Privacy Policy

Data protection

The purpose of this privacy policy is to inform customers, potential customers and visitors to the Vitapur GmbH websites about the purpose and basis of the processing of personal data by Vitapur GmbH, Koschatstraße 38, 9020 Klagenfurt am Wörthersee (hereinafter referred to as Vitapur GmbH or the provider or controller of personal data).

 

Vitapur GmbH already processes your personal data with the utmost care and responsibility.

 

This privacy policy may be amended or supplemented at any time without prior notice or notification. By using the provider's website after a change or update, the person agrees to the changes and updates.

 

All our activities are in accordance with European legislation (Regulation (EU) 2016/697 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and the conventions of the Council of Europe (ETS No. 108, ETS No. 181, ETS No. 185, ETS No. 189) and the national legislation. 

 

The Privacy Policy deals with the treatment of information that the provider receives from you when you visit and use the Vitapur GmbH websites or provide it to the provider in the provider's physical stores or during a purchase or telephone communication.



The person responsible or the controller of the personal data is

 

Vitapur GmbH

Koschatstraße 38

9020 Klagenfurt am Wörthersee

Austria

E-mail: hilfe@vitapur.at  

Phone: +43 720 227905

 

Personal data

Personal data is information that identifies you as an identified or identifiable person. A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

 

The Provider collects the following personal data in accordance with the purposes set out in this Privacy Policy 

 

  • Basic information about the user (first and last name, residential address, date of birth, location).
  • Contact details and details of your communication with the controller (e-mail address, telephone number, date, time and content of postal or e-mail communication, date, time and duration of telephone conversations, recording of telephone conversations).
  • Channel and campaign - the way in which the member was recruited or the source through which the user came into contact with the operator (website and advertising campaign or campaign, call center, store).
  • Information about the user's purchases and the invoices issued (date and place of purchase, items purchased, prices of items purchased, total amount of purchase, method of payment, delivery address, invoice number and date of issue, identification of the person who issued the invoice, etc.) and information about the resolution of product complaints.
  • Data on the use of the controller's website by the user (date and time of the visit to the website, pages or URLs visited, time spent on each page, number of pages visited, total time spent on the website, settings made on the website) and data on the use of messages received from the controller (e-mail, SMS).
  • data from forms that the user fills out voluntarily, e.g. as part of competitions or when using guides to determine the best products for the user's needs
  • other data that the user voluntarily provides to the provider when using certain services for which this data is required.

 

The provider collects and processes your personal data only if you allow or consent to the provider to do so, i.e. when you order products or services, sign up to receive newsletters, enter a competition, etc., or if there is a lawful basis for collecting your personal data or the provider has a legitimate interest in processing it.

 

The period during which the provider retains the collected data is explained in more detail in the section on the retention of personal data in these General Terms and Conditions.

 

Purposes of processing and grounds for processing

Provider collects and processes your personal data on the following legal bases:

  • law and contractual relationships,
  • individual consent, and
  • legitimate interest.

 

Processing on the basis of law and contractual relationships

If the provision of personal data is a contractual obligation, an obligation necessary for the conclusion and fulfillment of a contract with a provider or a legal obligation, you must provide personal data; if you do not provide personal data, you must provide it.

 

If you do not provide personal data, you will not be able to enter into a contract with the provider, and the provider will not be able to provide you with services or products under the contract, as it will not be able to fulfill the contract.



Purpose of processing

Explanation

Conclusion and execution of the contract





Conclusion and execution of the contract entered into with the provider, including the provider's fulfillment of your orders (delivery of products and provision of services), communication with you, verification of your payments, and fulfillment of other obligations of the provider and/or your obligations (provider's legitimate interest in processing your personal data, point (f) of Article 6(1) GDPR).

Directly informing customers about special offers, news, discounts, and other content via email or SMS.

At Vitapur GmbH, we inform our customers about our products, services, and content based on the law implemented in accordance with Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002. Customers can request the cessation of this communication and the processing of their personal data at any time.

