Privacy Policy
Last updated: April 2026
1. Introduction
Schmidt & partners GmbH (“Veylor®”, “we”, “us”, or “our”), Bahnhofstrasse 9, 35096 Weimar (Lahn), Germany, operates the website veylor.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or purchase products, in accordance with the General Data Protection Regulation (EU) 2016/679”).
By using our website, you acknowledge that you have read and understood this Privacy Policy.
Contact for data protection inquiries: info@veylor.com
2. Data Controller
The data controller responsible for processing your personal data is:
Schmidt & partners GmbH
Bahnhofstrasse 9, 35096 Weimar (Lahn), Germany
Email: info@veylor.com
VAT ID: DE369830284
Commercial Register: HRB207528, District Court of Goettingen
3. Data We Collect
3.1 Data You Provide To Us
When you place an order, create an account, subscribe to our newsletter, or contact us, we may collect:
• Full name
• Email address
• Shipping and billing address
• Telephone number
• Payment information (processed securely by our payment service providers)
• Any other information you voluntarily provide in correspondence with us
3.2 Data Collected Automatically
When you visit our website, certain data is automatically collected and stored in server log files:
• IP address
• Date and time of access
• Browser type and version
• Operating system
• Referring URL (the page from which you arrived)
• Pages visited on our website
• Device type and screen resolution
Server log files are retained for a maximum of 14 days and then automatically deleted. We do not share this data with third parties unless required by law.
3.3 Data Collected Through Cookies and Tracking Technologies
We use cookies and similar technologies to improve your experience on our website. For detailed information, please refer to our Cookie Policy.
4. Purpose of Data Processing
We process your personal data for the following purposes:
• Order fulfilment: To process and deliver your orders, issue invoices, and handle returns or warranty claims.
• Customer communication: To respond to your inquiries, send order confirmations, and provide customer support.
• Legal obligations: To comply with applicable tax, accounting, and commercial law requirements.
• Website optimisation: To analyse how visitors use our website and improve
functionality and content.
• Marketing: With your consent, to send you newsletters and promotional
communications about Veylor® products. You may withdraw your consent at any time.
• Advertising and remarketing: To deliver relevant advertisements to you across third-party platforms, based on your interactions with our website.
5. Legal Basis for Processing
We process your personal data on the following legal bases under Article 6(1) GDPR:
• (a) Consent: Where you have given us explicit consent, for example for marketing emails or the use of non-essential cookies.
• (b) Contractual necessity: Where processing is necessary to fulfil a contract with you, such as processing an order.
• (c) Legal obligation: Where we are required to process data to comply with a legal obligation.
• (f) Legitimate interest: Where processing is necessary for our legitimate business interests, such as fraud prevention and website security, provided these interests do not override your fundamental rights.
6. Cookies and Tracking Technologies
6.1 Google Analytics 4 (GA4)
We use Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). GA4 uses cookies and similar technologies to collect and analyse information about how you use our website. This helps us understand visitor behaviour and improve our online presence.
GA4 collects data such as pages visited, session duration, approximate geographic location (derived from anonymised IP addresses), device and browser information, and traffic sources. Google processes this data on our behalf and does not use it for its own advertising purposes within GA4.
IP anonymisation is enabled, meaning your IP address is truncated within the European Economic Area before being transmitted to Google servers.
You may opt out of Google Analytics by installing the Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout.
For more information, see Google’s Privacy Policy at https://policies.google.com/privacy.
6.2 Google Tag Manager
We use Google Tag Manager, provided by Google Ireland Limited, to manage and deploy marketing and analytics tags on our website. Google Tag Manager itself does not collect personal data or set cookies. It serves as a framework through which other tags (such as GA4 or advertising pixels) are loaded. Data collection is governed by the individual tags managed through Google Tag Manager.
6.3 Meta Pixel (Facebook Pixel)
We use the Meta Pixel, provided by Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland). The Meta Pixel is a piece of JavaScript code embedded on our website that enables us to measure the effectiveness of our advertising on Meta platforms (Facebook and Instagram), build targeted audiences for future ads, and remarket to visitors who have taken specific actions on our site.
When you visit our website, the Meta Pixel may collect data including your IP address, browser and device information, pages visited, actions taken (such as adding items to a cart or completing a purchase), and referral URLs. This data may be matched with your Meta account (if you have one and are logged in) to deliver personalised advertisements.
