Privacy Policy
This policy explains how Virtual Data Platform GmbH handles personal data — both on our marketing website and in the Virtual Data Platform product (Portal). It distinguishes website visitors from Portal users and covers what we collect and why, hosting, cookies and browser storage, analytics, embedded media, the service providers we rely on, and your rights.
Controller
Virtual Data Platform GmbH, Anzengruberstrasse 19, 82194 Gröbenzell, Germany. Email: contact@virtualdataplatform.com. Full company information is available in our Imprint.
What we collect — website
On our website we process the data you actively provide and a small amount of technical data: contact, demo and trial requests; newsletter subscriptions; Feature Ideas submissions; first-party analytics; and standard server logs. Each is described in the relevant section below.
What we collect — Virtual Data Platform (Portal)
When your organisation uses the product, we process the operational data needed to run the service: user account information, authentication information, workspace configuration, operational usage information, and security and audit events. This is distinct from your business data, which stays in your connected source systems (see 'Virtual Data Platform (Portal)' below).
Virtual Data Platform (Portal)
Sign-in to the product is handled via Microsoft Entra ID (you are briefly redirected to Microsoft login pages such as login.microsoftonline.com). To provide and secure the service, the platform processes operational data — account information, authentication data, workspace configuration, operational usage, security and audit events, and the operational metadata required to run the service. This operational platform data is separate from your business data: the platform queries your data in the connected source systems and does not copy or store it unless your organisation explicitly configures otherwise. For that business data your organisation is the controller and Virtual Data Platform acts as a processor under a data processing agreement.
How we use your data
We use your personal data to: provide and maintain our services, including monitoring their use; provide the 'Virtual Data Platform' product and manage your account; develop, comply with and enforce our contracts with you (Art. 6 (1)(b) GDPR); contact you by email, phone or other electronic means about your requests; with your consent, send you news, special offers and our newsletter (Art. 6 (1)(a) GDPR); process and manage your inquiries; display user-generated content you submit, such as ideas and feature requests; and analyse usage trends to improve our services (our legitimate interest, Art. 6 (1)(f) GDPR).
Storage, transfer and retention
Your data is processed at our operational offices and by service providers acting on our behalf. Where data is transferred outside the EU/EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses. We keep your personal data only as long as necessary for the purposes above — registration data for as long as your account is active, and otherwise until the applicable statutory retention periods expire.
Data security
We have implemented appropriate physical, administrative and technical measures to protect your personal data, and we require our suppliers and partners to protect it against unauthorised access.
Hosting & server logs
Our website and the product are hosted on Microsoft Azure in EU regions; the provider is Microsoft Ireland Operations Ltd., acting as our processor under the Microsoft Data Protection Addendum. Standard server logs at the ingress (requested URL, timestamp, HTTP status, referrer, user agent and IP address) are processed to deliver and secure the service on the basis of our legitimate interest (Art. 6 (1)(f) GDPR) and are retained for 30 days, then deleted. Backups are processed within Microsoft Azure EU regions.
Contact & forms
When you submit our Book a Demo, Free Trial or Contact forms, we collect your first and last name, business email and company, plus the details specific to your request (a demo's preferred date and focus topics; a trial readiness checklist; a contact reason and optional message). Submitting a form requires confirming you have read this policy — an acknowledgement that you were informed, not marketing consent, and it does not change the legal basis. Submissions are received securely through the website and processed using Microsoft Azure and our CRM, Microsoft Dynamics 365 (Microsoft as processor under the Microsoft DPA, EU data region); we do not use them for marketing. Legal basis: pre-contractual measures for demo and trial requests (Art. 6 (1)(b) GDPR), and our legitimate interest in answering enquiries for contact requests (Art. 6 (1)(f) GDPR). Enquiry data is kept for up to 12 months unless a business relationship arises. If you subscribe to our newsletter, we send it based on your consent (Art. 6 (1)(a) GDPR) and you can unsubscribe at any time.
