Vitala Privacy Policy
Last updated: 05.09.2024
General Information
This Privacy Policy (hereinafter referred to as the "Privacy Policy") applies to all users of the website https://www.vitala.health (hereinafter referred to as the "Website"). Using the Website constitutes acceptance of the terms of the Privacy Policy. If you do not agree to the terms, please stop using the Website.
This notice describes how we process the data in Vitala. Please review it carefully. If you need information about how your data is processed in Care Portal, please read the Care Portal Privacy Policy. If you want to learn how your data is processed in the Application, please read the Application's Privacy Policy. In this document you will find a description of the general principles on which Vitala operates.
This notice describes how we process the data in Vitala. Please review it carefully. If you need information about how your data is processed in Care Portal, please read the Care Portal Privacy Policy. If you want to learn how your data is processed in the Application, please read the Application's Privacy Policy. In this document you will find a description of the general principles on which Vitala operates.
Vitala Group
The Vitala Group (hereinafter referred to as "the Vitala Group") consists of the following companies: (a) Aasa Health AB, org. no. 559116-7936, with address Ola Hanssonsgatan 4, apt 1004, 112 52 Stockholm, Sweden (hereinafter referred to as “Vitala Europe”); (b) Vitala Health Inc. located at 16192 Coastal Highway, Lewes, Delaware 19958, EIN 38-4243867, info@vitala.health (hereinafter referred to as “Vitala US”).
The Vitala Group is represented by Vitala Europe in case representation of the Vitala Group is necessary. Vitala Europe is the representative of Vitala US in Europe.For obligations and representation before the client or user, the company from the Vitala Group that incurred the obligations or on which obligations rest is responsible.
The Vitala Group is part of a group of companies that have a legitimate interest in transmitting personal data within their own group of companies for internal administrative purposes, including the processing of personal data of clients and employees (data is transferred within the Vitala Group to a company domiciled in a third country within the meaning of the GDPR - Vitala US).
The Vitala Group is represented by Vitala Europe in case representation of the Vitala Group is necessary. Vitala Europe is the representative of Vitala US in Europe.For obligations and representation before the client or user, the company from the Vitala Group that incurred the obligations or on which obligations rest is responsible.
The Vitala Group is part of a group of companies that have a legitimate interest in transmitting personal data within their own group of companies for internal administrative purposes, including the processing of personal data of clients and employees (data is transferred within the Vitala Group to a company domiciled in a third country within the meaning of the GDPR - Vitala US).
IMPRESSUM
The Website is operated by Vitala Europe.
Email address for general inquiries: info@vitala.health
Email address for reporting illegal content: info@vitala.health
Email address of the Data Protection Officer in Vitala Europe: gdpr@vitala.health
Email address of the Privacy Officer in Vitala US: privacy@vitala.health
Management of Vitala Europe: Petter Aasa, CEO
Management of Vitala US: Petter Aasa, CEO
Brands managed by Vitala Europe: Vitala
Email address for general inquiries: info@vitala.health
Email address for reporting illegal content: info@vitala.health
Email address of the Data Protection Officer in Vitala Europe: gdpr@vitala.health
Email address of the Privacy Officer in Vitala US: privacy@vitala.health
Management of Vitala Europe: Petter Aasa, CEO
Management of Vitala US: Petter Aasa, CEO
Brands managed by Vitala Europe: Vitala
PERSONAL DATA
1. Who is a data controller?
Data controller refers to the entity or person that determines the purposes, conditions, and means of the processing of personal data.
Purpose of processing | Who is a data controller? |
---|---|
Recruitment | Vitala Europe |
Employment | Vitala Europe |
Bookkeeping | Vitala US for clients from the United States of America. Vitala Europe in other cases. |
Marketing and sales | Vitala US for activities in the United States of America. Vitala Europe in other cases. |
Contact | Vitala US for activities in the United States of America. Vitala Europe in other cases. |
Surveys | Vitala Europe |
Claims | Vitala US for activities in the United States of America. Vitala Europe in other cases. |
Complaints | Vitala US for activities in the United States of America. Vitala Europe in other cases. |
Important notice: For CP and App users in the United States of America, the data controller is Vitala US. Detailed information can be found in the relevant Privacy Policy. For other CP and App users, Vitala Europe is the data controller. Detailed information can be found in the relevant Privacy Policy.
2. Questions and contact information
If you have any questions or concerns after reading this document please do not hesitate to contact us.
We appreciate your feedback.
Email address of the Data Protection Officer in Vitala Europe: gdpr@vitala.health
Email address of the Privacy Officer in Vitala US: privacy@vitala.health
We appreciate your feedback.
Email address of the Data Protection Officer in Vitala Europe: gdpr@vitala.health
Email address of the Privacy Officer in Vitala US: privacy@vitala.health
3. Data Protection Officer
Vitala Europe has appointed a Data Protection Officer, Mrs. Beata Marek (“DPO”).
