Information Notice
Privacy Policy
Last updated: 19/07/2026 — Provided pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR).
1. Data controller
The data controller is Velquoro, with its registered office in Europe. For any request concerning the processing of personal data, you may contact the Controller at privacy@velquoro.shop.
2. Types of data collected
Velquoro collects the following personal data, provided voluntarily by the User or collected automatically during browsing:
- Account and order data: first name, last name, email address, billing details, phone number.
- Payment data: handled directly by PCI-DSS certified providers (Whop, Stripe, PayPal). Velquoro does not store credit card details.
- Browsing data: anonymized IP address, browser type, device, pages visited, session duration.
- Communications: the content of emails sent to customer service, newsletter subscription.
3. Purposes and legal basis for processing
- Performance of the contract (Art. 6.1.b GDPR): order management, delivery of and access to the purchased digital products/services, after-sales support.
- Legal obligations (Art. 6.1.c GDPR): invoicing, retention of accounting documents (10 years pursuant to Art. 2220 of the Italian Civil Code), anti-money laundering.
- Consent (Art. 6.1.a GDPR): sending the newsletter, analytics and profiling cookies, promotional communications.
- Legitimate interest (Art. 6.1.f GDPR): fraud prevention, site security, service improvement.
4. Retention period
- Order and billing data: 10 years (statutory obligation).
- Account data: until the account is deleted or after 24 months of inactivity.
- Newsletter data: until consent is withdrawn.
- Browsing logs: 12 months in aggregated and anonymous form.
5. Data recipients
Data may be disclosed to:
- Payment providers (Whop, Stripe, PayPal).
- Technology providers (hosting, transactional email, digital-product delivery) appointed as Data Processors pursuant to Art. 28 GDPR.
- Competent authorities upon legal request.
Velquoro does not sell, rent, or transfer personal data to third parties for marketing purposes.
6. Transfers outside the EU
Some technology providers may be based outside the European Economic Area. In such cases, the transfer takes place exclusively on the basis of the Standard Contractual Clauses (EU Decision 2021/914) or adequacy decisions of the European Commission.
7. Rights of the data subject (Art. 15-22 GDPR)
The User has the right to:
- Access their personal data and obtain a copy of it.
- Rectify inaccurate or incomplete data.
- Erase data ("right to be forgotten") within the limits set by law.
- Restrict or object to processing.
- Receive data in a structured format (portability).
- Withdraw consent at any time.
- Lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).
Requests should be sent to privacy@velquoro.shop and will be handled within 30 days.
8. Security
Data is protected with TLS encryption in transit, at-rest encryption on the database, role-based access control, and periodic backups. Authorized personnel are bound to confidentiality.
9. Changes
Any updates to this policy will be published on this page together with the date of the last update. For substantial changes, a notification will be sent by email to registered users.