Privacy Policy
Draft version — last updated 2026. Governing law: Italy / EU.
{{PLACEHOLDER}} are filled in
by the operator after consulting an accountant/lawyer.Last updated: {{LAST_UPDATED_DATE}}
This Privacy Policy explains how Velquaria ("we", "us", "our") collects, uses, shares, and protects personal information when you visit our website, browse our catalogue, or purchase and download our digital products. Velquaria sells digital products (ebooks, strategy packs, printable PDFs, and some PLR-derived materials) that are delivered instantly via a download link/token after purchase.
We serve consumers in the United States, Canada, the United Kingdom, New Zealand, Australia, and the European Union. This policy is designed to address the privacy laws that apply across those regions. Where a specific law grants you rights, the relevant section below explains them.
1. Who We Are (Data Controller / Business)
The party responsible for your personal information (the "data controller" under GDPR, the "business" under US state law, and the equivalent under other laws) is:
- Legal name: {{SELLER_LEGAL_NAME}}
- Registered address: {{SELLER_ADDRESS}}
- Tax note: {{SELLER_VAT_OR_TAX_NOTE}}
- Italian regime forfettario — operazione non soggetta a IVA ai sensi dell'art. 1, commi 54-89, L. 190/2014.
- Contact email:
[email protected]
We have not appointed a Data Protection Officer (DPO), as we are not legally required to do so. You can reach us on any privacy matter at the contact email above.
2. What Personal Information We Collect
We aim to collect only what we need to sell and deliver digital products and to run our website. We collect:
| Category | Examples | Source |
|---|---|---|
| Identity & contact data | Name, email address | Provided by you at checkout |
| Order & transaction data | Products purchased, order ID, amount, currency, purchase date, download-token activity, refund/guarantee requests | Generated when you buy |
| Payment data | Handled by our payment processors (Stripe, PayPal). We receive confirmation of payment and limited details (e.g., last 4 digits of a card, billing country). We do not store full card numbers. | Payment processors |
| Technical & usage data | IP address, browser type, device/operating system, referring page, pages viewed, timestamps | Collected automatically |
| Cookie & analytics data | Essential session data and, with your consent, optional analytics | See our Cookie Policy |
| Communications | The content of emails or support messages you send us | Provided by you |
We do not intentionally collect special category / sensitive data, and we do not knowingly sell products to, or collect data from, children (see Section 12).
3. Why We Use Your Information and Our Legal Basis
For users in the EU/UK (and as a general statement of purpose for all users), we rely on the following legal bases under the GDPR / UK GDPR:
| Purpose | Why | Legal basis (GDPR / UK GDPR) |
|---|---|---|
| Process your order and deliver the digital product | To perform the purchase contract with you | Contract (Art. 6(1)(b)) |
| Provide the download link/token and customer support | To perform the contract; to answer your requests | Contract / Legitimate interests (Art. 6(1)(b) / (f)) |
| Process payments and prevent fraud | To take payment and protect against fraudulent transactions | Contract / Legitimate interests (Art. 6(1)(b) / (f)) |
| Handle refunds and the 14-day money-back guarantee | To perform the contract and meet consumer-protection duties | Contract / Legal obligation (Art. 6(1)(b) / (c)) |
| Keep accounting, tax, and transaction records | To comply with tax and bookkeeping law | Legal obligation (Art. 6(1)(c)) |
| Operate, secure, and debug the website | To keep the site running safely | Legitimate interests (Art. 6(1)(f)) |
| Optional analytics (understand site usage) | To improve the site | Consent (Art. 6(1)(a)) |
| Send service/transactional emails (receipt, delivery, guarantee) | To perform the contract | Contract (Art. 6(1)(b)) |
| Send marketing emails (only if you opt in) | To keep you informed of products | Consent (Art. 6(1)(a)) |
Where we rely on legitimate interests, we have balanced our interests against your rights and freedoms. You may object to this processing (see Section 8).
Where we rely on consent (e.g., optional analytics, marketing), you may withdraw it at any time without affecting the lawfulness of prior processing.
4. Digital Delivery and No "Cooling-Off" Waiver
Our products are delivered instantly as downloadable digital content. Order and delivery data (including download-token status) is processed so we can confirm delivery, provide support, and administer our 14-day money-back guarantee. Consumer withdrawal/refund terms are described in our separate Terms and Refund Policy.
5. Who We Share Your Information With
We do not sell your personal information for money. We share it only with service providers ("processors") who help us run the business, and only as needed:
| Recipient | Role | What they receive |
|---|---|---|
| Stripe | Payment processing | Payment and billing details, transaction data |
| PayPal | Payment processing | Payment and billing details, transaction data |
| Email/transactional delivery provider | Sending receipts, delivery links, support replies | Name, email, order reference |
| Website hosting / infrastructure provider | Serving the website and storing order data | Technical data, order data |
| Analytics provider (optional, consent-based) | Aggregate site-usage insights | Cookie/usage data |
| Professional advisors (accountant, lawyer) | Tax, accounting, legal compliance | As strictly necessary |
| Authorities | Where legally required | As required by law |
Stripe and PayPal act as independent controllers for their own fraud-prevention and regulatory purposes and as our processors for taking payment. Please review their privacy notices:
- Stripe: https://stripe.com/privacy
- PayPal: https://www.paypal.com/privacy
We may also share data in connection with a business sale, merger, or reorganisation, subject to this policy.
