GDPR Policy

GDPR Policy

Last updated: 5/18/2026

What is GDPR?

The General Data Protection Regulation, or GDPR, is a European Union privacy law that governs how organizations collect, use, store, transfer, and protect the personal data of individuals located in the European Economic Area, the United Kingdom, and other applicable jurisdictions.

GDPR is intended to give individuals greater control over their personal data and to create consistent data protection requirements for organizations that process that data.

What Does GDPR Do?

GDPR applies to organizations that process personal data of individuals located in the European Economic Area where the organization offers goods or services to those individuals or monitors their behavior.

GDPR requires covered organizations to follow data protection principles, including fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, security, and accountability.

Organizations subject to GDPR may also be required to provide privacy notices, maintain appropriate security measures, honor individual privacy rights, maintain records of processing activities, enter into appropriate data processing agreements, and report certain personal data breaches.

What Is Personal Data?

Personal data means any information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.

Examples of personal data may include:

  • Name;
  • Email address;
  • Phone number;
  • Mailing address;
  • IP address;
  • Device identifiers;
  • Location data;
  • Online identifiers;
  • Payment or billing information;
  • Account information;
  • Professional or business information;
  • Communications with us.

Certain types of personal data may be considered sensitive or special category data under GDPR, such as information relating to health, race or ethnic origin, political opinions, religious beliefs, biometric data, or sexual orientation. Venture X does not intentionally request sensitive personal data unless it is necessary and permitted by law.

What Does This Mean for Individuals in the EU, UK, or Other Applicable Jurisdictions?

Depending on your location and applicable law, you may have certain rights regarding your personal data, including the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate or incomplete personal data;
  • Request deletion of your personal data;
  • Object to certain processing activities;
  • Request restriction of processing;
  • Request data portability;
  • Withdraw consent where processing is based on consent;
  • Object to direct marketing;
  • File a complaint with a data protection authority.

These rights may be subject to legal limitations, exceptions, identity verification requirements, and our need to retain certain information for legitimate business or legal purposes.

To exercise your rights, contact us using the information listed in the Contact Us section below.

What Does This Mean if You Live in the United States?

GDPR generally applies to individuals located in the European Economic Area, United Kingdom, or other applicable jurisdictions, rather than to individuals solely because they are citizens of a particular country.

However, Venture X may apply similar privacy principles more broadly where required by law or where appropriate for our business practices.

If you are located in the United States, you may have privacy rights under federal or state privacy laws, depending on your state of residence. For more information, please review our Privacy Policy.

How Is Venture X Addressing GDPR and Privacy Compliance?

Venture X is committed to protecting personal data and complying with applicable privacy and data protection laws, including GDPR where it applies.

In this GDPR Policy, “Venture X,” “we,” “us,” and “our” refer to the applicable Venture X entity, affiliate, franchisee, location operator, or service provider that collects, controls, or processes your personal data.

We take steps designed to support privacy and data protection compliance, including:

  • Providing privacy notices that explain how personal data may be collected and used;
  • Processing personal data for appropriate and lawful purposes;
  • Limiting personal data collection to what is reasonably necessary;
  • Using reasonable administrative, technical, and organizational safeguards;
  • Working with service providers that support our business operations;
  • Using appropriate agreements with vendors, service providers, affiliates, franchisees, and partners where required;
  • Maintaining processes to respond to privacy rights requests;
  • Reviewing and updating privacy practices as legal requirements and business operations evolve.

Legal Bases for Processing Personal Data

Where GDPR applies, we may process personal data based on one or more lawful bases, including:

  • Consent, where you have given us permission to process your personal data for a specific purpose;
  • Contract, where processing is necessary to provide requested services, manage memberships, respond to bookings, or take steps before entering into a contract;
  • Legitimate interests, where processing is necessary for our business interests and those interests are not overridden by your privacy rights;
  • Legal obligation, where processing is necessary for us to comply with applicable law;
  • Vital interests, where processing is necessary to protect someone’s health or safety.

International Data Transfers

Venture X, its affiliates, franchisees, location operators, vendors, and service providers may process personal data in the United States and other countries.

Where GDPR or similar laws require safeguards for international transfers, we will use appropriate transfer mechanisms where applicable. These may include standard contractual clauses, data processing agreements, adequacy decisions, transfer impact assessments, or other legally recognized safeguards.

Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the type of information, the nature of our relationship with you, the services requested, legal obligations, dispute resolution needs, security requirements, and legitimate business purposes.

Contact Us

If you have questions about this GDPR Policy, our privacy practices, or your privacy rights, you may contact us at:

Venture X 1501 Belvedere Rd Suite 500 West Palm Beach, FL 33401 Email: [email protected] Telephone: 561-769-5206

Over 79 locations and growing!
Open a Franchise Location