Data Controller
The data controller responsible for your personal information is:
- Company: NaveliA OÜ
- Registry code: 17431508
- Registered address: Estonia
- Website: https://vel.academy
- Email: info@vel.academy
As an Estonian private limited company, NaveliA OÜ is subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) and the laws of the Republic of Estonia.
Data We Collect
We collect only the data necessary to provide our services. Depending on how you interact with us, this may include:
| Category | Examples | Source |
|---|---|---|
| Identity data | First name, last name | You provide it |
| Contact data | Email address | You provide it |
| Transaction data | Payment confirmation, order ID, purchased course | Payment platform (PayPal) |
| Account data | Username, password (hashed), course progress | You provide it / auto-generated |
| Technical data | IP address, browser type, device, session duration | Collected automatically |
| Usage data | Pages visited, lessons watched, clicks | Collected automatically |
| Communication data | Messages sent to support, feedback | You provide it |
We do not collect sensitive personal data (e.g. health information, racial or ethnic origin, political opinions) and do not intentionally collect payment card details — all payments are processed securely by our third-party payment processor.
How We Use Your Data
We use your personal data for the following purposes:
- To create and manage your VEL Academy account and grant access to purchased courses
- To process payments and send purchase confirmations
- To provide customer support and respond to your enquiries
- To send transactional emails (access instructions, receipt, course updates)
- To send marketing communications if you have opted in (you may unsubscribe at any time)
- To analyse website and platform usage so we can improve our services
- To comply with legal obligations (tax, accounting, fraud prevention)
- To issue certificates of completion
We will never sell your personal data to third parties or use it for purposes incompatible with those stated above.
Legal Bases for Processing (GDPR)
For users in the EEA, every processing activity rests on one or more of the following legal bases under Article 6 GDPR:
| Legal Basis | When We Rely on It |
|---|---|
| Contract (Art. 6(1)(b)) | Processing necessary to fulfil your course purchase and provide access |
| Legitimate Interests (Art. 6(1)(f)) | Analytics, fraud prevention, and improving our platform — where these interests are not overridden by your rights |
| Consent (Art. 6(1)(a)) | Marketing emails and non-essential cookies — you may withdraw consent at any time |
| Legal Obligation (Art. 6(1)(c)) | Tax records, accounting, and other statutory requirements |
Third-Party Service Providers
We share your data only with trusted processors who help us deliver our services. Each processor is bound by a Data Processing Agreement and may only use data on our instructions:
- PayPal — payment processing for all course purchases
- Google Analytics / Google Workspace — website analytics and email communications
- Email marketing service — transactional and promotional emails (e.g. Mailchimp or similar)
- Cloudflare / hosting provider — website infrastructure and security
We do not allow any of these service providers to use your personal data for their own marketing purposes.
International Data Transfers
Some of our processors are located outside the EEA (for example, in the United States). Where data is transferred internationally, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries with an EU adequacy decision
- Binding Corporate Rules or equivalent measures
You may request a copy of the safeguards we rely on by contacting us at info@vel.academy.
Cookies & Tracking Technologies
Our website uses cookies and similar technologies. Cookies are small text files stored in your browser that help us:
- Essential cookies — required for the website and login to function correctly (no consent required)
- Analytics cookies — measure traffic and usage patterns (e.g. Google Analytics) — require your consent in the EEA
- Preference cookies — remember your language or display settings
- Marketing cookies — track conversions from advertising — require your consent
You can manage or withdraw cookie consent at any time through your browser settings or via our cookie banner. Blocking essential cookies may affect website functionality.
Data Retention
We keep your personal data only as long as necessary for the purposes set out in this policy:
- Account data — for the duration of your account plus 2 years after the last login or account deletion request
- Transaction & tax records — 7 years as required by Estonian accounting law
- Support communications — 2 years from the date of last contact
- Marketing data — until you unsubscribe or withdraw consent
- Analytics data — up to 26 months (aggregated and anonymised thereafter)
When retention periods expire, data is securely deleted or anonymised.
Your Rights Under GDPR (EEA Residents)
If you are in the EEA, you have the following rights regarding your personal data:
To exercise any of these rights, email us at info@vel.academy. We will respond within 30 days. Identity verification may be required to protect your data.
California Residents — CCPA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights:
- Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you over the past 12 months, the sources, the business purpose, and the categories of third parties with whom we shared it
- Right to Delete — request deletion of your personal information, subject to certain exceptions (e.g. legal obligations)
- Right to Correct — request correction of inaccurate personal information we hold
- Right to Opt-Out of Sale / Sharing — we do not sell or share your personal information with third parties for cross-context behavioural advertising
- Right to Limit Use of Sensitive Personal Information — we do not collect sensitive personal information as defined under CPRA
- Right to Non-Discrimination — we will not discriminate against you for exercising any CCPA rights
To submit a verifiable consumer request, contact us at info@vel.academy with "CCPA Request" in the subject line. We will respond within 45 days (extendable by a further 45 days where necessary).
You may designate an authorised agent to make a request on your behalf, provided they submit written proof of authorisation and you verify the request directly with us.
Children's Privacy
VEL Academy is a professional education platform intended for adults (18 years and older). We do not knowingly collect personal data from children under the age of 16 (or under 18 where required by applicable law).
If you believe a minor has provided us with personal data, please contact us immediately at info@vel.academy and we will delete it promptly.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we do, we will revise the "Last Updated" date at the top of this page.
For material changes, we will notify you by email (if we hold your email address) or by displaying a prominent notice on our website at least 30 days before the change takes effect. Your continued use of vel.academy after that date constitutes acceptance of the updated policy.
We encourage you to review this policy periodically.
Contact Us
If you have any questions, requests, or concerns about this Privacy Policy or your personal data, please reach out:
Estonia, EU
aki.ee