VELORO

GDPR

Privacy Policy

Last updated: April 1, 2026

1. Data controller

VELORO (Ultras-Sites) is responsible for processing your personal data. Contact: contact@veloro.shop

2. Data collected

When you make a purchase, we collect:

  • First name, last name and email address (via Mollie at payment)
  • Delivery address
  • Order history
  • Anonymised browsing data (pages visited, session duration)

Important: VELORO never has access to your banking details. This data is processed exclusively by Mollie, our PCI DSS certified payment provider.

3. Processing purposes

Your data is used for:

  • Processing and tracking your orders
  • Communications related to your purchases (confirmations, shipping, returns)
  • Improving our services and website
  • Sending newsletters (only with your explicit consent)
  • Compliance with our legal and accounting obligations

4. Legal basis

The processing of your data is based on:

  • Performance of the sales contract (order processing)
  • Your consent (newsletter, non-essential cookies)
  • Our legal obligations (accounting, taxation)
  • Our legitimate interest (service improvement, security)

5. Retention period

Your data is retained for:

  • 3 years from the last purchase for customer data
  • 10 years for accounting and invoicing data (legal obligation)
  • Until consent is withdrawn for newsletter data

6. Data sharing

Your data may be transmitted to:

  • Mollie (payment processing) — PCI DSS Level 1 certified
  • BigBuy (order processing and shipping)
  • Our host Cloudflare (technical infrastructure)

Your data is never sold to third parties for commercial purposes.

7. Your rights (GDPR)

In accordance with the GDPR, you have the following rights:

  • Right of access: obtain a copy of your data
  • Right of rectification: correct inaccurate data
  • Right to erasure: request deletion of your data
  • Right to portability: receive your data in a structured format
  • Right to object: object to certain processing

To exercise these rights, contact us at: contact@veloro.shop. We respond within 30 days.

You may also lodge a complaint with the CNPD (Portuguese National Data Protection Commission — www.cnpd.pt) or with the data protection authority in your country of residence.

8. Cookies

Our site uses technical cookies essential to the operation of the cart and session. These cookies do not require your consent as they are essential to the service.

We do not use third-party advertising cookies without your explicit consent.

9. Security

VELORO implements appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure or destruction. Our site uses the HTTPS protocol (SSL/TLS) to encrypt all communications.