You can contact our DPO by email gdpr@vitala.health
You can contact our DPO by email gdpr@vitala.health
4. What personal data can we collect and why?
For a more understandable message, we assume that the data subject will be referred to as "you". We assume that for easier communication to you, we will continue to write "we" when it comes to the data controller.
Purpose of processing | Recruitment |
---|---|
Legal basis | Article 6.1.a of the GDPR |
Source of data | We can collect data directly from you. In some cases, it may be that data will be obtained from other sources. This will be the case if you are referred to us by an employment agency or other intermediary agency (this entity may provide us with personal data about you). |
The scope of data | Data obtained at the recruitment stage, which includes, among others: name, surname, gender, e-mail address, education and other data customarily and legally obtained at the recruitment stage. We reserve that we do not conduct any activities that may lead to discrimination and it is not our intention to process data to such an extent and in such a way. If we come into possession of such data that may lead to discrimination or more data than we need or request, we will immediately delete this data and we will not draw negative conclusions for you. |
Data categories | future employees or co-workers |
Time | From the moment of giving consent until the withdrawal of consent (primary purpose). After this period, we have the right to archive information about when and for what you gave consent. Although the recruitment process has ended, we retain this data for the purpose of establishing, investigating, or defending legal claims to demonstrate processing activities related to the consent you provided (secondary purpose). The data is deleted after a period of 10 years. |
Purpose of processing | Employment |
---|---|
Legal basis | Article 6.1.b of the GDPR. Data processed in connection with the performance of the contract. Article 6.1.c of the GDPR. Data processed in accordance with labor law provisions |
Source of data | We can collect data directly from you. In some cases, it may be that data will be obtained from other sources. This will be the case if you are referred to us by an employment agency or other intermediary agency (this entity may provide us with personal data about you). |
The scope of data | Data obtained at the employment stage, including: name, surname, gender, e-mail address, education and other legally required in connection with employment. We reserve that we do not conduct any activities that may lead to discrimination and it is not our intention to process data to such an extent and in such a manner. If we come into possession of such data that may lead to discrimination or more data than we need or request, we will immediately delete it and we will not draw negative conclusions for you. |
Data categories | Employees or co-workers |
Time | From the moment acquires data related to the management of employee processes until the end of the legal basis for processing the data. Labor law regulations impose obligations on us regarding data retention, including storing information related to employment. |
Purpose of processing | Bookkeeping |
---|---|
Legal basis | For Vitala Europe: Article 6.1.b of the GDPR. Data processed in connection with the performance of the contract. Article 6.1.c of the GDPR. Data processed in accordance with tax law provisions |
Source of data | Data obtained from you in connection with accounting services, including calculations or settlements (depending on the type of transaction). |
The scope of data | Financial data, data for tax settlements |
Data categories | customer data, employee data, co-workers data |
Time | From the moment we receive data for accounting purposes until the end of the legal basis for processing the data. Tax regulations impose obligations on us regarding data retention, including storing information about issued invoices or accepted liabilities. |
Purpose of processing | Marketing and sales |
---|---|
Legal basis | For Vitala Europe: Article 6.1.a of the GDPR. Article 6.1.f of the GDPR. For Vtala US: We rely on your consent or collect data on the basis of legitimate interests. Providing data is voluntary, but necessary to achieve the purpose specified in the consent message. Consent may be expressed by clicking the checkbox containing the terms of the consent granted or by clicking the button indicating acceptance of the terms of the given consent. Consent may be withdrawn at any time. No fees are charged for this. Explanation of legitimate interest: Legitimate interest is that we can collect data from publicly available sources about you in order to reach you with information. At the first contact, we always inform you that we have obtained your data and would like to obtain consent for further activities and communication. We do not actively market or sell to people who have not given their consent. Additionally, our interests include only business entities that may be interested in the services we provide. With this in mind, no data of children or minors is processed. |
Source of data | We can collect data directly from you. In some cases, it may be that data will be obtained from other sources. We will inform you if we obtain any data about you from other sources. |
The scope of data | Data customarily accepted for conducting marketing and sales activities, such as name, surname, e-mail address, place of work, etc. |
Data categories | Potential clients, customers |
Time | From the time you grant us consent until you withdraw it (primary purpose). After this period, we may process information about when and for what you gave consent, as well as what information was provided to you and how, for the purpose of establishing, investigating, or defending legal claims. The data is deleted after a period of 10 years (secondary purpose). |
Purpose of processing | Contact |
---|---|
Legal basis | For Vitala Europe: Article 6.1.f of the GDPR. For Vtala US: We rely on your consent or collect data on the basis of legitimate interests. Explanation of legitimate interest: Our legitimate interest is to help the person who comes to us for support. |
