Privacy policy


Updated 12.20.2023
This Privacy Policy with respect to the processing of personal data, hereinafter referred to as the Policy, is developed and applied for the users of the website (hereinafter referred to as Website/Platform) as one of the Appendixes to the Velesty Terms of Use located online at: (hereinafter referred to as Terms of Use),  with respect to processing and ensuring the protection of personal data of individuals (personal data subjects) under the Personal Data Protection Law, as well as the EU General Data Protection Regulation 2016/679 (“GDPR”) and other applicable European data protection legislation, collectively referred to as the Legislation.

This Policy will tell you how your personal data is collected and processed when you visit and use the website ("Platform"). 
By using the Platform, you as a user of the Platform ("You") acknowledge that you agree to this Policy and the terms of processing your personal data. If you do not agree with this Policy, you must immediately leave the Platform and stop using its functionality.
●       Terms and Definitions
●       Contact Information of the Operator
●       Grounds for Personal Data Collection 
●       Personal Data Processing
●       Cookies 
●       Provision of the Personal Information on the Platform 
●       Transfer of Personal Data to Third Parties
●       Your rights 
●       The Period of Personal Data Storage
●       Discontinuation of the Data Processing 
●       Personal Data of Children 
●       Changes to This Policy 
Terms and Definitions
●     Personal data — Information or a collection of information about an individual (User), which is identified or can be specifically identified.
The User's personal data includes in particular: last name, first name, patronymic, identification number, location data, e-mail address, mobile/landline phone number, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the physical entity.
●     Website Administration (“Operator”) — Velesty Company, independently or together with other persons organizing and/or implementing the processing of personal data, as well as determining the purpose of personal data processing, the composition of personal data to be processed, and actions performed with personal data;
●     Processing of personal data any action or set of actions concerning personal data performed with or without the use of automation, including collection, recording, systematization, accumulation, storage, refinement (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
●     Automated processing of personal data — personal data processing by means of computers;
●     Dissemination of personal data — actions aimed at the disclosure of personal data to an undefined group of persons;
●     Provision of personal data — actions aimed at disclosure of personal data to a certain person or a certain group of persons;
●     Blocking of personal data — temporary termination of personal data processing (except when processing is necessary to clarify personal data);
●     Use of personal data — actions with personal data performed by the Administration in order to make decisions or perform other actions that have legal consequences with respect to the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons.
●     Destruction of personal data — actions resulting in the impossibility to restore personal data in the personal data information system and/or in the destruction of the material carriers of personal data;
●     Depersonalization of personal data — actions resulting in the impossibility, without the use of additional information, to determine the affiliation of personal data to a specific personal data subject;
●     Biometric personal data — the data that defines the physiological and biological characteristics of an individual and allows identifying them, and which is used by the Operator to identify the subject of personal data;
●     Personal data information system — the totality of personal data contained in personal data databases, as well as information technology and technical means ensuring data processing;
●     User — the subject of personal data, any legally capable individual who has acceded to this Policy on their own behalf or on behalf of a legal entity, for the purpose of receiving services;
●     Website, Platform — the website, owned by the Operator.
●     Registration — User's actions to fill in and submit the registration form on the Website.
●       Policy — this Privacy Policy, located at
Your personal data processing is carried out in accordance with the requirements of the legislation. The processing of personal data of persons within the EU or those who are EU citizens is governed in particular by the EU General Data Protection Regulation 2016/679 (GDPR). Also, the legislation of other countries may impose additional requirements.
We only process your personal data if one of the conditions specified in Article 6 of the GDPR is met, including but not limited to:
✔      You have consented to the processing of personal data;
✔      You have registered on the Platform;
✔      You visit or use the Platform;
✔      Such processing is necessary for the purpose of entering into or executing a contract with you;
✔      Such processing is required by the laws of the countries you are currently located in;
✔      You contact the Operator via email or contact Customer Support.
(1) Visiting or using the Platform
When you visit or use the Platform, your personal data is collected:
●       Automatically;
●       When you register on the Platform as a Customer.
Automatic collection of personal data occurs through the use of cookies as well as other automatic data collection technology. Such personal data includes IP address, session duration, browser version, time, and currency used on the Platform. You can find more information about cookies in the Cookies section of this Policy.
