Skip to content
Veliora

Legal

Privacy policy

How we collect, use, and protect personal data when you visit our site or get in touch.

Last updated:
[DATE]
Effective:
[DATE]
01

Who we are

This site is operated by Veliora Limited, registered at [EU ADDRESS]. For the purposes of the EU General Data Protection Regulation (GDPR), Veliora Limited is the data controller for personal data processed through this site.

For any privacy question or to exercise your rights, contact our data protection officer at [DPO EMAIL].

02

Scope of this policy

This policy covers personal data we process through our public website, our contact and enquiry forms, and any direct communication you start with us by email.

Engagements with clients are governed by a separate written agreement and, where relevant, a data processing agreement. Those documents take precedence for client-specific processing activities.

03

What data we collect

We only collect data you give us, plus a small amount of technical data needed to run the site.

Data typeExamplesSource
Contact detailsFull name, work email, optional company or websiteYou, via the contact form
Enquiry contentThe message you send and any follow-up correspondenceYou, via the contact form or email
Technical dataIP address, user agent, request logsAutomatic, from your browser
AnalyticsAggregated page views, referrers, and device classPrivacy-friendly analytics provider
04

Why we process it and lawful basis

PurposeDataLawful basis (GDPR)
Reply to your enquiryContact details, enquiry contentArt. 6(1)(b) pre-contract steps and Art. 6(1)(f) legitimate interest
Keep the site secureTechnical data, request logsArt. 6(1)(f) legitimate interest in protecting the service
Measure site performanceAggregated analyticsArt. 6(1)(f) legitimate interest, or Art. 6(1)(a) consent where required
Meet legal obligationsContact details, contract recordsArt. 6(1)(c) legal obligation
05

Cookies and tracking

We use a small number of strictly necessary cookies to run the site. Any non-essential cookies load only after you opt in.

CookieProviderPurposeDurationType
[COOKIE_NAME_SESSION]VelioraKeeps your session and form stateSessionStrictly necessary
[COOKIE_NAME_CONSENT]VelioraRemembers your cookie choices12 monthsStrictly necessary
[COOKIE_NAME_ANALYTICS][ANALYTICS PROVIDER]Aggregated, privacy-friendly analytics13 monthsAnalytics

You can change your preferences at any time from the panel, also linked from the footer.

06

How long we keep it

DataRetention period
Contact form messages and repliesUp to 24 months after last contact
Server and security logsUp to 30 days
Analytics, aggregatedUp to 14 months
Contract records and invoicesAs required by applicable tax and accounting law, typically up to 10 years
07

Who we share it with

We share data only with service providers that help us run the site. They act as processors under written agreements that meet GDPR requirements. We do not sell personal data.

  • Form processor: [FORM PROCESSOR] receives contact form submissions on our behalf.
  • Email host: [EMAIL PROVIDER] hosts our inbox and routes replies to you.
  • Analytics: [ANALYTICS PROVIDER] produces aggregated usage reports.
  • Hosting and CDN: [HOSTING PROVIDER] serves the site and stores access logs.
08

International transfers

Where a provider processes personal data outside the European Economic Area, we rely on the European Commission Standard Contractual Clauses and, where needed, supplementary technical and organizational measures to keep your data protected at an essentially equivalent level.

09

How we protect data

We use commercially reasonable measures to protect personal data, including:

  • Encryption in transit using TLS for all site traffic
  • Access controls and unique accounts for team members who handle data
  • Logging and monitoring to detect unusual activity
  • Regular review of subprocessors and their security posture
  • A documented process to handle data subject requests and incidents
10

Data breach notification

If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of it, as required by Art. 33 GDPR. Where the breach is likely to result in a high risk, we will also notify affected users without undue delay, as required by Art. 34 GDPR.

11

Your rights under GDPR

You have the right to:

  • Be informed about how we process your data, which is what this policy is for.
  • Access the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure of data we no longer need to keep.
  • Restriction of processing in specific situations.
  • Object to processing based on legitimate interest.
  • Portability of data you provided to us, in a structured machine-readable format.

To exercise any right, email [DPO EMAIL]. We respond within one month. You also have the right to lodge a complaint with [SUPERVISORY AUTHORITY] or with the supervisory authority in your country of residence.

12

Children's data

This site is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at [DPO EMAIL] and we will delete it.

13

Changes to this policy

We may update this policy as our service or applicable law changes. The dates at the top of the page reflect the latest version. For material changes we will provide a clearer notice on the site.

14

Contact

For any privacy question or request, please use the details below.

Data controller

Veliora Limited

[EU ADDRESS]

Data protection officer

[DPO EMAIL]

You can also review our terms and conditions.