top of page

Privacy Policy

​Last updated: 12/01/2026

This Privacy Policy explains how Velloney Operations LTD (“we”, “us”, “our”, or the “Platform”) collects, uses, stores, shares, and protects personal data when you use our food delivery application, website, or related services.

We are committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Cyprus Data Protection Law 125(I)/2018.

1. Data Controller

Company name: Velloney Operations LTD
Company ID: HE482287
Registered address: Amiliou 9, Limassol, Cyprus
Phone: +357 94 624103
Email: support@vellocy.com

Velloney Operations LTD acts as the Data Controller for all personal data processed through the Platform.

​

2. Scope of This Policy

This Privacy Policy applies to:

  • Customers placing food delivery orders

  • Delivery partners (couriers)

  • Restaurant partners

  • Website and mobile application users

  • Customer support communications

  • ​

3. Personal Data We Collect

3.1 Information You Provide

  • Full name

  • Email address

  • Phone number

  • Delivery address

  • Account login credentials

  • Order details and preferences

  • Communications with customer support

3.2 Payment Information

Payments made through the Platform are processed securely by our third-party payment service provider Worldline.

We do not collect, store, or process full payment card details such as card numbers, CVV codes, or expiration dates. All payment transactions are handled directly by Worldline, which is certified as PCI-DSS compliant.

The information we receive from Worldline is limited to:

  • Payment confirmation status

  • Transaction reference numbers

  • Partial, masked payment details (where applicable, e.g. last four digits)

This information is used solely for:

  • Processing orders

  • Handling refunds

  • Accounting and fraud prevention

3.3 Automatically Collected Data

  • IP address

  • Device type, operating system, app version

  • Usage logs and interaction data

  • Approximate location data (for delivery functionality)

3.4 Courier & Restaurant Partner Data

  • Identity and contact details

  • Business registration details

  • Bank details for payouts

  • Delivery and performance metrics

4. Legal Bases for Processing

We process personal data based on one or more of the following legal grounds:

  • Performance of a contract

  • Compliance with legal obligations

  • Legitimate interests (e.g. fraud prevention, service improvement)

  • User consent, where required

5. How We Use Your Data

5.1 General

We use personal data to:

  • Create and manage user accounts

  • Process food orders and deliveries

  • Facilitate payments and payouts

  • Provide customer support

  • Communicate service updates

  • Improve platform performance and security

  • Comply with legal and regulatory obligations

5.2 Payments & Fraud Prevention

We use payment-related information received from Worldline to:

  • Process and confirm transactions

  • Detect and prevent fraudulent activity

  • Handle chargebacks and disputes

  • Comply with legal, accounting, and regulatory obligations

All payment processing is performed using encrypted connections and secure tokenisation provided by Worldline.

6. Data Sharing

6.1 General

We may share personal data with:

  • Restaurants fulfilling orders

  • Delivery partners completing deliveries

  • Payment service providers

  • IT, hosting, and analytics service providers

  • Legal or regulatory authorities where required by law

We do not sell personal data.

6.2 Payment Service Provider

We share necessary personal data with Worldline, our payment service provider, solely for the purpose of processing payments.

Worldline processes personal data as an independent data controller or data processor (as applicable) in accordance with its own privacy and security policies.

For more information on how Worldline processes personal data, please refer to Worldline’s Privacy Notice.

We do not authorise Worldline to use personal data for marketing purposes.

7. Data Retention

Personal data is retained only for as long as necessary to:

  • Provide our services

  • Comply with legal, accounting, and tax obligations

  • Resolve disputes and enforce agreements

8. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards such as:

  • EU Standard Contractual Clauses

  • Adequacy decisions by the European Commission

Where payment data is processed by Worldline outside the European Economic Area, such transfers are protected by appropriate safeguards, including EU Standard Contractual Clauses and compliance with GDPR Chapter V.

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase data (“right to be forgotten”)

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

Requests can be submitted to: support@vellocy.com

10. Security Measures

We implement appropriate technical and organisational measures to protect personal data against:

  • Unauthorised access

  • Loss

  • Alteration

  • Disclosure

All payment transactions are secured using PCI-DSS–compliant infrastructure, encryption, and tokenisation mechanisms provided by Worldline. Velloney Operations LTD does not store sensitive payment authentication data.

11. Cookies & Tracking

We use cookies and similar technologies to:

  • Ensure platform functionality

  • Analyse usage

  • Improve user experience

Further details are available in our Cookie Policy.

12. Children

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published within the app and/or on our website.

bottom of page