Privacy Notice at VitaminExpress

The protection of your personal data is an issue we take very seriously. Therefore, your personal data is always strictly confidential and processed in accordance with legal data protection regulations, as well as this data protection declaration.

• Secure Shopping with SSL
• Storage and Use of Personal Data
• Information and Deletion of Personal Data
• Storage of Personal Data
• Do We Share Information?
• eMail Delivery
• Server Log Files
• Cookies
• Password
• Social Plugins and Videos
• May Children use our Website?

Secure Shopping with SSL

By using SSL on the entire website, we provide the most secure shopping experience possible. Our software encrypts your personal data with up to 2048 bit SSL (Secure Socket Layer) before it is transmitted, which offers a very high level of security.

You can recognize an encrypted connection in the browser's address bar; it changes from 'http://' to 'https://' and you'll be able to see a lock icon in your browser line. When SSL encryption is enabled, your transmitted data cannot be read by third parties.

Storage and Use of Personal Data

Personal data is information that can be used to identify a natural person and includes contact information. We receive your personal data when you contact us, shop with us, register for the eNewsletter, or write a product or shop review.

We only collect and store those aspects of your personal data which are specifically required to respond to your questions, inform you and process your orders. In addition, we use anonymised data, which is saved by our software and analysis tools, to improve our products and offerings.

In addition, we use anonymous data that stores our software and the analysis tools we use to improve our website and our offerings.

Information and Deletion of Personal Data

You may view and change the personal information in your customer account at any time, to keep it up to date. Simply log in to your customer account. Here you will find all personal data stored by us.

For security reasons, we do not display payment information in your customer account. Please contact us if you have questions regarding personal data, or if you wish to delete your customer account. Please note that we are not allowed to delete orders that have been completed, including the invoices generated from them, due to legal regulations.

Storage of Personal Data

We retain personal data only as long as it is necessary to comply with the purposes described in this data protection declaration, unless a longer retention period is required, or permitted, in accordance with legal regulations.

GDPR

At VitaminExpress, we value your privacy and will always diligently protect your data. This privacy policy may be changed, modified, or updated at any time, with no prior warning or notification. By using the provider's website, the user confirms she or he agrees with the changes and modifications.

As data subject, you have the following rights:

• Pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified there;
• Pursuant to Art. 16 GDPR, the right to request for immediate correction of incorrect or incomplete personal data stored by us;
• Pursuant to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is required
  • to exercise the right to freedom of expression and information;
  • to comply with a legal obligation;
  • for reasons of public interest or
  • is required to assert, exercise or defend legal claims;

• According to Art. 18 GDPR you have the right to request the restriction of the processing of your personal data, where one of the following applies:
  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

• Pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;
• According to Art. 77 GDPR you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

Do We Share Information?

Information provided by users and customers of this website is very important to us, as we cannot process an order or optimise our offer without it. Consequently, it is not in our interest to pass data on to third parties. We only pass data on to service providers, who fulfill certain tasks on our behalf, within the scope of activities described here.

Package Delivery

In order for you to receive your parcel quickly and safely, we contract a wide variety of fulfillment and parcel delivery agents, such as DHL, UPS, Austrian Post and Collissimo, who process orders and transport the parcels from our shipping warehouse to your home address. These companies only receive your shipping address, your mail address and, if necessary, your phone number.

Customer Service

In order to provide you with the best possible customer service, we work with experienced customer service and call center agencies. They accept your telephonic orders and contact you if there are any queries. The staff has access to all customer data which is required to fulfill an order or to answer customer questions.

eMail Delivery

In order to keep you well-informed, we send our email newsletter via platforms that are specialised in delivering e-mails professionally and securely. These companies save the email address and the name of the subscriber for the personal address for sending our e-mails. In order to make the e-mails as relevant as possible for you, we also include personal information that you give us when you are active or shop on our website. You can unsubscribe at any time in the footer of our newsletter with just one click.

Service emails

If you are active on our website and, for example, create a customer account, order products or fill out a form, we will send you service emails, such as order confirmation, shipping confirmation or payment reminders. You cannot unsubscribe from this group of service emails.

