Skip to content

Legal Notice

Publisher and responsible for the content of the website:

This imprint is valid for all websites operated by VitalPlusActive Group as well as for all VitalPliusActive Group  social media accounts.

Responsable
VITALPLUSACTIVE GROUP (CYPRUS) LTD
2A CHEILONOS STREET, RIVERSIDE FORUM OFFICE 102
1101 NICOSIA,
CYPRUS
Email: interest@vitalplusactive.com

Sales tax identification number (VAT-ID)
T.I.C. Reg. No: 12343279W

VAT. Nr. CY10343279U

Management / Represented by

Ljubisa Bogunovich

Disclaimer

Reference to EU Dispute Resolution
The European Commission provides a platform for online dispute resolution (OS): https://ec.europa.eu/consumers/odr. Our E-mail address can be found here in the imprint.

Liability for content
As a service provider we are responsible according to § 7 Abs.1 TMG for own contents on these sides according to the general laws. According to §§ 8 to 10 TMG, however, we as a service provider are not obliged to monitor transmitted or stored external information or to investigate circumstances that indicate an illegal activity. Obligations to remove or block the use of information under general law remain unaffected. A liability in this regard, however, is only possible from the date of knowledge of a specific infringement. Upon notification of appropriate violations, we will remove this content immediately

Liability for links
Our offer contains links to external websites of third parties on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognizable at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement. Upon notification of violations, we will remove such links immediately.

Copyright
The content and works on these pages created by the site operators are subject to EU copyright law. The reproduction, processing, distribution and any kind of exploitation outside the limits of copyright require the written consent of the respective author or creator. Downloads and copies of this site are for private, non-commercial use only. As far as the contents on this side were not created by the operator, the copyrights of third parties are considered. In particular contents of third parties are marked as such. If you should still be aware of a copyright infringement, we ask for a note. Upon notification of violations, we will remove such content immediately.

Privacy Policy

Definition

Our privacy policy is based on the terms used by the European legislator under the General Data Protection Regulation (GDPR). Our privacy policy should be readable and understandable to the public, but also to our customers and business partners. To ensure this, we would first like to explain some of the terms used.

1. Personal data

Personal data is all information about a specific or identifiable natural person. An identifiable natural person is a person that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific physical, physiological, genetic, mental characteristics, economic, cultural or social identity of this natural person.

2. Affected person

An affected person is any identified or identifiable natural person whose personal data is processed by the controller.

3. Processing

Processing is any process or set of operations performed on personal data or personal data, whether automated, recorded, organized, structured, stored, adapted or changed, accessed, consulted, used, transmitted, disseminated or otherwise made available, directed or combined, restricted, deleted or destroyed.

4. Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain aspects of a natural person, in particular to analyze or predict aspects of work performance, economic situation, health, personal preferences, interests, the reliability, the behavior, the location or the movements of this natural person.

5. Pseudonymization

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific person without the use of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to a specific or identifiable natural person.

6. Controller

Responsible for processing is the natural or legal person, public authority, agency or other body which, alone or in concert with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by the Union or Member State law, the controller or the specific criteria for their designation may be determined by the Union or Member State law.

7. Processor

The processor is a natural or legal person, public authority, government agency or other body that processes personal data on behalf of the controller.

8. Recipients

Recipient is a natural or legal person, agency, agency or other entity to which the personal information is disclosed, whether or not it is a third party. However, authorities which may obtain personal data under a specific investigation under the Union or national law shall not be considered as beneficiaries. The processing of these data by these authorities will be in accordance with the applicable data protection rules for the purposes of processing.

9. Consent

The consent of the data subject is any free, specific, informed and unambiguous presentation of the data subject’s wishes, by which they declare their consent to the processing of the personal data concerning them by means of a declaration or a clear affirmation.

