We use a separate cookie to store your language preference on this website.
This cookie saves your selected language setting so that your preferred language is automatically displayed on future visits to our website. The cookie only contains a language code (e.g. “de” for German or “en” for English) and no other personal data.
The cookie is only set after you have made a conscious language selection. It remains on your device until you delete it manually, change your cookie settings or the validity period expires and it is automatically deleted by the browser.
The cookie is stored on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (consent), which we obtain from you as part of our cookie banner when you first visit our website.

Cookie Details:

Cookie Id:

preferredLanguage

Purpose:

Stores the user's preferred language

Duration:

6 months

Company:

THE VATRIX GmbH

Part B

Privacy notice for business customers and prospects

1.Categories of data, purposes, and legal bases of processing

In the context of a business relationship with you or its initiation, we typically process the following categories of data:

  • Personal data (name, date and place of birth, nationality)
  • Contract data (contractual relationship, product or contract interest)
  • Communication data (phone, email, address, IP address)
  • Customer history
  • Billing and payment data
  • Planning and control data
  • Advertising and sales data
  • Information from third parties (e.g., credit agencies or public directories)

Other personal data may also be processed depending on the business relationship. We process your personal data for the following purposes and legal bases:

a.

Contractual basis (preparation, execution, termination), Art. 6(1)(b) GDPR

  • Responding to inquiries and pre-contractual steps
  • Preparing, negotiating, and fulfilling a contract
  • Granting access to certain information and offers

b.

Legal obligation, Art. 6(1)(c) GDPR

  • Regulatory or court order
  • Compliance with statutory retention obligations, especially tax and commercial law

c.

Legitimate interest, Art. 6(1)(f) GDPR

  • Responding to inquiries and pre-contractual steps
  • Preparing, negotiating, and fulfilling a contract
  • Granting access to certain information and offers
  • Internal administrative purposes
  • Improving products and services
  • Communication with prospects and customers via email or phone
  • Evidence preservation in legal disputes
  • Preventing misuse or illegal activities
  • Ensuring data security
  • Data exchange with credit agencies (e.g., SCHUFA) for credit and default risk assessment
Part C

General Information on Data Protection

The following information generally applies to any processing of personal data by us. Where the above sections contain specific provisions on individual topics, those provisions shall take precedence.

1.

Disclosure of Data

Within the company, only those departments have access to your data that require it to fulfill contractual and legal obligations or for internal administrative purposes.
Your personal data will not be disclosed to entities outside the respective company unless this is necessary for the execution of a contract, you have expressly consented, we have a legitimate interest in doing so, or we are legally or judicially obliged to do so.
Service providers engaged by us under data processing agreements and other vicarious agents may also access your data for these purposes. These include companies operating in IT services, logistics, printing services, telecommunications, debt collection, business consulting, as well as sales and marketing. Where we engage external service providers as data processors, they are carefully selected and contractually obliged under Art. 28 GDPR to comply with all data protection regulations.
Other potential recipients of personal data may include::

  • Public authorities and institutions (e.g., tax, judicial, and law enforcement authorities) where a legal or regulatory obligation exists
  • Auditors, tax advisors, or legal counsel

2.

Transfer of Personal Data to Third Countries

Personal data may be transferred to entities in countries outside the European Union (so-called third countries) insofar as:

  • it is necessary for the execution of your orders (e.g., delivery orders)
  • it is required by law (e.g., tax reporting obligations, combating criminal offences)
  • it is necessary to ensure the company's IT operations
  • we have a legitimate interest in such a data transfer
  • you have given us your consent

In the case of data transfers to a third country, appropriate safeguards pursuant to Art. 44 et seq. GDPR ensure that the data protection level of the European Union is maintained.

3.

Duration of Data Storage

We generally store your data for the duration of the contractual relationship between you or your employer and us, or as long as it is necessary to provide our online offering. In addition, we store your personal data as long as we have a legitimate interest in further storage. Data is deleted after the expiry of statutory or contractual retention periods, particularly in relation to tax and commercial law. Data that is not subject to a retention obligation will be deleted once the purpose ceases to apply.

4.

Rights of the Data Subject

As a user of our website, a business customer, or an applicant, you have various rights. To exercise your rights, please use the contact details provided in this privacy notice. Please also ensure that we can clearly identify you.

a.

Right of Access

According to the General Data Protection Regulation, you have the right to request information at any time and free of charge under Art. 15 GDPR about which data concerning you is stored. You also have the right to receive a copy of the personal data processed about you. Please note that your right of access may be restricted in certain circumstances.

b.

Right to Rectification or Erasure

Furthermore, under Art. 16 GDPR you have the right to rectification or under Art. 17 GDPR the right to erasure of your data, provided the legal requirements are met. Excluded from the right to erasure are, for example, stored data relating to business processes that are subject to statutory retention obligations.

c.

Right to Restriction of Processing

You may also have the right under Art. 18 GDPR to request the restriction of processing of your personal data.

d.

Right to Object

Pursuant to Art. 21 GDPR, you also have the right to object at any time to the processing of your personal data carried out on the basis of legitimate interests, for reasons relating to your particular situation. We will then cease processing your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

e.

Right to Object to Direct Marketing

You may also object at any time to the processing of your personal data for advertising purposes (objection to advertising). Please note that for organizational reasons, there may be an overlap between your objection and the use of your data in an already ongoing marketing campaign.

f.

Right to Data Portability

In addition, we guarantee, upon request, the portability of the personal data you have provided by making it available in a common and machine-readable format.

5.

Obligation to Provide Personal Data

If a contractual relationship exists between you and a company of our corporate group, you are required to provide the personal data necessary for initiating, executing, and terminating the contractual relationship and for fulfilling the associated contractual obligations, or that we are legally required to collect. Without providing this data, we will generally not be able to enter into a contract with you.
If data processing in connection with your use of this website is not required to initiate, execute, or terminate a contractual relationship or to fulfill contractual obligations, and is also not legally required, providing your data is voluntary. Please note that if you do not provide the data necessary for certain website functionalities or other services, these may not be available to you.

6.

Exclusively Automated Processing

Exclusively automated processing of your personal data occurs only if it is necessary for the conclusion or performance of a contract and does not have legal or similar effects for you.

7.

Right to Lodge a Complaint with a Supervisory Authority

If you have any complaints about the processing of your personal data, you have the right to contact the competent supervisory authority.

Status of this privacy notice: March 2025

THE VATRIX