What information do we collect?
We collect information from you when you register on the site, place an order, enter a contest or sweepstakes, respond to a survey or communication such as e-mail, or participate in another site feature.
When ordering or registering, we may ask you for your name, e-mail address, mailing address, phone number, credit card information or other information. You may, however, visit our site anonymously.
We also collect information about gift recipients so that we can fulfil the gift purchase. The information we collect about gift recipients is not used for marketing purposes.
Like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our websites. Please refer to the "Do we use 'cookies'?" section below for information about cookies and how we use them.
How do we use your information?
We may use the information we collect from you when you register, purchase products, enter a contest or promotion, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
To personalise your site experience and to allow us to deliver the type of content and product offerings in which you are most interested.
To allow us to better service you in responding to your customer service requests.
To quickly process your transactions.
To administer a contest, promotion, survey or other site feature.
If you have opted-in to receive our e-mail newsletter, we may send you periodic e-mails. If you would no longer like to receive promotional e-mail from us, please refer to the "How can you opt-out, remove or modify information you have provided to us?" section below. If you have not opted-in to receive e-mail newsletters, you will not receive these e-mails. Visitors who register or participate in other site features such as marketing programs and 'members-only' content will be given a choice whether they would like to be on our e-mail list and receive e-mail communications from us.
How do we protect visitor information?
We implement a variety of security measures to maintain the safety of your personal information. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. When you place orders or access your personal information, we offer the use of a secure server. All sensitive/credit information you supply is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our databases to be only accessed as stated above.
Do we disclose the information we collect to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice, except as described below. The term "outside parties" does not include Vita Shakti Ltd or Angela Stringhini ND/MRN. It also does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
How can you opt-out, remove or modify information you have provided to us?
To modify your e-mail subscriptions, please let us know by modifying your preferences in the "My Account" section. Please note that due to email production schedules you may receive any emails already in production.
To delete all of your online account information from our database, sign into the "My Account" section of our site and remove your shipping addresses, billing addresses & payment information. Please note that we may maintain information about an individual sales transaction in order to service that transaction and for record keeping.
Third party links
In an attempt to provide you with increased value, we may include third party links on our site. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work).
Questions and feedback
We welcome your questions, comments, and concerns about privacy. Please send us any and all feedback pertaining to privacy, or any other issue.
Online Policy Only
Terms and Conditions
Please also visit our Terms of Services section establishing the use, disclaimers, and limitations of liability governing the use of our website.
More detailed information is provided below according to General Data Protection Regulation (GDPR)
Data privacy statement and GDPR Regulation
Our website may generally be used without providing personal data. Where personal data is collected on our sites (for instance name, address or email addresses), this is always done in so far as possible on a voluntary basis.
This data is not passed to third parties without your express agreement.
Please note that data transfer on the Internet (e.g. when communicating by email) can be subject to security vulnerabilities. It is not possible to protect data completely against access by third parties.
This data privacy notice explains the nature, extent and purpose of processing of personal data (hereinafter abbreviated to “data”) within our online offering and its associated websites, functions and content and on our external online presences, such as e.g. our social media profile (hereinafter collectively described as “Online Offering”). With regard to the terms used, such as e.g. “Processing” or “Controller” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Vita Shakti Ltd and Angela Stringhini ND/MRN
Types of Data processed:
– User data (e.g. name, addresses).
– Contact data (e.g. email, telephone numbers).
– Content data (e.g. text entries, photographs, videos).
– Usage data (e.g. websites visited, interest in contents, access times).
– Meta/communication data (e.g. device details, IP addresses).
Purpose of Processing
– Providing the Online Offering, Online sales and delivery, its functions and content.
– Responding to contact requests and communication with users.
– Security measures
– Measuring reach/marketing
“Personal data” are all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term has a broad meaning and covers practically every handling of data.
“Controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
We ask that you familiarise yourself regularly with the content of our data privacy notice. We will amend the data privacy notice whenever changes to the data processing carried out by us make this necessary. We shall inform you whenever your cooperation (e.g. consent) or another individual communication is required by reason of the changes.
Relevant legal basis
In accordance with Art. 13 GDPR we are advising you of the legal basis for our data processing. Where the legal basis is not stated in the data privacy notice the following shall apply: The legal basis of obtaining consents is Art. 6 para. 1 (a) and Art. 7 GDPR, the legal basis of processing for provision of our services and performance of contractual steps and responding to enquiries is Art. 6 para. 1 (b) GDPR, the legal basis for processing to comply with our legal obligations is Art. 6 para. 1 (c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 (f) GDPR. In the event that the vital interests of the data subject or of another natural person make the processing of personal data necessary, Art. 6 para. 1 (d) GDPR is the legal basis.
Cooperation with processors and third parties
Where during the course of our processing we disclose data to other persons and undertakings (processors or third parties), send data to these or otherwise give them access to the data, this shall occur solely on the basis of legal authority (e.g. where a transmission of the data to third parties, such as a payment service provider, in accordance with Art. 6 para. 1 (b) GDPR is necessary for the performance of the contract ), where you have given your consent, where it is required by reason of a legal obligation or on the basis of our legitimate interest (e.g. when using agents, webhosters, etc.).
Where we commission third parties to carry out the processing of data on the basis of a so-called “data processing contract”, this occurs on the basis of Art. 28 GDPR.
Transfers to third countries
Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or where this occurs in the course of the use of services of third parties or disclosure or transmission of data to third parties is made, this occurs only where it happens for the performance of our (pre-) contractual obligations, on the basis of your consent, by reason of a legal obligation or by reason of our legitimate interest. Subject to legal or contractual authorisations, we process data or have it processed in a third country only where the particular conditions of Art. 44 ff. GDPR are present. Those are that the processing takes place e.g. on the basis of guarantees such as the formally acknowledged confirmation of a data protection standard commensurate with that of the EU (e.g. for the USA the “Privacy Shield”) or compliance with formally acknowledged particular contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You have the right to request confirmation whether relevant data is being processed and to request details of this data and additional information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR you have the right to the completion of your data or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR you have the right to demand that data concerning you is erased without undue delay or alternatively in accordance with Art. 18 GDPR to demand restriction of processing of the data.
Under Art. 20 GDPR you have the right to receive the data concerning you that you have supplied to us and to require its transmission to another controller.
You also have the right under Art. 77 GDPR to lodge a complaint with the responsible supervisory authority.
Right of revocation
You have the right under Art. 7 para. 3 GDPR to withdraw consents given with future effect.
Right to object
You may at any time object to future processing of the data concerning you under Art. 21 GDPR. The objection can in particular be made against processing for the purposes of direct marketing.
Cookies and right to object in the case of direct marketing
“Cookies” are small text files that are stored on the user’s computer. Various details can be stored in cookies. A cookie is used primarily to store the details of a user (or the device on which the cookie is stored) during or also after his/her visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies” are cookies that are erased after a user leaves an online offering and closes his/her browser. In such a cookie for instance the content of a basket in an online shop or a login status can be stored. “Permanent” or “persistent” cookies are those that continue to be stored even after the browser has been closed. So for instance the login status can be stored where the users visit after several days. Similarly the user’s interests that are used for measuring reach or for marketing purposes can be stored in such a cookie. “Third Party cookies” are cookies that are offered by suppliers other than the controller that operates the online offering (otherwise if it is only the latter’s cookies these are called “First Party cookies”).
We can use temporary and permanent cookies and we explain this in our data privacy notice.
Where users do not want cookies to be stored on their computers, they are requested to deactivate the corresponding option in the system settings of their browsers. Stored cookies can be erased in the system settings of the browser. The suspension of cookies can result in limitations in the functionality of this Online Offering.