6. International Data Transfers
We are based in Italy (EU). Our processors (including Stripe and PayPal) may process data in the United States and other countries outside your own. When personal data is transferred out of the EEA, the UK, Switzerland, or another region with transfer restrictions, we rely on appropriate safeguards, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission (and the UK International Data Transfer Agreement / Addendum for UK transfers);
- Adequacy decisions where they apply; and
- The transfer mechanisms operated by our processors.
You may request a copy of the relevant safeguards by emailing [email protected].
7. How Long We Keep Your Information (Retention)
We keep personal data only as long as necessary for the purpose it was collected, or as required by law:
| Data | Retention |
|---|---|
| Order & transaction records | For as long as required by applicable tax/accounting law (in Italy, generally 10 years), then deleted or anonymised |
| Name & email tied to an order | For the period above, to support the guarantee, warranty, and record-keeping duties |
| Marketing contact data (opt-in) | Until you unsubscribe or withdraw consent |
| Support correspondence | Typically up to 24 months after the matter is resolved |
| Website/server logs | Typically up to 12 months |
| Optional analytics data | Per the retention set with the analytics provider (see Cookie Policy) |
When retention ends, we delete or irreversibly anonymise the data.
8. Your Rights (EU / UK — GDPR)
If you are in the EU or UK, you have the right to:
- Access — obtain a copy of your personal data;
- Rectification — correct inaccurate or incomplete data;
- Erasure ("right to be forgotten") — subject to our legal retention duties;
- Restriction — limit how we process your data;
- Portability — receive your data in a structured, machine-readable format;
- Object — object to processing based on legitimate interests, and to direct marketing at any time;
- Withdraw consent — where processing is based on consent;
- Not be subject to solely automated decision-making with legal or similarly significant effects (we do not carry out such decision-making).
How to exercise: email [email protected]. We will respond within one month (extendable by two further months for complex requests). We do not charge a fee unless the request is manifestly unfounded or excessive.
Complaints: You may lodge a complaint with your local supervisory authority. In Italy this is the Garante per la protezione dei dati personali (https://www.garante.privacy.it). In the UK it is the Information Commissioner's Office (ICO) (https://ico.org.uk). You may also complain to the authority in your EU country of residence.
9. Your Rights (United States — CCPA/CPRA and Other States)
If you are a US resident (including California, and to the extent applicable Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states with comprehensive privacy laws), you may have the right to:
- Know / Access the categories and specific pieces of personal information we have collected;
- Delete personal information we hold, subject to legal exceptions;
- Correct inaccurate personal information;
- Opt out of "sale" or "sharing" of personal information and of targeted advertising;
- Limit use of sensitive personal information (we do not use sensitive data for these purposes);
- Non-discrimination for exercising your rights.
"Do Not Sell or Share My Personal Information": We do not sell your personal information for money, and we do not "share" it for cross-context behavioural advertising as those terms are defined under California law. If our practices change, we will provide a clear opt-out link. To make any request, email [email protected] with the subject line "US Privacy Request". We will verify your identity before acting and may ask you to confirm order details. You may use an authorised agent to submit a request on your behalf, with proof of authorisation.
We will not discriminate against you for exercising these rights.
10. Your Rights (Canada — PIPEDA)
If you are in Canada, under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws, you may:
- Access the personal information we hold about you and request corrections;
- Ask about our collection, use, and disclosure practices;
- Withdraw consent, subject to legal or contractual restrictions.
We collect, use, and disclose personal information only for purposes a reasonable person would consider appropriate. To exercise these rights, contact [email protected]. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca).
11. Your Rights (Australia — Privacy Act / APPs and New Zealand — Privacy Act 2020)
Australia: We handle personal information consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You may request access to, and correction of, your personal information, and complain about how we handle it. Unresolved complaints may be referred to the Office of the Australian Information Commissioner (OAIC) (https://www.oaic.gov.au).
New Zealand: We handle personal information consistent with the Information Privacy Principles under the Privacy Act 2020. You may request access to, and correction of, your personal information. Unresolved complaints may be referred to the Office of the Privacy Commissioner (https://www.privacy.org.nz).
To exercise any of these rights, contact [email protected].
12. Children's Privacy
Our products and website are intended for adults. We do not knowingly collect personal information from children under 16 (or the minimum age required in your jurisdiction). If you believe a child has provided us data, contact [email protected] and we will delete it.
13. Data Security
We use reasonable technical and organisational measures to protect personal data, including encryption in transit (HTTPS), restricted access, and reliance on PCI-compliant payment processors so that we never handle full card details. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
14. Cookies and Tracking
We use a small number of cookies and similar technologies. Strictly necessary cookies run by default; optional analytics run only with your consent. Full details, categories, and how to manage your choices are in our separate Cookie Policy.
15. Third-Party Links
Our site and products may link to third-party websites. We are not responsible for their privacy practices. Please review their policies before providing personal information.
16. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top shows the latest revision. Material changes will be posted on this page. Please review it periodically.
17. Contact Us
For any privacy question or to exercise your rights:
- Email:
[email protected] - Data controller: {{SELLER_LEGAL_NAME}}, {{SELLER_ADDRESS}}
- Tax note: {{SELLER_VAT_OR_TAX_NOTE}}