We are committed to safeguarding your privacy and to processing your personal data in a transparent, secure and legal manner.
We will only use your personal data for the purposes, on the legal grounds and for the storage periods set out below.
2. WHAT IS PERSONAL DATA?
Personal data is any information relating to an identified or identifiable natural person (“data subject”), i.e. any type of data that can be associated with a person. Examples include names, email addresses or phone numbers if they can be associated to a certain living physical person, but also e.g. a photo in which the person can be recognized.
3. WHAT DOES “PROCESSING” PERSONAL DATA MEAN?
The term “processing” covers all sorts of operations that are performed on personal data. The definition is very wide and includes all forms of handling data from collection, recording, storage and adaptation, to use, dissemination and even erasure of personal data.
4. WHAT PERSONAL DATA DO WE PROCESS, FOR WHAT PURPOSES AND ON WHAT LEGAL BASES?
We process personal data to be able to fulfil or enter into an agreement with you:
- If you purchase products or services from us, we will process your personal data to fullfil our contractual obligations towards you. The relevant personal data is identity (first name and second name), delivery address/billing address, telephone number, e-mail address, order information, payment details, payment history, credit card information and payment reference number.
- If you sign up for news, invites and offers (direct marketing), we will process your personal data to provide the services as requested by you. Our direct marketing may be based on profiling, which means that we may customize the information that you receive from us based on certain factors. We use the following types of personal data to compile a profile: your gender, your location, your previous purchases, your behavior on our website, and/or your previous behavior when receiving direct marketing from us (if we have such data). Categories of personal data are any data collected in connection with a purchase (see above), e-mail address, location (based on the Company’s website that you use to sign up for our marketing communications), any communication sent to you, order history and the e-mails that you have clicked on and your interactions with our website if you have followed a link in any e-mails sent to you.
- If you request support from us via our support channels, on the basis of an agreement with you, we will process your personal data to be able to assist you with the relevant matter (namely your name, e-mail address and other contact details, order details, purchase amount, purchase history, invoice, payment method, our correspondence with you, technical data about devices and operating system used). At your initiative, we may also process personal data such as ID, bank account details, work place, phone number, health data (such as allergy reactions or other health data that you provide us with), pictures attached by you or social status, if mentioned by you in our dialogue.
- If you have agreed to our terms and conditions for participating in an event organised by us, you have provided us with personal data such as contact details (e.g name, email address, address and phone number) and possibly also health information (e.g. injuries or allergies). We require this data in order to organise and safely carry out the event. Since we take photos and films during our events for future marketing purposes, as agreed in the terms, we may also collect, edit and on social media disseminate photos and films on which you are visible and may be identified.
- If you have agreed to our terms and conditions for entering a sweepstake, contest or other competition that we organize, you have provided us with personal data such as your name, shipping address, phone number, email address, social media name(s), age and possibly a contribution (e.g. a photo or film) on which you can be identified. We use this data to carry out the promotion (e.g. for the purposes of identification and age control, or to elect a winner and to distribute the relevant benefit or price), and in some cases also as a basis for further promotions. Where the prize is a trip, we may also process data such as citizenship and health information (e.g. allergies) that we need to know of for safety reasons.
- If you have applied for a job at the Company, you have provided us with personal data such as your contact details (e.g. name, email address, address and phone number) and possible other personal information (e.g. photo) in your application. We use this information to evaluate your application and suitability for employment, i.e. in order to take steps at your request prior to entering into a contract.
- If you have concluded an agreement with us regarding the sponsorship of an event, manufacturing of products or other professional collaboration, you have provided us with personal data such as your contact details (e.g. name, address, phone number, position and employer). We use such data to be able to fulfil our agreement with you.
The legal basis for our processing of this personal data relating to you is that the processing is necessary to enter into or to fulfil an agreement with you.
We process personal data based on our legitimate interests.
- News and Press Releases: If you are an existing customer of ours and have provided us with personal data such as your name, phone number, and email address, we use such information to send you relevant news and press releases, for example, via SMS or email. In every communication from us via email and SMS, you have the option to unsubscribe from receiving future news and press releases from us.
