VIONTRA

GDPR COMPLIANCE

Last Updated: March 15, 2025

1. Introduction

At Viontra, we are committed to protecting the privacy and security of your personal data. This GDPR Compliance Statement explains how we comply with the General Data Protection Regulation (GDPR) and outlines your rights under this regulation.

2. Data Controller

Viontra, Inc. is the data controller for personal data collected through our website and services. This means we determine the purposes and means of processing your personal data.

Our contact information:
Viontra, Inc.
123 Innovation Way, Suite 400
San Francisco, CA 94103
Email: privacy@viontra.com

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions regarding this privacy notice and our GDPR compliance. If you have any questions about this notice or how we handle your personal information, please contact our DPO at dpo@viontra.com.

4. Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. We process your personal data on the following lawful bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Where processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests, rights, or freedoms.

5. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us at privacy@viontra.com. We will respond to your request within 30 days.

6. Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular testing, assessing, and evaluating the effectiveness of our security measures
  • Ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Regular staff training on data protection and security

7. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure a similar degree of protection is afforded to your data by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

8. Data Breach Procedures

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

9. Data Protection Impact Assessments

We carry out Data Protection Impact Assessments (DPIAs) for processing operations that are likely to result in a high risk to the rights and freedoms of individuals. These assessments help us identify and minimize data protection risks.

10. Changes to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated statement on our website.

11. Contact Us

If you have any questions about our GDPR compliance or how we handle your personal data, please contact us at:

Email: privacy@viontra.com
Address: 123 Innovation Way, Suite 400, San Francisco, CA 94103
Phone: (844) 568-4624