Customers can unsubscribe from these communications at any time via the unsubscribe link in the messages received or by submitting a written request to the email address hilfe@vitapur.at 

 

Processing based on legitimate interest
The provider may also process data based on legitimate interest, which the provider pursues, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual whose personal data require protection. In the case of using legitimate interest, the provider always conducts an assessment in accordance with the General Data Protection Regulation.

Purpose of processing

Explanation

General statistical processing of customer data and their orders, as well as potential customers (contacts), for the purposes of internal sales analysis, repeat purchases, aggregate customer behavior, advertising optimization, and business optimization.





At Vitapur GmbH, we conduct general statistical processing of data regarding customers, their orders, and potential customers (contacts). Based on this data, we perform internal analyses on sales, repeat purchases, and overall customer behavior. We monitor and optimize our business performance and advertising efforts. For example:

  • Monitoring sales across our distribution channels (internet, retail stores, call center/phone).
  • Tracking how many customers repurchase, how quickly, and at what value.
  • Monitoring general sales statistics such as average basket value, number of products ordered, etc.
  • Tracking responses to emails, SMS messages, phone calls, and various advertising messages (TV ads, radio ads, web ads), and optimizing our advertising based on this data (deciding what, where, to whom, and how to advertise).

This type of statistical monitoring allows us to optimize our business and advertising efforts overall and provide cost-effective products and services to our customers.

Access to your past orders and other data by advisors at Vitapur call center and physical stores for the purpose of providing better service and better offers.





When you call the Vitapur GmbH call center (or receive outgoing calls from us) or visit our physical stores (upon self-identification), our salespeople and advisors have access to your stored personal data and purchase history, enabling them to provide you with better service and more personalized offers.

If you do not wish for this, you can terminate this type of data processing at any time by submitting a written request to hilfe@vitapur.at.

Processing of data on unclaimed remote orders for the purpose of fraud prevention.

Vitapur GmbH processes data on sent and unclaimed non-store orders based on its legitimate interest to determine if and which customers disproportionately order products by cash on delivery remotely and then do not collect these products, resulting in financial loss that we aim to prevent.

Once we have identified such customers, we will prevent them from ordering products via cash on delivery in the online shop, but they will still have the option to order products via immediate prepayment by credit card or PayPal.

Automatic email communication with the user based on their initiation of the online purchasing process.

Vitapur GmbH sends occasional emails to potential customers based on its legitimate interest. These emails are sent to individuals who have added selected products to their shopping cart but have not completed the purchase. The purpose of these emails is to encourage the completion of the purchase or provide assistance and information in this regard.


If you do not wish to receive this type of communication, you can opt out at any time or submit a written request to hilfe@vitapur.at.

Basic tailored communication (via email, SMS, phone calls, mail, browser notifications, website information, social media) with customized discounts, offers, and content.

As part of our basic personalized communication (via email, SMS, phone calls, mail, browser notifications, website information, social media), we strive to present you with relevant offers, discounts, and other content that may be of interest to you based on your past interactions with us.


For this purpose, we use the following information about you:

  • Demographic data (date of birth or age, address)
  • Your purchase history (purchased products, time of purchase, number of purchases)
  • Basic behavioral analysis on the Vitapur  websites
  • Your reactions (opening a message, clicking on a link, making a purchase) to the various messages we send you.

We do not use semi-automatic or automatic profiling but simply select appropriate recipient groups for each message. We never focus on individual data but aggregate data across larger groups.


These data can then be used to determine which messages you receive from us:

  • How often and through which communication channels we will send you messages. The customer can terminate this communication at any time via the unsubscribe link in the messages received or by submitting a written request to hilfe@vitapur.at .

Direct notification of special offers, discounts, and other content via phone calls and direct mail.

Vitapur GmbH informs its customers about its products, services, discounts, and content from time to time based on its legitimate interest, including through phone calls and regular mail.


The customer can request at any time that this communication and the processing of personal data be stopped.


