VTplus | VR Therapie Systeme für Kliniken und Praxen & Virtuelle Realität zur Forschung  ›  en  ›  Privacy Policy

Privacy Policy

We appreciate your visit to our website www.vtplus.eu and your interest in our company and services.
Despite careful content control, we assume no liability for external links to third-party content, as we have no influence over their content.

The protection of your personal data during the use of our website is an important concern for us. Data processing is carried out in compliance with the statutory provisions, which you can find, for example, at www.bfdi.bund.de.
With the following statement, we fulfil our legal information obligations and inform you about the collection, processing and use of personal data, the purposes for which they are processed, and your rights.

This English version of our Privacy Policy is provided for convenience. Only the German version, available here, is legally binding.

1. Controller & Data Protection Officer

We, as the company, are the data controller within the meaning of the European General Data Protection Regulation (GDPR).

VTplus GmbH, An den Breiten 4, 97078 Würzburg, Germany

For all data protection inquiries, please contact our data protection officer. This is:

Thorsten Krietsch
datenschutz@vtplus.eu

2. Legal Bases for Data Protection

The collection, processing and storage of personal data are based on the applicable European and national data protection law, in particular the General Data Protection Regulation (GDPR) and, where applicable, the Telecommunications-Telemedia Data Protection Act (TTDSG).

Depending on the purpose, processing is based on one or more of the following legal grounds:

  • Consent (Art. 6 (1)(a) GDPR): freely given, informed and unambiguous—for example, when submitting a form; revocable at any time with future effect.

  • Contract performance or pre-contractual measures (Art. 6 (1)(b) GDPR): necessary for processing your enquiry or performing a contract.

  • Legal obligation (Art. 6 (1)(c) GDPR): e.g. statutory or commercial record-keeping duties.

  • Legitimate interests (Art. 6 (1)(f) GDPR): e.g. ensuring IT security, functional operation, or internal administration.

  • Consent to cookies or similar technologies (§ 25 (1) TTDSG in conjunction with Art. 6 (1)(a) GDPR): only if used; currently, no consent-requiring cookies are employed.

Where personal data are transferred to third countries, this is done only where an adequacy decision of the European Commission exists or appropriate safeguards (e.g. Standard Contractual Clauses – SCCs, Art. 46 GDPR) are in place.

 3. Rights of data subjects

If your personal data are processed, you are a data subject within the meaning of the GDPR. You have the following rights—subject to the statutory conditions:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (“right to be forgotten”) (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
The competent authority for private-sector organisations in Bavaria is generally:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, 91522 Ansbach, Germany
www.lda.bayern.de

4. Data Retention and Erasure

Personal data are stored only for as long as necessary for the respective purpose or as long as a legal basis exists.
Once the purpose ceases to apply or a retention period expires, the data will be deleted or blocked.
Longer storage may be required where statutory or security-related obligations exist (e.g. under § 257 HGB or § 147 AO).

5. Use of Cookies and Comparable Technologies

Our website uses only technically necessary cookies. These are required to provide the fundamental functions of the website (e.g. page navigation, access to protected areas, form submission, or language settings).

According to § 25 (2) TTDSG, consent is not required for such cookies, as they do not enable usage analysis or reach measurement.

Cookies that are not technically necessary (e.g. for analytics or marketing purposes) are not used.
You can delete or block cookies at any time via your browser settings, though this may restrict website functionality.

I. Specific types of data processing

1. Data Collection When Visiting the Website

Scope of processing:
When you visit our website, technical information (server log files) is automatically processed:
IP address (possibly anonymised), date/time, time zone, page accessed, HTTP status, data volume, referrer URL, browser type/version, operating system and language.
No combination with other personal data takes place.

Legal basis:
Art. 6 (1)(f) GDPR – legitimate interest in the security, stability and functionality of the website.

Purpose:
Provision of the website, error analysis, and defence against attacks.

Storage period:
Data are stored only as long as necessary (typically short-term; longer in case of security incidents), then deleted or anonymised.

Right to object:
Processing is technically necessary; no right to object exists.

2. Hosting

Our website is hosted by a European service provider.
The data processed (e.g. server log files) are stored on servers located within the EU/EEA.
A data processing agreement pursuant to Art. 28 GDPR is in place with the provider.

