Yttrium GmbH Data Protection Policy
Yttrium GmbH (“Yttrium”) collects personal data about investors, portfolio companies, contract partner, business and network contacts (collectively “Contacts”). Yttrium uses personal data in compliance with the provisions under the German Bundesdatenschutzgesetz (“BDSG”) and the European General Data Protection Regulation (“GDPR”), as amended from time to time (collectively “Regulation”). This Data Protection Policy (“Policy”) explains how we use our Contact’s personal data.
1. What Personal Data do we collect?
“Personal Data” is any information relating to our Contacts or that we can otherwise link to them. The Personal Data we collect include the Contact’s name, postal address, e-mail address, phone and fax number, company name, company structure, job title, job function and business affiliations. In case of contractual agreements, the list of data points can be expanded on a case-by-case basis.
2. How do we collect Personal Data?
We collect personal data that our Contacts voluntarily provide to us, for example when:
- they enter into a contractual agreement with us
- they communicate with us via e-mail or through post
- they contact us via our website
- they exchange business cards with us
- we are given their information by other contacts in our corporate network
- they communicate with us in other ways
In some cases, our Contact’s Personal Data have been supplemented by information retrieved from other sources, including searches via the internet (websites, social media, etc.) or sector-specific newsletters.
3. How do we use Personal Data?
We use the Personal Data we collect to fulfill contractual or regulatory obligations, for communication purposes and to maintain and expand our network, including:
- to send our contacts updates and other information about Yttrium
- to send our contacts invitations to events, call and meetings
- to maintain our list of contacts
We do not make any Personal Data available to any third party, except to service providers in a contractual relationship with Yttrium, or in cases where we are obliged to by the regulatory bodies.
4. Why do we process Personal Data and on what legal basis?
As set out above, we process our Contact’s Personal Data to fulfil our contractual and regulatory duties and for communication and networking purposes. We rely on our legitimate interests in maintaining business relationships and communicating with our Contacts as a business contact, about Yttrium’s activities and events. We consider that our legitimate interests are in compliance with the Regulation and the Contact’s legal rights and freedoms.
5. Where is Personal Data stored?
Yttrium is a German company and most of the Personal Data is processed in Germany. However, part of the data may be stored on servers in other EU countries, Switzerland, and the US. We ensure that personal data is only sent or stored in non-EU countries if the respective countries have an appropriate level of data protection (in accordance with the decision of the EU Commission).
6. How long do we keep Personal Data?
Personal Data will be saved for the specified purposes mentioned above for as long as our Contacts are a business contact to us or if we are obliged to by the regulator (whichever period is longer). Our Contacts can opt-out at any time, if they no longer wish to receive communication from Yttrium or if they want Yttrium to delete their data. Should any of our Contacts have a request of the above nature, he should please contact us at [email protected].
7. Data Security
Yttrium has implemented appropriate technical and organizational security measures to help protect our Contact’s Personal Data against loss and to safeguard against access by unauthorized persons.
Each of our Contacts has the right to know what Personal Data we process about him and may request a copy. He is also entitled to have incorrect Personal Data about him corrected and he may in some cases ask us to delete his Personal Data. He can also object to certain Personal Data about him being processed and request that processing of his Personal Data be limited. Please note that the limitation or deletion of Personal Data may not be possible if that would cause Yttrium to violate contractual or regulatory obligations. Please also note that the limitation or deletion of Personal Data may mean we will be unable to provide the communications described above. Each Contact also has the right to receive his Personal Data in a machine-readable format and has the data transferred to another party responsible for data processing. If any of our contacts disagree with how we process his Personal Data, he is also entitled to report this to the Bavarian Data Protection Authority (BayLDA) and/or to the competent supervisory authorities in the EU.
9. How to contact us
If you have any questions about how we process Personal Data, please feel free to contact us at [email protected].