Removal of Data
The data processed by us are removed in accordance with Art. 17 and 18 GDPR or their processing is restricted. Save where otherwise expressly provided in this data privacy notice, the data stored by us will be erased once they are no longer required for their intended purpose and there are no legal obligations of retention preventing erasure. Where the data are not erased because they are required for other and legally permissible purposes, their processing will be restricted. That means the data are blocked and not processed for other purposes. That applies e.g. for data that must be retained on commercial law or tax law grounds. Every country has a specific regulation on how long the data should be kept. In UK it follows the professional regulation and we shall keep your data on a secure system as long as it is deemed necessary for the progress of your treatment, at which point I will delete it.
In addition we process
– Contract data (e.g. subject matter of contract, term, customer category).
– Payment data (e.g. bank account, payment history) of our customers, stakeholders and business partners for the purposes of providing contractual services, service and customer care, marketing, advertising and market research.
The hosting services used by us (Wix) serve the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purposes of operating this Online Offering.
In the course of this we or our hosting supplier process User Data, Contact Data, Content Data, Contract Data, Usage Data, Meta and Communications Data of customers, stakeholders and visitors to this Online Offering on the grounds of our legitimate interest in efficient and secure provision of this Online Offering pursuant to Art. 6 para. 1 (f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing contract).
Collection of access data and log files
Based on our legitimate interest in accordance with Art. 6 para. 1 (f) GDPR we or our hosting supplier collect data on every access to the server on which this service is located (so-called server log files). Included in the access data are the name of the website accessed, date and time of access, volume of data transferred, report on successful access, browser type and version, user’s operating system, referrer URL (previously visited site), IP address and requesting provider.
Log file information is stored on security grounds (e.g. for intelligence on abusive or fraudulent activities) for a maximum period of 7 days and then erased. Data required to be retained for evidence purposes are excepted from erasure pending final clarification of the respective incident.
On making contact with us (e.g. by contact form, email, telephone or via social media) the user’s details are processed in order to handle the contact enquiry and for its management in accordance with Art. 6 Abs. 1 (b) GDPR. The user’s details can be stored in a customer relationship management system (“CRM System”) or similar enquiry management system.
We erase the enquiries when these are no longer required. We check the need for retention every two years; statutory archiving obligations also apply.
Google is certified under the Privacy Shield arrangement and via this offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the usage of our Online Offering by the users, to compile reports on activities within this Online Offering and to provide further services to us in connection with the use of this Online Offering and the Internet use. In the course of this pseudonymised user profiles can be created from the processed data.
We use Google Analytics only with activated IP anonymisation. This means that the IP user’s address is abbreviated by Google within the Member States of the European Union or in other states that are a party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there.
The IP address transmitted by the user’s browser will not be merged with other data by Google. Users can prevent the storage of cookies using a corresponding setting on their browser software; users can also prevent the capture on Google of the data generated by the cookie and relating to their use of the Online Offering and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
You will find further information on data use through Google, settings and objection options in the Google data privacy notice (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
The user’s personal data are erased or anonymised after 14 months.
Data protection provisions for deployment and use of YouTube
The controller of the processing has integrated components of YouTube into this Internet site. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users, similarly free of charge, to view, rate and comment on these.
YouTube allows the publication of all types of videos, thus not only complete film and television transmissions, but also music videos, trailers or videos made by users themselves can be accessed on the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For each request to one of the individual pages of this Internet site operated by the controller of the processing and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information–technological system of the data subject is automatically instructed by the respective YouTube component to download a representation of the corresponding YouTube component. You can access further information on YouTube at www.youtube.com/yt/about/en/. In the course of this technical process YouTube and Google learn which actual subpage of our Internet site is visited by the data subject.
Where the data subject is logged in to YouTube at the same time, YouTube identifies on the opening of the subpage that contains a YouTube video, the actual subpage of our Internet site that the data subject is visiting. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google then always receive information via the YouTube components that the data subject has visited our Internet site if the data subject is logged in to YouTube at the same time as visiting our Internet site; this occurs regardless whether the data subject clicks on a YouTube video or not. If the data subject does not want such transmission of this information to YouTube and Google, he/she can prevent transmission by logging out of their YouTube account before visiting our Internet site.
