Privacy Policy
The privacy and safety of your personal information are very important to us. Velella GmbH (“we”, “us”, or “our”) is committed to ensuring that your privacy is protected and that we comply with the General Data Protection Regulation (GDPR) regarding your data.
1. Who We Are
- Data Controller: Velella GmbH
- Contact Information:
If you have any questions about this policy or wish to exercise your rights, please contact us above.
2. What Personal Data We Collect
Depending on how you interact with our website, we may collect:
- Profile/account information if you register
- Any information you voluntarily provide via forms (e.g., feedback, queries)
See below details about data collection:
Duration
locale
1 year
User locale (en, de, etc)
protocol_type
1 year
Type of protocol to display on /roadmap/progress page
1 year
A cycle selected by user to display on the /roadmap/view page
Data Type
locale
Duration
1 year
User locale (en, de, etc)
Data Type
protocol_type
Duration
1 year
Type of protocol to display on /roadmap/progress page
Data Type
Duration
1 year
A cycle selected by user to display on the /roadmap/view page
3. How We Use Personal Data
We process your data for the following purposes:
- To provide, maintain, and improve our website and services
- To communicate with you (service requests, updates, responses)
- To comply with legal obligations
- To analyze site traffic and usage trends (via cookies and analytics tools)
4. Legal Basis for Processing
We process your information only where permitted by law under GDPR, including:
- Your consent (for email updates, newsletters, non-essential cookies)
- When necessary for performing a contract with you
- To fulfill legal obligations
- For our legitimate interests (site security, analytics, service improvement), provided these interests do not override your rights
5. How We Share Your Data
Your personal data may be shared with:
- Trusted service providers who assist in operating our website, e.g., web hosting, analytics, or email services (only as necessary and under confidentiality obligations)
- Where required by law or to protect legal rights
We do not sell or lease your personal data to third parties.
6. International Data Transfers
Your information may be processed outside the European Economic Area (EEA) by us or our service providers. Where this occurs, we ensure appropriate safeguards are in place to protect your data under GDPR.
7. Data Retention
We retain personal data only as long as necessary for the purposes set out in this policy or as required by law. We review and securely delete information no longer needed.
8. Your Rights
You have the following rights under GDPR:
- Access to the personal data we hold about you
- Rectification of inaccurate or incomplete information
- Erasure (right to be forgotten)
- Restriction of processing
- Data portability (receive your data in a commonly used format)
- Objection to certain processing activities
- Withdraw consent at any time (where we rely on consent)
To exercise any of these rights, contact us at the details above.
9. Cookies and Tracking Technologies
We use cookies and similar technologies for technical, functional, analytics, and (where you permit) marketing purposes. Details are provided in our Cookie Policy. You can manage your preferences via your browser settings or our site’s cookie controls.
Below is a list of cookies, their storage duration as well as their purpose:
Cookie
Duration
1 year
Stored by the user’s road map to display the road
CookieScriptConsent
1 month
This cookie is used by Cookie-Script.com service to remember visitor cookie consent preferences. It is necessary for Cookie-Script.com cookie banner to work properly.
XSRF-TOKEN
1 year
This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.
Duration
1 year
Stored by the user’s road map to display the road
CookieScriptConsent
Duration
1 month
This cookie is used by Cookie-Script.com service to remember visitor cookie consent preferences. It is necessary for Cookie-Script.com cookie banner to work properly.
XSRF-TOKEN
Duration
1 year
This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.
PHP Sessions:
Cookie
Duration
locale
1 year
User locale (en, de, etc)
protocol_type
1 year
Type of protocol to display on /roadmap/progress page
1 year
A cycle selected by user to display on the /roadmap/view page
locale
Duration
1 year
User locale (en, de, etc)
protocol_type
Duration
1 year
Type of protocol to display on /roadmap/progress page
Duration
1 year
Type of protocol to display on /roadmap/progress page
10. Children's Privacy
Protecting the privacy of children is especially important to us, as our website and services concern information about childhood leukemia.
- Age Restriction: Our website is primarily intended for use by parents, legal guardians, caregivers, and healthcare professionals. However, we acknowledge that children may access the website, particularly when seeking information related to childhood leukemia. In such cases, children should only use the website under the supervision and guidance of a parent or legal guardian. We do not knowingly collect or request personal data directly from children under the age of 16 without verified parental consent.
- Parental Consent: If we learn that we have collected personal information from a child under 16 without parental consent, we will take steps to promptly delete that data. We may require you to provide proof of your relationship to the child (e.g., demonstrating you are their parent or legal guardian) before granting access to or processing personal data related to a child.
- Children's Data Purpose: Any data collected about children (for example, health or treatment information) is only processed with explicit consent from a parent or legal guardian and solely for purposes related to the treatment, support, or research concerning childhood leukemia.
- Rights of Minors and Parents: Parents or legal guardians can review, amend, or request deletion of their child's personal data at any time by contacting the company directly.
- Education and Guidance: We encourage children and young people not to submit any personal data to us through the website. If you are under 16, please obtain your parent's or guardian's permission before sharing any personal data with us.
If you believe we may have collected information from a child under 16 without appropriate consent, please contact us immediately so we can address the issue.
11. Security
We implement appropriate technical and organizational measures to safeguard your personal data against unauthorized access, alteration, disclosure, or destruction. In implementing these measures, we take into account the technologies available, the costs of implementation, as well as the nature, context and purposes of the processing of personal data and the risks to the rights and freedoms of the persons concerned.
In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable data protection laws.
12. Updates to This Policy
We may update this policy to reflect changes in legal or operational requirements. Please check this page regularly. Where material changes are made, we will alert you by appropriate means.
13. Contact and Complaints
If you have concerns about our privacy practices, please contact us using the details above. If you’re not satisfied, you have the right to lodge a complaint with your national data protection authority.
This policy provides an overview of our data protection practices in compliance with GDPR. For specific questions, please reach out to us directly.