Source of data | All data provided by you to contact us. If you contact us to establish cooperation, we have the right to call you back. |
The scope of data | The data provided to us for contact is usually name, surname, company name, e-mail address, telephone number. |
Data categories | People who want to contact us (for this purpose they left their contact details, e.g. in contact forms). |
Time | From the time you contact us until we provide you with a response (primary purpose). However, we may engage in prolonged correspondence, so we only delete correspondence after 10 years. We retain access to previous messages to understand the nature of the contact, the topics discussed, or to resume communication after an extended break with new information without duplicating previously provided information (secondary purpose). |
Purpose of processing | Surveys |
---|---|
Legal basis | Article 6.1.a of the GDPR. |
Source of data | We can collect data directly from you. |
The scope of data | Data obtained at the survey stage. |
Data categories | People taking part in the survey. |
Time | Personal data will be processed from the moment of giving consent until the withdrawal of consent (primary purpose). After this period, we have the right to archive information about when and for what you gave consent. Although the survey process has ended, we retain this data for the purpose of establishing, investigating, or defending legal claims to demonstrate processing activities related to the consent you provided (secondary purpose). The data is deleted after a period of 10 years. |
Purpose of processing | Claims |
---|---|
Legal basis | For Vitala Europe: Article 6.1.c of the GDPR. Fir Vitala US: data processed for the purposes of establishing, pursuing or defending legal claims. |
Source of data | We can collect data directly from you. In some cases, it may be that data will be obtained from other sources. This may include data from offices, courts, legal representatives, parties to the proceedings, etc. that will be provided to us. |
The scope of data | Data needed to establish, pursue or defend legal claims. They may include recruitment history, employment history, settlement history, communication history, service implementation and provision history, history of actions taken by us and you (e.g. in the scope of consent granted). |
Data categories | Job candidates, co-workers, employees, clients, persons consenting to processing, persons whose data are processed in connection with the processing processes adopted by Vitala Group. |
Time | From the moment a claim is established or a claims process is initiated until the necessary period for handling the claim - any data subject to archiving may be processed for the purpose of handling this processing goal. The data is deleted when the statutory limitation periods for claims expire, or when the proceedings are concluded conclusively. We have the right to retain information beyond this period about when, in connection with what, and who was involved, what the outcome was, and if applicable, details of the proceedings - unless it concerns proceedings where the judgment is expunged, in which case the data is deleted in due course. |
Purpose of processing | Complaints |
---|---|
Legal basis | For Vitala Europe: Article 6.1.b of the GDPR. Fir Vitala US: data processed for the conducting the complaint process. |
Source of data | We can collect data directly from you. In some cases, it may be that data will be obtained from other sources. This may include data from offices, courts, legal representatives, parties to the proceedings, etc. that will be provided to us. |
The scope of data | Data needed to carry out the complaint process. I may include the data you provide us and the data we determine based on the complaint procedure that has been filed. |
Data categories | Job candidates, co-workers, employees, clients, persons consenting to processing, persons whose data are processed in connection with the processing processes adopted by Vitala Group. |
Time | From the moment of filing a complaint until the completion of the complaint handling (primary purpose). After this period, we have the right to archive information about when, in connection with what, and how the complaint was processed and for whom, for the purpose of establishing, investigating, or defending legal claims (secondary purpose). |
Important notice: The table below presents information that does not include data processed within the Care Portal and data processed within the Application. Information about the method of processing can be found in the privacy policy that applies to a specific solution.
5. Consent as a legal basis for data processing
Consent is voluntary. You can withdraw your consent at any time. Please note that if you withdraw your consent, we will no longer process the data associated with further processing, but we have the right to retain information for the purpose of establishing, investigating, or defending legal claims, based on the consent provided, including when you granted and subsequently withdrew your consent.
6. Your rights
If you are a US resident, we apply the appropriate regulations. Your request must be responded to within 45 days. Vitala's response to such a request must be made within 45 days of receipt (with a possible 45-day delay upon request). If Vitala as data controller rejects the request, the consumer retains the right to appeal this decision, and Vitala must provide instructions on how to continue the appeal process. We have 60 days to respond to such appeals.
Your rights include:
- The right to know who is processing personal data, for what purpose and why.
You've been informed in point 1-5 above.
- The right to access the personal data held by an organisation free of charge, and to receive a copy in an accessible format.
We provide access to data within the limits and possibilities permitted by law. You can also contact us to verify what specific data we process.
- The right to object to an organisation processing personal data without consent, unless there is a higher priority public interest. The right to object at any time to direct advertising, i.e. advertising sent directly to the recipient.
Advertisements and offers from Vitala Group or one of the group companies are directed only to people who have given their consent.