Responsible

The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the

VITALPLUSACTIVE GROUP (CYPRUS) LTD

2A CHEILONOS STREET, RIVERSIDE FORUM OFFICE 102

1101 NICOSIA, CYPRUS

Email: interest@vitalplusactive.com | Website: www.vitalplusactive.com

Data Protection Officer:

David Zalar

Zelengaj 80

10000 Zagreb

Croatia

General information about the collection and processing of your data

1. Scope of processing

In principle, we process personal data of our website visitors and users in pharmacies only insofar as this is necessary to provide a functioning website and our content and our consulting services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

2. Legal basis

Insofar as we obtain the consent of the data subject for processing of personal data, art. 6 §1 GDPR serves as a legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, art. 6 § 1 lit. b GDPR as a legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, art. 6 § 1 lit. c GDPR as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 § 1 lit. d GDPR as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, art. 6 § 1 lit. f GDPR as legal basis for processing.

3. Storage and deletion of your data

We delete or block the personal data of the data subject as soon as the purpose of the storage is eliminated. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires (3 years), unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

4. Please note

Your consent data will be processed for the use of this website and the use of the implemented Consent Management Platform. We use the SiteGround and Microsoft Azure. The servers are located in Amsterdam, Dublin and Germany (inside EU). Due to the judgment of the Court of Justice of July 16th, 2020 (Case C311/18), the transfer of personal data to the US on the basis of the Privacy Shield was declared invalid. We would like to inform you that we cannot exclude the fact that data may be transferred to the US and may be subject to access by the US security authorities in accordance with 50 U.S.C. §1881(b)(4), 50 U.S.C. §1881a (= FISA 702).

This applies to the use of the vitalplusactive.com website as well as to all websites that have implemented the vitalplusactive.com Consent Management Platform as a service into their website.

Provision of the website and creation of log files

1. Scope of processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. This is e.g. information like

– Information about the type and version of your internet browser,
– The operating system of your computer or smartphone,
– Your internet service provider,
– Your IP address,
– Date and time of your access,
– Websites from which you came to us,
– Websites that you visit from our site.
– The legal basis for the temporary storage is art. 6 § 1 lit. f GDPR.

We collect such technical information in so-called “log files”, so that you can display our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks. For these purposes, our legitimate interest in the processing of data according to art. 6 § 1 lit. f GDPR.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Typically, this technical information will be erased or rendered unrecognizable at the latest after seven days.

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

 

Contact requestst for products and services information

1. Description and scope of data processing

On our website you can contact us via various options: e.g. contact form, send direct e-mail, book a consultation in a pharmacy, subscribe a newsletter. If you make this possible, the data entered in the input mask will be transmitted to us and saved. In addition to the specific input macro data, the IP address and the date and time of the request are collected and stored. For the processing of the data, you give your consent in the context of the sending process.

Alternatively, a contact via e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored.

In this context, there will be no disclosure of the data to third parties, unless this is necessary for the processing of the query (for example, demo booking tool). In any case, the data will be used exclusively for processing the conversation.

2. Legal basis for processing

Legal basis for the processing of the data is in the presence of the consent of the user art. 6 § 1 lit. a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of personal data from the input mask is solely for the processing of your request. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

If you have booked a consultation, requested product information, we reserve the right to store the data for three years to measure the profitability of our sales and marketing. Otherwise, we will delete the data as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of thirthy days.

5. Opposition and removal possibility

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

All personal data stored in the course of contacting will be deleted in this case.

 

Cookies and tracking technologies

1. What are Cookies?

Web-Browser-Cookies

A web browser cookie is a small text file sent from a website to your computer or mobile device where it is stored by your web browser. Web browser cookies may store information such as your IP address or other identifier, your browser type, and information about the content you display and interact with on the digital services. By storing such information, web browser cookies can store your preferences and settings for online services and analyze how you use online services.

Tracking Technologies: Web Beacons / Gifs, Pixels, Page Tags, Script

Emails and mobile applications can contain small, transparent image files or lines of code to record how you interact with them. This information is used to help website and app publishers better analyze and improve their services.

2. Use, legal basis and purpose

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.