Idea submissions (Feature Ideas)
When you submit an idea to our Feature Ideas board, we store the idea text together with your name and email address and a record of your acknowledgement. We use your email address to verify the submission (a confirmation link) and to notify you when our team posts a public response to your idea or updates its roadmap status. Published ideas never display your name or email address, and our team's public response is shown without your name. Voting stores only an anonymous token in your browser — no account, no profile. Legal basis: your consent (Art. 6 (1)(a) GDPR); abuse prevention rests on our legitimate interest (Art. 6 (1)(f) GDPR). Unverified submissions are deleted after 48 hours; on request we anonymise your idea (the text stays, your data is removed) or delete it entirely.
Cookies, localStorage & sessionStorage
Our website and the product use cookies together with your browser's localStorage and sessionStorage. Essential functionality may rely on either — for example your cookie-consent preferences, your language and theme preferences, and, in the Portal, authentication and session handling and your current workspace. These are strictly necessary and are set without consent (Art. 6 (1)(f) GDPR / § 25 (2) TDDDG). Analytics and external media (below) use additional cookies or browser storage that load only with your consent, which you can change or withdraw at any time via 'Cookie settings' in the footer.
First-party analytics
With your consent we use our own first-party analytics to understand how the website is used. It sets a persistent visitor identifier (the 'vdp_visitor' cookie, valid for 90 days) to distinguish visitors and sessions, and records page views and your approximate location (city/country derived from your IP address at ingestion; the raw IP address is not stored). The data is processed by us on Microsoft Azure (EU) and is never shared with third parties for their own purposes. Legal basis: your consent (Art. 6 (1)(a) GDPR, § 25 (1) TDDDG); we retain analytics data for 90 days. You can withdraw your consent at any time via 'Cookie settings'; when you do, the analytics cookie and related browser storage are removed and no further analytics data is collected.
Embedded media
Some pages embed media such as YouTube videos (Google Ireland Ltd.). Embedded media loads only after you have given consent for external media — until then nothing is requested from the provider. Once loaded, the provider may set cookies and process data, including transfers to the USA under the EU-US Data Privacy Framework and the Standard Contractual Clauses. We use the privacy-enhanced youtube-nocookie.com mode. Legal basis: your consent (Art. 6 (1)(a) GDPR, § 25 (1) TDDDG).
Social media
We maintain company profiles on LinkedIn and YouTube and link to them from our website. These are plain links; following one takes you to that provider, which then processes your data under its own privacy policy and may transfer it outside the EU under appropriate safeguards. We embed no social-media tracking on our site.
Advertising & tracking
We do not use advertising cookies, we do not carry out behavioural advertising, and we do not perform cross-site tracking. Our analytics is first-party and is used only to improve our own services.
Use of AI
Information you submit through our website or the Virtual Data Platform product is not used to train publicly available artificial intelligence models.
Service providers
We rely on carefully selected service providers that process personal data on our behalf under appropriate contractual safeguards (including data processing agreements and, where relevant, the EU Standard Contractual Clauses). The main providers are Microsoft Azure (hosting), Microsoft Entra ID (authentication) and Microsoft Dynamics 365 (CRM); YouTube is used only when you consent to external media.
Legal obligations
We may process or disclose personal data where necessary to comply with legal obligations, to enforce our contractual rights, to protect the security and integrity of our services, or to establish, exercise or defend legal claims.
Business transfers
If we are ever involved in a merger, acquisition or sale of assets, personal data may be transferred as part of that transaction. We will ensure it remains protected in line with this policy.
Your rights
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21) — including to processing for direct marketing at any time — and the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). To exercise your rights, contact us at contact@virtualdataplatform.com or using the details in our Imprint.
Children
Our website and services are intended for businesses and professional users and are not directed at children.
Links to other websites
Our services may contain links to websites we do not operate. We have no control over, and accept no responsibility for, the content or privacy practices of those third-party sites.
Changes to this policy
We may update this policy as our website and product evolve. We will post the updated version on this page and recommend you review it periodically.
Last updated: July 2026.