- The right to have data corrected if they are incorrect, incomplete, or untrue when they are processed by an organisation. You can check and ask us what data we process at any time. We encourage you to update your information.
- The right to have data deleted, which is also referred to as the right to be forgotten. This right is applicable if a person’s data is no longer needed or is being processed illegally.
We have the right to refuse data deletion if we need this data to defend claims and disputes. We have provided detailed descriptions of the cases and the duration for which we process data for the purpose of establishing, investigating, or defending legal claims.
- The right to move data relates to when personal data is being used by a company following consent or agreement. In that case, the data can be returned or transferred to another company at the individual’s request. This is referred to as the right to “data portability”.
Within the limits permitted by law and technical possibilities, we will try to help. We reserve that in some cases it may not be possible to transfer data - e.g. if you would like the consent given to us together with the information we have collected (e.g. from a survey) to be transferred to another entity etc.
- The right to be informed of the loss of personal data means that an organisation that holds personal data must inform the Authority for Privacy Protection and/or Data Protection Authority (depending on the registered office) about any personal data breaches that entail a risk to the privacy of an individual. If the breach poses a high risk to an individual, the individual must also be informed in person.
Vitala Group has implemented a process for handling data breaches or privacy violations, including assessing the impact of such breaches, in accordance with ENISA guidelines. This allows us to determine whether a data breach is of high, medium, or low severity. We also investigate privacy violations. We take part in appropriate actions will be taken after assessing the impact of the breach, including its severity.
- The right to lodge a complaint with the supervisory authority.
If you are a resident of Europe, GDPR applies to you. Additionally, if you want to make a complaint about the actions of Vitala Europe, to which we transfer Personal Data as we indicated in point 8, you can do so. Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them violates the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter referred to as "GDPR"). The supervisory authority, due to Aasa Health AB, is the Swedish Authority for Privacy Protection. More information you can find here: https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/
Your rights include:
- The right to know who is processing personal data, for what purpose and why.
You've been informed in point 1-5 above.
- The right to access the personal data held by an organisation free of charge, and to receive a copy in an accessible format.
We provide access to data within the limits and possibilities permitted by law. You can also contact us to verify what specific data we process.
- The right to object to an organisation processing personal data without consent, unless there is a higher priority public interest. The right to object at any time to direct advertising, i.e. advertising sent directly to the recipient.
Advertisements and offers from Vitala Group or one of the group companies are directed only to people who have given their consent.
- The right to have data corrected if they are incorrect, incomplete, or untrue when they are processed by an organisation. You can check and ask us what data we process at any time. We encourage you to update your information.
- The right to have data deleted, which is also referred to as the right to be forgotten. This right is applicable if a person’s data is no longer needed or is being processed illegally.
We have the right to refuse data deletion if we need this data to defend claims and disputes. We have provided detailed descriptions of the cases and the duration for which we process data for the purpose of establishing, investigating, or defending legal claims.
- The right to move data relates to when personal data is being used by a company following consent or agreement. In that case, the data can be returned or transferred to another company at the individual’s request. This is referred to as the right to “data portability”.
Within the limits permitted by law and technical possibilities, we will try to help. We reserve that in some cases it may not be possible to transfer data - e.g. if you would like the consent given to us together with the information we have collected (e.g. from a survey) to be transferred to another entity etc.
- The right to be informed of the loss of personal data means that an organisation that holds personal data must inform the Authority for Privacy Protection and/or Data Protection Authority (depending on the registered office) about any personal data breaches that entail a risk to the privacy of an individual. If the breach poses a high risk to an individual, the individual must also be informed in person.
Vitala Group has implemented a process for handling data breaches or privacy violations, including assessing the impact of such breaches, in accordance with ENISA guidelines. This allows us to determine whether a data breach is of high, medium, or low severity. We also investigate privacy violations. We take part in appropriate actions will be taken after assessing the impact of the breach, including its severity.
- The right to lodge a complaint with the supervisory authority.
If you are a resident of Europe, GDPR applies to you. Additionally, if you want to make a complaint about the actions of Vitala Europe, to which we transfer Personal Data as we indicated in point 8, you can do so. Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them violates the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter referred to as "GDPR"). The supervisory authority, due to Aasa Health AB, is the Swedish Authority for Privacy Protection. More information you can find here: https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/
7. Data recipients
We may share your personal information with the following categories of individuals/entities:
Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (“Business Partners”). Specifically, we may employ third-party companies and individuals to facilitate our Services, provide Serviceson our behalf, perform Service-related functions, or assist us in analyzing how our Services are used. Our Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but isnot limited to, the provision of services such as data hosting, IT services, customer services, and payment processing.
Our Advisors: We may share your Personal Data with third parties that provide advisory services to Vitala, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, “Advisors”). Personal Data will only be shared with Advisors if Vitala has a legitimate business interest in the sharing of such data.
