Privacy Policy

On this page: Privacy Notice & Cookie Policy | CCPA | GDPR

Privacy Notice

Last modified: 2/5/25

Introduction

This Privacy Notice describes how Vita collects and uses personal data (“Personal Data”) about you through the use of our Website, and through email, text, and/or other electronic communications between you and Vita.

Vita Drip Corp (“Vita” or “we” or “us”) respects your privacy and is committed to protecting it through our compliance with this policy. For the sake of clarity, this Privacy Notice shall apply to all services offered by Vita via the Website, including, without limitation, our subsidiaries Viva Wellness and Worldwide Wellness IV, LLC.

This Privacy Notice (our “Privacy Notice”) describes the types of information we may collect from you or that you may provide when you visit our website and utilize our mobile app (collectively, the “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

on our Website;
in email, text, and other electronic messages between you and our Website; and
when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

us offline or through any other means, including on any other website operated by Vita or any third-party (including our affiliates and subsidiaries);
us or any of our affiliates or subsidiaries related to your or any other individual’s employment or potential employment with us; or
any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Website.

Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this Privacy Notice. This Privacy Notice may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates.

Children Under the Age of 18.

Our Website is not intended for children under the age of 18 and children under the age of 18 are not permitted to use our Website. We will remove any information about a child under the age of 18 if we become aware of it.

No one under age 18 may provide any information to or on the Website. We do not knowingly collect Personal Data from children under 18. If you are under 18, do not use or provide any information on our Website or on or through any of its features/register on the Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information directly from a child under 18, please contact us through our Website.

Information We Collect About You and How We Collect It.

We collect various types of information about you, including information that may directly identify you, information that is about you but individually does not personally identify you, and information that we combine with our other users. This includes information that we collect directly from you or through automated collection technologies.

Generally

We collect several types of information from and about users of our Website (“Personal Data”):

by which you may be personally identified, such as your first and last name, postal address, e-mail address, telephone number, or any other identifier by which you may be contacted online or offline;
that is about you but individually does not identify you, such as traffic data, location data, referring/exit pages, date and time of your visit to our Website, error information, clickstream data, and other communication data and the resources that you access and use on the Website; and/or
about your internet connection, the equipment you use to access our Website and usage details.

We collect this information:

directly from you when you provide it to us;
automatically as you navigate through the Website. Information collected automatically may include usage details, IP addresses, and information collected through cookies, and other tracking technologies; and
From third parties, for example, our business partners and service providers.

We allow you to create and log in to use our services via third party social media apps/services, including, but not limited to, the following (collectively, the “Third Party Social Media”):

Facebook
Instagram
X (formerly known as Twitter)

If you choose, at your sole discretion, to register through or otherwise grant us access to your Third Party Social Media account(s), we may collect personal data that is already associated with such Third Party Social Media account (s), such as your name, email address, activities and/or your contact list associated with that account.

You may also have the option of sharing additional information with us via your Third Party Social Media account. If you choose, at your sole discretion, to provide us with such information and personal data, during registration or otherwise, you hereby grant us permission to use, share, and store it in accordance with this privacy policy.

Information You Provide to Us

The information we collect on or through our Website are:

information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website;
records and copies of your correspondence (including email addresses), if you contact us;
your responses to surveys that we might ask you to complete; and
details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.

The Personal Data we collect from you is required to enter into a contract with Vita, for Vita to perform under the contract, and to provide you with our products and services. If you refuse to provide such Personal Data, then in some cases we may not be able to enter into the contract or fulfill our obligations to you under it.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns:

details of your visits to our Website. We collect traffic data, location data, referring/exit pages, date and time of your visit to our Website, error information, clickstream data, and other communication data and the resources that you access and use on the Website; and
Information about your computer and internet connection, i.e. your IP address, operating system, and browser type.

The information we collect automatically includes Personal Data, or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service by enabling us to:

estimate our audience size and usage patterns;
store information about your preferences, allowing us to customize our Website according to your individual interests;
speed up your searches; and
recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies).