The data protection provisions published by YouTube retrievable at https://policies.google.com/privacy?hl=en&gl=de give information on the collection, processing and use of personal data by YouTube and Google.
Integration of services and content of third parties
We include in our Online Offering on the basis of our legitimate interest (i.e. interest in the analysis, optimisation and commercial operation of our Online Offering within the meaning of Art. 6 para. 1 (f) GDPR) content or service offerings of third party suppliers in order to integrate their content and services, such as e.g. videos or fonts (hereinafter uniformly described as “Content”).
This always assumes that the third party suppliers of this Content are aware of the user’s IP address, since they could not send the Content to their browser without the IP address. The IP address is thus required to display this Content. We try to use Content only from suppliers who only use the IP address to deliver the Content. Third party suppliers can also use so-called pixel tags (invisible graphics, also termed “web beacons”) for statistical or marketing purposes. Using the “pixel tags” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the user’s device and contain inter alia technical information on the browser and operating system, referring websites, visit time and other details of the use of our Online Offering, as well as being linked with such information from other sources.
We integrate the fonts (“Google Fonts”) of the supplier Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: https://www.google.com/policies/privacy/, Opt out: https://adssettings.google.com/authenticated.
We integrate the maps of the “Google Maps” service of the supplier Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. There can be included in the processed data in particular the user’s IP addresses and location data, but these are not collected without their consent (generally given in the course of the settings on their mobile devices). The Data can be processed in the USA. Data privacy statement: https://www.google.com/policies/privacy/, Opt out: https://adssettings.google.com/authenticated.
Data protection advice for application process
We process applicant data only for the purpose and in the course of the application process in compliance with the statutory provisions. The processing of applicant data is carried out to perform our (pre-) contractual obligations in the course of the application process within the meaning of Art. 6 para. 1 (b) GDPR and Art. 6 para. 1 (f) GDPR to the extent the data processing is necessary for us e.g. in the course of legal proceedings
The application process requires the applicant to send us the applicant data. The applicant data required are identified where we offer an online form, but otherwise are derived from the job descriptions and generally include the details of person, post and contact addresses and the application documents, such as letter, CV and references.
In addition applicants may volunteer further information. On the transmission of the application to us, the applicants agree to the processing of their data for the purposes of the application process in the nature and scope provided by this data privacy notice. Where in the course of the application process particular categories of personal data within the meaning of Art. 9 para. 1 GDPR are provided voluntarily, their processing is carried out also in accordance with Art. 9 para. 2 (b) GDPR (e.g. health data, such as e.g. severe disability or ethnic origin).
Where in the course of the application process particular categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested of applicants, their processing is also carried out in accordance with Art. 9 para. 2 (a) GDPR (e.g. health data, where this is required for their professional activity). Where provided, applicants can transmit their applications using an online form on our website. The data are then transferred to us encrypted in accordance with the state of the art.
In addition applicants can transmit their applications to us via email. In this case however we ask you to note that emails cannot be sent encrypted and the applicant them self must arrange encryption. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend rather the use of an online form or submission by post. Since in place of applications using the online form and email the applicant also has the option of sending us the application by post. The data provided by the applicants can in the event of a successful application be processed further by us for the purposes of the employment relationship. Otherwise, in so far as the application does not result in a job offer, the applicant’s data is erased.
The applicant’s data are similarly erased if an application is withdrawn, which the applicant has the right to do at any time. The erasure is carried out, subject to a justified withdrawal by the applicant, on the expiry of a period of six months, so that we can answer any follow-up questions concerning the application and satisfy our obligations to provide evidence under the Federal Equal Treatment Act. Invoices for any travel expenses reimbursement are archived in accordance with the tax law requirements.