3. Security and Firewall Logging

To protect this website against unauthorised access, misuse, or spam attacks, we employ technical security measures (firewalls and intrusion-detection systems).
These systems monitor all access attempts for security anomalies and may temporarily process IP addresses, access times and login attempts.

Processing is carried out solely to ensure the integrity, availability and confidentiality of our IT systems and to prevent attacks or misuse.

Legal basis: Art. 6 (1)(f) GDPR – legitimate interest in IT security and protection against cyberattacks.
Data are generally stored only briefly and automatically deleted unless a security-relevant event occurs.
No disclosure to third parties occurs except where necessary for technical administration or legal enforcement.

Note: We use a standard WordPress security plugin that automatically detects and blocks attempted attacks. No evaluation for marketing or analytics purposes takes place.

4. Web Analytics and Visibility Monitoring

To monitor search visibility and for technical troubleshooting, we use:

  • Google Search Console (Google Ireland Ltd., Dublin 4, Ireland)

  • Bing Webmaster Tools (Microsoft Ireland Operations Ltd., Dublin 18, Ireland)

  • Wincher (Wincher International AB, Stockholm, Sweden)

These services provide aggregated, anonymised statistics on search queries, click-throughs and backlinks.
No cookies are set and no personal user profiles are created.

Legal basis: Art. 6 (1)(f) GDPR – legitimate interest in website optimisation.
Purpose: SEO analysis and error detection.
Third-country transfers: SCCs or participation in the EU–U.S. Data Privacy Framework (for certified providers).

Further information: Google Privacy Policy · Bing Privacy Statement · Wincher Privacy Policy

5. Spam Protection and Akismet

We use the plugin “Akismet” by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA, to detect and filter spam comments or contact form submissions.
Form data (name, email, IP address, content, referrer, browser/system, timestamp) are transmitted to Automattic’s servers in the USA and automatically analysed.
No permanent personal storage takes place; spam data may be retained briefly for comparison.

Legal basis: Art. 6 (1)(f) GDPR – legitimate interest in spam prevention and security.
Transfer mechanism: SCCs and EU–U.S. Data Privacy Framework (if certified).
Purpose: Automated spam checking to maintain website integrity.
Storage: Until completion of verification; spam data may be stored briefly longer.
Objection: Avoid by refraining from using affected forms or contact us via email, post or fax.
Further information: https://automattic.com/privacy/

6. Newsletter Distribution

If you provide your email address or share it within a business relationship, we may use it to send newsletters about our own products and services.

Registration follows a double opt-in process (input form plus confirmation link).
We store name, email address, date, time and IP address for verification purposes.
Mailing is handled via Google Workspace (Google Ireland Limited) under a data-processing agreement pursuant to Art. 28 GDPR including SCCs.

Legal bases:

  • Art. 6 (1)(f) GDPR in conjunction with § 7 (3) UWG (existing customers)

  • Art. 6 (1)(a) GDPR (consent for new subscribers)

Storage: Until withdrawal or 18 months after last customer contact.
Withdrawal: At any time via unsubscribe link or email to datenschutz@vtplus.eu.
After withdrawal, data remain on a suppression list until statutory verification periods expire.

7. Contact Form and E-Mail Contact

You can contact us electronically via the contact form.
Collected data: name, email address, phone number, subject, enquiry, message, date, time and IP address.
Alternatively, you may contact us by email; your data will also be processed in that context.

Email communication is handled via Google Workspace (Google Ireland Limited) under a data-processing agreement with SCCs and, where applicable, the EU–U.S. Data Privacy Framework.
Data are processed exclusively within the EU/EEA or on the basis of these safeguards.

Legal bases: Art. 6 (1)(f) GDPR – legitimate interest in communication; Art. 6 (1)(b) GDPR – contract; Art. 6 (1)(a) GDPR – consent.
Purpose: Processing your enquiry and communication.
Storage: Until the purpose has been fulfilled; for business correspondence up to 10 years under § 257 HGB / § 147 AO.
Withdrawal / objection: At any time via email to datenschutz@vtplus.eu or by other means; data will then be deleted or blocked

 2 November 2025