Before consent is given 2 functional cookies are set. The “PHPSESSID” cookie is used to recognize the browser language and thus display the language of the website accordingly. After closing the browser this cookie will be deleted. The “wBounce” cookie only contains the value “true”. This value is used to determine if the user has already seen a pop-up or not. If the user has already interacted with one, we do not want to show it to him or her again for a certain period of time.

In addition, we set the two IAB cookies “euconsent” and “eupubconsent”. These cookies are stored when a user does not want to be tracked. The same applies to the storage of data in the local storage. This only serves the purpose to remind us that a user has not given his or her consent. Otherwise, we would have to ask about it every time the same user visits the site.

The above mentioned cookies as well as the storage of data in the local storage only allow functionalities which should contribute to a positive user experience on our website. We do not use cookies with personal data without given consent.

In addition, we use cookies on our website that allow an analysis of users’ browsing behavior.

When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art. 6 para. 1 lit. a GDPR.

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break. We require cookies for the following applications: Acceptance of language settings. The user data collected through technically necessary cookies will not be used to create user profiles.

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.

3. Duration of storage, objection and disposal options

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

 

Implemented technologies

YouTube Video

Description of Service

This is a video player service.

Company which processes the data

Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
https://support.google.com/policies/contact/general_privacy_form

Data Protection Officer

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing. A consent is only valid for the stated purposes. The collected data can’t be used or stored for any other purpose than the purposes listed below.
  • – Displaying Videos

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
  • – Cookies (if “Privacy-Enhanced Mode” is not activated)

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.
  • – IP Address
  • – Referrer url
  • – Device information
  • – Watched Videos

Legal Basis

In the following the required legal basis for the processing of data is listed.
  • – Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
European Union

Duration to store the data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The data will be deleted as soon as they are no longer needed for the processing purposes.

Distribution to third countries

This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.
  • – Worldwide

Data Recipients

In the following the recipients of the data collected are listed.
  • – Alphabet Inc.
  • – Google LLC
  • – Google Ireland Limited

Click here to opt out from this processor across all domains

https://safety.google/privacy/privacy-controls/

Click here to read the privacy policy of the data processor

https://policies.google.com/privacy?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Google Tag Manager

Description of Service

This is a tag management system for managing JavaScript and HTML code snippets used to enable the implementation of tracking, analytics, personalization and marketing performance tags and tools.

Company which processes the data

Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
https://support.google.com/policies/contact/general_privacy_form

Data Protection Officer

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing. A consent is only valid for the stated purposes. The collected data can’t be used or stored for any other purpose than the purposes listed below.
  • – Functionality

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
  • – Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.
  • – Aggregated data about tag firing

Legal Basis

In the following the required legal basis for the processing of data is listed.
  • – Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
United States of America

Duration to store the data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The data will be deleted after 14 days of retrieval.

Distribution to third countries

This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.
  • – Worldwide

Data Recipients

In the following the recipients of the data collected are listed.
  • – Alphabet Inc.
  • – Google LLC
  • – Google Ireland Limited

Click here to opt out from this processor across all domains

https://safety.google/privacy/privacy-controls/

Click here to read the privacy policy of the data processor

https://policies.google.com/privacy?hl=en

Click here to read the cookie policy of the data processor

https://www.google.com/intl/de/tagmanager/use-policy.html

Google Ads Conversion Tracking

Description of Service

This is a conversion tracking service.

Company which processes the data

Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
https://support.google.com/policies/troubleshooter/7575787?hl=en

Data Protection Officer

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/troubleshooter/7575787?hl=en

Data Purposes

This list represents the purposes of the data collection and processing. A consent is only valid for the stated purposes. The collected data can’t be used or stored for any other purpose than the purposes listed below.
  • – advertising
  • – Conversions
  • – Analytics

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
  • – Cookies
  • – Pixel- Tags
  • – Web beacons

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.
  • – Ads clicked
  • – IP adress
  • – Web request
  • – Usage data
  • – Cookie ID
  • – Date and time of visit
  • – Cookie information
  • – Rererrer URL
  • – Browser language
  • – Browser type

Legal Basis

In the following the required legal basis for the processing of data is listed.
  • – Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
European Union

Duration to store the data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The data will be deleted as soon as they are no longer needed for the processing purposes.

