Privacy Policy

Last updated: 24/0/2026

This Privacy Policy explains how Velarona Group Ltd trading as Vardonel (“Vardonel”, “we”, “us” or “our”) collects, uses, stores and protects personal information when you visit vardonel.com, contact us, submit a form, request a quote, or use our services.

We are committed to handling personal information lawfully, fairly and transparently in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018 and, where relevant, the Privacy and Electronic Communications Regulations.

Who we are

Business name: Vardonel
Legal company name: Velarona Group Ltd.
Company number: 15148389
Registered office / business address: 128 City Road, London, EC1V 2NX
ICO registration number: ZB733324
Website: https://vardonel.com
Email: privacy@vardonel.com

For data protection purposes, Velarona Group Ltd is usually the data controller for the personal information described in this Privacy Policy.

What personal information we collect

We may collect and use the following types of personal information:

  1. Contact and enquiry information
    When you contact us or submit a form on our website, we may collect your name, business name, email address, telephone number, website address, location, message content and any other information you choose to provide.
  2. Form submission information
    We use Forminator forms on our website to collect enquiry and quote request information. Information submitted through these forms may be stored in our website database and/or sent to us by email so we can respond to your request.
  3. Client and project information
    If you become a client, we may collect information needed to provide our services, such as your business details, website login details, Google Business Profile access information, hosting details, domain information, website content, communication history, project notes, service preferences and technical information needed to complete agreed work.
  4. Website and technical information
    When you visit our website, we may collect technical information such as your IP address, browser type, device type, operating system, approximate location, pages visited, referring website, date and time of visit and interaction data. This may be collected through server logs, Google Site Kit, Google Analytics, cookies, security tools, Cloudflare and other website monitoring technologies.
  5. Security and fraud prevention information
    We use security measures to protect our website from spam, abuse, unauthorised access, malicious activity and cyber attacks. These security measures may process technical information such as IP addresses, browser information, request headers, login attempts, firewall events and activity logs.
  6. Payment and billing information
    We may collect billing details, invoice information, payment references and records of payments. We do not usually store full card details ourselves. Where online card payments are used, payment information is processed by our payment provider.
  7. Marketing information
    If you subscribe to updates, request information, or give permission for us to contact you for marketing purposes, we may collect your name, email address, communication preferences and interaction history.

How we collect personal information

We may collect personal information when:

  • you complete a contact form, quote request form or other Forminator form on our website;
  • you email, call, message or otherwise contact us;
  • you book a consultation or discovery call;
  • you purchase or enquire about our services;
  • you give us access to your website, Google Business Profile, hosting, analytics, email or other business systems;
  • you interact with us on social media or third-party platforms;
  • you visit our website and cookies, analytics, server logs, Cloudflare or security tools are used;
  • you provide information during onboarding, support or project delivery.

Why we use personal information and our lawful bases

We only use personal information where we have a valid lawful basis to do so.

  1. To respond to enquiries and quote requests
    Purpose: To reply to your messages, provide information, discuss your requirements and prepare quotations.
    Lawful basis: Legitimate interests and/or steps before entering into a contract.
  2. To process form submissions
    Purpose: To receive, store and respond to information submitted through our website forms.
    Lawful basis: Legitimate interests and/or steps before entering into a contract.
  3. To provide our services
    Purpose: To deliver agreed services such as website updates, WordPress support, Google Business Profile optimisation, website maintenance, technical fixes, cookie/privacy setup support, local digital visibility services and related business support.
    Lawful basis: Contract.
  4. To manage client relationships
    Purpose: To manage onboarding, communication, project delivery, support, reporting, renewals and customer service.
    Lawful basis: Contract and legitimate interests.
  5. To manage payments, invoices and accounting records
    Purpose: To issue invoices, process payments, keep accounting records and comply with tax and business record requirements.
    Lawful basis: Legal obligation and legitimate interests.
  6. To monitor website performance and usage
    Purpose: To understand how visitors use our website, improve website performance, identify technical issues and improve our services.
    Lawful basis: Legitimate interests. Where non-essential cookies or similar technologies are used, consent may also be required.
  7. To protect our website and business
    Purpose: To maintain security, prevent spam, detect malicious activity, block suspicious traffic, prevent fraud, protect our legal rights and keep appropriate security records.
    Lawful basis: Legitimate interests and/or legal obligation.
  8. To send marketing communications
    Purpose: To send updates, offers, service information or useful content where permitted.
    Lawful basis: Consent or legitimate interests, depending on the circumstances and legal requirements.

Cookies, Google Site Kit and analytics

Our website may use cookies and similar technologies.

Cookies are small files placed on your device when you visit a website. Some cookies are necessary for the website to work properly. Other cookies, such as analytics, advertising or tracking cookies, may require your consent before they are used.

We use Google Site Kit to connect Google services to our website. This may include tools such as Google Analytics and Google Search Console. These tools help us understand website traffic, visitor behaviour, search performance and technical website performance.

Analytics tools may collect information such as:

  • pages visited;
  • time spent on the website;
  • device and browser information;
  • approximate location;
  • referring websites;
  • interaction data;
  • IP address or shortened/anonymised IP address where configured.

Where required, we will ask for your consent before placing non-essential analytics, marketing or tracking cookies on your device. You can manage or withdraw cookie consent through our cookie banner or browser settings.

A separate Cookie Policy may be provided on our website with more detailed information about the cookies and tracking technologies we use.

Forminator forms

We use Forminator forms to collect website enquiries, quote requests and contact messages.

When you submit a form, the information you provide may be:

  • stored securely in our WordPress website database;
  • sent to our business email address;
  • used to respond to your enquiry;
  • used to prepare a quotation or provide requested information;
  • retained for our business records.

