Legal

Privacy Policy

Effective date: March 23, 2025 · Last updated: March 23, 2025

1. Who We Are

Verlium is a brand and service operated by Zensas Media Group S.L. ("we", "us", "our"), a company registered in Spain. We act as the data controller for all personal data processed through our services and website (verlium.com).


Zensas Media Group S.L.

Spain

Contact: privacy@verlium.com

2. Data We Collect

We collect and process the following categories of personal data:


  • Account data — name, email address, company name, billing address, and phone number provided during registration or checkout.
  • Payment data — payment method details processed securely by our payment processor (Stripe). We do not store full card numbers on our servers.
  • Usage data — service usage metrics, login timestamps, IP addresses, and feature interaction data used for billing and service improvement.
  • Technical data — browser type, operating system, device information, and referral URLs collected automatically when you visit our website.
  • Communication data — messages, support tickets, and correspondence you send to us.
  • Cookie data — essential cookies for authentication and session management. See Section 8 for details.

    • 3. How We Use Your Data

    We process personal data for the following purposes:


  • Service delivery — to provision, maintain, and support the services you purchase from us.
  • Billing and payments — to process payments, issue invoices, and manage your subscription.
  • Communication — to respond to your inquiries, send service notifications, and provide technical support.
  • Legal compliance — to comply with tax, accounting, and regulatory obligations (including EU VAT requirements under the OSS scheme).
  • Security — to detect, prevent, and respond to fraud, abuse, and security incidents.
  • Service improvement — to analyze usage patterns and improve our infrastructure and user experience.

    • We do not sell, rent, or share your personal data with third parties for their marketing purposes.

    4. Legal Basis for Processing

    Under the GDPR, we process your data based on the following legal grounds:


  • Contract performance — processing necessary to deliver the services you have purchased (Art. 6(1)(b) GDPR).
  • Legal obligation — processing required by law, including tax and accounting obligations (Art. 6(1)(c) GDPR).
  • Legitimate interest — processing for security, fraud prevention, and service improvement where our interests do not override your rights (Art. 6(1)(f) GDPR).
  • Consent — where you have given explicit consent for specific processing activities, such as marketing communications (Art. 6(1)(a) GDPR). You may withdraw consent at any time.

    • 5. Data Sharing and Transfers

    We share personal data only with the following categories of recipients, and only to the extent necessary:


  • Payment processors — Stripe processes payment data on our behalf under their own privacy policy and PCI DSS compliance.
  • Infrastructure partners — select partner data center operators who host our services under strict data processing agreements.
  • Legal and regulatory authorities — where required by law or to protect our legal rights.

    • We do not transfer personal data outside the European Economic Area (EEA) unless adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

    6. Data Retention

    We retain personal data only for as long as necessary to fulfil the purposes described in this policy:


  • Account data — retained for the duration of your account and for up to 12 months after account closure.
  • Billing and payment data — retained for 7 years after the last transaction to comply with Spanish tax and accounting regulations.
  • Usage and technical data — retained for up to 24 months for service improvement and security purposes.
  • Communication data — retained for up to 36 months after the last interaction.

    • When data is no longer needed, it is securely deleted or anonymized.

    7. Your Rights

    Under the GDPR, you have the following rights regarding your personal data:


  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your data ("right to be forgotten") where there is no legal basis for continued processing.
  • Restriction — request that we limit the processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format and transfer it to another controller.
  • Objection — object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent — withdraw previously given consent at any time without affecting the lawfulness of prior processing.

    • To exercise any of these rights, contact us at privacy@verlium.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.

    8. Cookies

    We use only essential cookies required for the functioning of our website and services:


  • Session cookies — maintain your authenticated session while browsing.
  • Security cookies — protect against cross-site request forgery and other threats.
  • Preference cookies — store your theme preference (light/dark mode).

    • We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No consent banner is required for essential cookies under the ePrivacy Directive.

    9. Security

    We implement appropriate technical and organizational measures to protect your personal data, including:


  • AES-256 encryption at rest and TLS 1.3 encryption in transit.
  • Access controls and authentication for all internal systems.
  • Regular security audits and penetration testing.
  • ISO 27001 certified partner facilities.
  • Incident response procedures with notification within 72 hours as required by GDPR.

    • 10. Children

    Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@verlium.com.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and published on this page with an updated effective date. Continued use of our services after changes constitutes acceptance of the revised policy.

    12. Contact

    For any questions or requests regarding this Privacy Policy or your personal data, contact us at:


    Zensas Media Group S.L.

    Email: privacy@verlium.com

    Website: verlium.com/contact

    Have questions about your data?

    Contact Us
    Nerd Mode