A cookie is a small file placed on the hard drive of your computer. Our Website may use both session cookies (which expire once you close your browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Website. We only place cookies on your hard drive with your consent. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent.

However, if you do not consent to our use of cookies or select this setting, you may be unable to access certain parts of our Website. You can find more information about cookies at http://www.allaboutcookies.org.

We use both session and persistent cookies for the following purposes:

necessary / essential cookies (session cookies administered by us):

These cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

cookies policy / notice acceptance cookies (persistent cookies administered by us):

These cookies identify if users have accepted the use of cookies on the Website.

functionality cookies (persistent cookies administered by us):

These cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the Website.

tracking and performance cookies (persistent cookies administered by third parties):

These cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these cookies to test new pages, features or new functionality of the Website to see how our users react to them.

targeting and advertising cookies (persistent cookies administered by third parties):

These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show advertisements which we believe will be relevant to your interests while you are on third party websites.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Website are served by third-parties, including advertisers, service and content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

Special Categories of Information.

We may process some Personal Data considered sensitive when necessary to carry out our obligations under the law or to protect our legitimate interests.

Some Personal Data processed by Vita may be considered sensitive, including personal data that reveals your racial or ethnic origin, or personal data concerning your health. Vita processes this information only to the extent necessary to carry out its obligations under the law or to the extent necessary to protect Vita’s legitimate interests.

How We Use Your Information.

We use your Personal Data for various purposes described below, including to:

provide our Website for your usage;
provide you with information you request from us;
enforce our rights arising from contracts;
notify you about changes; and
provide you with notices about your account

We use information that we collect about you or that you provide to us, including any Personal Data:

to present our Website and its contents to you;
to provide you with information, products, or services that you request from us;
to provide you with notices about your account/subscription, including expiration and renewal notices;
to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
to notify you about changes to our Website or any products or services we offer or provide though them;
to administer to administer surveys, sweepstakes, promotions, and other contests ;
to send newsletters and other similar communications not specifically advertising your own goods and services ;
in any other way we may describe when you provide the information;
to fulfill any other purpose for which you provide it; and
for any other purpose with your consent.

We may also use your information to contact you about our own and third-parties’ goods and services that may be of interest to you.

Disclosure of Your Information.

We will not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Notice. We disclose your Personal Data to a few third parties, including:

our subsidiaries and our affiliates;
our third-party service providers that we use to support our business;
to a company we merge, acquire, or that buys us, or in the event of change in structure of our company of any form;
to comply with our legal obligations;
to enforce our rights; and
with your consent.

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Notice. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in this Privacy Notice:

to our subsidiaries and affiliates;
to contractors, service providers, and other third parties we use to support our business. These entities provide IT and infrastructure support services, payment processing services and marketing software. Our payment processors’ privacy policies may be found at http://stripe.com/us/privacy;
to a potential or actual buyer or other successor in the event of a planned or actual merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Vita’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Vita about our Website’s users is among the assets transferred;
to fulfill the purpose for which you provide it;
for any other purpose disclosed by us when you provide the information; and
with your consent.

We may also disclose your Personal Data:

to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
to enforce or apply our terms of use and service and other agreements, including for billing and collection purposes; and
if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Vita, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Your Rights Regarding Your Information and Accessing and Correcting Your Information.

You may have certain rights under applicable data protection laws, including the right to access and update your Personal Data, restrict how it is used, and the right to have us erase certain Personal Data about you. You also have the right to complain to a supervisory authority about our processing of your Personal Data.

Personal Data.

Applicable data protection laws may provide you with certain rights with regard to our processing of your Personal Data.

Access and Update.

You can review and change your Personal Data by logging into the Website and visiting your account page. You may also notify us through the Website’s contact form of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing but we have retained it as permitted by law.

Right to be Forgotten.

You have the right to request that we delete all of your Personal Data. We cannot delete your Personal Data except by also deleting your user account, and we will only delete your account when you have requested that we do so. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies.

