Privacy Policy

Legal Documents

Privacy Policy

Last updated: March 2026  ·  Vitalix — vitalixeurope.com

This Privacy Policy describes how Vitalix collects, uses and protects the personal data of users in accordance with the European General Data Protection Regulation (GDPR — EU Reg. 2016/679) and applicable legislation.

1. Data Controller

The Data Controller is Vitalix, reachable via the contact form available at vitalixeurope.com/contact or at the email address indicated in the Contact section of the website.

2. Types of Data Collected

Vitalix collects the following categories of personal data:

Data provided directly by the user:

  • First and last name
  • Email address
  • Shipping and billing address
  • Phone number (optional)
  • Payment data (processed securely by PCI-DSS certified third-party providers)

Data collected automatically during browsing:

  • IP address
  • Browser type and device used
  • Pages visited and time spent
  • Browsing data via cookies (see Cookie Policy)

3. Purposes and Legal Bases for Processing

Personal data is processed for the following purposes:

  • Performance of the sales contract — processing orders, managing payments, shipping and after-sales support. Legal basis: performance of a contract (Art. 6.1.b GDPR).
  • Legal and tax obligations — issuing invoices and mandatory communications to competent authorities. Legal basis: legal obligation (Art. 6.1.c GDPR).
  • Service improvement — anonymous statistical analysis of website usage. Legal basis: legitimate interest (Art. 6.1.f GDPR).
  • Marketing and promotional communications — sending newsletters and commercial offers, only with explicit consent. Legal basis: consent (Art. 6.1.a GDPR).

4. Processing Methods and Security

Personal data is processed using electronic and paper tools, adopting adequate technical and organisational security measures to prevent unauthorised access, loss, destruction or unlawful disclosure of data.

In particular, Vitalix uses:

  • HTTPS protocol with SSL certificate for all data transmissions
  • PCI-DSS compliant payment systems — card data is never stored on our servers
  • Access to data limited to authorised personnel only

5. Communication and Data Sharing

Vitalix does not sell, transfer or disclose users’ personal data to third parties for their own purposes. Data may be communicated exclusively to:

  • Couriers and shipping companies — for order delivery (name, address, phone)
  • Payment providers — for secure transaction processing (e.g. PayPal, Stripe)
  • Web analytics services — in anonymous and aggregated form (e.g. Google Analytics)
  • Competent authorities — in case of legal obligation or law enforcement request

All third parties receiving personal data act as Data Processors and are bound by contractual agreements in compliance with the GDPR.

6. Transfer of Data Outside the EU

Some of the service providers used by Vitalix may transfer data outside the European Economic Area (EEA). In such cases, Vitalix ensures that such transfers take place in compliance with GDPR provisions, through standard contractual clauses approved by the European Commission or other equivalent guarantee mechanisms.

7. Data Retention

Personal data is retained for the time strictly necessary for the purposes for which it was collected:

  • Order data — retained for 10 years for tax and legal obligations
  • Customer account data — retained until account deletion or deletion request
  • Browsing data — retained for a maximum of 26 months
  • Marketing data — retained until consent is withdrawn

8. User Rights

In accordance with the GDPR, every user has the right to exercise the following rights at any time:

✓ Right of access Obtain confirmation that your data is being processed and receive a copy of it.
✓ Right of rectification Correct inaccurate or incomplete data relating to you.
✓ Right to erasure Request the deletion of your data (“right to be forgotten”).
✓ Right to restriction Request the restriction of processing of your data in certain cases.
✓ Right to portability Receive your data in a structured, machine-readable format.
✓ Right to object Object to the processing of your data for marketing purposes.

To exercise any of these rights, you can send a request via the contact form at vitalixeurope.com/contact. Vitalix will respond within 30 days of receiving the request.

If the response is unsatisfactory, the user has the right to lodge a complaint with the relevant Data Protection Authority in their country of residence.

9. Cookies and Tracking Technologies

Vitalix uses essential technical cookies for the operation of the website and, with the user’s prior consent, analytical and profiling cookies. For detailed information on the cookies used and how to manage preferences, please consult our Cookie Policy.

10. Minors

The vitalixeurope.com website is intended exclusively for adults (18 years of age or older). Vitalix does not knowingly collect personal data from minors. Should we become aware of data collected from minors, we will proceed with its immediate deletion.

11. Changes to This Policy

Vitalix reserves the right to update this Privacy Policy at any time. Changes will be published on this page with the update date indicated. In the case of substantial changes, registered users will be notified by email.

We recommend checking this page periodically to stay up to date on how personal data is processed.

12. Contact

For any questions relating to this Privacy Policy or to exercise your rights, you can contact us via: