Veltify

Privacy Policy

Effective Date: January 12, 2026

This Privacy Policy ("Policy") describes how Veltify sp. z o.o. ("Veltify", "we", "us", "our") processes personal data in connection with the use of:

  • the Veltify platform / application (the "Application" or "Service"), and
  • the website available at veltify.com (the "Website"),

together referred to as the "Services".

This Policy is provided in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable personal data protection laws.

1. Data Controller

The controller of your personal data is:

Veltify sp. z o.o.

Share capital: 5 000 PLN

("Controller")

2. Contact

For any matters related to personal data processing, you may contact us at:

privacy@veltify.com (or hello@veltify.com)

3. Veltify as Controller vs. Processor (important)

3.1 When we act as a Controller

We act as a data controller for personal data processed for our own business purposes, such as:

  • account administration, billing, and subscriptions,
  • support and communication,
  • security, analytics, and improvement of Services,
  • marketing activities (where applicable).

3.2 When we act as a Processor (Customer Data)

When our customers use Veltify to manage employee profiles, generate CVs, or store workforce information, Veltify typically acts as a data processor and processes personal data on behalf of the customer (who is the controller).

In such cases, processing is governed by a Data Processing Agreement (DPA) or relevant contract between Veltify and the customer, and individuals should contact the customer (controller) first to exercise rights related to Customer Data.

4. Personal Data We Process

Depending on how you use the Services, we may process:

4.1 Data you provide directly

  • name and surname
  • company name
  • job title
  • email address
  • phone number
  • billing details (company address, VAT ID/NIP)
  • payment status and invoice details (payments may be processed by payment providers)
  • content you submit via support/contact forms
  • login credentials (or SSO identifiers if applicable)

4.2 Data processed within the Application (Customer Data)

If you are a user of a customer account, the platform may include (depending on what the customer uploads):

  • employee profile data (skills, experience, roles, projects)
  • education and certifications
  • language proficiency
  • work history and descriptions
  • documents uploaded by the customer (e.g., CVs, attachments)

4.3 Technical / usage data

  • IP address
  • device and browser data
  • date/time of access
  • logs and events inside the Application
  • pages viewed and actions performed
  • approximate location (based on IP)

5. Purposes and Legal Bases of Processing

Below we describe key purposes, legal bases and retention logic (GDPR Article 6).

5.1 Account creation and provision of Services

Scope: name, company name, email, account identifiers, Service usage data

Legal basis: Article 6(1)(b) GDPR (performance of contract) and/or Article 6(1)(f) GDPR (legitimate interest – enabling access and improving the Service)

Retention: for the duration of the agreement and until claims become time-barred.

5.2 Customer support and communication

Scope: name, email, phone (optional), content of communication

Legal basis: Article 6(1)(f) GDPR (legitimate interest – responding to enquiries)

Retention: until the request is resolved and for the period necessary to defend against claims.

5.3 Handling complaints

Scope: name/company name, email, complaint content

Legal basis: Article 6(1)(f) GDPR (legitimate interest – handling complaints and claims)

Retention: for the duration of the complaint process and until claims become time-barred.

5.4 Billing, payments, accounting and tax obligations

Scope: name/company name, billing address, VAT ID/NIP, invoice data

Legal basis: Article 6(1)(c) GDPR (legal obligation)

Retention: typically 5 years from the end of the relevant tax year (or longer if required by law).

5.5 Security, fraud prevention, and Service integrity

Scope: logs, IP address, events, authentication data

Legal basis: Article 6(1)(f) GDPR (legitimate interest – security and prevention of abuse)

Retention: as long as necessary for security purposes and legal defense.

5.6 Analytics and improvement of Services

Scope: usage data, logs, browser/device data

Legal basis: Article 6(1)(f) GDPR (legitimate interest – product improvement and diagnostics)

Retention: until you object or the purpose is achieved.

5.7 Marketing communication (newsletter / product updates)

Scope: email address, optionally name/company

Legal basis:

  • Article 6(1)(a) GDPR (consent) where required, and/or
  • Article 6(1)(f) GDPR (legitimate interest – informing customers about updates)

Retention: until you unsubscribe or object.

6. Voluntary vs. Mandatory Data

Providing personal data is generally voluntary, but may be necessary to:

  • create an account and use the Services,
  • receive support responses,
  • complete billing and invoicing.

If you do not provide certain data, we may not be able to provide the Services or respond to your request.

7. Recipients of Personal Data

We may share personal data with trusted third parties acting on our behalf, such as:

  1. hosting / infrastructure providers
  2. payment providers
  3. email and communication tools
  4. analytics tools (for Service improvement and performance monitoring)
  5. customer support tools
  6. accounting providers
  7. SSO login providers (e.g., Google/Microsoft/LinkedIn)
  8. database and security providers

We may also disclose data to public authorities where required by law or enforceable decisions.

8. International Transfers (outside EEA)

If we use providers located outside the EEA, your personal data may be transferred to third countries.

In such cases, transfers will be based on appropriate safeguards, such as:

  • European Commission adequacy decisions, or
  • Standard Contractual Clauses (SCCs).

You may request a copy of the safeguards by contacting us.

9. Data Retention

We retain personal data only as long as necessary for the purposes described above, including:

  • duration of the contract and limitation periods for claims,
  • accounting/tax retention obligations,
  • security and audit requirements.

10. Your Rights (GDPR)

Where applicable, you have the following rights:

  1. access to your personal data and obtaining a copy
  2. rectification (correction)
  3. erasure ("right to be forgotten")
  4. restriction of processing
  5. data portability
  6. withdrawal of consent (where processing is based on consent)
  7. objection to processing based on legitimate interest
  8. complaint to a supervisory authority

In Poland, the supervisory authority is:

President of the Personal Data Protection Office (UODO).

11. Profiling and Automated Decision-Making

We may use limited automated processing (e.g., analytics or marketing segmentation).

Such profiling does not produce legal effects or similarly significantly affect you.

12. Cookies and Tracking Technologies

12.1 What are cookies?

Cookies are small text files stored on your device when you use the Website or Application.

12.2 Why we use cookies

We may use cookies to:

  1. ensure proper functioning of Services
  2. improve user experience and detect errors
  3. compile statistics and improve performance
  4. conduct marketing activities (if enabled)

12.3 Types of cookies

  • essential cookies (required for proper functioning)
  • analytics cookies (e.g., Google Analytics)
  • marketing cookies (only if you consent, where applicable)

You can manage cookie preferences in the cookie banner or your browser settings.

Disabling cookies may affect Service functionality.

13. Security Measures

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse, including access control, authentication, and monitoring.

However, no system can guarantee 100% security.

14. Children

The Services are not intended for children and we do not knowingly collect personal data from children.

15. Third-Party Links

The Services may contain links to external websites or services. We are not responsible for their privacy practices. Please review their privacy policies separately.

16. Updates to this Policy

We may update this Policy from time to time. The current version will always be available on our Website. Your continued use of the Services after changes become effective means you accept the updated Policy.

17. Contact

If you have questions about this Policy or personal data processing, contact us:

privacy@veltify.com