Buy more, save more – Save up to 20% discount
The protection of your personal data is an issue we take very seriously. Therefore, your personal data is always strictly confidential and processed in accordance with legal data protection regulations, as well as this data protection declaration.
This privacy policy applies to all personal data processed by the VitaminExpress LLC, with its registered office at 17 State Street, Battery Park, New York, NY 10004, USA, acting as conjoint data controllers under the GDPR (hereafter called ‘Data Controller’).
The Data Controller places great importance on your privacy and processes your personal data in accordance with the European Regulation 2016/679 of April 27, 2016, regarding the protection of natural persons concerning the processisng of personal data (hereinafter referred to as "GDPR"), as well as any future or additional legislation implementing it, where applicable.
For further questions or comments regarding how we handle your personal data, you can always contact us, either by email at privacy@visionhealthcare.eu or by mail to the aforementioned postal address.
Our Data Protection Officer (DPO), Mr. Franklin BV – www.misterfranklin.be, can also be reached using the same contact information (please specify "Attention: DPO").
The processing of personal data (hereinafter referred to as ‘data’) includes any handling of data that can identify you as a natural person. You can find information about the specific data involved in this Privacy Policy. The term ‘processing’ is very broad and encompasses activities such as collecting, storing, using your data, or sharing it with third parties.
Below, we clarify the types of data that we may process from you. We may receive the following data either directly or indirectly from you.
We receive personal data directly from you when you make a purchase from one of the companies belonging to the Vision Healthcare group, when you contact one of these companies, or when you contract as a service provider/supplier with one of the companies within the group.
It is also possible that we receive your personal data indirectly, through third parties. In such cases, these personal data are not provided directly by you to one of the companies belonging to the Vision Healthcare group. You may have given a third-party permission to further disclose your personal data to other parties, including one of the companies within the Vision Healthcare group.
3.1.1. Data customer account
It is possible to create a personal customer account through this website, which allows for placing orders, making purchases, and keeping track of purchase history. By creating such a customer account, you provide the data controller with the following information:
3.1.2. Data when placing an order without an account
However, it is not required to create an account to place an order. When such an order is placed, the following customer data is processed:
3.1.3. Data when contacting customer service
For inquiries, complaints, comments, etc., you can always contact the customer service of the company. When you contact our customer service, we process the following data:
3.1.4. Data in the context of after-sales services, contests, and other promotional activities
Customer friendliness, optimal customer experience, and service are highly valued by Vision Healthcare NV. In the context of these activities, the data controller processes the following data:
The Vision Healthcare group and all companies belonging to this group engage external service providers and suppliers for various services/products. In this context, the data controller processes the following personal data from these suppliers/service providers:
We may process the following additional data from prospective employees, which will largely depend on the data you choose to provide to us in the context of your job application:
When you visit our website as a customer or non-customer, the following personal data may be processed, depending on your own personal preferences:
Personal data is processed exclusively within the framework of the company, specifically for the following purposes:
We process your data for the purposes described below and collect and process no more or no other types of data than those necessary for these purposes. We process your data only to the extent based on one of the legal grounds listed in the GDPR, as outlined below.
Legal obligation
Certain data is processed by us to comply with legal or regulatory obligations imposed on us. For example, within the scope of tax and accounting obligations or data protection.
Necessary for the Performance of the Contract:
Certain data is processed by us because it is necessary for entering into, performing, or terminating a contract with you as the data subject. For example, for contacting, scheduling, responding to a request, or obtaining information in the context of entering into a contractual relationship, as well as for the actual execution of the contractual task within the framework of our main activity, in order to provide you with our services or receive services from you.
Legitimate interest
Certain data is processed by us based on our legitimate interest, which, in specific cases, outweighs any potential detriment to your rights. For example, for the following purposes:
Consent
Certain data is processed by us based on your consent. For example, for the following purposes:
Most of the data we process from you has been obtained directly from you. Within the scope of our services. It is possible that we obtain data from you through external service providers or public sources. You can always contact us for more information about the sources of our data about you.
We do not share your data with third parties unless it is strictly necessary for the purposes mentioned above or if we are legally obliged to do so.
The company Vision Healthcare NV and each individual enterprise that is part of the Vision Healthcare group act as conjoint data controllers. Personal data processed by the enterprises that are part of the Vision Healthcare Group may be shared within the Group to the extent that the sharing of such personal data is based on a legal processing basis provided for in Article 6 of the GDPR and to the extent that such sharing aligns with one of the processing purposes as indicated in this privacy policy.
Where necessary, we rely on external service providers (processors) to support our operational purposes such as the management of our websites and IT systems. These external service providers may, where applicable, perform certain data processing on our behalf. We will only share your data with these external service providers to the extent necessary for the respective purpose. They are not allowed to use the data for other purposes. Furthermore, these service providers are contractually bound to ensure the confidentiality of your data through a 'data processing agreement' concluded with these parties."