You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.

How You May Exercise Your Rights.

You may exercise any of the above rights by contacting us through any of the methods listed on our Website. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.

Jurisdiction-Specific Privacy Rights.

The law in certain jurisdictions may provide their residents with additional rights regarding our use of your Personal Data.

The law in some jurisdictions may provide you with additional rights regarding our use of Personal Data.

To learn more about any additional rights that may be applicable to you as a resident of one of these states, please see the privacy addendum for your state that is attached to this Privacy Notice.

For Individuals Located within the European Economic Area:

If you are located in the European Economic Area, you have the additional rights described in out GDPR Website Privacy Addendum.

Your California Privacy Rights

If you are a resident of California, you have the additional rights described in the California Privacy Addendum.

Do Not Track Signals.

We may use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.

We also may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us. You can enable or disable “do not track” by visiting the preferences or settings page of your web browser.

Data Security.

We are committed to complying with all federal, state, and local laws, as well as applicable regulations, standards, and guidelines established by government agencies and accepted accrediting organizations. The security, integrity and confidentiality of your information are extremely important to us. We have implemented technical, administrative and physical security measures that are designed to protect user information from unauthorized access, disclosure, use and modification. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable. Based on the foregoing, we endeavor to provide a secure transmission method for you to send personal information, including:

Primary personal information (such as name and contact details)
Identifiers (such as social security numbers, credit card details, website password)
Specific personal information (such as survey information, racial or ethnic origin, religious beliefs, medical information)

While such secure transmission methods provide reasonable protections against unauthorized access, if you have concerns regarding the transmission of sensitive information (such as contact or medical information), you should consider using non-electronic communication methods.

We have implemented security policies, rules, and technical measures to protect the Personal Data that we have under our control from:

Unauthorized access
Improper use or disclosure
Unauthorized modification
Unlawful destruction or accidental loss

All of our employees and data processors who have access to, and are associated with, the processing of personal information are obliged to respect the confidentiality of our visitors’ personal information. In addition to the foregoing, we will use reasonable means to protect the privacy of your information sent by e-mail, SMS or other similar means of digital communication. However, because of the risks outlined hereunder, we cannot guarantee that digital communications will be confidential. Furthermore, we will not be liable in the event that you or anyone else inappropriately uses your e-mail. Based on the foregoing, we will not be liable for improper disclosure of your information that is not caused by our intentional misconduct.

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet or via mobile device, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Data Retention Periods.

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies). In some instances, we may keep it after you close your account, for example we may keep it:

on our backup and disaster recovery systems;
for as long as necessary to protect our legal interests; and
and to comply with other legal requirements.

We will retain your Personal Data for the entire time that you keep your account open. After you close your account, we retain your Personal Data indefinitely unless you request that we remove it. However, we will retain your Personal Health Information for 7 years, or until you request we remove it, whichever is longer.

Changes to Our Privacy Notice.

We will post any changes to our Privacy Notice on our Website. If we make material changes to our Privacy Notice, we may notify you of such changes through your contact information and invite you to review (and accept, if necessary) the changes.

We may change this Privacy Notice at any time. It is our policy to post any changes we make to our Privacy Notice on this page. If we make material changes to how we treat our users’ Personal Data, we will notify you through a notice on the Website’s home page. The date this Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Notice to check for any changes.

Contact Information.

If you wish to contact us, you may contact both us through the contact information below or through the contact page on our Website.

If you have any questions, concerns, complaints or suggestions regarding our Privacy Notice, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may contact us through the contact information below, or through our Website.

[Insert Contact Information]

ADDENDUM FOR CALIFORNIA RESIDENTS

This Privacy Notice Addendum for California Residents (the “California Privacy Addendum”) supplements the information contained in Vita’s Privacy Notice and describes our collection and use of Personal Information. This California Privacy Addendum applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”) and are subject to the California Consumer Privacy Act (the “CCPA”). Under the CCPA, you have the following rights:

The right to notice. You must be properly notified which categories of Personal Data are being

collected and the purposes for which the Personal Data is being used.