- Advertising to Existing Customers and New Audiences: If you are an existing customer of ours and have provided us with personal information, we may share your email address, name, address, and phone number in the services of our partners (such as Google Ads and Facebook) with the purpose of reaching you and new potential customers with similar interests and characteristics when they visit Google’s and Meta’s websites (e.g., Google search engine, Gmail, YouTube, Facebook, Instagram, and Audience Network). Google and Meta process the data solely in hashed, de-identified form and only for the purpose of matching personal information to target our campaign ads to you and to new audiences. To learn more about how your personal information is processed for this purpose, please refer to:
- If you have signed up for an event or trip that we organize, you have provided us with data such as your contact details (e.g. name, address, phone number and email address) and possibly also health information (e.g. allergies) which we need to know for safety reasons. As it is the nature of such events to take photos and films for visibility and marketing purposes, we may also process such material on which you can be identified.
- If you have contacted us with questions or complaints on our products (not on the basis of an agreement with you), you may have provided us with personal data such as your name, address, email address and phone number and possible health information (e.g. product-related health issues). We use this information to be able to answer your questions, investigate product issues, trace or report health risks, compensate you, and to prevent fraudulent behavior e.g. through unfounded complaints and compensation claims.
- If you otherwise choose to get in touch with us, at our general invitation or on your own initiative, via one of our general email addresses with ideas on new tastes, products or campaigns, you provide us with personal data that we use to be able to reply and evaluate the content of your email.
- If it is necessary to safeguard our rights since we have a legitimate interest in establishing, exercising and defending legal claims.
- If we sell or otherwise dispose of all or any part of our business and/or assets.
We process this personal data based on our assessment that it is necessary for the purposes of our legitimate interest to promote our products and trademarks, to remain competitive as a company and carry out our business. We assess that our legitimate interest in this case is not overridden by your interest or fundamental rights and freedoms that require protection of personal data, as you have yourself or even on your initiative provided us with your personal data and we process the data for purposes that should be in line with your expectations.
If we have concluded an agreement regarding any of the above listed activities, our processing of associated personal data will instead be based on the fulfilment of that agreement.
Legal requirements, public interest and consent.
We may need to process your personal data to fulfil legal requirements (e.g. obligations to keep records) and at the instruction of courts or public authorities (e.g. for tax reasons). We may also be legally required or compelled by public interest to process personal data relating to product issues in order to trace and monitor potential health risks.
In addition, we may process your personal data based on your consent. We will in that case obtain your consent in advance, for a specific purpose, and ensure that it is freely given, specific, informed and unambiguous. You have the right to withdraw a given consent at any time and are in that case welcome to adjust your privacy setting or contact our Data Protection Officer, see contact details below. Please note that a withdrawal will not retroactively apply for already performed processing.
- If you visit the Site and accept our cookies, we may collect personal data in the form of online behavior (e.g. data: Ip-address, user generated data from cookies (e.g. clicks, page viewed, page visits, time spent, products viewed and clicked on, orders, average order value), geographic location (country only), correspondence and feedback relating to our products and services, technical data (e.g. language, IP-address, device type, browser settings, time zone, operating system, platform), information about how you have interacted with us, i.e. how you have used our services, response times, page errors, how you reach and how you leave the site etc.) as described in our Cookie Settings . We analyze this information on an aggregated and pseudonymized level for statistical purposes, optimization of our homepage to market our products and trademarks by analyzing what parts of our homepages are most often visited. However, in relation to strictly necessary cookies, our processing is necessary for our legitimate interest in being able to provide you with a functioning website when you visit and use the services provided at the Site.
- If you enter the Site and give your consent to our Targeting Cookies, we will use collected information (Ip-address, user generated data from cookies (e.g. clicks, page viewed, page visits, time spent, products viewed and clicked on, orders, average order value), geographic location (country only)) for targeted messages on third party advertising platforms such as Facebook, Google, YouTube, Instagram, etc. to send you messages that are targeted at you, based on your behavior and browsing pattern, at specific times and locations of these platforms to increase the efficiency of our advertising campaigns. Your personal data is shared with the third-party advertising platforms, and they will attempt to match your profile in their database to determine the optimal time and place (the page you are browsing) to show you an advertisement from us. We also need to analyze necessary information to understand the impact of our advertising. If you do not accept that we track your data for this purpose, you may still see our advertisements on other platforms at random.
