Skip to main content

Privacy Policy

Last Updated: March 14, 2026

This Privacy Policy explains how Veloryx Learning GmbH (“Veloryx”, “we”, “us”) collects, uses, and protects personal data when you visit this website and when you contact us about online courses, webinars, masterclasses, intensives, and longer educational programs.

It also explains how cookie preferences work on this site, including how analytics and marketing technologies are enabled only after consent where required.

1. Introduction & Controller Identity

Veloryx Learning GmbH is the “data controller” for the personal data described in this Privacy Policy. This means we determine the purposes and means of processing your personal data.

Effective date: March 14, 2026. If you have questions about privacy, you can contact us using the details above. For routine inquiries, the main contact email is the fastest route; we will route your request internally.

2. Personal Data We Collect

We collect personal data in a few predictable places: when you browse the site, when you submit a form, and when you communicate with us by email or phone. The categories below describe what we may collect depending on your interaction.

2.1 Identity and contact data

When you submit an inquiry, we may collect your name, email address, and any phone number you voluntarily provide in a message or email signature. We use this information to respond and to coordinate admissions steps for the relevant learning track.

2.2 Form content

If you use a site form, we collect the information you enter, such as the learning topic you select (for example: languages, AI workflows, programming, or digital work skills) and any message you include (goals, level, and scheduling constraints). This information is processed so admissions can answer accurately rather than sending generic replies.

2.3 Technical data

When you visit the site, our systems and infrastructure providers may process technical information such as IP address, browser type, device/operating system, language settings, approximate location derived from IP (city/region level), and timestamps. This is typical for website delivery, security monitoring, and debugging.

2.4 Usage data

If you consent to analytics cookies, we may collect usage data such as pages viewed, session duration, referrer information, and click paths. This helps us understand what content is useful (for example, whether visitors prefer course outlines or webinar calendars) and identify friction points.

2.5 Cookies and identifiers

The site uses cookies and similar technologies. Some are essential (for example, to remember a consent choice), while others are optional and require consent in many jurisdictions. Details are in Section 4 and in our Cookie Policy.

2.6 What we do not intentionally collect

We do not intentionally collect special-category data (such as health information, religious beliefs, or political opinions), government identification numbers, or financial account details through standard site forms. Please avoid including sensitive information in free-text fields. If such data is submitted, we will handle it with appropriate care and limit processing to what is necessary to respond.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

Where GDPR or UK GDPR applies, we rely on the legal bases below. The practical reason for each processing activity is explained in plain language so it is clear how the site operates.

3.1 Contact and admissions inquiries

  • Purpose: respond to your inquiry; recommend an appropriate course, webinar, masterclass, or intensive; coordinate scheduling.
  • Legal basis: Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent), depending on the context and the wording of the form.

3.2 Analytics

  • Purpose: understand how the site is used and improve structure, clarity, and performance.
  • Legal basis: Art. 6(1)(a) consent, where required by law.

3.3 Marketing and measurement

  • Purpose: measure advertising performance, build remarketing audiences, and attribute conversions (for example, when someone submits an inquiry after clicking an ad).
  • Legal basis: Art. 6(1)(a) consent, where required by law.

3.4 Security and fraud prevention

  • Purpose: protect the website and forms from abuse, automated submissions, and malicious traffic.
  • Legal basis: Art. 6(1)(f) legitimate interests (maintaining the security and integrity of our services).

3.5 Legal obligations

  • Purpose: comply with applicable laws, respond to lawful requests, and maintain records where required.
  • Legal basis: Art. 6(1)(c) legal obligation.

3.6 Automated decision-making (GDPR Art. 22)

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. Admissions decisions and recommendations are handled by people, using the information you provide and the program schedules available.

4. Cookies & Tracking

Cookies are small text files stored on your device. The site also may use pixel tags and similar identifiers once enabled, depending on your consent choice. We group technologies into three categories: essential, analytics, and marketing. The categories match the cookie controls you can open from the site footer.

4.1 Essential cookies (always active)

Essential cookies are necessary for the website to function and for basic operations such as remembering a consent selection. These cookies do not require consent in many jurisdictions because they are strictly necessary.

  • _site_session: session continuity and basic site operation (session to limited duration).
  • cookie_consent: stores your cookie preference choices (12 months).
  • Security-related signals: may include anti-abuse tokens and request integrity checks used to protect forms and infrastructure.

4.2 Analytics cookies (consent)

If you consent to analytics cookies, we may enable Google Analytics 4 (GA4) to measure traffic and improve the website. Where available in configuration, IP anonymization is used. Typical cookie examples include _ga and _ga_XXXXXXXXXX. Analytics retention is typically configured for 14 months.

4.3 Marketing cookies (consent)

If you consent to marketing cookies, we may enable measurement and advertising features such as Google Ads conversion tracking and Meta Pixel. Typical cookie examples include _gcl_au (Google Ads), _fbp and _fbc (Meta). These technologies support remarketing, conversion attribution, and audience building. Cookie lifetimes vary (commonly around 90 days for marketing identifiers, depending on provider behavior and browser restrictions).

4.4 Beyond cookies

Some tracking and measurement solutions also rely on pixel tags, server-to-server events, or identifiers derived from device and network information (such as IP address and user-agent). If enabled after consent, these can be used to measure conversions (for example, form submissions) and to reduce duplicate counting. Any server-side sharing is limited to what is necessary for measurement and is subject to applicable law and contractual safeguards.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent browser cookie (typically 12 months).