When you register on the Website as a Customer, accepting the Terms of Use (public offer) located at, you may also provide us with your payment information, such as card number, bank account number, and/or IBAN, and you may also provide us with the Instagram username you use and your email address. The contract terms or Terms of Use may also require the provision of other personal information. The purpose of such personal data processing is to ensure the provision of Velesty services to the Website Users. The legal basis for such data processing is the execution of the contract (including but not limited to the Terms of Use of the Platform).
(2) Registration on the Platform
When registering on the Platform, you may be required to provide the following information:
- Email;
- Phone number;
- Your Instagram profile name (username).
The purpose of processing the aforementioned data is to create and maintain your account on the Platform. The legal basis for such processing is the execution of the contract. The data storage period is the validity period of the account.
(3) Contacting the Operator or customer support
When you contact the Operator via email or contact Customer Support, you provide your e-mail address or other contact information, as well as other data which you have chosen to provide to the Operator or Customer Support yourself, or which is necessary to solve your problem or to answer your question. The purpose of processing such information is to respond to your request or to resolve your problem. The legal basis for such data processing is the execution of the contract or legitimate interest of the Operator or third parties (in resolving your question or problem).
In addition, the grounds for personal data processing are:

 1) The consent of the subject of personal data to the processing of their personal data by the Operator;
 2) The conclusion and execution of the contract, if one of its parties is the subject of personal data or which is concluded for the benefit of the subject of personal data, or to carry out the activities preceding the conclusion of the contract at the request of the subject of personal data;
3) The requirement for the Operator to comply with the existing legislation.
The purpose of personal data processing is as follows:
✔      The performance of the functions assigned to the Operator in accordance with the Terms of Use (public offer) and the contract, as well as Estonian Law and the GDPR;
✔      Collection, storage, and processing of the personal data obtained on the online service under the Law and the GDPR;
✔      Provision of information about the services, current promotions and special offers regarding the services provided by the Operator to the User;
✔      Identification of the subject of personal data when using the website (online service) and performing contractual obligations;
✔      Communication with the subject of personal data when necessary, including sending offers, information materials, messages, information and inquiries, advertising, as well as processing requests of the subject of personal data;
✔      Improvement of the quality of the online service, the convenience of its use, development of new features and improving the quality of services;
✔      Provision of services to the User;
✔      Statistical and other research based on anonymized data;
✔      Performance by the Operator of contractual and other obligations to the User under the transactions concluded between the Operator and the User or third parties on the behalf of the User.
Processing of personal data shall be carried out in compliance with the conditions defined by the Legislation and the GDPR.
In order to achieve the goals of this Policy, only those employees of the Operator who are entrusted with such duty in accordance with their official (employment) duties, are allowed to process personal data. Access of other employees to personal data may be granted only in cases provided for by law. The Operator requires its employees to observe confidentiality and security of personal data during the processing of such data.
When processing personal data in information systems, the Operator shall ensure:
✔    Timely detection of unauthorized access to personal data;
✔    Prevention of impact on technical means of automated processing of personal data, which may result in the disruption of their operation;
✔    Measures aimed at preventing unauthorized access to personal data and/or its transfer to persons not entitled to access such information;
✔    Immediate recovery of personal data, modified and destroyed as a result of unauthorized access to it;
✔    Continuous control of personal data security level.
The operator implements the following requirements of the Law regarding personal data:
✔    Requirements of confidentiality of personal data;
✔    Requirements to ensure the implementation of the personal data subject’s rights;
✔    Requirements to ensure the accuracy of personal data, and if necessary, its relevance in relation to the purposes of personal data processing (taking (providing) measures to remove or update incomplete or inaccurate data);
✔    Requirements for the protection of personal data from unauthorized or accidental access, destruction, distortion, blocking, copying, supply, distribution, as well as other unlawful acts in relation to personal data;
✔    Other requirements of the legislation.
The Operator collects and stores data about the User's actions and preferences using cookies.
Cookies are small text files that, by performing certain functions, collect information about your activity on the Platform and are stored on your device that is used to log in to the Platform. Through the use of cookies, over a period of time, it is possible to identify your device and offer you more relevant information, such as currency or local time.