E-mail advertising without registering for the newsletter and your right of objection:

If we receive your e-mail address in connection with the sale of goods or services and you have not objected to this, we reserve the right, on the basis of regulation 22. (1) of The Privacy and Electronic Communications (EC Directive) Regulations 2003, which applies to individual-only subscribers and states:

"A person may send or instigate the sending of electronic mail for the purposes of direct marketing where—

(a) that person has obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient;

(b) the direct marketing is in respect of that person’s similar products and services only; and

(c) the recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and, where he did not initially refuse the use of the details, at the time of each subsequent communication.”

We send service emails via platforms that specialize in delivering emails professionally and securely. These companies save the e-mail address and the name for personal salutation for sending our e-mails. In order to make the e-mails as relevant as possible for you, we also include personal information that you give us when you are active on our website or make a purchase from us.

E-mail advertising with registration for the newsletter

If you register for our newsletter, we use the data required for this or separately provided by you in order to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After you have unsubscribed, we will delete your e-mail address, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration.

Sending of Letters and Catalogues

We use different service providers to send out catalogs and letters. We only pass names and addresses on to these companies.

Contact Form

When you send us a message via the contact form, your details, including the contact details you provided, will be stored in our system for purposes of processing. We do not pass this data on to third parties.

Payment Procedure

Depending on the payment method, different information is forwarded to payment services and banks.

• PayPal: You will be forwarded to the payment provider, where you can sign in with your email address and password. We do not store any information, except for the payment method.
• Sofort.com: You will be forwarded to the payment provider, where you can sign in with your user name and PIN. This information will not be stored at sofort.com. We also do not store any information, except for the payment method.
• Credit Card: The credit card data is transferred securely to the payment provider when you place your first order, using SSL encryption. We only store the last 4 digits of the card number, as well as the payment method, so that you can easily identify it for future orders. For each subsequent order, a so-called alias code is transferred to the payment provider to trigger the new payment.
• SEPA Direct Debit: We store the IBAN and BIC and transmit them to the bank with SSL encryption for every payment.
• Prepayment: The processing of the incoming payments is done by a payment service provider. For this purpose, we only pass on the data necessary for the processing by means of SSL encrypted securely to this. We also do not store any information in our database, except for the payment method.

Analysis Platforms

To monitor whether our website is working smoothly, and to ensure that we are constantly improving our offering and services, we utilize various analysis platforms, such as Google Analytics and the Google search console. Here, anonymous data relating to our website usage is transferred and evaluated. This data helps us to improve our offering and services. Personal data, such as your name, address and payment information are not relevant for these analyses and are therefore not recorded.

Interest-based Ads and Personalization

We use your interaction with our website so serve interest-based ads that may be relevant to you. However, we do not use information that directly identifies individuals (such as name or email) to serve interest-based ads or remarketing. To show the most relevant product recommendation, we work with search engines, advertisers, publishers, social media networks and ad serving companies. Furthermore, we also use this information to provide you with the most relevant shopping experience on our website.

We have contractual agreements with these companies, which regulate the use of your data. These service providers only have access to those aspects of the personal data they need to perform their tasks. They may not use the data for any other purpose. In addition, they are obligated to handle all information in accordance with this data protection declaration and the relevant data protection laws.

Business Transfers

It could be that parts or our entire business will be sold in the future. In this case, customer data is usually transmitted to the buyer as part of the transaction in order to continue the business properly. In this unlikely event all affected customer information will remain subject to the privacy policy described here.

Server Log Files

Our software automatically stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type / Browser version
• Operating system used (the browser's user agent values)
• Referrer URL
• Requested URL
• Data size of the server response
• IP address of the accessing computer
• Server request time

This data cannot be identified with, or assigned to specific people. This data is not merged with other data sources. We reserve the right to check this data retrospectively if specific indications of illegal use come to our attention.

Cookies

Our website uses so-called cookies. They make our website more user-friendly, more effective and more secure. Cookies are small text files that are stored by your browser.

Most of the cookies we use are so-called 'session cookies'. They will be deleted automatically after you leave the website. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit our site.You can set your browser so that you receive information about cookie settings in order to allow cookies only for specific functions, accept cookies only in certain cases, generally disable cookies, and/or enable the automatic deletion of cookies when closing the browser. When disabling cookies, some features of our website may be restricted.

Password

Your assigned password for our website, which you set when you create your customer account, is saved using an asymmetric encryption method. This means that your password is not saved as normal text and is therefore not legible to anyone. We cannot read your password either, and therefore cannot send it to you.

If you forget your password, you can create a new password at any time by clicking on the Forgot password? link, then enter the email address with which you opened your customer account. You will then receive an email with a page link, where you can enter your new password.