You can learn more about how our advertising partners help us achieve this purpose by visiting their sites.
5. WHO ARE THE RECIPIENTS OF THE PERSONAL DATA?
Only the people who need to process personal data for the purposes mentioned above have access to your personal data. We may need to share your personal data with our group companies. Your personal data will, where and to the extent necessary, be processed by the Company’s employees and its advisors, suppliers, service providers, partners and distributors. For instance, our e-commerce team will have access to personal data related to your purchases, our product managers will primarily have access to incoming questions and complaints on our products, whereas our HR department primarily will process employee information.
The Company concludes data processing agreements with third parties who through their services or collaboration gain access to or process personal data on our behalf. We thereby ensure that the third parties we work with process data in the same legal and secure way as us. More specifically, personal data is shared with the following categories of service providers that process such data on our behalf:
- Payment Solution (EU)
- Logistic Services (UK)
- Newsletter Services (EU)
- IT service provider (hosting services) (Germany)
The Company currently has sister companies in Norway, Denmark, Germany, France, Austria, Spain, Hong Kong and the U.S.A., as well as a sister branch office in Finland, and is continuing to expand internationally. The Company’s parent company is based in Sweden. We may also work with partners in many countries both within and outside of the UK and may therefore also need to share personal data with e.g. service providers and legal advisors not based in the UK.
This means that your personal data may be transferred outside of the UK. Such transfers will be based on adequacy decisions by the UK authorities where possible, and otherwise primarily on the performance of an agreement concluded between us. In other cases, any third country transfer of your personal data will rely on adequate safeguards such as standard contractual clauses. Exceptionally, we may also perform such transfers based on your explicit consent, important reasons of public interest, the management of legal claims, or to protect your or someone else’s vital interests.
We do also share your personal data with other controllers of personal data. Such controllers could be authorities (police, tax authority or other authorities), if we are obliged to share it according to law or suspected criminal activities, payment providers and banks to facilitate transactions, external counsel (lawyers and auditors) as well as courts to safeguard our rights, companies that purchase all or part of our business/assets and transport companies in order for them to handle and deliver your order. When your personal data is shared with other controllers, they will be responsible for your personal data and we refer to them for more information on how they process your personal data.
We use Klarna as the provider of our checkout. This means that we might transfer your personal data in the form of contact and order details to Klarna when the checkout is loaded, in order for Klarna to manage your purchase. Your personal data transferred is processed in line with Klarna’s own privacy notice.
6. DOES THE COMPANY PROCESS SPECIAL CATEGORIES OF PERSONAL DATA?
The Company never processes sensitive information such as information on racial or ethnic origin, political opinions, religious beliefs, or sexual orientation. In some cases, however, we are required to collect and, for a limited period of time, process data concerning health for safety reasons, such as information on allergies or other conditions that we need to know of when organizing trips or training events. Such data will always be deleted as soon as the purpose for which it was collected is no longer applicable.
7. FOR HOW LONG IS THE PERSONAL DATA RETAINED?
7.1 When we process personal data is based on an agreement.
We will retain your personal data during the term of the agreement and erase it when the agreement is terminated. However, the following exceptions apply:
- If we are legally required to retain or disclose any of your personal data after termination of the agreement, such as customer data or employment information, we will retain the data for as long and to the extent required under law or as instructed by a court or public authority.
- If necessary for the establishment, exercise or defense of legal claims, we will retain relevant personal data until it is not required anymore for such purpose
- Photos or films will not automatically be erased upon request or after completion of a given event, but will be used in accordance with our agreement.
- If you have spontaneously applied for a job at Vitamin Well, we will retain your personal data for six months from the application date in order to be able to contact you if a suitable position comes up. If you have unsuccessfully applied for a job with us, we will erase your application upon notifying you that we will not offer you the position, unless we agree with you otherwise.
- For agreements of purchase, we will process your personal data during the term of our contract (including the statutory complaint period of six years in England and for five years in Scotland) and we will thereafter erase your personal data.
