PRIVACY AND COOKIES POLICY
Effective as of (last updated): Mar 4, 2018
Your privacy is important to us at Vital Concepts LLC. (“we”, “us”, “our”). Please read our Privacy and Cookies Policy before using our website(s) vital-co.com, (“website”, “websites”). We collect and process your personal data in accordance with this policy.
1. What personal data we collect and why
We collect your personal data, with your consent, for a variety of purposes. When you create a customer account or check out as a guest on our website, we collect your contact information including your name, email address, postal address, phone number and a password. When you order products and complete a checkout form on our website, we collect data needed to process your order including your billing and shipping addresses, and payment details pertaining to your credit or debit card and any associated security code. Without this data, we cannot enter into a contractual relationship with you and fulfill your order – see our Terms of Service for more information.
When you email us via a contact form on our website or send us something via postal service, we collect your personal data so we can respond to you and keep a record of our correspondence. We also collect your data when you opt-in to receive our email newsletter, alerts, and updates, when you submit comments, feedback, questions or product reviews, and when you complete a survey or quiz or enter a contest on our website.
If we ever intend to change the purpose for which we use your personal data, we will obtain your consent for that new purpose prior to using your data.
We do not intentionally or knowingly collect sensitive personal information about you, meaning, any information that reveals your race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information used to identify you, and any information concerning your health, sex life or sexual orientation. If you share sensitive personal information with us, we may delete it with the understanding that you explicitly consented to its deletion.
California Do Not Track Disclosures: We adhere to the California Online Privacy Protection Act (“CalOPPA”) which protects personally identifiable information belonging to residents of California. Do Not Track (“DNT”) is a privacy preference that users can set in their web browsers. When you turn on a DNT signal in your web browser, a message is sent to the websites you visit requesting that they do not track your use of those websites. We honour DNT signals and do not track your online activities over time and across third party websites when a DNT browser mechanism is in place.
2. How we use personal data
We use your personal data to provide you with a rich and interactive experience on our website. Your data is used to market and sell our products, to provide customer support, to fulfill your order requests and provide invoices, confirmations and updates, to improve and develop our products and website, to make product recommendations, and to send you promotional communications, targeted advertising and relevant offers. We use your data to respond to your comments, feedback and questions, to notify you about changes to our website, to carry out our obligations from any contracts entered into between you and us (see our Terms and Conditions for more information), and to provide you with emails, alerts or updates if you have consented to receiving these from us.
The personal data we collect can tell us a lot about how you and other users interact with our website and other marketing communications. We perform various data analytics to deepen our understanding of our website users. We can improve our websites and marketing activities when we better understand usage behavior.
Whenever required to do so, we will use personal data to comply with our legal obligations and any applicable laws and regulations.
3. Where we store and process personal data
We are based in Canada with a global reach. To market and sell our products online, we use third party service providers that collect and process certain personal data on our behalf. These third parties have servers located in Canada and the U.S., and they may use servers located in other regions – see section “Who we share personal data with and why”, below, for more information.
If you live in the European Economic Area (“EEA”), your personal data is transferred outside the EEA. We ensure appropriate safeguards are in place whenever we transfer your data outside the EEA. Third parties who transfer your personal data outside the EEA on our behalf comply with the principles of the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks. For more information, see www.privacyshield.gov.
4. Who we share personal data with and why
We share your personal data only when we have a legitimate reason for doing so. We do not sell or give away your personal data. We use a variety of third party service providers to help us market and sell our products online. The following third parties process personal data on our behalf:
- We use Shopify Inc. to host our website. Shopify automatically collects certain data in server logs whenever someone accesses our website. See www.shopify.com/legal/privacy.
- We use Paypal to collect and process your payment data when you order our products on our websites. See https://publicpolicy.paypal-corp.com.
- We use Google Analytics Inc. for web analytics services – they collect data including IP address and information in cookies to learn more about users of our websites. Once personal data is collected, it is anonymized and stored on an aggregate basis. See https://policies.google.com/privacy.
We will disclose your personal data in response to a court order or other governmental request, and in compliance with any legal obligation we must uphold. We will also share your personal data in connection with a merger, sale of company assets, or acquisition of all or a portion of our business by another company. In the unlikely event that we go out of business or enter bankruptcy, your personal data would likely be one of the assets that is transferred to or acquired by a third party. If any of these business transfers happens, this policy would continue to apply to your personal data and the party receiving your data would continue to follow this policy.