Meta may process your data outside the European Economic Area. Appropriate safeguards are in place, including the EU Standard Contractual Clauses.
You can manage your advertising preferences on Meta at https://www.facebook.com/ads/preferences. You may also opt out of interest-based advertising through http://www.youronlinechoices.com.
For more information, see Meta’s Data Policy at https://www.facebook.com/privacy/policy/.
6.4 TikTok Pixel
We use the TikTok Pixel, provided by TikTok Technology Limited (10 Earlsfort Terrace, Dublin 2, D02 T380, Ireland). The TikTok Pixel is a tracking code placed on our website that allows us to measure the effectiveness of our TikTok advertising campaigns, optimise ad delivery, and build custom audiences for remarketing purposes.
When you visit our website, the TikTok Pixel may collect data including your IP address, browser and device information, pages visited, actions taken on our website, and referral information. This data may be used by TikTok to match you with your TikTok account (if applicable) and serve you relevant advertisements.
TikTok may process your data outside the European Economic Area. Transfers are safeguarded by the EU Standard Contractual Clauses.
You can manage your advertising preferences on TikTok within the TikTok app under Settings > Privacy > Personalisation and Data.
For more information, see TikTok’s Privacy Policy at https://www.tiktok.com/legal/privacy-policy-eea.
6.5 Reddit Pixel
We use the Reddit Pixel, provided by Reddit, Inc. (303 2nd Street, Suite 500S, San Francisco, CA 94107, USA), with Reddit Ireland Limited acting as the data controller for EEA users. The Reddit Pixel is a tracking tool embedded on our website that allows us to measure the effectiveness of our advertising campaigns on Reddit, create targeted audiences, and perform conversion tracking.
When you interact with our website, the Reddit Pixel may collect data such as your IP address, browser and device information, pages viewed, and conversion events. This information may be used to serve you relevant advertisements on the Reddit platform.
Reddit may process your data outside the European Economic Area. Appropriate safeguards, including the EU Standard Contractual Clauses, are in place.
You can adjust your advertising preferences on Reddit at https://www.reddit.com/settings/privacy.
For more information, see Reddit’s Privacy Policy at https://www.reddit.com/policies/privacy-policy.
7. Data Sharing and Third Parties
We may share your personal data with the following categories of recipients, only to the extent necessary:
• Payment processors: To securely process your transactions.
• Shipping and logistics providers: To deliver your orders.
• Analytics and advertising providers: As described in Section 6 above (Google, Meta, TikTok, Reddit).
• Legal and regulatory authorities: Where required by applicable law.
We do not sell your personal data to third parties.
8. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). Where personal data is transferred to countries that do not provide an adequate level of data protection as determined by the European Commission, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses or reliance on an adequacy decision.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:
• Order data: Retained for the duration required by German tax and commercial law (generally up to 10 years).
• Customer account data: Retained for as long as your account is active, and deleted upon request following any mandatory retention periods.
• Newsletter data: Retained until you unsubscribe.
• Server log files: Deleted after 14 days.
• Cookie and tracking data: Retention periods vary by provider (see Section 6 and Cookie Policy).
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our website uses TLS (Transport Layer Security) encryption to ensure secure data transmission. You can identify this by the padlock icon in your browser’s address bar and the “https” protocol in the URL.
11. Your Rights Under the GDPR
As a data subject, you have the following rights under the GDPR:
• Right of access (Article 15 GDPR): You may request confirmation of whether we process your personal data and, if so, obtain a copy.
• Right to rectification (Article 16 GDPR): You may request correction of inaccurate personal data.
• Right to erasure (Article 17 GDPR): You may request deletion of your personal data, subject to legal retention obligations.
• Right to restriction of processing (Article 18 GDPR): You may request that we restrict the processing of your data under certain circumstances.
• Right to data portability (Article 20 GDPR): You may request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object (Article 21 GDPR): You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Article 7(3) GDPR): Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
• Right not to be subject to automated decision-making (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling.
To exercise any of these rights, please contact us at info@veylor.com.
If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority in Germany is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
https://datenschutz.hessen.de
12. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The most current version will always be available on this page with the updated date noted above. We encourage you to review this policy periodically.