The right to access / the right to request. The CCPA permits you to request and obtain from us information regarding the disclosure of your Personal Data that has been collected in the past 12 months by us or our subsidiaries to a third party for the third party’s direct marketing purposes.
The right to say no to the sale of Personal Data. You also have the right to ask the we not to sell your Personal Data to third parties. You can submit such a request by contacting us or visiting our Website.
The right to know about your Personal Data. You have the right to request and obtain from the us information regarding the disclosure of the following:

The categories of Personal Data collected.
The sources from which the Personal Data was collected.
The business or commercial purpose for collecting or selling your Personal Data.
Categories of third parties with whom We share Personal Data.
The specific pieces of Personal Data we collected about you.

The right to delete Personal Data. You also have the right to request the deletion of your Personal Data that has been collected in the past 12 months.
The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your Consumer’s rights, including by:

Denying goods or services to you.
Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties.
Providing a different level or quality of goods or services to you.
Suggesting that you will receive a different price or rate for goods or services or a different
level or quality of goods or services.

Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes. If you’d like to request more information under the California Shine the Light law, and if you are a California resident, you can contact us using the contact information provided below.

Information We Will Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we collect, and over the prior twelve (12) months have collected, the following categories of personal information from our consumers:

Identifiers.

A real name, postal address, online identifier, Internet Protocol address, email address, account name, or

other similar identifiers.

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, address, telephone number, or any financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, or medical condition.

Commercial information.

Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Internet or other similar network activity.

Information on a consumer’s interaction with a website, application, or advertisement.

Geolocation data.

Physical location or movements.

Personal information does not include:

Publicly available information from government records.
Deidentified or aggregated consumer information.
Information excluded from the CCPA’s scope, like:

health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;

personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Use of Personal Information

We may use, or disclose the personal information we collect and, over the prior twelve (12) months, have used, or disclosed the personal information we have collected, for one or more of the following business or commercial purposes:

To fulfill the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
To provide, support, personalize, and develop our Website, products, and services.
To create, maintain, customize, and secure your account with us.
To process your requests, purchases, transactions, and payments and prevent transactional fraud.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
Debugging to identify and repair errors that impair existing intended functionality.
To administer surveys, sweepstakes, promotions, and other contests, and to send newsletters and other similar communications not specifically advertising our own goods and services.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described to you when collecting your personal information or as otherwise set forth in the CCPA.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Vita’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Vita about our Website users is among the assets transferred.

Vita will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sources of Personal Information

Vita obtains the categories of personal information listed above from the following categories of sources:

Directly from you. For example, from forms you complete or products and services you purchase.
Indirectly from you. For example, from observing your actions on our Website.

Sharing Personal Information

Vita may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract

Sales of Personal Information

As noted in our general Privacy Notice, we do not sell your personal information as the term “sell” is commonly understood to require an exchange for money. However, the California State Attorney General may issue guidance on whether the use of advertising and analytics cookies on our Website may be considered a “sale” of Personal Information as the term “sale” is broadly defined in the CCPA to include both monetary and other valuable consideration. Until such guidance has been issued, we continue to consider it a “sale” in order to be as transparent as possible with users of our Website and will comply with the restrictions of the “sale” of this information to the extent technologically feasible. This “sale” would be limited to our use of third-party advertising and analytics cookies and their use in providing you behavioral advertising and their use in understanding how people use and interact with our Website.

Exercising Access, Data Portability, and Deletion Rights

To exercise the right to know, data portability, and deletion rights described above, please submit a verifiable consumer request to us via our Website.

If you (or your authorized agent) submit a request to delete your information online, we will use a two-step process in order to confirm that you want your personal information deleted. This process may include verifying your request through your email address on record / calling you on your phone number on record (which may include an automated dialer) / sending you a text message and requesting that you text us a confirmation / sending you a confirmation through US mail.