5. How long we retain personal data
We store your personal data until it is no longer necessary for us to provide our products and services or until your customer account or guest checkout and purchase history data is deleted. See section “How to access and control your personal data”, below, for information on how to delete your personal data. When you make a purchase on our website, we retain your billing information and order details for at least seven years for accounting and/or tax purposes.
We retain your personal data to comply with legal and regulatory requirements or for our legitimate purposes, such as responding to enquiries, and may sometimes need to keep it for a longer period. If we do not need to retain it for as long, we may delete, destroy or anonymise it sooner .
6. How we keep your personal data secure
We use a range of measures to keep your personal data safe and secure. We and our third party service providers use secure servers to store your personal data. Secure Sockets Layer (“SSL”) technology is used to encrypt transfers of data to and from our servers and to encrypt payments you make on or via our website. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect personal data when using and transferring such data. We use Shopify to store data on secure servers and create server logs used to ensure network security by detecting unusual or suspicious activity, preventing unauthorized access, and blocking distribution of malicious code. Server logs collect your IP address, the webpages you access on our site, information you request and the date/time of your request, the source of your access to our website (for example, the website or link which referred you to our website), your browser version and your operating system.
If a data breach occurs and jeopardizes the security of your personal data, we will work with our third party service provider(s) to address the breach. We will notify users of our website of a data breach within whatever timeframe is required by law.
7. How to access and control your personal data
You can contact us at any time to request access to, deletion of and/or updates to your personal data. Please contact us , outlining your request, at the address provided in the “How to contact us” section, below. You can withdraw your consent at any time for anything you gave consent to. You can also object to or restrict our use of your personal data. If you have a customer account on our website, or you have posted any comments our website, you can request to receive an exported file of your personal data. You can also request that we delete any personal data we hold about you, excluding any data we are obligated to keep for administrative, legal or security purposes. When you request access to your personal data, we are required to use all reasonable measures to verify your identity before granting access. We do this to protect your data and limit the risk of potential identity fraud/theft or unauthorized access. Finally, you have the right to contact the privacy or data protection regulator in the country where you live to make a complaint.
Cookies are small text files sent to and stored on your web-enabled device (for example, your computer, smartphone or other device) when you visit a website. This data uniquely identifies your device. When we use the term “cookies”, we include other technologies that accomplish similar tasks or help cookies function. For example, web beacons are electronic tags on webpages used to help deliver cookies. Web beacons can also be used in emails to collect information about delivery rate, open rate, and click through rate – we use web beacons in emails to help us assess the level of engagement by our email recipients.
When we include links to other websites, those sites will have their own privacy and cookie policies that will govern the use of your personal data on those sites. We recommend you check their policies as we are not responsible or liable for their practices.
Web browsers are typically set up to accept cookies but if you wish to amend your cookie preferences, you can do this through your browser settings. If you choose to turn off certain cookies, it may affect the functionality of our websites. The cookies we use cannot look into your computer, smartphone or web-enabled device and obtain information about you or your family or read any material kept on your hard drive. If you use a public computer to access our websites, our cookies cannot be used by anyone else who has access to that computer to find out anything about you, other that the fact that someone using that computer may have visited this site.
9. Collection of personal data from children
Our websites and marketing activities are not aimed at children, defined as individuals under the age of 13. We comply with the Children’s Online Privacy Protection Act of 1998 (“COPPA”) and we do not knowingly collect personal data from children. If we become aware that we have personal data of children, whether through error, deception or fraud, we will delete the data unless there is a justifiable reason to retain such data in compliance with COPPA.
10. Changes to this Privacy and Cookies Policy
We may modify this policy from time to time. When we do, we will provide notice to you by publishing the most current version and revising the date at the top of this page. If we make a material change to the policy, we will provide additional notice by sending you an email and/or displaying a prominent notice on our websites. By continuing to use our websites after changes to this policy come into effect, you agree to the revised policy.
11. How to contact us
If you have questions about this Privacy and Cookies Policy, please contact us at:
Address: Vital Concepts LLC.
420 4th FL 1
Palisades Park, NJ 07650