Kameleoon

Kameleoon is a SaaS solution which makes A/B testing and web personalization possible. Kameleoon customers and partners use the solution to gain a better understanding of how their website is used and to provide their customers with an optimized user experience. Kameleoon does not save any personal data. You can object to the use of Kameleoon at any time by clicking on the following link:

https://www.vitaminexpress.org/de/#kameleoonOptout=true

Emarsys CRM Ads

We use CRM Ads from the provider Emarsys Schweiz GmbH, Stauffacherstrasse 45, 8004 Zurich, Switzerland. Data protection declaration: https://www.emarsys.com/de/privacy-policy.

Emarsys CRM Ads is used to occasionally send you advertisements that we believe are most relevant to you. This feature allows us to show you ads based on your preferences as part of a certain group of people. For this purpose, we do not forward any of your personal data, such as name or email address, to such third-party networks. These networks only receive a unique identifier or a non-personal checksum (hash value). At the end of the comparison, all uploaded hash values ​​are deleted again.

We use Facebook Audience Manager and Google Customer Match to create such custom audiences. You can manage your privacy settings regarding the use of mentioned tools on the privacy tab of your account with the relevant third-party provider.

Google Customer Match is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Website: https://www.google.com. Privacy Policy: https://policies.google.com/privacy. Further information on the scope of the collection and the further processing and use of the data by Google Customer Match can be found at: https://support.google.com/adwordspolicy/answer/6299717?hl=de. You can edit the settings for personal data and privacy under Google “My Account”: https://myaccount.google.com/intro?hl=de.

Criteo

Our website uses cookies/advertising IDs for advertising purposes. This allows us to show our advertising to visitors who are interested in our products on partner websites, apps and emails. Retargeting technologies use cookies or advertising IDs and display advertisements based on your previous browsing behavior. Insofar as conclusions about personal data result from the use of the aforementioned service, the legal basis for this is Article 6 (1) sentence 1 lit. f GDPR.

To opt-out of this interest-based advertising, please visit the following websites:

http://www.networkadvertising.org/choices/

http://www.youronlinechoices.com/

We may exchange information such as technical identifiers from your registration information on our website or our CRM system with reliable advertising partners. This allows your devices and/or environments to be linked and offer you a seamless user experience with the devices and environments you use. For more details on these linking capabilities, please refer to the privacy policy found on the aforementioned platforms or the explanations below.

You will also find the Criteo opt-out function in Criteo's data protection policy: https://www.criteo.com/de/privacy.

Social Plugins and Videos

We use plugins for the social media networks: Facebook, Google + and Twitter on our website, as well as for the online video portal YouTube

When a user calls up a web page for one of the social media networks which contain a plugin, their browser establishes a direct connection to the social media network's servers. The content of the plugin is transmitted directly from the social media network to your browser and integrated into the website. Vitamin Express, therefore, has no influence on the extent of the data collected by social media networks via plugins, and informs users accordingly, to the best of their knowledge:

By incorporating the plugins, the social media networks receive the information that a user has called up a specific page and offering. If the user is logged into a particular social media network, that network is able to assign the site visit to his/her account. When users interact with the plugins, for example, if they press the 'like' button or leave a comment, the information is transmitted from your browser directly to the social media network and stored there. If a user is not yet a member of the social media network, there is still a possibility that this network will recognize and store the user's IP address. In Germany, according to Facebook, for example, only an anonymized IP address is stored.

To find out more about the purpose and scope of the data collection, further processing and use of the data by the social media network, as well as user rights and privacy settings protecting your personal privacy, please refer to the data protection information supplied the respective social media network.

If a user is already a registered social media network user, and does not want the social media network to collect data about him/her via the Vitamin Express website, linking it with his/her existing data, s/he must log out of the social media network before visiting the website.

Our website uses plugins from the Google-powered YouTube page. If you visit one of our sites which have a YouTube plugin, you will be connected to the YouTube servers. This tells the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, it will allow YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Please find the data protection notices of the respective social networks:

• Facebook and Instagram

• YouTube

May children use our website?

Vitamin Express does not offer or sell any products to minors. Products intended for children may only be purchased by adults. If you are not yet 18 years old, you may only buy products from us together with a parent or guardian.

Questions Regarding Data Protection

If you have any questions about any of the privacy or data protection issues, please contact us via our contact form.