7.2 When we process personal data based on our legitimate interest.
News updates: We will retain your personal data for as long as you remain signed up for or indicate your interest in our news updates. You may at any time cancel our news updates by opting-out or unsubscribe from our marketing.
Events and competitions: We will retain your personal data until the event or competition is completed (including a possible evaluation thereof). Photos and films from the event will, however, not automatically be erased after completion of the event, but may be used for as long as they are relevant for our marketing purposes.
Product questions and complaints: We will process the personal data for two years upon receiving it, in order to perform statistical analyses on questions and complaints, to investigate, trace and report potential health risks or product issues, to monitor and improve our customer service, pay compensation, and to prevent fraudulent behaviour (e.g. unfounded compensation claims).
Website visitors: We will process your personal data until you reject our website cookies.
Ideas etc.: We process any spontaneously received personal data for as long as it is relevant to us.
7.3 When we process personal data based on your consent, we will do it until the consent is revoked.
7.4 Please note that the above storage periods do not apply to the extent the Company is required to retain your personal data (partly or in full) under applicable mandatory law (e.g. accounting laws).
8. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
You are entitled to the following rights under applicable laws:
- The right to access: you may at any time request to access your personal data. Upon request, we will provide a copy of your personal data in a commonly used electronic form.
- The right to rectification: you are entitled to obtain rectification of inaccurate personal data and to have incomplete personal data completed.
- The right to erasure: under certain circumstances (including processing on the basis of your consent), you may request us to delete your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
The right to object: on grounds relating to your particular situation, you may at any time object to processing activities conducted by us in relation to your personal data which are based on our or a third parties legitimate interest. We will no longer process the personal data for purposes you have objected to unless we demonstrate compelling legitimate ground for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
The right to object also applies to processing of your personal data for direct marketing purposes. Where personal data are processed for direct marketing purposes you may at any time and without any condition object to such processing.
- The right to restriction of processing: you may under certain circumstances request from us to restrict the processing of your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
- The right to data portability: you are entitled to receive your personal data, which you have provided to us, (or have your such personal data directly transmitted to another data controller, where technically feasible) in a structured, commonly used and machine-readable format, where the processing of your personal data is based on consent or to fulfil an agreement with you.
If you have any questions or wish to invoke any of your rights, please contact our DPO at firstname.lastname@example.org
If you prefer not using our Cookie Settings , please follow the below links to receive instructions on how to change your browser settings from some of the most common browser providers (please note that these are links to third party websites for which we have no control):
Please note that by restricting cookies you might not be able to access all parts of our website since some functionality of the website are dependent on cookies.
To be transparent, we have summarized the cookies used on our website below.
By clicking on the Cookie Settings in the footer you will find a detailed list of the cookies we use on our website. We classify cookies in the following categories:
- Essential — These cookies are essential for you to browse the Site and use its features, such as accessing secure areas of the Site. Cookies that allow our Site to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
- Functional — Also known as “functionality cookies,” these cookies allow the Site to remember choices you have made in the past, like what language you prefer, or what your user name and password are so you can automatically log in (if we provide a log in function). They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
- Analytics — Also known as “performance cookies,” these cookies collect information about how you use our Site, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions and if you do not allow these cookies we will not know when you have visited our Site, and will not be able to monitor its performance.
- Marketing — These cookies track your online activity to help us and our advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies may be set through our Site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
If you have accepted consented to all cookies, you can optwithdraw your consentopt-out of these cookies (except for strictly necessary cookies) by accessing our cookie settings.
We employ appropriate technical and organizational security measures to help protect your personal data against loss and to guard against access by unauthorized persons. Appropriate security measures we have taken include implementing secure private connections, traceability, disaster recovery and access limitations.
We would like the chance to resolve any complaints you have, however you also have the right to complain to the UK data protection regulator (the “ICO”) about how we have used your personal data. Their website is https://ico.org.uk/your-data-matters/raising-concerns/.
10. CONTACT INFORMATION
The Site is operated by Vitamin Well Ltd located at 3rd Floor, 8-10 Charterhouse Buildings, London EC1M 7AN, UK.
Registered in England and Wales. Company no: 10821384. VAT no: 285398941.
Alternatively, you can contact us at the postal address mentioned above.
11. COOKIE AUDIT