Third Parties Upon Your Direction or Consent: You may direct Vitala to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify.
Third Parties Pursuant to Business Transfers: In the event of are organization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Vitala’s corporate entity, assets, or stock(including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party.
Government and Law Enforcement Authorities: If reasonable and necessary, we may share your Personal Data to (i) comply with legal processes or enforceable governmental requests, or as otherwise required bylaw; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms and Conditions; or(iii) bring legal action against someone who may be violating the Terms and Conditions or who may be causing intentional or unintentional injury or interference to the rights or property of Vitala or any third party, including other users of our Services.
Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (“Business Partners”). Specifically, we may employ third-party companies and individuals to facilitate our Services, provide Serviceson our behalf, perform Service-related functions, or assist us in analyzing how our Services are used. Our Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but isnot limited to, the provision of services such as data hosting, IT services, customer services, and payment processing.
Our Advisors: We may share your Personal Data with third parties that provide advisory services to Vitala, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, “Advisors”). Personal Data will only be shared with Advisors if Vitala has a legitimate business interest in the sharing of such data.
Third Parties Upon Your Direction or Consent: You may direct Vitala to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify.
Third Parties Pursuant to Business Transfers: In the event of are organization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Vitala’s corporate entity, assets, or stock(including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party.
Government and Law Enforcement Authorities: If reasonable and necessary, we may share your Personal Data to (i) comply with legal processes or enforceable governmental requests, or as otherwise required bylaw; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms and Conditions; or(iii) bring legal action against someone who may be violating the Terms and Conditions or who may be causing intentional or unintentional injury or interference to the rights or property of Vitala or any third party, including other users of our Services.
8. Profiling
We do not profile personal data. We do not use automated programs.
9. Transfer of data to third countries
The transfer of data to third countries takes place on the basis of the agreements we have signed. According to the provisions of the GDPR, each case of transferring personal data to a third country (outside the EEA) must be based on the appropriate legal basis for data processing. One of the mechanisms through which companies transfer personal data outside the EEA is the article 45 of GDPR. The European Commission has the power to determine, on the basis of article 45 of GDPR whether a country outside the EU offers an adequate level of data protection. The second way is the article 46.2.c of GDPR, so-called Standard Contractual Clauses (SCC). SCCs are template contracts that the European Commission has approved for use and permitted their application by issuing relevant decisions in this regard. Below are the entities we cooperate with and the appropriate legal basis for data transfer:
Name | Description |
---|---|
Twilio Inc. | SMS sending system Transfer outside EEA (phone number and first name) Article 45 of GDPR: EU-U.S. Data Privacy Framework . Moreover: Swiss-U.S. Data Privacy Framework , UK Extension to the EU-U.S. , Data Privacy Framework DPA: https://www.twilio.com/en-us/legal/data-protection-addendum Security: https://www.twilio.com/en-us/legal/security-overview Contact details: privacy@twilio.com |
Peaberry Software, Inc. | Email sending system Transfer outside EEA (email, phone and first name) Article 46.2.c of GDPR DPA: https://customer.io/wp-content/uploads/2023/10/Customer.io-Data-Processing-Agreement-2023-1.pdf Security: https://customer.io/legal/security/ Contact details: gdpr@customer.io |
Hubspot Inc. | Customer service system. Transfer outside EEA (CP and App user data: email, phone and first name) Article 46.2.c of GDPR DPA: https://legal.hubspot.com/dpa Security: https://legal.hubspot.com/security Contact details: privacy@hubspot.com |
10. Non-Discrimination
No one of company from Vitala Group does not process personal data in violation of state or federal laws prohibiting unlawful discrimination against consumers. Vitala does not discriminate against consumers for exercising their rights under the law, such as by denying services or benefits.
12. Sale or Sharing Personal Information
No one of company from Vitala Group does not sale your personal Data. With respect to the transfer of personal data as part of a group, we declare that access to personal data may be limited to a team from Vitala Europe to Vitala US.We inform you that we use the RB2B script, the purpose of which is to help increase the efficiency of using the Website. The service is limited to users from the territory of the USA (based on IP address verification). You can read in detail about how the script works here: https://support.rb2b.com/en/articles/8891294-how-does-rb2b-work.
You have the right not to agree to the script function. You can visit: https://app.retention.com/optout All US residents may exercise their right to opt-out by sending an email to support[at]retention.com withdrawing their consent to resell their personal information to third parties. They may authorize other persons to act on their behalf solely for the purposes of exercising their right to opt-out. The content of the email should include the email address of the person exercising the right to opt-out. Any personal information provided in the email in connection with the submission of the opt-out request will be used solely for the purposes of complying with the request.