Specifically, this means that we share your data, as relevant in your situation, with the following third parties for the following purposes, where these third parties, in certain cases, act as processors on our behalf:
We do not retain your data for longer than necessary for the purpose for which the data was collected or processed. Since the duration for which data may be retained depends on the purposes for which the data was collected, the storage period may vary in each situation. Sometimes, specific legislation may require us to retain data for a certain period. Our retention periods are always based on legal requirements and a balance of your rights and expectations with what is useful and necessary for fulfilling the purposes. After the retention period expires, your data will be deleted or anonymized."
We implement appropriate security measures on a technical and organizational level to prevent, within the scope of our activities, the destruction, loss, falsification, alteration, unauthorized access, or unlawful disclosure to third parties, as well as any other unauthorized processing of this data.
Furthermore, we also ensure that the processors we engage with also implement appropriate security measures to minimize the risks of incidents as much as possible.
If your data, when using specific services or software tools, is processed outside the European Economic Area (EEA), this will only occur in/to countries for which the European Commission has confirmed that they guarantee an adequate level of protection for your data, or measures will be taken to ensure the lawful processing of your data in these third countries.
You have various rights concerning the data we process about you. If you wish to exercise any of the following rights, please contact our GDPR representative using the contact details provided in the first section of this Privacy Policy.
Right of Access and Copy:
You have the right to access your data and obtain a copy of it. This right also includes the ability to request further information about the processing of your data, including the categories of data processed about you and the purposes for which this is done.
Right of Rectification: You have the right to have your data rectified if you believe that we hold inaccurate data.
Right to Erasure (Right to Be Forgotten):
You have the right to request that we erase your data without undue delay. However, we may not always be able to fulfill such a request, particularly when we still need the data for an ongoing contract or when keeping certain data for a specified period is legally required.
Right to Restriction of Processing:
You have the right to restrict the processing of your data. This temporarily suspends the processing until, for example, its accuracy is confirmed.
Right to Withdraw Your Consent:
When processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive from us via email based on your consent, you can easily withdraw this consent by clicking on the unsubscribe link at the bottom of such a message.
Right to Object:
You have the right to object to the processing of your data based on legitimate interest. This must be done based on specific reasons related to your situation. You can also object to the use of your data for direct marketing. In marketing emails, there will always be an opt-out option provided.
Right to Data Portability:
You have the right to obtain your data, which you provided to us with your consent or in the performance of a contract, in electronic form. This allows them to be easily transferred to another organization. You also have the right to request us to transmit your data directly to another organization, where technically feasible.
Right to Lodge a Complaint with Your Supervisory Authority:
If you believe that we are processing your data in an incorrect manner, you always have the right to lodge a complaint with your data protection supervisory authority.
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
E-Mail: poststelle@bfdi.bund.de
You can exercise your rights by contacting us, either by email at privacy@visionhealthcare.eu. It is possible that we will ask you to provide us some documentation to prove your identity. Those documents will only be used to comply to your request in accordance with the GDPR.
We reserve the right to change this Privacy Policy. The most recent version is always available on our websites. You can find the date on which this Privacy Policy was last modified at the top. In the event of a substantial change to the Privacy Policy, we will inform those affected, if possible, directly.
By using SSL on the entire website, we provide the most secure shopping experience possible. Our software encrypts your personal data with up to 2048 bit SSL (Secure Socket Layer) before it is transmitted, which offers a very high level of security.
You can recognize an encrypted connection in the browser's address bar; it changes from 'http://' to 'https://' and you'll be able to see a lock icon in your browser line. When SSL encryption is enabled, your transmitted data cannot be read by third parties.
Personal data is information that can be used to identify a natural person and includes contact information. We receive your personal data when you contact us, shop with us, register for the eNewsletter, or write a product or shop review.
We only collect and store those aspects of your personal data which are specifically required to respond to your questions, inform you and process your orders. In addition, we use anonymised data, which is saved by our software and analysis tools, to improve our products and offerings.
In addition, we use anonymous data that stores our software and the analysis tools we use to improve our website and our offerings.
You may view and change the personal information in your customer account at any time, to keep it up to date. Simply log in to your customer account. Here you will find all personal data stored by us.
For security reasons, we do not display payment information in your customer account. Please contact us if you have questions regarding personal data, or if you wish to delete your customer account. Please note that we are not allowed to delete orders that have been completed, including the invoices generated from them, due to legal regulations.
We retain personal data only as long as it is necessary to comply with the purposes described in this data protection declaration, unless a longer retention period is required, or permitted, in accordance with legal regulations.
Information provided by users and customers of this website is very important to us, as we cannot process an order or optimise our offer without it. Consequently, it is not in our interest to pass data on to third parties. We only pass data on to service providers, who fulfill certain tasks on our behalf, within the scope of activities described here.
In order for you to receive your parcel quickly and safely, we contract a wide variety of fulfillment and parcel delivery agents, such as DHL, UPS, Austrian Post and Collissimo, who process orders and transport the parcels from our shipping warehouse to your home address. These companies only receive your shipping address, your mail address and, if necessary, your phone number.
