Privacy policy

Last update: 16 August 2024

This Privacy Policy describes how Brandix AG (Vitomalia) (the "Site", "we", "us" or "our") collects, uses and discloses personal information when you visit vitomalia.com (the "Site"), use our services, make a purchase there, or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" refer to you as a user of the Services, whether you are a customer, a Site visitor or any other person whose information we have collected pursuant to this Privacy Policy.

Please read this privacy policy carefully.

Changes to this privacy policy

We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last Updated" date, and take any other steps required by law.

How we collect and use your personal data

In order to provide the Services, we collect personal information about you from various sources and have collected over the past 12 months as set out below. The information we collect and use varies depending on how you interact with us.

In addition to the specific uses listed below, we may use the information we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and protect or defend the Services, our rights and the rights of our users or others.

What personal data do we collect?

The type of personal information we obtain about you depends on how you interact with our website and use our services. When we use the term "personal information", we are referring to information that identifies you, relates to you, describes you or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information that we collect directly from you

The information you provide to us directly through our services may include

  • Contact details including your name, address, telephone number and e-mail address.
  • Order information including your name, billing address, delivery address, payment confirmation, e-mail address and telephone number.
  • Account information including your username, password, security questions and other information used for account security.
  • Shopping information including items you view, add to your shopping basket, save to your account (e.g. loyalty points, reviews, recommendations or gift cards) or purchases.
    • Saved loyalty points/product reviews/recommendations/gift cards
  • Customer support information, including information that you include in your communications with us, such as when you send a message through the Services.

Some features of the Services may require you to provide certain information about yourself directly to us. You may choose not to provide this information, but this may result in you not being able to use or access these features.

Information we collect about your use

We may also automatically collect certain information about your interaction with the Services ("UsageData"). We may use cookies, pixels and similar technologies ("Cookies") for this purpose. Usage Data may include information about how you access and use our Site and your account, including device information, browser information, your network connection information, your IP address and other information about your interaction with the Services.

Information received from third parties

Finally, we may receive information about you from third parties, including vendors and service providers who collect information on our behalf, for example:

  • Companies that support our website and services, such as Shopify.
  • Our payment processors who collect payment information (e.g. bank account, credit or debit card information, billing address) to process your payment, fulfil your orders and provide you with the products or services you have requested in order to perform our contract with you.
  • When you visit our website, open or click on emails we send you, or interact with our services or adverts, we or third parties we work with may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third party libraries and cookies.

Any information we receive from third parties will be treated in accordance with this privacy policy. See also the section below, Third party websites and links.

How we use your personal data

  • Providing products and services. We use your personal information to provide you with the Services and perform our contract with you, including processing your payments, fulfilling your orders, sending you notifications regarding your account, purchases, returns, exchanges or other transactions, creating, maintaining and otherwise managing your account, organising shipping, facilitating returns and exchanges, and other features and functionality related to your account. We may also enhance your shopping experience by allowing Shopify to match your account with other Shopify services you may wish to use, in which case Shopify will process your information in accordance with its Privacy Policy and Consumer Privacy Policy.
  • Marketing and advertising. We may use your personal data for marketing and advertising purposes, for example to send marketing and advertising messages by email, SMS or post and to show you advertisements for products or services. This may include using your personal data to better customise the services and advertising on our website and other websites. If you are located in the EEA, the legal basis for these data processing activities is our legitimate interest in selling our products in accordance with Art. 6, para. 1 (f) GDPR.
  • Security and fraud prevention. We use your personal data to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. If you choose to use the Services and register an account, you are responsible for the security of your account credentials. We strongly recommend that you do not share your username, password or other login information with anyone. If you believe that your account has been compromised, please contact us immediately. If you are located in the EEA, the legal basis for these data processing activities is our legitimate interest in ensuring the security of our website for you and other customers, pursuant to Art. 6, para. 1 (f) GDPR.
  • Communication with you and service improvement. We use your personal data to provide you with customer support and to improve our services. This is in our legitimate interest to be able to respond to you, to provide you with effective services and to maintain our business relationship with you, in accordance with Art. 6, para. 1 (f) GDPR.

Cookies

Like many websites, we use cookies on our website. Specific information about the cookies we use in connection with the provision of our shop via Shopify can be found at https://www.shopify.com/legal/cookiesWe use cookies to operate and improve our website and services (including storing your actions and preferences), to perform analytics and to better understand user interaction with the services (in our legitimate interest to administer, improve and optimise the services). We may also allow third parties and service providers to use cookies on our website to better customise the services, products and advertising on our website and other websites.

Most browsers automatically accept cookies by default, but you can set your browser to remove or reject cookies through your browser controls. Please note that removing or blocking cookies may affect your user experience and may cause some of the Services, including certain features and general functionality, to not function properly or to become unavailable. In addition, blocking cookies may not completely prevent us from sharing information with third parties, such as our advertising partners.

Please note that although your browser, like many websites, allows the transmission of a "Do Not Track" signal, our website is not designed to respond to such signals. Further information on "Do Not Track" signals can be found at http://www.allaboutdnt.com/.