If you fail to make your submission in accordance with the ways described above, we may either treat your request as if it had been submitted with our methods described above, or provide you with information on how to submit the request or remedy any deficiencies with your request.

Only you, or your agent that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, see Authorized Agents below. We may request additional information so we may confirm a request to delete your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. This may include: verifying your request through your email address on record / calling you on your phone number on record (which may include an automated dialer) / sending you a text message and requesting that you text us a confirmation / sending you a confirmation through US mail.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.

Authorized Agents

You may authorize your agent to exercise your rights under the CCPA on your behalf by registering your agent with the California Secretary of State. You may also provide your authorized agent with power of attorney to exercise your rights. If you authorize an agent, we may require that your agent provide proof that they have been authorized exercise your rights on your behalf. We may request that your authorized agent submit proof of identity We may deny a request from your agent to exercise your rights on your behalf if they fail to submit adequate proof of identity or adequate proof that they have the authority to exercise your rights.

Response Timing and Format

We will respond to a verifiable consumer request within ten (10) days of its receipt. We will generally process these requests within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any provided disclosures related to a Right to Know request will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Changes to This California Privacy Addendum

Vita reserves the right to amend this California Privacy Addendum at our discretion and at any time. When we make changes to this California Privacy Addendum, we will post the updated addendum on the Website and update the addendum’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this California Privacy Addendum, the ways in which Vita collects and uses your information described above and in the Privacy Notice, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us.

GDPR Website Privacy Addendum

Introduction.

This GDPR Website Privacy Addendum supplements the information contained in the Vita Website Privacy Notice and applies solely to all users of our Website who are located in the European Economic Area. Under the regulations of the General Data Protection Regulation (“GDPR”) of the EU you have certain rights as a “Data Subject.” This GDPR Website Privacy Addendum takes precedence over anything contradictory in our Privacy Notice.

As a Data Subject, your Personal Data includes your name, address, ID card/passport number, income, cultural profile, Internet Protocol (IP)_ address, and data held by a hospital or doctor (which uniquely identifies a person for health purposes).

Data Controller, Data Protection Officer, and Representative.

Vita is the data controller of the Personal Data you provide on the Website. Vita is not required to appoint a Data Protection Officer or a representative in either the European Union.

Vita is the data controller of your Personal Data. At this time, Vita is not required to appoint a Data Protection Officer or a representative in the European Union, and has elected not to do so, but may choose to do so in the future.

Lawful Basis for Processing Your Personal Data.

We have a lawful basis for our processing of your Personal Data, including processing for our legitimate interests (when balanced against your rights and freedoms), to fulfill our obligations to you under a contract with you, and required by law, and with your consent.

If you are in the European Union, the processing of your Personal Data is lawful only if it is permitted under the applicable data protection laws. We have a lawful basis for each of our processing activities (except when an exception applies as described below):

Use of Our Website. By using our Website, you consent to our collection, use, and sharing of your Personal Data as described in this Privacy Notice. If you do not consent to this Privacy Notice, please do not use the Website.
Legitimate Interests. We will process your Personal Data as necessary for our legitimate interests. Our legitimate interests are balanced against your interests and rights and freedoms and we do not process your Personal Data if your interests or rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between Vita and you; detect and correct bugs and to improve our Website; safeguard our IT infrastructure and intellectual property; process your requests, purchases, transactions, and payments; detect and prevent fraud and other financial crime; and promote, support, and market our business.
To Fulfill Our Obligations to You under our Contract. We process your Personal Data in order to fulfill our obligations to you pursuant to our contract with you to deliver our goods and services to you.
As Required by Law. We may also process your Personal Data when we are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.
Vital Interests/Public Interest. We may also process your Personal Data to protect your vital interests, and to carry out a task in the interest of the public.

Special Categories of Information.

We may process some Personal Data considered sensitive when necessary to carry out our obligations under the law or to protect our legitimate interests. Some Personal Data processed by Vita may be considered sensitive, including personal data that reveals your racial or ethnic origin or personal data concerning your health. Vita processes this information only to the extent necessary to carry out its obligations under the law or to the extent necessary to protect Vita’s legitimate interests.

