Book a call

Privacy Policy

Last updated: June 2026

Validvent Technology GmbH has been authorised as a Crypto-Asset Service Provider (CASP) pursuant to Art. 63 Regulation (EU) 2023/1114 (MiCAR) since 14 April 2026. This Privacy Policy has been updated accordingly to reflect the additional data processing activities and legal bases arising from MiCAR compliance obligations. 

Validvent Technology GmbH („Validvent“, „we“, „us“, or „our“) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We encourage you to read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

 

1. Data Controller

The data controller responsible for your personal data is:

Validvent Technology GmbH

A-1010 Vienna, Opernring 1/E 

D-80339 Munich, Maximilianstraße 2 | A-8010 Graz, Opernring 7 | D-10829 Berlin, Möckernstraße 120 

FN 586540i (Commercial Court Vienna) | UID ATU79583069 

T: +43 664 4067252 | F: +49 89 20 500 8150 | E: office@validvent.com | www.validvent.com 

Data Protection queries: office@validvent.com

 

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide

  • Contact information (name, email address, phone number, postal address) 
  • Professional information (company name, job title, industry) 
  • Financial information necessary for service provision 
  • Identity verification and KYC data (copies of identity documents such as passport or national ID card, proof of address, date of birth, politically exposed person (PEP) status) as required under applicable anti-money laundering regulations (FM-GwG and applicable AMLD requirements) 
  • Suitability and appropriateness assessment data (investment experience, knowledge, financial situation, investment objectives) as required under Art. 81 MiCAR for crypto-asset advisory services 
  • Communications and correspondence with us 
  • Information provided through forms, surveys, or questionnaires 

 

2.2 Information Collected Automatically

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent on pages
  • Referring website addresses
  • Cookies and similar technologies (see Section 8)

 

3. Legal Basis for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract Performance: Processing necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR) 
  • Legal Obligation: Processing necessary for compliance with legal obligations (Art. 6(1)(c) GDPR) 
  • MiCAR Compliance: Processing necessary for compliance with our obligations as a licensed Crypto-Asset Service Provider under Regulation (EU) 2023/1114 (MiCAR), including client identification, KYC, suitability assessments, record-keeping, and reporting obligations (Art. 6(1)(c) GDPR in conjunction with MiCAR Arts. 68, 81) 
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services and marketing (Art. 6(1)(f) GDPR) 
  • Consent: Processing based on your explicit consent for specific purposes (Art. 6(1)(a) GDPR) 

 

4. Purposes of Processing

We use your personal data for the following purposes:

  • Providing and managing our services 
  • Processing inquiries and communications 
  • Performing KYC and client due diligence as required under MiCAR and applicable AML legislation 
  • Conducting suitability and appropriateness assessments for crypto-asset advisory services pursuant to Art. 81 MiCAR 
  • Maintaining mandatory records and documentation as required under Art. 68 MiCAR 
  • Reporting to the Austrian Financial Market Authority (FMA) and other competent authorities where required by MiCAR or other applicable law 
  • Sending newsletters and marketing communications (with your consent) 
  • Improving our website and services 
  • Complying with legal and regulatory requirements 
  • Detecting and preventing fraud or other illegal activities 
  • Analyzing website usage and user behavior 

 

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

The retention period may vary depending on the context and our legal obligations. Generally:

  • Client data: Retained for the duration of the business relationship plus 7 years (reflecting the 7-year requirement under Austrian tax law and the minimum 5-year retention obligation for CASP records under Art. 68(9) MiCAR, applied as a combined standard) 
  • MiCAR compliance records: Records relating to crypto-asset advisory services, suitability assessments, client disclosures, advisory reports, and related client communications are retained for a minimum of 5 years pursuant to Art. 68(9) MiCAR 
  • Marketing data: Retained until you withdraw consent or unsubscribe 
  • Website analytics: Retained for up to 26 months 

 

6. Data Sharing and Transfers

We may share your personal data with:

  • Service providers and contractors who assist in our operations 
  • Professional advisors (lawyers, auditors, insurers) 
  • Regulatory authorities when required by law 
  • FMA as the competent supervisory authority under MiCAR, including for supervisory reporting, licensing-related obligations, and market abuse reporting pursuant to Art. 90 MiCAR 
  • The European Securities and Markets Authority (ESMA) and European Banking Authority (EBA) where required by MiCAR or applicable regulatory technical standards 
  • Business partners with your consent 

When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission. 

 

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data 
  • Right to Rectification: Request correction of inaccurate data 
  • Right to Erasure: Request deletion of your data under certain circumstances 
  • Right to Restriction: Request restriction of processing 
  • Right to Data Portability: Receive your data in a structured, machine-readable format 
  • Right to Object: Object to processing based on legitimate interests or for direct marketing 
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent 

 

Please note that certain data retained on the basis of a legal obligation under MiCAR or AML legislation (e.g. KYC records, suitability assessment records, advisory reports) cannot be erased upon request for the duration of the mandatory retention period. 

To exercise these rights, please contact us at office@validvent.com. 

 

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device.

Types of Cookies We Use:

  • Essential Cookies: Required for the website to function properly 
  • Analytics Cookies: Help us understand how visitors use our website 
  • Marketing Cookies: Used to deliver relevant advertisements 


You can manage your cookie preferences through your browser settings or our cookie consent tool.

 

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Employee training on data protection

 

10. Third-Party Services

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

We use the following third-party services:

  • Google Analytics (website analytics) 
  • Microsoft Office 365 (email and calendar) 
  • Pipedrive (CRM) 
  • Eventbrite (event management) note: Eventbrite processes data in the United States, transfers are covered by Standard Contractual Clauses 
  • Regulatory reporting tools used for mandatory reporting to the Austrian Financial Market Authority (FMA) pursuant to MiCAR 

 

11. Children’s Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

 

12. Changes to This Policy

We review this Privacy Policy at least annually and update it without undue delay whenever there are material changes to our processing activities, applicable law, or regulatory requirements. Material changes will be communicated by a prominent notice on our website prior to the change taking effect. 

 

13. Contact and Complaints

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: 

Validvent Technology GmbH 

Email: office@validvent.com 

Address: Opernring 1/E, 1010 Vienna, Austria 

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) if you believe your rights have been violated. 

With respect to the processing of personal data in connection with our activities as a licensed CASP, you may also address concerns to the Austrian Financial Market Authority (FMA), Otto-Wagner-Platz 5, 1090 Vienna (www.fma.gv.at).