The customer can terminate this communication at any time or by submitting a written request to hilfe@vitapur.at.

The use of Facebook Custom Audiences advertising tool.





Vitapur GmbH also uses Facebook Custom Audiences for online advertising based on its legitimate interest, either as part of implementing basic personalized communication based on its legitimate interest or as part of consent obtained for communicating personalized offers and content based on user profiles.


This service works as follows:


  1. We upload your email address, which we obtained from your purchase or voluntary submission, to Facebook.
  2. Facebook compares your email address with its user base to determine if you are a Facebook user.
  3. If you are not a Facebook user, nothing happens with your email address, and Facebook does not take any action with it.
  4. However, if you are a Facebook user, Facebook adds you to a newly created list of personalized audiences, which explicitly allows us to show personalized ads to this group of Facebook users.
  5. This allows us to show you more targeted and personalized ads on Facebook, including additional discounts.

You can opt out of this at any time by sending a written request to hilfe@vitapur.at.

 

Processing based on your consent
The provider also collects and processes (utilizes) your personal data for the following purposes when you have given your consent:

  • To ensure that you can access and use your online account with the provider and the provider's online shop, as well as for technical reasons related to managing the provider's website.
  • Sending commercial offers and other content via email, SMS, direct advertising, or phone calls if there is no other legal basis for it and you have consented to it.
  • Any other purpose for which you explicitly agree to cooperate with the provider.

Consent-based user profiling
Based on your consent, the provider also conducts personalized communication across various communication channels (email, SMS, phone calls, mail, browser notifications, website information, social networks).

In order to provide you with the best possible offers and content tailored to your needs, we create your profile with your consent, which serves as the basis for personalized communication.

For this purpose, we may use the following information about you:

  • Demographic data (date of birth or age, address)
  • Your purchase history (purchased products, time of purchase, number of purchases)
  • Behavior on the Vitapur GmbH websites (viewing individual products or content, adding products to the shopping cart, online transactions)
  • Your reactions (opening a message, clicking on a link, making a purchase) to the various messages we send you.

This user profile can then determine which content and offers you receive from us:

  • What offers you will receive (customers with a higher number or frequency of purchases receive better offers)
  • How often and through which communication channels we will send you messages

If you have consented to this type of processing and no longer wish to receive it, you can terminate this processing at any time via the unsubscribe link in the messages you receive or by submitting a written request to hilfe@vitapur.at.

If you prefer to receive non-personalized email communication, you can sign up here hilfe@vitapur.at for non-personalized email communication.

 

Storage of personal data
The provider only keeps your personal data for as long as necessary to fulfill the purpose for which the personal data was collected and processed (e.g., for the provider to fulfill your orders, verify your payments, and fulfill other obligations of the provider and/or your obligations, to ensure you have access to special offers available to you, to ensure that the provider sends you newsletters, etc.).

The personal data processed by the provider based on the law will be retained by the provider for the period prescribed by law.

The personal data processed by the provider for the performance of a contractual relationship with a person will be retained by the provider for the period necessary for the performance of the contract, and for 5 years after its termination, except in cases where a dispute arises between you and the provider in relation to the contract; in this case, the data will be retained by the provider for 5 years after the finality of the court or arbitration decision or settlement, or if no dispute arises, for 5 years from the date of amicable settlement of the dispute.

Those personal data processed by the provider based on the individual's consent or legitimate interest will be permanently stored by the provider until the individual revokes their consent or requests the termination of processing. The provider will only delete this data before revocation if the purpose of processing the personal data has already been achieved (e.g., in the case that the provider deletes all email addresses it has collected for the purpose of email notification, even if the person who consented to the processing of personal data for this purpose has not revoked their consent) or if required by law.

After the retention period expires, the data controller will effectively and permanently delete or anonymize the personal data so that it can no longer be associated with the data subject.

 

Contractual processing of personal data
As an individual, you acknowledge and agree that the provider may assign certain tasks related to your data to other entities (data processors). Data processors are only permitted to process the data entrusted to them on behalf of the provider, within the authorization of the provider (in a written contract or other legal act), and in accordance with the purposes set forth in this privacy policy.

