Privacy Policy
Velantix is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it, and what rights you have — in plain language, not legal jargon. We process all personal data in accordance with the General Data Protection Regulation (GDPR).
1. Who we are
Velantix is a business process automation and AI consultancy operating across the European Union and the United States. For the purposes of GDPR, Velantix acts as the data controller for personal data collected through this website.
2. What data we collect
We collect only what is necessary to respond to your inquiry or deliver our services. This includes:
| Data | Source | Why we collect it |
|---|---|---|
| First and last name | Contact form | To address you personally in our response |
| Business email address | Contact form | To respond to your inquiry |
| Company name and role | Contact form | To understand your context and tailor our response |
| Message content | Contact form | To understand your specific question or requirement |
| Basic usage data (page views, referrer) | Web server / analytics | To understand how the site is used and improve it |
We do not collect special categories of personal data (health, biometric, political, religious, or similar data), and we do not collect personal data from individuals under 18.
3. Legal basis for processing
We rely on the following legal bases under GDPR Article 6:
- Legitimate interests (Art. 6(1)(f)) — responding to business inquiries sent to us directly, where there is a clear mutual commercial interest.
- Contract performance (Art. 6(1)(b)) — processing data necessary to fulfil a signed service agreement with a client.
- Consent (Art. 6(1)(a)) — where we ask for your explicit consent before sending marketing communications.
We do not use your data for any purpose incompatible with the reason it was originally collected.
4. How we use your data
We use your personal data only to:
- Respond to your inquiry or discovery call request
- Schedule and conduct initial consultations
- Deliver contracted services and project work
- Send service-related communications (project updates, invoices)
- Send occasional relevant content or updates, only where you have opted in
We do not sell, rent, or trade your personal data. We do not use it for automated profiling or automated decision-making that produces legal or significant effects.
5. Who we share your data with
We share your data only with trusted processors who assist us in operating our business. All processors are bound by data processing agreements and handle data only on our documented instructions.
| Processor | Purpose | Location |
|---|---|---|
| HubSpot, Inc. | CRM and contact form processing | EU (eu1 data centre) / US |
| Microsoft Azure | Cloud infrastructure for service delivery | EU data regions available |
| Email provider | Business email communication | EU |
For any transfers of data outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms.
We may disclose personal data to law enforcement or regulatory authorities where required by applicable law.
6. How long we keep your data
- Inquiry data — retained for 12 months from initial contact. If no engagement follows, data is deleted or anonymised.
- Client project data — retained for the duration of the engagement plus 5 years, to meet standard accounting and legal obligations.
- Marketing contact data — retained until you withdraw consent or unsubscribe, whichever comes first.
- Server logs — retained for up to 90 days for security and operational purposes.
When retention periods expire, data is securely deleted or anonymised so it can no longer be linked to an individual.
7. Your rights
Under GDPR, you have the following rights over your personal data. To exercise any of them, email us at contact@velantix.ai. We will respond within 30 days.
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Request deletion of your data where we no longer have a lawful basis to hold it.
Receive your data in a structured, machine-readable format.
Ask us to pause processing while a dispute is resolved.
Object to processing based on legitimate interests or direct marketing.
You also have the right to lodge a complaint with your national data protection authority. For EU residents, the relevant authority is the supervisory authority in your country of residence. For reference, a list of EU supervisory authorities is available at edpb.europa.eu.
8. Cookies and tracking
This website uses a minimal number of cookies. We do not use advertising or cross-site tracking cookies.
- Strictly necessary — session cookies required for the contact form to function (HubSpot). These cannot be disabled without breaking the form.
- Analytics — basic, anonymised page-view data to understand site usage. No personal identifiers are stored.
No consent is required for strictly necessary cookies. For analytics cookies, your continued use of the site is taken as acceptance under the principle of legitimate interests, as no personal data is collected or stored.
9. Security
We apply technical and organisational measures appropriate to the risk of processing, including:
- HTTPS encryption for all data in transit
- Access controls and role-based permissions on internal systems
- EU-region data storage on Microsoft Azure where applicable
- Minimal data collection — we do not store what we do not need
No method of transmission over the internet is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with GDPR Article 33/34.
10. Updates to this policy
We may update this policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.
Continued use of this website after changes are posted constitutes acceptance of the updated policy.
Questions or requests
For any privacy-related questions, data subject requests, or concerns, contact us directly:
Email: contact@velantix.ai
We aim to respond to all privacy requests within 5 business days and are required to respond within 30 days under GDPR.