Please do not submit sensitive personal information through our forms unless it is necessary for your enquiry.

Website hosting, Cloudflare and security logs

Our website is hosted by NameCheap. Hosting providers may process technical data needed to operate the website, including server logs, IP addresses, access times, browser information and error logs.

We use Cloudflare to improve website security, performance and reliability. Cloudflare may process visitor IP addresses, request data, firewall events and related technical information to help protect the website from malicious traffic, spam, denial-of-service attacks and other security risks.

We may also use WordPress security tools, firewall tools, login protection, malware scanning, activity logging and other security measures. These tools may process IP addresses, login attempts, user activity, browser information and technical security data.

This information is used to protect our website, visitors, systems and business from unauthorised access, abuse and cyber threats.

  1. Google Business Profile, website and third-party account access

If you instruct us to work on your website, Google Business Profile, hosting account, analytics, domain, email system or other digital platform, you may need to provide access to those systems.

We will only use that access for the agreed purpose of providing our services. We will not access, change, delete, publish or share information outside the agreed scope unless you instruct us to do so or it is reasonably necessary to complete the agreed work.

You are responsible for ensuring that you have the right to provide us with access to any account, platform or data you share with us.

Sharing personal information

We do not sell personal information.

We may share personal information with trusted third parties where necessary, including:

  • website hosting providers;
  • Cloudflare and website security providers;
  • Google services connected through Google Site Kit;
  • email and communication providers;
  • payment processors;
  • accounting and bookkeeping software providers;
  • cloud storage providers;
  • analytics providers;
  • security, backup and website maintenance tools;
  • professional advisers such as accountants, insurers or legal advisers;
  • contractors or subcontractors helping us deliver services;
  • public authorities, regulators or law enforcement where legally required.

Where we use third-party service providers, we take reasonable steps to ensure they handle personal information securely and only for appropriate purposes.

International data transfers

Some of the third-party tools, platforms and service providers we use may process personal information outside the United Kingdom.

This may include providers such as Google, Cloudflare, hosting providers, email providers, analytics providers or cloud software companies that operate internationally.

Where personal information is transferred outside the UK, we will take reasonable steps to ensure appropriate safeguards are in place. These may include:

  • UK-approved standard contractual clauses;
  • an adequacy decision;
  • contractual protections required by data protection law;
  • equivalent safeguards provided by the relevant service provider.

How long we keep personal information

We only keep personal information for as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods are:

  • enquiry and form submission records: up to 24 MONTHS after the last contact;
  • client project records: up to 6 YEARS after the end of the client relationship;
  • invoices, payment and accounting records: usually up to 6 YEARS for tax and accounting purposes;
  • website analytics data: up to 24 MONTHS;
  • website security logs: up to 24 MONTHS, unless needed longer for investigation, legal or security reasons;
  • marketing records: until you unsubscribe or withdraw consent, unless we need to keep a suppression record to ensure we do not contact you again.

We may keep information for longer if required by law, needed to resolve a dispute, enforce an agreement, investigate security issues or protect our legal rights.

How we protect personal information

We take reasonable technical and organisational steps to protect personal information from unauthorised access, loss, misuse, alteration or disclosure.

These steps may include:

  • password protection and multi-factor authentication where available;
  • access controls;
  • secure storage of client information;
  • website firewall and security monitoring;
  • Cloudflare security protection;
  • malware scanning and login protection;
  • limiting access to personal information to those who need it;
  • using reputable service providers;
  • maintaining backups and security tools where appropriate;
  • reviewing access when a project ends.

No website, email system or online service can be guaranteed to be completely secure. You should avoid sending highly sensitive information through ordinary email or website forms unless appropriate security measures are in place.

Children’s privacy

Our website and services are intended for businesses and adults. We do not knowingly offer services to children or intentionally collect personal information from children.

If you are under 18, you should not submit personal information through our website without permission from a parent or guardian.

If we become aware that we have collected personal information from a child without appropriate consent or lawful reason, we will take reasonable steps to delete that information.

If you believe a child has provided personal information to us, please contact us at privacy@vardonel.com.

Your data protection rights

Depending on the circumstances, you may have the right to:

  • access the personal information we hold about you;
  • ask us to correct inaccurate or incomplete information;
  • ask us to delete your personal information;
  • ask us to restrict how we use your personal information;
  • object to certain uses of your personal information;
  • ask for a copy of your personal information in a portable format;
  • withdraw consent where we rely on consent;
  • complain to the Information Commissioner’s Office.

To exercise your rights, contact us at:

privacy@vardonel.com

We may need to verify your identity before responding to your request.

Marketing communications

We will only send marketing communications where we are allowed to do so by law.

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us at [EMAIL ADDRESS].

Even if you opt out of marketing, we may still send service-related communications, such as project updates, invoices, security notices or important information about services you have requested.

Links to other websites

Our website may contain links to third-party websites, platforms or services. We are not responsible for the privacy practices, security or content of third-party websites. You should read their privacy policies before providing them with personal information.

How to make a complaint

If you have concerns about how we use your personal information, please contact us first so we can try to resolve the issue.

Contact details:

Velarona Group Ltd trading as Vardonel
Email: privacy@vardonel.com
Address: 128 City Road, London, EC1V 2NX

You also have the right to complain to the Information Commissioner’s Office, the UK data protection regulator.

Information Commissioner’s Office
Website: https://ico.org.uk
Telephone: 0303 123 1113
Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on this page with the updated date shown at the top.

Contact us

If you have any questions about this Privacy Policy or how we handle personal information, contact:

Velarona Group Ltd. trading as Vardonel
Address: 128 City Road, London, EC1V 2NX
Email: privacy@vardonel.com
ICO registration number: ZB733324