Distribution to third countries

This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.
  • – Worldwide

Data Recipients

In the following the recipients of the data collected are listed.
  • – Google Ireland Limited
  • – Google LLC
  • – Alphabet Inc

Click here to opt out from this processor across all domains

https://safety.google/privacy/privacy-controls/

Click here to read the privacy policy of the data processor

https://policies.google.com/privacy?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

AdWords Remarketing

Description of Service

This is a remarketing service from Google.

Company which processes the data

Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data Protection Officer

Below you can find the email address of the data protection officer of the processing company.

Data Purposes

This list represents the purposes of the data collection and processing. A consent is only valid for the stated purposes. The collected data can’t be used or stored for any other purpose than the purposes listed below.
  • – Advertising
  • – Remarketing

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
  • – Cookies

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.
  • – IP address
  • – Date and time of visit
  • – Web request
  • – Browser type
  • – Cookie ID
  • – Browser language

Legal Basis

In the following the required legal basis for the processing of data is listed.
  • – Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
European Union

Duration to store the data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The data will be deleted as soon as they are no longer needed for the processing purposes.

Distribution to third countries

This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.
  • – Worldwide

Data Recipients

In the following the recipients of the data collected are listed.
  • – Alphabet Inc.
  • – Google LLC
  • – Google Ireland Limited

Click here to opt out from this processor across all domains

https://safety.google/privacy/privacy-controls/

Click here to read the privacy policy of the data processor

https://policies.google.com/privacy?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Facebook Pixel

Description of Service

This is a Tracking technology offered by Facebook and used by other Facebook services such as Facebook Custom Audiences.

Company which processes the data

Facebook Ireland Limited
4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland
https://www.facebook.com/help/contact/540977946302970

Data Protection Officer

Below you can find the email address of the data protection officer of the processing company.

https://www.facebook.com/help/contact/540977946302970

Data Purposes

This list represents the purposes of the data collection and processing. A consent is only valid for the stated purposes. The collected data can’t be used or stored for any other purpose than the purposes listed below.
  • – Marketing
  • – Retargeting
  • – Tracking
  • – Analytics
  • – Advertisement

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
  • – Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.
  • – Facebook user ID
  • – Browser information
  • – Usage data
  • – Non-sensitive custom data
  • – Referrer url
  • – Pixel ID
  • – User behaviour
  • – Ads viewed
  • – Interactions with advertisement, services, and products
  • – Marketing information
  • – Content viewed
  • – IP address
  • – Device information
  • – Success of marketing campaigns
  • – Geographic location

Legal Basis

In the following the required legal basis for the processing of data is listed.
  • – Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
European Union

Duration to store the data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The data will be deleted as soon as they are no longer needed for the processing purposes.

Distribution to third countries

This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.
  • – Worldwide

Data Recipients

In the following the recipients of the data collected are listed.
  • – Facebook Inc.
  • – Facebook Ireland Limited

Click here to opt out from this processor across all domains

https://www.facebook.com/ads/preferences/

Click here to read the privacy policy of the data processor

https://www.facebook.com/privacy/explanation

Click here to read the cookie policy of the data processor

https://www.facebook.com/policies/cookies

Minors

Our services are not aimed at children under 13 years. We do not knowingly collect information from children under the age of 13. If you have not reached the age limit, do not use the services and do not provide us with your personal information. If you are a parent of a child below the age limit and you learn that your child has provided VitalPlusActive personal information, please contact us at interest@vitalplusactive.com and insist on exercising your rights of access, correction, cancellation and / or opposition. If you are resident in California and are under 18 years of age and wish to erase publicly available content, please contact us at interest@vitalplusactive.com.

 

Your rights

 

If we process your personal data you have – after successful identification – the following rights towards us:

1. Right to information

You may request confirmation from our company as to whether we process personal information pertaining to you.