The data processors that the provider collaborates with include:

  • Accounting services; law firms and other legal service providers,
  • Data processing and analysis providers,
  • IT system maintenance providers,
  • Email service providers (e.g., Mailchimp and others),
  • Payment system providers such as PayPal and others),
  • Customer relationship management system providers (e.g., Microsoft),
  • Online advertising solution providers (e.g., Google, Facebook).

The provider will not disclose your personal data to unauthorized third parties.

Data processors are only permitted to process personal data within the scope of instructions from the data controller and are prohibited from using personal data for their own purposes.

The data controller and users do not export personal data to third countries (outside the European Economic Area - EU member states as well as Iceland, Norway, and Liechtenstein) and international organizations, except to the USA - all data processors in the USA are members of the Privacy Shield program.

 

Freedom of choice
You have control over the information you provide about yourself. If you choose not to provide your data to the provider, you may not be able to access certain features of the website.

Individuals who wish to unsubscribe from our newsletter, please notify us via email at hilfe@vitapur.at. If your personal information (postal code, email address, postal address, phone number) changes, please inform us via email at hilfe@vitapur.at

Automatic recording of information (non-personal data)
When you access the website, general information that is non-personal (such as the number of visits, average time spent, pages accessed) is automatically collected, without requiring a login. We use this information to assess the attractiveness of our website and to improve its content and user-friendliness. Your data is not further processed and is not shared with third parties.

Cookies
Cookies are invisible files that are temporarily stored on your hard drive and allow the provider to recognize your computer when you visit a website again. The provider uses cookies only to gather information about the usage of the website and to optimize its internet advertising activities.

Advertising cookies track an individual's use of the provider's website unless the individual declines the use of cookies on the website.

Security
The provider is committed to ensuring the security of personal data. Your data is protected at all times against loss, destruction, falsification, manipulation, and unauthorized access or disclosure.

Consent of a Minor Regarding Information Society Services
Minors under the age of 16 should not provide any personal data on the website or otherwise without the permission (consent or approval) of the person who holds parental responsibility for the child (one of the parents or guardians). The provider will never knowingly collect personal data from individuals known to be minors (under 16 years of age) or use or disclose it to any unauthorized third party without the permission of the person who holds parental responsibility for the child.

This does not affect the general contract law of the Member States, such as rules regarding the validity, formation, or effect of a contract with a child.

Taking into account the available technology, in such cases, the provider reasonably endeavors to verify whether the person who holds parental responsibility for the child has given or approved the consent.

Rights of the Individual Regarding Data Processing
If you have any questions regarding our privacy policy or the processing of your personal data, you can contact us without hesitation. Write to us at hilfe@vitapur.at or give us a call. Based on your request, we will inform you - in writing and in accordance with regulations.

To ensure fair and transparent processing, as an individual, you have the following rights based on regulations:

Right to Withdraw Consent: If you have consented to the processing of your personal data (for one or more specific purposes) as an individual, you have the right to withdraw this consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

Consent can be withdrawn by a written statement sent to the controller at: Vitapur GmbH, Koschatstraße 38, 9020 Klagenfurt am Wörthersee, or by email to hilfe@vitapur.at.

Withdrawal of consent for the processing of personal data by an individual has no negative consequences or sanctions. However, it is possible that the controller may no longer be able to provide individual or multiple services to the individual after the withdrawal of consent if these services cannot be provided without personal data.

