Polityka prywatności

1. Introduction

Velor (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR). It applies to all users of the Velor website and services.

2. Data We Collect

We may collect the following categories of personal data:

• Account data: name, email address, and hashed password when you create an account
• Order data: shipping address, billing address, order history, and items purchased
• Technical data: IP address, browser type, device information, and referring URLs
• Cookie data: preferences, session tokens, analytics identifiers, and affiliate referral attribution cookies (see Section 8)
• Communication data: messages sent to our support team, email marketing preferences, and order/payment/tracking notifications

3. How We Use Your Data

We use your personal data to:

• Process and fulfil your orders, including payment and dispatch
• Send order confirmations, payment receipts, shipping updates, and delivery/tracking notifications
• Provide customer support and respond to your enquiries
• Analyse site usage through anonymised analytics to improve our services
• Send marketing communications — only where you have given consent
• Attribute affiliate referrals where a referral cookie is present
• Detect and prevent fraud, abuse, and security incidents

4. Legal Basis for Processing (GDPR Art. 6)

• Contract performance: processing your orders and managing your account
• Legitimate interest: site security, fraud prevention, and service improvement
• Consent: marketing emails, newsletters, and non-essential cookies — you may withdraw consent at any time
• Legal obligation: retaining financial records as required by EU tax law

5. Data Sharing

We share your data only with trusted third parties necessary to operate our services:

• Shipping providers: your name and address are passed to our courier partners to fulfil delivery
• Payment processors: payment data is handled securely by PayGate and its external payment providers via hosted checkout — we do not store full card details on our servers
• Analytics tools: anonymised usage data is shared with analytics platforms to understand site performance

We never sell, rent, or trade your personal data to third parties for their own marketing purposes.

6. Data Retention

• Account data: retained until you delete your account or request erasure
• Order data: retained for 7 years to comply with EU tax and legal requirements
• Analytics data: retained for up to 26 months in anonymised form
• Marketing consent records: retained until consent is withdrawn
• Support communications: retained for up to 3 years for quality and dispute resolution

7. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your data (“right to be forgotten”)
• Right to data portability: receive your data in a structured, machine-readable format
• Right to restrict processing: ask us to pause processing of your data
• Right to object: object to processing based on legitimate interest or for direct marketing
• Right to withdraw consent: withdraw marketing consent at any time without affecting prior processing
• Right to lodge a complaint: with your national data protection supervisory authority

To exercise any of these rights, email us at support@velorpeptide.com. We will respond within 30 days.

8. Cookies

We use cookies and similar tracking technologies. When you first visit, our cookie banner allows you to accept or decline non-essential cookies by category:

• Necessary cookies: required for the site to function (session, authentication) — always active
• Analytics cookies: help us understand how visitors use our site (anonymised)
• Affiliate / referral cookies: used to attribute purchases to the referring affiliate partner (30-day duration)
• Marketing cookies: used to deliver relevant advertisements — only with your consent

You can update your cookie preferences at any time using the cookie settings banner.

9. International Transfers

Our servers and primary service providers are located within the European Economic Area (EEA). Any transfer of personal data outside the EEA is made only under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

10. Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

• HTTPS encryption for all data in transit
• Hashed and salted password storage — plain-text passwords are never stored
• Access controls limiting data access to authorised staff only
• Regular security reviews and vulnerability assessments

11. Children

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated date. For significant changes we will notify registered users by email. Continued use of our services constitutes acceptance of the updated policy.

13. Contact & Data Protection

For any privacy-related questions, requests, or complaints, please contact our data protection contact at: support@velorpeptide.com

You also have the right to lodge a complaint with your local supervisory authority if you believe your data has been processed unlawfully.