Automated Decision Making.

You have the right not to be subject to a decision that is based solely on automated processing. We generally do not use your Personal Data with any automated decision-making processes. In such cases, we will inform you about the automated decision-making, give you the right to have the automated decision reviewed by one of our staff, and give you the opportunity to contest the automated decision.

Your Rights Regarding Your Information and Accessing and Correcting Your Information.

You may have certain rights under applicable data protection laws, including the right to access and update your Personal Data, restrict how it is used, transfer certain Personal Data to another controller, withdraw your consent at any time, and the right to have us erase certain Personal Data about you. You also have the right to complain to a supervisory authority about our processing of your Personal Data.

Applicable data protection laws may provide you with certain rights with regards to our processing of your Personal Data.

Access and Update. You can access and change your Personal Data by logging into the Website and visiting your account page. You may also notify us through our Website’s contact us form of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

Right to be Forgotten. You have the right to request that we delete all of your Personal Data. We cannot delete your Personal Data except by also deleting your user account, and we will only delete your account when you request that we do so or after a final determination that your Personal Data was unlawfully processed. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies. You also agree and acknowledge that we are not obligated to delete your Personal Data if (i) the processing is necessary to respect the freedom of expression and information, (ii) there are other reasons of public interest to store the personal data, such as public health or scientific and historical research purposes, and/or (iii) we need to store the personal data to establish a legal claim.

Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.

How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed on our Website. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.

Consent to Processing of Personal Data in the United States / In Other Countries Outside the European Economic Area.

We may process your Personal Data outside of your home country, including to the United States. We only do this when we are legally permitted to do so and when we have appropriate safeguards in place to protect your Personal Data.

If you are a resident of the European Economic Area (“EEA”), in order to provide our Website, products, and services to you, we may send and store your Personal Data outside of the EEA, including to the United States. Accordingly, your Personal Data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through the laws of the United States. By using our Website, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.

Your Personal Data is transferred by Vita to another country only if it is required or permitted under applicable data protection law and provided that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with this Privacy Notice when we transfer it to a third party, Vita uses Data Protection Agreements between Vita and all other recipients of your data that include, where applicable, the Standard Contractual Clauses adopted by the European Commission (the “Standard Contractual Clauses”). The European Commission has determined that the transfer of Personal Data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your Personal Data, but may need to be supplemented with additional measures on a case-by-case basis after an analysis that such supplemental measures can provide you with an essentially equivalent level of protection as afforded in the EU. When, as a result of this analysis, we believe this to be appropriate and necessary, these Standard Contractual Clauses have been supplemented in this way. Under these Standard Contractual Clauses, you have the same rights as if your data was not transferred to such third country. You may request a copy of the Data Protection Agreement by contacting us through our Website.

Data Breach.

A data breach occurs when your Personal Data is disclosed, either accidentally or unlawfully, to unauthorized recipients or is made temporarily unavailable or is altered. If a data breach occurs and the breach poses a risk to your rights and freedoms, we will promptly notify the relevant Data Protection Authority after becoming aware of such breach. If the data breach poses a high risk to those affected, we may also be required to inform all affected individuals.

Data Retention Periods.

We retain your Personal Data for as long as you keep your account open. In some instances, we may keep it after you close your account, for example we may keep it:

on our backup and disaster recovery systems;
for as long as necessary to protect our legal interests; and
to comply with other legal requirements.

Vita will retain your Personal Data for the entire time that you keep your account open. After you close your account, we retain your Personal Data until you request that we remove it. However, Personal Health Information is retained for 7 years, or until you request that we remove it, whichever is longer.

Changes to this GDPR Website Privacy Addendum.

Vita reserves the right to amend this GDPR Website Privacy Addendum at our discretion and at any time and at any time and as described in our Website Privacy Notice. When we make changes to this GDPR Website Privacy Addendum, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.