You have the right not to agree to the script function. You can visit: https://app.retention.com/optout All US residents may exercise their right to opt-out by sending an email to support[at]retention.com withdrawing their consent to resell their personal information to third parties. They may authorize other persons to act on their behalf solely for the purposes of exercising their right to opt-out. The content of the email should include the email address of the person exercising the right to opt-out. Any personal information provided in the email in connection with the submission of the opt-out request will be used solely for the purposes of complying with the request.
13. Limit the Use or Disclosure of Sensitive Personal Information:
We generally do not collect sensitive personal information required by law or resulting from contracts or the provision of services.
14. Data Minimization
We only collect and use data that is adequate, relevant and limited to what is reasonably necessary to achieve the stated purpose.
15. Purpose limitation
Please be advised that Vitala does not process personal data for purposes that are not reasonably necessary or compatible with the specific purposes for which the Personal Data are processed. Personal Data is not processed for any additional purposes other than those indicated in the Privacy Policy (applies to Vitala activities).
Important notice: For CP and App users in the United States of America, the data controller is Vitala US. Detailed information can be found in the relevant Privacy Policy. For other CP and App users, Vitala Europe is the data controller. Detailed information can be found in the relevant Privacy Policy.
Important notice: For CP and App users in the United States of America, the data controller is Vitala US. Detailed information can be found in the relevant Privacy Policy. For other CP and App users, Vitala Europe is the data controller. Detailed information can be found in the relevant Privacy Policy.
16. Security Requirements
Vitala Group has established reasonable administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of Personal Data. We take reasonable measures to protect Personal Data from unauthorized access. Vitala Group conducts periodic assessments of data processing activities.
Vitala Group understands the importance of data confidentiality and security. We use a combination of reasonable physical, technical, and administrative security controls to (i) maintain the security and integrity of your personal data; (ii) protect against any threats or hazards to the security or integrity of your personal data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.
While Vitala Group uses reasonable security controls, WE CANNOT GUARANTEE OR WARRANT THAT SUCH TECHNIQUES WILL PREVENT UNAUTHORIZED ACCESS TOYOUR PERSONAL DATA. VITALA IS UNABLE TO GUARANTEE THE SECURITY ORINTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE ISNO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED,ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. YOU ASSUME THE RISK THAT UNAUTHORISED ENTRY OR USE, HARDWARE OR SOFTWARE FAILURE, AND OTHER FACTORS MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME. WE MAKE EVERY EFFORT TO ENSURE SUCH SITUATIONS DO NOT OCCUR.
Vitala Group understands the importance of data confidentiality and security. We use a combination of reasonable physical, technical, and administrative security controls to (i) maintain the security and integrity of your personal data; (ii) protect against any threats or hazards to the security or integrity of your personal data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.
While Vitala Group uses reasonable security controls, WE CANNOT GUARANTEE OR WARRANT THAT SUCH TECHNIQUES WILL PREVENT UNAUTHORIZED ACCESS TOYOUR PERSONAL DATA. VITALA IS UNABLE TO GUARANTEE THE SECURITY ORINTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE ISNO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED,ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. YOU ASSUME THE RISK THAT UNAUTHORISED ENTRY OR USE, HARDWARE OR SOFTWARE FAILURE, AND OTHER FACTORS MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME. WE MAKE EVERY EFFORT TO ENSURE SUCH SITUATIONS DO NOT OCCUR.
17. Consent Requirements
Expressing consent is free and voluntary. You can withdraw your consent at any time. You can contact us and your consent will be withdrawn. Attention. Withdrawal of consent does not mean that your data will be deleted. We have described that we have the right to process data for the purposes of establishing, pursuing or defending legal claims (e.g. to be able to prove when and what you have agreed to).
18. US States Data Privacy Laws
California: If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), from hereon referred to as CCPA.
Colorado: If you are a Colorado resident, the Colorado Privacy Act (CPA) applies.
Connecticut: If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) applies.
Delaware: If you are a Delaware resident, the Delaware Personal Data Privacy Act (DPDPA) applies.
Florida: If you are a Florida resident, the Florida Digital Bill of Rights (FDBR) applies.
Indiana: We do not process Personal Data of 100,000 Indiana residents. If so, the regulations will apply to the Indiana Consumer Data Protection Act (ICDPA).
Iowa: We do not process Personal Data of 100,000 Iowa residents. If so, the Iowa Consumer Data Protection Act (ICDPA) will apply.
Minnesota: We do not process Personal Data of 100,000 Minnesota residents. If so, the Minnesota Consumer Data Privacy Act (HF 4757 / SF 4782) will apply.
Montana: We do not process Personal Data of 50,000 Iowa residents. If so, the Iowa Consumer Data Protection Act (ICDPA) will apply.
New Hampshire: We do not process Personal Data of 35,000 New Hampshire residents. If so, the SB255 will apply.
New Jersey: We do not process Personal Data of 100,000 New Jersey residents. If so, the SB332 will apply.