You can withdraw consent at any time using “Manage cookie preferences” in the site footer or by clearing cookies in your browser. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

6. Sharing With Advertising & Service Partners

We share personal data only when it is necessary to operate the site, respond to inquiries, provide security, or measure and improve marketing performance (where you have consented). Depending on configuration and consent, the partners below may receive limited data.

6.1 Google (Analytics and Ads)

If enabled after consent, Google LLC may receive cookie identifiers, usage data, and conversion events for analytics (GA4) and advertising measurement (Google Ads). This can include page views, approximate location, and device signals. Data shared is controlled by our configuration and your consent choice.

Provider privacy information: https://policies.google.com/privacy

6.2 Meta (Pixel and audiences)

If enabled after consent, Meta Platforms may receive event data (such as page views and conversions), cookie identifiers, and related signals used for measurement, remarketing, and audience building (including custom and lookalike audiences where configured).

Provider privacy information: https://www.facebook.com/privacy/policy

6.3 Cloudflare (CDN and security)

We may use Cloudflare as a content delivery network and security provider. This can involve processing IP addresses and request metadata for performance, DDoS mitigation, and threat detection.

Provider privacy information: https://www.cloudflare.com/privacypolicy/

6.4 No sale of personal data

We do not sell personal data. Where advertising partners are used, the intent is to measure performance and improve relevance based on consent. We also do not permit providers to use site data for their own independent commercial purposes beyond providing services to us, subject to their terms and applicable law.

7. International Transfers

Some providers may process data outside the EEA/UK, including in the United States. Where applicable, transfers rely on recognized mechanisms such as the EU–US Data Privacy Framework (and the UK Extension and Swiss–US DPF where relevant). Where needed, Standard Contractual Clauses (EU 2021/914) and UK transfer tools (such as the UK IDTA) may be used as a fallback.

Transfer safeguards vary by provider, configuration, and the nature of the data shared. We aim to minimize personal data in event payloads and to use consent-based activation for optional tracking.

8. Retention

We keep personal data only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typical retention periods are:

  • Contact submissions and admissions correspondence: up to 2 years from the last interaction, unless continued engagement requires longer retention.
  • Analytics data: typically 14 months (where configured and where consent is given).
  • Marketing cookies and identifiers: per cookie lifetime (often around 90 days), subject to browser restrictions and provider settings.
  • Email correspondence: duration of the relationship plus 1 year (to preserve context and avoid repeated intake), unless legal obligations require longer.
  • Server and security logs: commonly up to 90 days, unless an incident requires longer investigation retention.
  • Cookie consent record: up to 3 years for audit purposes, depending on legal needs.
  • Legal and tax retention (where applicable): typically 6–10 years for certain records.

9. Your Rights (GDPR & UK GDPR)

If GDPR or UK GDPR applies to you, you may have the right to request access to, rectification of, deletion of, or restriction of processing of your personal data. You may also have the right to data portability, to object to processing, and to withdraw consent where processing is based on consent.

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction (Art. 18)
  • Portability (Art. 20)
  • Objection (Art. 21)
  • Withdraw consent (Art. 7(3))
  • Lodge a complaint (Art. 77)

To exercise a right, email [email protected]. We may ask for additional information to verify identity, especially for deletion requests. We aim to respond within 30 days; complex requests may take longer (up to an additional 60 days where permitted).

Supervisory authority references: https://edpb.europa.eu (EU), https://ico.org.uk (UK), https://www.bfdi.bund.de (Germany).

10. Children

This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will take steps to delete the data promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may offer their own DNT handling or opt-out mechanisms.

12. Data Deletion Requests

You can request deletion by emailing [email protected] with the subject line “Data Deletion Request”. We will confirm what data can be deleted and what must be retained for legal obligations. We aim to complete verified requests within 30 days.

13. Business Transfers

If Veloryx Learning GmbH is involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity as part of that transaction. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

This section provides additional disclosures for California residents where the California Consumer Privacy Act (CCPA), as amended by the CPRA, applies.

14.1 Categories of personal information disclosed (past 12 months)

  • Identifiers: name, email address, IP address, cookie identifiers (disclosed to service providers and, where consented, advertising partners).
  • Internet/network activity: browsing and interaction data (for analytics and advertising measurement, where enabled).
  • Inferences: interests and preferences inferred from site usage (for advertising measurement and audience building, where enabled).

14.2 Sale and sharing

We do not sell personal information as defined by CCPA. We may “share” personal information for cross-context behavioral advertising when marketing cookies are enabled after consent. You can opt out by changing your cookie preferences via the footer link “Manage cookie preferences”.

14.3 Your California rights

California residents may have the right to know, delete, correct, and opt out of sale/sharing, and to not be discriminated against for exercising privacy rights. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify identity before processing a request. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If the Virginia Consumer Data Protection Act (VCDPA) applies, you may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If a request is denied, you may appeal by emailing with the subject line “Appeal of Refusal — Privacy Request”. We will respond within 60 days where required.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be announced via a site notice at least 14 days before they take effect when feasible. The “Last Updated” date at the top of this page is refreshed with each revision.

18. Contact

For questions, requests, or concerns related to this Privacy Policy, contact: