Privacy Policy
This Privacy Policy explains how Veili Collective, S.L. (“Veili”, “we”, “us”, or “our”) collects, uses, shares, and protects personal data across our websites, products, services, marketing and communications, including https://veili.com (the “Site”).
1) Who is the Controller?
Controller: Veili Collective, S.L.
NIF/CIF: B22787576
Registered address: Calle Rector Ubach 29, Piso 4 Puerta 2, 08021 Barcelona, Cataluña, España
Website: https://veili.com
Contact for privacy matters: hello@veili.com
We are subject to the supervision of the Agencia Española de Protección de Datos (AEPD). You can lodge a complaint with the AEPD or with your local EU/EEA supervisory authority.
2) What personal data we collect
- Contact data submitted by you — Email address you provide via our forms.
- Usage and device data collected automatically — Online identifiers, device information, and usage data collected via cookies and similar technologies, limited to the cookies and technologies listed in the tables below.
Note: We do not intentionally collect special category data (e.g., health, religion) or data about criminal convictions via the Site.
3) Purposes and legal bases for processing
| Purpose | Description | Legal basis (GDPR) |
|---|---|---|
| Email communications (promotional and informative) | To send newsletters, updates, and information about Veili and to contact you directly. | Consent (Art. 6(1)(a)). You can withdraw consent at any time (see Section 8). |
| Audience engagement across platforms | To add your email to compatible platforms we operate for the purpose of enhancing communication. | Consent (Art. 6(1)(a)). |
| Site functionality (strictly necessary cookies) | To operate the Site securely and enable basic features (e.g., authentication, fraud prevention). | Legitimate interests (Art. 6(1)(f)) in providing a secure and functional Site; and/or performance of a contract (Art. 6(1)(b)) where applicable. |
| Analytics and performance | To understand Site performance, detect errors, and improve user experience. | Consent (Art. 6(1)(a)) via the cookie banner/consent tool, except for strictly necessary cookies. |
| Legal compliance and protection | To comply with legal obligations, enforce our terms, and protect our rights. | Legal obligation (Art. 6(1)(c)) and/or legitimate interests (Art. 6(1)(f)). |
4) Cookies and similar technologies
We use cookies and similar technologies to support functionality and analyze performance.
We use a cookie banner with opt-in/out options. When enabled, non-essential analytics cookies (if used) are prevented from being set until you click Accept. Your preferences are remembered via consent cookies. For third-party tags added via integrations or code injection, we implement consent gating so those tags do not fire until you opt in.
Necessary and required cookies
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _acloggedin | Cookie | January 1, 2025 | Supports login by Acuity Scheduling client if the client has an account. |
| ACUITY_CART | localStorage | No expiration | Stores details about a client’s package/gift/subscription purchase (item and quantity); applies to the new scheduler. |
| _client_acloggedin | Cookie | January 1, 2025 | Supports login by Acuity Scheduling client if the client has an account. |
| _dd_cookie_test | Cookie | Expires instantly | Tests if cookies are supported. |
| _dd_s | Cookie | Four hours | Tracks browser errors. |
| _dd_site_test | Cookie | Expires instantly | Tests if cookies are supported. |
| _grecaptcha | localStorage | No expiry | Helps reduce spam in Acuity Scheduling. |
| _ssid | Cookie | Four years | Remembers devices for anti-fraud purposes. |
| CART | Cookie | Two weeks | Shows when a visitor adds a product to their cart. |
| CHECKOUT_WEBSITE | Cookie | Session | Identifies the correct site for checkout when checkout on your domain is disabled. |
| client_username | Cookie | One year | Remembers a logged-in Acuity Scheduling client’s username between visits. |
| clientUser | Cookie | 30 days | Stores the Acuity Scheduling client’s username, OAuth2 Access Token, and Refresh Token (required for logged-in functionality). |
| Commerce-checkout-state | sessionstorage | Session | Stores state of checkout while the visitor completes their order in PayPal. |
| Crumb | Cookie | Session | Prevents cross-site request forgery (CSRF). |
| hasCart | Cookie | Two weeks | Tells Squarespace that the visitor has a cart. |
| Locked | Cookie | Session | Prevents password-protected screen from appearing after correct site-wide password is entered. |
| orderStatusSessionToken | Cookie | One year | Authenticates a visitor who logs into an order status page. |
| PHPSESSID | Cookie | One month | Securely authenticates a visitor during checkout in Acuity Scheduling. |
| RecentRedirect | Cookie | 30 minutes | Prevents redirect loops when custom URL redirects are used. |
| remember_client | Cookie | 365 days | Remembers Acuity Scheduling client’s login details (if they have an account). |
| siteUserCrumb | Cookie | Three years | Prevents CSRF for logged-in site users. |
| SiteUserInfo | Cookie | Three years | Identifies a visitor who logs into a customer account. |
