Privacy policy

Effective Date

15 June 2025

Data Controller

Vitalight

Company Registration Number

600730

VAT Number

3487826DH

Contact Email

info@vitalight.eu

Supervisory Authorities

This policy is designed to comply with the requirements of the General Data Protection Regulation (GDPR) and relevant supervisory authorities in:
- Ireland: Data Protection Commission (DPC)
- Germany: Bundesbeauftragte für den Datenschutz (BfDI) or respective state authority
- France: Commission Nationale de l’Informatique et des Libertés (CNIL)
- Spain: Agencia Española de Protección de Datos (AEPD)

Introduction

Vitalight operates this store and website, including all related information, content, features, tools, products, and services (collectively, the 'Services'), to offer a personalised and secure shopping experience. Our platform is powered by Shopify, which helps us deliver and maintain the Services. This Privacy Policy describes in detail how we collect, use, disclose, and safeguard your personal information when you interact with us. By accessing or using the Services, you acknowledge and accept this Privacy Policy.

Personal Information We Collect

We collect information that either directly identifies you or could reasonably be used to identify you, including:
- Contact data: your name, email address, shipping and billing addresses, phone number
- Payment information: credit/debit card or payment processor details
- Account credentials and settings
- Purchase and return history
- Communications with customer service
- Device, session, and usage data collected via cookies or analytics tools

Sources of Personal Information

We obtain personal data through:
- Direct interaction: when you place orders, create an account or contact us
- Automated technologies: via cookies, device metadata, or browsing activity
- Third-party services: such as Shopify, advertising or logistics providers

Purpose and Use of Information

Your information enables us to:
- Fulfil and manage orders and deliveries
- Maintain your account and preferences
- Personalise product recommendations and marketing offers
- Ensure the safety and integrity of our platform and users
- Communicate with you and provide customer support
- Comply with applicable laws and regulations

Lawful Basis for Processing

We only process your personal data when legally permitted, based on:
- Your explicit consent
- Necessity for fulfilling a contract (e.g., to complete an order)
- Compliance with legal obligations
- Legitimate business interests, such as service improvement or fraud prevention

Data Sharing and Disclosure

We may share personal information with:
- Shopify, for platform hosting and operational support
- Payment processors and financial institutions
- Delivery and logistics partners
- Marketing and advertising platforms
- Legal and regulatory authorities when required

Children’s Data

We do not knowingly collect or process data from individuals under 13 years of age. If you believe a child has submitted information to us, please contact us to request deletion.

Cookies and Tracking Technologies

We use cookies and similar technologies to:
- Enable essential site functionality
- Understand user behaviour and improve our website
- Deliver targeted advertisements
Non-essential cookies are only activated with your explicit consent, per EU law. You can manage your cookie preferences at any time through the cookie banner or browser settings.

International Transfers

If your personal data is transferred outside the European Economic Area (EEA), including to Shopify in Canada or the US, we ensure it is protected through mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Data Retention

We retain personal data for as long as necessary to provide the Services or comply with legal obligations. For example, transactional data is stored for 7 years to meet tax and accounting requirements.

Your Rights Under GDPR

You have the right to:
- Access the personal data we hold about you
- Request correction or deletion of inaccurate data
- Restrict or object to processing
- Withdraw consent at any time
- Request data portability
- File a complaint with your country’s data protection authority

Managing Preferences and Opting Out

You may unsubscribe from promotional emails at any time using the link in our emails. You can also manage cookie and ad preferences via the Global Privacy Control browser signal where supported.

Security

We implement technical and organisational measures to protect your data, though no system is infallible. Please avoid transmitting sensitive data over insecure networks.

Updates to This Policy

We may revise this Privacy Policy periodically. When we do, we will update the 'Effective Date' and notify you as required by law.