Right to access personal data: As an individual, you have the right to obtain confirmation from the provider (data controller) whether personal data concerning you are being processed and, if so, access to personal data and certain information (about the purposes of processing, types of personal data, recipients, storage periods or criteria for determining periods, existence of the right to rectification or erasure of data, right to restriction of processing and objection to processing, and the right to lodge a complaint with a supervisory authority, about the source of data if the data were not collected from you, the existence of automated decision-making, including profiling, the reasons for it, and the significance and consequences of such processing for you, and other information in accordance with Article 15 of the GDPR);

Right to rectification of personal data: As an individual, you have the right to have the provider correct inaccurate personal data concerning you without undue delay. As an individual, taking into account the purposes of processing, you have the right to have incomplete data completed, including by providing a supplementary statement;

Right to erasure of personal data ("right to be forgotten"): As an individual, you have the right to have the provider erase personal data concerning you without undue delay, and the provider must erase the data without undue delay if one of the following reasons applies:

(a) the data are no longer necessary for the purposes for which they were collected or otherwise processed,
(b) if you withdraw consent, and there is no other legal basis for processing,
(c) if you object to the processing, and there are no overriding legitimate grounds for the processing,
(d) the data have been unlawfully processed,
(e) the data must be erased to comply with a legal obligation under EU law or the law of a Member State applicable to the provider,
(f) the data have been collected in relation to the offer of information society services.

However, as an individual, you do not have the right to erase data in certain cases described in the third paragraph of Article 17 of the GDPR;

Right to restriction of processing: As an individual, you have the right to obtain from the provider restriction of processing where one of the following applies:

(a) you contest the accuracy of the data for a period enabling the provider to verify the accuracy of the data;
(b) the processing is unlawful, and you oppose the erasure of the data and request the restriction of their use instead;
(c) the provider no longer needs the data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims;

(d) you have objected to processing pending the verification of whether the legitimate grounds of the provider override your grounds;

Right to data portability: As an individual, you have the right to receive the personal data concerning you, which you have provided to the provider, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance from the provider to whom the personal data have been provided, where:

(a) the processing is based on consent or on a contract, and
(b) the processing is carried out by automated means.

In exercising the right to data portability, as an individual, you have the right to have personal data transmitted directly from one controller (provider) to another, where technically feasible;

Right to object to processing: As an individual, based on grounds relating to your particular situation, you have the right to object at any time to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the provider (point (e) of Article 6 (1) GDPR) or necessary for the purposes of the legitimate interests pursued by the provider or by a third party (point (f) of Article 6 (1) GDPR), including profiling based on those provisions; the provider shall cease processing the personal data unless the provider demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing; where you object to processing for direct marketing purposes, the data shall no longer be processed for such purposes.

Where personal data are processed for scientific or historical research purposes or statistical purposes, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Right to lodge a complaint with the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right as an individual to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection regulations.

Without prejudice to any other administrative or extrajudicial remedy, you have the right as an individual to an effective judicial remedy against a legally binding decision of the supervisory authority concerning you, as well as in cases where the supervisory authority does not handle your complaint or inform you of the status or outcome of your complaint within three months. The courts of the Member State in which the supervisory authority has its seat shall have jurisdiction in proceedings against the supervisory authority.

An individual may address all requests relating to the exercise of rights concerning personal data in writing to the controller, using one of the contacts listed on the website www.hexapro.eu

For the purpose of reliable identification when exercising rights concerning personal data, the controller may request additional information from the individual, and action may only be refused if it is demonstrated that the individual cannot be reliably identified.

Upon request from the individual exercising their rights concerning personal data, the controller must respond without undue delay and at the latest within one month of receiving the request.

Notification of a personal data breach to the supervisory authority
In the event of a breach of personal data protection, the provider is obliged to notify the competent supervisory authority, unless it is unlikely that the breach has resulted in risks to the rights and freedoms of individuals. If there is suspicion of a criminal offense at the time of the breach, the Provider must notify the police and/or the competent public prosecutor's office of the breach.

In cases where a breach may pose a high risk to the rights and freedoms of individuals, the provider must notify the individuals concerned of the breach without undue delay or, where it is not possible, immediately. The notification to the individual must be in clear and plain language.

Publication of Changes
Any changes to our privacy policy will be published on the website www.hexapro.eu

By using the websites, the individual confirms acceptance and agreement with the entire content of this privacy policy.

Updated: 23. May 2018