| SiteUserSecureAuthToken | Cookie | Three years | Authenticates a visitor who logs into a customer account. |
| squarespace-announcement-bar | localStorage | Persistent | Prevents the announcement bar from displaying if dismissed. |
| squarespace-likes | localStorage | Persistent | Shows when you’ve already “liked” a blog post. |
| squarespace-popup-overlay | localStorage | Persistent | Prevents the promotional pop-up from displaying if dismissed. |
| squarespace-video-player-options | localStorage | Persistent | Remembers video player preferences for videos uploaded directly to Squarespace. |
| ss_performancecookiesAllowed | Cookie | 30 days | Remembers if visitor agreed to Performance & Analytics cookies (when cookie banner restricts placement). |
| ss_marketingcookiesAllowed | Cookie | 30 days | Remembers if visitor agreed to Marketing cookies (when cookie banner restricts placement). |
| ss_sd | Cookie | Session | Keeps Squarespace 5 visitors authenticated during sessions. |
| Test | Cookie | Session | Checks if the browser supports cookies and prevents errors. |
| TZ | localStorage | Persistent | Displays Acuity Scheduling appointments correctly by time-zone preference. |
Analytics and performance cookies
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ss_cid | Cookie | Two years | Identifies unique visitors and tracks a visitor’s sessions on a site. |
| ss_cpvisit | Cookie | Two years | Identifies unique visitors and tracks a visitor’s sessions on a site. |
| ss_cvisit | Cookie | 30 minutes | Identifies unique visitors and tracks a visitor’s sessions on a site. |
| ss_cvr | Cookie | Two years | Identifies unique visitors and tracks a visitor’s sessions on a site. |
| ss_cvt | Cookie | 30 minutes | Identifies unique visitors and tracks a visitor’s sessions on a site. |
Note: Cookie names and durations may change over time as our Site and vendors evolve.
5) Recipients (who we share data with)
- Vendors and processors that provide hosting, email delivery, customer engagement, analytics, security, and related services. These providers process data on our behalf and under our instructions (Art. 28 GDPR).
- Affiliated platforms we operate to enhance communication, limited to the purposes stated in Section 3.
- Professional advisers and authorities where required by law.
We do not sell personal data.
6) International data transfers
Some recipients may be located outside the European Economic Area (EEA). Where we transfer personal data internationally, we ensure an adequate level of protection, including by using: (i) an adequacy decision by the European Commission (where applicable); (ii) the Standard Contractual Clauses (SCCs) approved by the European Commission (and additional measures where necessary); or (iii) other appropriate safeguards recognized by the GDPR. You can request copies of relevant transfer safeguards by contacting us.
7) How long we keep your data (retention)
We retain personal data only as long as necessary for the purposes in this Policy. In practice:
- Email addresses are kept while we maintain an active relationship with you and while Veili exists, unless you withdraw consent or request erasure sooner.
- Cookie-derived data follows the durations in the cookie tables and/or our vendors’ configurations.
- We may retain data to comply with law, resolve disputes, or enforce agreements. If Veili ceases to exist, we will delete personal data unless retention is legally required.
8) Your rights under GDPR
- Access your personal data and obtain a copy.
- Rectification of inaccurate or incomplete data.
- Erasure (“right to be forgotten”).
- Restriction of processing.
- Portability of data you provided to us.
- Object to processing based on our legitimate interests and to direct marketing at any time.
- Withdraw consent at any time where processing is based on consent (does not affect lawfulness before withdrawal).
To exercise your rights, contact us at hello@veili.com. We may need to verify your identity before fulfilling your request. You also have the right to lodge a complaint with the AEPD or your local supervisory authority.
9) Marketing communications
If you subscribe to our emails, we will send you promotional and informative messages as described in Section 3. You can unsubscribe at any time using the link in our emails or by contacting us. Unsubscribing will stop marketing emails, but we may still process your data where permitted by law (e.g., for recordkeeping or to comply with legal obligations).
10) Security
We implement appropriate technical and organizational measures designed to protect personal data, including access controls, encryption in transit where applicable, least-privilege principles, and processor due diligence. However, no method of transmission or storage is completely secure.
11) Children
Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps.
12) Changes to this Policy
We may update this Policy from time to time to reflect changes in our processing or legal requirements. We will post the updated version on the Site and indicate the “Last updated” date above. When changes are material, we will take appropriate steps to inform you in advance.
13) Contact us
If you have questions about this Policy or our data practices, contact us at hello@veili.com or by mail at the address above.