If such processing is available, you can request information about a large number of circumstances in accordance with GDPR, such as

(1) the purposes for which your personal information is processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom your personal information has been disclosed or is still being disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the retention period;

(5) the existence of a right to rectification or deletion of your personal data, a right of limitation of our processing or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information about the source of your personal data, unless your personal information was collected from yourself;

(8) the existence of automated decision-making including profiling under article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to correct and / or complete your personal data if this information is incorrect or incomplete. We will make the correction without delay.

3. Right to restriction of processing

Under certain circumstances, you may request the restriction of the processing of your personal data.

(1) if you contest the accuracy of your personal information for a period of time that enables us to verify the accuracy of your personal information;

(2) if the processing is unlawful and you refuse the deletion of your personal data and instead request the restriction of the use of your personal data;

(3) If we no longer need your personal information for the purposes of processing, but you need it to assert, exercise or defend your rights, or

(4) if you object to the processing and it is not yet certain that the legitimate reasons of our group of companies and affiliates exceed your reasons.

If the processing of your personal data has been restricted, we may only process this data – with the exception of its storage – with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

If the limitation of the processing after the o.g. If conditions are restricted, you will be informed by us before the restriction is lifted.

4. Right to cancellation

You may require us to have your personal information deleted immediately and we shall be obliged to erase that information immediately if one of the following is true:

(1) your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(2) You revoke your consent, to which the processing acc. art. 6 § 1 lit. a or art. 9 § 2 lit. GDPR and there is no other legal basis for processing.

(3) According to art. 21 §1 GDPR objection to the processing and there are no prior justifiable reasons for the processing, or art. 21 § 2 GDPR.

(4) Your personal data have been processed unlawfully.

(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

Have we made your personal data public and we are gem. Article 17 (1) of the GDPR requires that we take appropriate measures to inform other companies processing your personal data that you have deleted all links to yours, taking into account available technology and implementation costs personal data (and all copies thereof) (“right to be forgotten”). The right to erasure does not exist if the processing is necessary.

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferring on the controller has been;

(3) for reasons of public interest in the field of public health pursuant to art. 9 (2) lit. h and i as well as art. 9 (3) GDPR, or

(4) to assert, exercise or defend legal claims.

5. Right to information of third parties by our company

If you have the right to rectify, delete or restrict the processing to our company, we are obliged to notify all recipients to whom we have disclosed your personal data this rectification or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You also have the right to be informed by us about these recipients.

6. Right to Data Portability

You have the right to receive personally identifiable information you provide us in a structured, common and machine-readable format. You also have the right to transfer this information to another person without hindrance by the controller to whom the personal data has been provided, provided that

(1) the processing on a consent acc. art. 6 §1 lit. a GDPR or art. 9 § 2 lit. a GDPR or on a contract acc. art. 6 § 1 lit. b GDPR is based and

(2) the processing is done by automated means.

In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

7. Right to object

You have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to art. 6 § 1 lit. e or f GDPR takes an objection; this also applies to profiling based on these provisions.

We will no longer process your personal information in this case unless there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decision on a case-by-case basis, including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner.

This does not apply if the decision

(1) is required for the conclusion or performance of a contract between you and us,

(2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3) with your express consent.

With respect to the cases referred to in (1) and (3), the person responsible shall take reasonable steps to uphold the rights and freedoms and your legitimate interests, including at least the right to intervene in the intervention of a person of our company in order to express his or her own position and to challenge it heard of the decision.

10. Right to complain to the supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against GDPR. Names and contact information of the competent supervisory authorities in the European Union can be found at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Security and integrity of the data

Protecting the information you give us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. VitalPlusActive has taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information, and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.

Updates

We reserve the right to update this privacy policy from time to time. In the event that we make material changes that restrict VitalPlusActive’ rights or obligations under this Privacy Policy, we will publish a clear notice in this section of this Privacy Policy that informs users when they are updated.

 

Last update made on 10.01.2021