How we share personal data

In certain circumstances, we may disclose your personal data to third parties for the purposes of contract fulfilment, legitimate purposes and for other reasons subject to this Privacy Policy. These circumstances may include:

  • with providers or other third parties who provide services on our behalf (e.g. IT management, payment processing, data analysis, customer support, cloud storage, order fulfilment and shipping).
  • with business and marketing partners to provide you with services and to advertise to you. Our business and marketing partners use your data in accordance with their own privacy policies.
  • When you instruct, request or otherwise give us your consent to share certain information with third parties, for example to send you products or through your use of social media widgets or login integrations, and with your consent.
  • with our subsidiaries or otherwise within our group of companies, in our legitimate interest to run a successful business.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with all applicable legal obligations (including responding to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights and the rights of our users or others.

In the last 12 months, we have disclosed: the following categories of personal data and sensitive personal data about users for the purposes set out above under "How we collect and use your personal data" and "How we disclose personal data":

Category Categories of recipients
  • Identifiers such as basic contact details and certain order and account information
  • Personal information categories listed in the California Customer Records law, such as basic contact information and certain order and account information
  • Commercial information such as order information, purchasing information and customer support information
  • Internet or other similar network activities, such as usage data
  • Geolocalisation data, e.g. locations determined via an IP address or other technical aids
  • Providers and third parties who provide services on our behalf (such as internet service providers, payment processors, fulfilment partners, customer support partners and data analytics providers)
  • Business and marketing partners
  • Affiliates

We do not use or publish your personal data without your consent or for the purpose of drawing conclusions about you.

With your consent, we pass on personal data for the purpose of carrying out advertising and marketing activities as follows.

Third party websites and links

Our website may contain links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions. We make no warranty or representation regarding the privacy or security of such websites, including the accuracy, completeness or reliability of any information found on such websites. Information you provide in public or semi-public places, including information you share on third-party social networking platforms, may also be viewable by other users of the Services and/or users of such third-party platforms, without restriction as to use by us or third parties. Our inclusion of such links does not automatically constitute an endorsement by us of the content of such websites.

Data from children

The Services are not intended for use by children and we do not knowingly collect personal data from children. If you are a parent or guardian of a child who has provided us with personal data, you can contact us using the contact details below and request that we delete this data.

As of the effective date of this Privacy Policy, we have no actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under the age of 16.

Security and storage of your data

Please note that no security measures are perfect or impenetrable and we cannot guarantee "perfect security". In addition, the information you send us may not be secure during transmission. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on a number of factors, including whether we need the information to administer your account, provide the Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.

Your rights

Depending on where you live, you may have some or all of the rights set out below in relation to your personal data. However, these rights are not absolute and only apply in certain circumstances. In certain cases, we may refuse your request to the extent permitted by law.

  • Right of access/information: You may have the right to request access to the personal data we hold about you, including details of how we use and share your data.
  • Right to erasure: You may have the right to request the erasure of the personal data we hold about you.
  • Right to rectification: You may have the right to request the correction of inaccurate personal data that we hold about you.
  • Right to portability: You may have the right to obtain a copy of the personal data we hold about you and, in certain circumstances and with certain exceptions, to request the transfer of that data to a third party.
  • Right to object to sale, onward transfer or targeted advertising: You may have the right to instruct us not to "sell" or "share" your personal data or to object to the processing of your personal data for purposes that are considered "targeted advertising" under applicable data protection laws. Please note: If you visit our website with the "Global Privacy Control" opt-out preference signal enabled, depending on your location, we will automatically treat this as a request to object to the "sale" or "sharing" of information for the device and browser you use to visit the website.
  • Restriction of processing: You may have the right to ask us to stop or restrict the processing of your personal data.
  • Withdrawal of consent: If we rely on your consent to process your personal data, you may have the right to withdraw this consent.
  • Right to appeal: If we refuse to process your claim, you may have the right to appeal against our decision, which you can do by responding directly to our refusal.
  • Manage communication preferences: We may send you promotional emails and you can opt out of receiving these emails at any time by using the unsubscribe option shown in our emails to you. If you unsubscribe, we may still send you non-promotional emails, for example about your account or orders.

You can exercise these rights as indicated on our website or by contacting us using the contact details below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before we can provide a substantive response to the request. Under applicable law, you may designate an authorised representative to make requests on your behalf to exercise your rights. Before we accept such a request from a representative, we will require them to provide proof that you have authorised them to act on your behalf. We may also need to confirm your identity directly with us. We will respond to your request in a timely manner as required by applicable law.

Complaints

If you have any complaints about the way we process your personal data, please contact us using the contact details below. If you are not satisfied with our response to your complaint, depending on where you live, you may have the right to appeal our decision by contacting us using the contact details below or by lodging your complaint with your local data protection authority. For the European Economic Area (EEA), you can find a list of the relevant data protection supervisory authorities here.

International users

Please note that we may transfer, store and process your personal data outside the country in which you live and that your personal data may also be processed by employees and external service providers and partners in these countries.

When we transfer your personal data to countries outside Europe, we rely on recognised transfer mechanisms such as the European Commission's standard contractual clauses or equivalent contracts from the relevant UK authority, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Contact us

If you have any questions about our privacy practices or this privacy policy, or if you wish to exercise any of the rights to which you are entitled, please call or email us at support@vitomalia.com or contact us at Grammetstrasse 14, Liestal 4410, CH.

In accordance with the applicable data protection laws and unless expressly stated otherwise, we are the controller of your personal data.