Privacy policy

Privacy Policy

Last Updated: 25 February 2026

1. Introduction

Welcome to VELTIS ("we", "our", "us"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website at www.veltis.co (the "Site") or purchase our products.

This policy is provided in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Please read this policy carefully to understand our practices regarding your personal data. By using our Site, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

For the purposes of UK data protection law, the data controller is:

VELTIS
Yous
Email: support@veltis.co

3. What Personal Data We Collect

3.1 Information You Provide Directly

  • Full name
  • Email address
  • Delivery address and billing address
  • Telephone number (if provided)
  • Payment information (processed securely via our payment provider; we do not store full card details)
  • Any correspondence or communications you send to us

3.2 Information Collected Automatically

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Pages visited on our Site, time spent, and navigation paths
  • Referring website or source
  • Device identifiers

3.3 Cookies and Similar Technologies

Our Site uses cookies and similar tracking technologies to distinguish you from other users. For full details on the cookies we use, their purposes, and how to manage them, please see Section 10 (Cookies) below.

4. How We Use Your Personal Data

We use your personal data for the following purposes, along with the lawful basis for each:

Fulfilling orders and delivering products: Processing your purchase, arranging shipping, and providing customer support. Lawful basis: Performance of a contract (Article 6(1)(b) UK GDPR).

Managing your account: If you create an account on our Site. Lawful basis: Performance of a contract.

Sending transactional communications: Order confirmations, shipping updates, and delivery notifications. Lawful basis: Performance of a contract.

Marketing communications: Sending you information about products, offers, and wellness content that may interest you, where you have opted in. Lawful basis: Consent (Article 6(1)(a)). You may withdraw consent at any time.

Improving our Site: Analysing how users interact with our Site to enhance functionality and user experience. Lawful basis: Legitimate interest (Article 6(1)(f)).

Fraud prevention and security: Protecting our Site and business from fraudulent activity. Lawful basis: Legitimate interest.

Legal compliance: Meeting our obligations under applicable law. Lawful basis: Legal obligation (Article 6(1)(c)).

5. Who We Share Your Data With

We may share your personal data with the following categories of third parties, only to the extent necessary for the purposes described above:

  • Shopify (our e-commerce platform provider) — order processing, hosting, and analytics
  • Payment processors (e.g. Shopify Payments, PayPal, Stripe) — secure payment handling
  • Shipping and fulfilment partners — delivery of your orders
  • Email marketing providers — sending marketing communications (only with your consent)
  • Analytics providers (e.g. Google Analytics) — understanding Site usage
  • Advertising platforms — for targeted advertising campaigns (only with cookie consent)
  • Professional advisors — legal, accounting, or audit purposes
  • Law enforcement or regulatory bodies — where required by law

We do not sell your personal data to any third party.

6. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries with an adequacy decision by the UK Secretary of State
  • International Data Transfer Agreements (IDTAs) or standard contractual clauses approved by the ICO
  • Other lawful transfer mechanisms as permitted under UK GDPR

If you would like further details about the specific safeguards applied, please contact us using the details provided in Section 15.

7. How Long We Keep Your Data

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

  • Order and transaction data: Retained for 6 years after the date of the transaction (in line with HMRC requirements).
  • Marketing consent records: Retained for as long as you remain subscribed; removed promptly upon unsubscription.
  • Website analytics data: Retained in anonymised or aggregated form for up to 26 months.
  • Customer support communications: Retained for up to 3 years after the last interaction.
  • Cookie consent records: Retained for up to 12 months, after which you will be asked to re-confirm your preferences.

8. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

  • Right of access — You can request a copy of the personal data we hold about you (a "Subject Access Request").
  • Right to rectification — You can ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — You can ask us to delete your personal data in certain circumstances.
  • Right to restriction of processing — You can ask us to restrict the processing of your data in certain circumstances.
  • Right to data portability — You can request that we transfer your data to another organisation in a structured, commonly used format.
  • Right to object — You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Rights related to automated decision-making — You have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal or similarly significant effects.

To exercise any of these rights, please contact us at support@veltis.co. We will respond to your request within one month. There is no fee for making a request, unless your request is manifestly unfounded or excessive.

9. Marketing Communications

We will only send you marketing communications where you have given us your explicit consent to do so (e.g. by ticking an opt-in box at checkout or subscribing to our newsletter).

In accordance with PECR, we may also send you marketing emails about similar products if you have previously purchased from us and did not opt out at the time of purchase (the "soft opt-in"). You may opt out at any time.

You have the right to opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us directly at support@veltis.co

Opting out of marketing will not affect transactional communications related to your orders.

10. Cookies and Similar Technologies

10.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help the website recognise your device and store information about your preferences or past actions.

10.2 How We Use Cookies

We use the following types of cookies on our Site:

Cookie Type Purpose Duration
Strictly Necessary Essential for the Site to function (e.g. shopping cart, checkout, security). Cannot be switched off. Session / up to 1 year
Analytics / Performance Help us understand how visitors use our Site (e.g. pages visited, time spent). Data is anonymised. Up to 26 months
Functional Remember your preferences (e.g. language, region) to provide a more personalised experience. Up to 1 year
Marketing / Targeting Used to deliver relevant advertisements and measure campaign effectiveness. May be set by third parties. Up to 2 years

10.3 Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages. We do not control these cookies. The main third parties that may set cookies through our Site include:

  • Google Analytics — website usage analytics
  • Meta (Facebook) Pixel — advertising measurement and optimisation
  • Shopify — e-commerce platform functionality

Please refer to the respective privacy policies of these providers for more information on their cookie practices.

10.4 Your Cookie Choices

Under PECR and UK GDPR, we require your consent before placing non-essential cookies on your device. When you first visit our Site, a cookie consent banner will allow you to:

  • Accept all cookies
  • Reject all non-essential cookies
  • Customise your preferences by cookie category

You can change your cookie preferences at any time by clicking the "Cookie Settings" link in our Site footer.

You can also control cookies through your browser settings. Please note that blocking certain cookies may affect the functionality of our Site. Instructions for managing cookies in common browsers:

  • Chrome: Settings > Privacy and Security > Cookies
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Settings > Cookies and Site Permissions

10.5 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Our Site does not currently respond to DNT signals, but we respect your cookie consent choices as described above.

11. Data Security

We take the security of your personal data seriously. We have implemented appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption across our entire Site
  • Secure payment processing through PCI DSS-compliant providers
  • Access controls and authentication for administrative systems
  • Regular review of our data handling and security practices

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining best practices.

12. Children's Privacy

Our Site and products are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that we have collected data from a child, please contact us immediately and we will take steps to delete such information.

13. Third-Party Links

Our Site may contain links to third-party websites, plug-ins, and applications. Clicking on these links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last Updated" date.

Where changes are significant, we will notify you by email or by placing a prominent notice on our Site.

15. Complaints and Contact

If you have any concerns about how we handle your personal data, we encourage you to contact us first at support@veltis.co so we can try to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
https://ico.org.uk/make-a-complaint/

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

VELTIS
Email: support@veltis.co
Website: www.veltis.co