By using cookies, the online server memorizes the User's preferences and settings on the User's device (computer, mobile device or other device), which are automatically restored in the future the next time you visit the Website. In other words, the use of cookies is intended to provide the convenience of using the Website. For example, they allow you to remember your login information and to sign into your account automatically without re-entering it each time you revisit the Website. There are different types of Cookies that are used by the Operator:
Persistent Cookies and Session Cookies. The fundamental difference between these two types of Cookies is the period of data storage on the User's device. Persistent Cookies are stored on the User's computer until they expire, after which they are automatically deleted by your browser or by yourself. Session cookies are automatically deleted when you close your browser window.
Mandatory and Functional Cookies. In addition to persistent and session cookies, there are also mandatory and functional cookies. The difference between the two types is that mandatory cookies are used to help the use of the Website. They can record information after the user performs certain actions, such as logging into their account or others. Functional cookies serve the convenience of the User. They collect information anonymously and do not and cannot collect information about the User's visits to other sites and services. Their purpose is to memorize the choice of language or geolocation when necessary so it can be utilized in the future.
Analytical and Operational Cookies. These types of Cookies are intended to determine how exactly the User uses the Website, how many visits the User makes, and how many pages the User views. The Company may store for its own purposes information about which pages of the Website are of most interest to the User in order to improve the quality of its service. In this way, it is possible to improve the Website and optimize it directly for a particular User by giving out the most interesting and frequently requested pages.
Targeting and Advertising Cookies. These types are somewhat similar to analytical and operational Cookies. However, the targeting and advertising cookies are not used to optimize the Website for the User and help the Company to collect information about what links you navigate and what pages you look at. Thus, only relevant advertising is selected, which is tailored to each User. Targeting and advertising cookies also serve to limit the number of ad impressions and assess the effectiveness of advertising campaigns. The Company may share the information collected by these types of cookies with third parties, such as advertising companies.
Some cookies are strictly necessary for the normal operation of the Platform, so we do not ask for your consent for their use. In the case of cookies that are not strictly necessary, we will always ask for your consent.
We use cookies to maximize the effectiveness of the Platform, identify you as a user, improve your productivity and usability, customize the advertising and measure its effectiveness.
The Operator may allow third parties, which include advertising and/or analytics service providers, to collect information using this technology directly on the Website. The data collected by these parties are subject to the privacy policies of these third parties.
Each User has the right to refuse to store cookies on their device. In order to do so, it is necessary to change the settings of your browser if you wish to delete cookies and refuse to accept them. As a rule, these options are presented in browsers in the sections Options, Settings, Tools, etc. Depending on which browser the User uses, different methods can be used to disable the acceptance of cookies. Below are the detailed instructions for each browser:
If the User refuses to use and store cookies, they can use the Website, but in this case, some features of the Platform will not be available or may not work correctly.
All relevant information about what cookies are, how they work, how to manage them, or how to delete them can be found on the ALL ABOUT COOKIES website at
By using Velesty services, you provide personal data that may become available to other users of the Platform. Please note that other users may view your Instagram profile. Please exercise caution when sharing your personal information and check the privacy settings of your Instagram profile. In any case, we are not responsible for the actions of Platform users with respect to personal information that you have voluntarily made public.
     We may share your personal information with third parties, such as mailing list service providers, hosting providers, customer and technical support, cloud storage providers, software developers, marketing and analytics service providers. Your personal data will be shared only as necessary, in accordance with applicable personal data protection laws, and to achieve the purposes for which it was collected.
The Operator requires recipients of personal data to observe confidentiality during personal data processing, to process it exclusively in accordance with our instructions and with the provision of necessary organizational and technical measures for the protection of personal data from unlawful or accidental access to it, destruction, change, blocking, copying, unauthorized distribution, as well as from other unlawful actions in relation to personal data.
As a personal data subject, you have a number of rights in relation to your personal data, namely:
to require the Operator to clarify your personal data, block or destroy it in case the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect your rights to receive information regarding the processing of your personal data, including that containing:
confirmation of personal data processing by the Operator;
legal grounds and purposes of personal data processing;
purposes and methods of personal data processing applied by the Operator;
name and location of the Operator, information about persons (excluding the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or in accordance with legislation;
processed personal data related to the respective personal data subject and the source of obtaining such data;
period of personal data processing, including the personal data storage period;
procedure for exercising the rights of the personal data subject;
information on realized or suspected cross-border data transfers;
name, last name, patronymic and address of the person who processes personal data on behalf of the Operator, if the processing is or will be entrusted to such a person; 
other information stipulated by the current legislation.