Oregon: We do not process Personal Data of 100,000 Oregon residents. If so, the Oregon Consumer Privacy Act will apply.
Tennessee: Tenn. Code § 47-18-2107: If a security incident occurs that threatens the security, confidentiality or integrity of Personal Data, which includes name, surname, social security number, Vitala as a data processor takes appropriate steps to inform the data controller as soon as possible, no longer than 45 days . This situation will occur, for example, when the data encryption key is obtained, disclosed or used without permission. Notice to a consumer by HP as a data controller may not be enforced if HP is subject to the Gramm-Leach-Bliley Act (GLBA) or the Health Information Portability and Accountability Act (HIPAA). The regulations are applied appropriately. We do not process Personal Data of 175,000 Tennessee residents. If so, the Tennessee Information Protection Act (TIPA) will apply.
Texas: If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA).
Utah: We do not process Personal Data of 100,000 Utah residents. If so, the Utah Consumer Privacy Act (UCPA) will apply.
Virginia: We do not process Personal Data of 100,000 Virginia residents. If so, the Virginia Consumer Data Protection Act (VCDPA) will apply.
Colorado: If you are a Colorado resident, the Colorado Privacy Act (CPA) applies.
Connecticut: If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) applies.
Delaware: If you are a Delaware resident, the Delaware Personal Data Privacy Act (DPDPA) applies.
Florida: If you are a Florida resident, the Florida Digital Bill of Rights (FDBR) applies.
Indiana: We do not process Personal Data of 100,000 Indiana residents. If so, the regulations will apply to the Indiana Consumer Data Protection Act (ICDPA).
Iowa: We do not process Personal Data of 100,000 Iowa residents. If so, the Iowa Consumer Data Protection Act (ICDPA) will apply.
Minnesota: We do not process Personal Data of 100,000 Minnesota residents. If so, the Minnesota Consumer Data Privacy Act (HF 4757 / SF 4782) will apply.
Montana: We do not process Personal Data of 50,000 Iowa residents. If so, the Iowa Consumer Data Protection Act (ICDPA) will apply.
New Hampshire: We do not process Personal Data of 35,000 New Hampshire residents. If so, the SB255 will apply.
New Jersey: We do not process Personal Data of 100,000 New Jersey residents. If so, the SB332 will apply.
Oregon: We do not process Personal Data of 100,000 Oregon residents. If so, the Oregon Consumer Privacy Act will apply.
Tennessee: Tenn. Code § 47-18-2107: If a security incident occurs that threatens the security, confidentiality or integrity of Personal Data, which includes name, surname, social security number, Vitala as a data processor takes appropriate steps to inform the data controller as soon as possible, no longer than 45 days . This situation will occur, for example, when the data encryption key is obtained, disclosed or used without permission. Notice to a consumer by HP as a data controller may not be enforced if HP is subject to the Gramm-Leach-Bliley Act (GLBA) or the Health Information Portability and Accountability Act (HIPAA). The regulations are applied appropriately. We do not process Personal Data of 175,000 Tennessee residents. If so, the Tennessee Information Protection Act (TIPA) will apply.
Texas: If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA).
Utah: We do not process Personal Data of 100,000 Utah residents. If so, the Utah Consumer Privacy Act (UCPA) will apply.
Virginia: We do not process Personal Data of 100,000 Virginia residents. If so, the Virginia Consumer Data Protection Act (VCDPA) will apply.
COOKIES
You can manage your consent to cookies through the settings in the tool on the Website.
You can read about which specific cookies are attached to the RB2B script here: https://support.rb2b.com/en/articles/9307610-what-cookies-does-rb2b-store-on-a-visitor-s-device
You can read about which specific cookies are attached to the RB2B script here: https://support.rb2b.com/en/articles/9307610-what-cookies-does-rb2b-store-on-a-visitor-s-device
FINAL PROVISIONS
19. Privacy Policy Updates
We may modify this Privacy Policy from time to time. The document displayed on the Website applies. If you do not agree with the proposed changes, you should stop using the Website. We have no obligation to send you notices regarding changes to the Website. If you use the Website after the effective date, you will be bound by the updated terms of the Privacy Policy.
20. Language of the Privacy Policy
We would like to point out that the Privacy Policy is available in English and other languages. For other languages, we use machine translation from English. Machine translation may not be perfect, so in cases of dispute over interpretation, English (the source language of translation) shall prevail. Please remember that we always prioritise the welfare of our users, and no provisions will be interpreted to the detriment of the consumer within the meaning of the law.
21. Disclaimer
The content and materials contained on the Website are prepared with care. However, none of the companies within the Vitala Group can guarantee the correctness, completeness, and timeliness of the content and materials on the Website.
None of the companies within the Vitala Group are responsible, in particular, for content and materials that are not their property.In the case of services provided by companies within the Vitala Group that may involve storing customer data (hosting services), none of the companies within the Vitala Group supervise the transmitted data or stored information, nor do they investigate circumstances indicating unlawful activity.
However, this does not affect the obligations of the companies within the Vitala Group regarding the acceptance of reports of illegal information, removal, or blocking of the use of such information in accordance with legal regulations, especially the DSA. In the event of knowledge of legal violations, illegal information will be promptly removed, and none of the companies within the Vitala Group shall be liable for this.
None of the companies within the Vitala Group are responsible, in particular, for content and materials that are not their property.In the case of services provided by companies within the Vitala Group that may involve storing customer data (hosting services), none of the companies within the Vitala Group supervise the transmitted data or stored information, nor do they investigate circumstances indicating unlawful activity.
However, this does not affect the obligations of the companies within the Vitala Group regarding the acceptance of reports of illegal information, removal, or blocking of the use of such information in accordance with legal regulations, especially the DSA. In the event of knowledge of legal violations, illegal information will be promptly removed, and none of the companies within the Vitala Group shall be liable for this.
22. Liability for Links
The Website may contain hyperlinks leading to third-party websites. We do not control the information found there as we do not update these websites and are not responsible for them. The providers of these websites are always responsible for the content of the pages to which the links lead.
Vitala Europe makes efforts to check the content of links added to the Website. However, without specific indications of legal violations, we cannot be expected to constantly monitor the content of the pages to which the Website refers. If you notice a violation, please inform us.
Vitala Europe makes efforts to check the content of links added to the Website. However, without specific indications of legal violations, we cannot be expected to constantly monitor the content of the pages to which the Website refers. If you notice a violation, please inform us.
23. Responsibility for Damages or Lost Profits
Each of the Vitala Group companies is not liable for damages or lost profits related to the use of the Website within the limits permitted by law to the fullest extent possible. In cases where such liability is provided, the amount of this liability shall be 1 EUR unless the limitation cannot be applied.
In no event is the Website directed at consumers and is solely directed at adult individuals who, in connection with their business or profession, may be capable of making business decisions.In the event that one of company from Vitala Group liability cannot be completely limited, each of the Vitala Group companies shall be liable only for actual damages incurred in connection with the use of the Website (it is not liable for lost profits).
Each of the Vitala Group companies is under no obligation to pay any compensation for incidental or consequential damages, exemplary damages, damages for moral losses and secondary damages, damages for loss of profits, or damages resulting from loss of data or disruption of operations arising from the use or inability to use the Website, whether claims are based on warranty, contract, tort law, or other legal theory, and regardless of whether each of any Vitala Group companies has been informed of the possibility of such damages.
In no event is the Website directed at consumers and is solely directed at adult individuals who, in connection with their business or profession, may be capable of making business decisions.In the event that one of company from Vitala Group liability cannot be completely limited, each of the Vitala Group companies shall be liable only for actual damages incurred in connection with the use of the Website (it is not liable for lost profits).
Each of the Vitala Group companies is under no obligation to pay any compensation for incidental or consequential damages, exemplary damages, damages for moral losses and secondary damages, damages for loss of profits, or damages resulting from loss of data or disruption of operations arising from the use or inability to use the Website, whether claims are based on warranty, contract, tort law, or other legal theory, and regardless of whether each of any Vitala Group companies has been informed of the possibility of such damages.
24. Restrictions on Using the Website
If you use the Website, you may not engage in actions contrary to law and good customs, including (a) concealing information about trademarks; (b) infringing copyrights; (c) concealing the origin of information; (d) generating excessive burden on the Website; (d) injecting malicious code; (e) scanning Website vulnerabilities without informing Vitala Europe; (f) circumventing security; (g) making any copies of the Website or its parts; (h) posting false or misleading information about the Website or on the Website; (i) transmitting or attempting to transmit malicious software such as viruses, trojans, worms, time bombs, or other computer programming routines whose purpose is to destroy, disrupt, capture, or appropriate any Information, system, Website or infringe intellectual property rights or others; (j) using automated systems to collect or search for information on the Website.
You may not use the Website in a manner that may adversely affect the performance or operation of the Website or hinder access to the Website.
You may not use the Website in a manner that may adversely affect the performance or operation of the Website or hinder access to the Website.
25. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of Sweden. Any disputes or claims may be brought by the consumer and brought before the court having jurisdiction over the consumer's place of residence. A dispute may also be filed due to Vitala's Europe registered office.
We are open to all the needs of users and our customers. Therefore, please contact us first before you decide to take legal action. We believe that we will be able to find an amicable solution to the situation.
We are open to all the needs of users and our customers. Therefore, please contact us first before you decide to take legal action. We believe that we will be able to find an amicable solution to the situation.