The Administration may entrust the processing of personal data to a third party with the consent of the subject of personal data, unless otherwise provided by the laws of Estonia, on the basis of an agreement concluded with the third party, the condition of which is confidentiality and non-disclosure of personal data.
Representatives of public authorities (including controlling, supervising, law enforcement and other authorities), receive access to personal data processed by the Administration, in the scope and manner prescribed by the legislation of Estonia.
In addition to the above rights, subjects of personal data have the rights under the GDPR.
The User has the right to find out what personal data we process. To do this, the User can submit a request for this information via email. The list of data that the Administration is obliged to provide is specified in Articles 13 and 14 of the GDPR. At the same time, in their request, the User must state their specific requirements so that the Administration can legally consider this request and give an answer.
If the Administration is unable to verify the User's identity during the exchange of e-mails or during contact by phone, or in case of reasonable doubts about the User's identity, the Administration may ask the User, or the requesting person, to provide proof of identity, including by personal appearance at the location of the Administration. This is the only way to avoid disclosure of your personal data to an individual who may impersonate you.
The Operator will process requests as quickly as possible, but at the same time, it may take up to 30 calendar days to provide a complete and lawful response regarding personal data.
In the event that the personal data being processed is incorrect or outdated, the User has the right to make a correction by contacting the Operator.
Personal data cannot be changed if it has already been used in the execution of a contract and/or is contained in a tax document that has been executed in accordance with the Tax Laws.
The subject of personal data has the right to require the Operator to delete, without undue delay, personal data relating to him/her, and the Operator is obliged to immediately delete personal data if any of the following grounds apply:
(a) the personal data is no longer required for the purposes for which it was collected or otherwise processed;
(b) the personal data subject withdraws their consent on the basis of which the personal data processing is carried out and if there is no other legal basis for such personal data processing;
(c) the personal data subject objects to the processing of personal data and there is no overriding legitimate basis for such personal data processing;
(d) the personal data has been processed unlawfully;
(e) the personal data must be destroyed pursuant to a legal obligation under the Act or the law of the European Union or the Member State to which the Operator is subject;
(f) personal data has been collected to provide information services.
In this case, for security reasons, the Operator may ask the User to provide proof of identity, including directly at the location of the Operator.
You can exercise your rights in relation to the Operator by contacting 
[email protected]. We will provide you with a response to your request within one month of its receipt.
Please note that when you submit a request to exercise your rights, the Operator may require verification of your identity via email or other means and may ask you certain clarifying questions to determine the nature and scope of your request.
Your personal data will be stored for the period necessary to achieve the purposes of its processing, or for the period specified by law. After the storage period has expired, your data will be deleted or anonymized.
The period of personal data processing shall be determined based on the purposes of such processing, but no longer than specified by law.
      Personal data, the period of processing (storage) of which has expired, must be destroyed or depersonalized unless otherwise provided by Estonian law. The personal data shall be stored in a form enabling identification of the personal data subject no longer than required by the purposes of personal data processing, unless the law stipulates a storage period of such personal data. Processed personal data shall be destroyed or depersonalized upon attainment of the purposes of processing or if it is no longer necessary to attain those purposes, unless otherwise provided by the legislation. We must also consider the periods for which we may need to retain your personal data in order to meet our legal obligations to you or regulatory authorities.
We may, over time, minimize your personal data that we use or may even make your personal data anonymous so that it can no longer be linked to you personally. We will then be able to use this information without informing you further.
The processing of personal data will cease::
✔      If the purposes of the personal data processing are achieved and/or if such purposes cease to exist;
✔      In case of expiration of the storage period of personal data;
✔      At your request, if the request to delete personal data is granted;
✔      In case of withdrawal of consent to data processing, if there are no other legal grounds for processing personal data provided by law;
✔      In case of liquidation of the Operator.
The Platform is not intended for use by children under the age of 16 or older if your country of residence sets a higher restriction. We intentionally do not process the personal data of children and, if we do, we will delete such data within a reasonable period of time.  
This Policy may be changed or terminated unilaterally by the Operator without prior notice to Users, including if required by applicable law. The new edition of the Policy comes into effect from the moment of its posting on the website, unless otherwise stipulated by the new edition of the Policy.
It is your responsibility to make sure that the Policy is up-to-date, so the Operator recommends that you check the Policy each time you visit the Platform.