In order to provide you with the best possible customer service, we work with experienced customer service and call center agencies. They accept your telephonic orders and contact you if there are any queries. The staff has access to all customer data which is required to fulfill an order or to answer customer questions.
In order to keep you well-informed, we send our email newsletter via platforms that are specialised in delivering e-mails professionally and securely. These companies save the email address and the name of the subscriber for the personal address for sending our e-mails. In order to make the e-mails as relevant as possible for you, we also include personal information that you give us when you are active or shop on our website. You can unsubscribe at any time in the footer of our newsletter with just one click.
We use different service providers to send out catalogs and letters. We only pass names and addresses on to these companies.
When you send us a message via the contact form, your details, including the contact details you provided, will be stored in our system for purposes of processing. We do not pass this data on to third parties.
Depending on the payment method, different information is forwarded to payment services and banks.
To monitor whether our website is working smoothly, and to ensure that we are constantly improving our offering and services, we utilize various analysis platforms, such as Google Analytics and the Google search console. Here, anonymous data relating to our website usage is transferred and evaluated. This data helps us to improve our offering and services. Personal data, such as your name, address and payment information are not relevant for these analyses and are therefore not recorded.
We use your interaction with our website so serve interest-based ads that may be relevant to you. However, we do not use information that directly identifies individuals (such as name or email) to serve interest-based ads or remarketing. To show the most relevant product recommendation, we work with search engines, advertisers, publishers, social media networks and ad serving companies. Furthermore, we also use this information to provide you with the most relevant shopping experience on our website.
We have contractual agreements with these companies, which regulate the use of your data. These service providers only have access to those aspects of the personal data they need to perform their tasks. They may not use the data for any other purpose. In addition, they are obligated to handle all information in accordance with this data protection declaration and the relevant data protection laws.
It could be that parts or our entire business will be sold in the future. In this case, customer data is usually transmitted to the buyer as part of the transaction in order to continue the business properly. In this unlikely event all affected customer information will remain subject to the privacy policy described here.
Our software automatically stores information in so-called server log files, which your browser automatically transmits to us. These are:
This data cannot be identified with, or assigned to specific people. This data is not merged with other data sources. We reserve the right to check this data retrospectively if specific indications of illegal use come to our attention.
Our website uses so-called cookies. They make our website more user-friendly, more effective and more secure. Cookies are small text files that are stored by your browser.
Most of the cookies we use are so-called 'session cookies'. They will be deleted automatically after you leave the website. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit our site.You can set your browser so that you receive information about cookie settings in order to allow cookies only for specific functions, accept cookies only in certain cases, generally disable cookies, and/or enable the automatic deletion of cookies when closing the browser. When disabling cookies, some features of our website may be restricted.
Your assigned password for our website, which you set when you create your customer account, is saved using an asymmetric encryption method. This means that your password is not saved as normal text and is therefore not legible to anyone. We cannot read your password either, and therefore cannot send it to you.
If you forget your password, you can create a new password at any time by clicking on the Forgot password? link, then enter the email address with which you opened your customer account. You will then receive an email with a page link, where you can enter your new password.
We use CRM Ads from the provider Emarsys Schweiz GmbH, Stauffacherstrasse 45, 8004 Zurich, Switzerland. Data protection declaration: https://www.emarsys.com/de/privacy-policy.
Emarsys CRM Ads is used to occasionally send you advertisements that we believe are most relevant to you. This feature allows us to show you ads based on your preferences as part of a certain group of people. For this purpose, we do not forward any of your personal data, such as name or email address, to such third-party networks. These networks only receive a unique identifier or a non-personal checksum (hash value). At the end of the comparison, all uploaded hash values are deleted again.
We use Facebook Audience Manager and Google Customer Match to create such custom audiences. You can manage your privacy settings regarding the use of mentioned tools on the privacy tab of your account with the relevant third-party provider.
Google Customer Match is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Website: https://www.google.com. Privacy Policy: https://policies.google.com/privacy . Further information on the scope of the collection and the further processing and use of the data by Google Customer Match can be found at: https://support.google.com/adwordspolicy/answer/6299717?hl=de. You can edit the settings for personal data and privacy under Google “My Account”: https://myaccount.google.com/intro?hl=de.
Our website uses cookies/advertising IDs for advertising purposes. This allows us to show our advertising to visitors who are interested in our products on partner websites, apps and emails. Retargeting technologies use cookies or advertising IDs and display advertisements based on your previous browsing behavior. Insofar as conclusions about personal data result from the use of the aforementioned service, the legal basis for this is Article 6 (1) sentence 1 lit. f GDPR.
To opt-out of this interest-based advertising, please visit the following websites:
http://www.networkadvertising.org/choices/
http://www.youronlinechoices.com/
We may exchange information such as technical identifiers from your registration information on our website or our CRM system with reliable advertising partners. This allows your devices and/or environments to be linked and offer you a seamless user experience with the devices and environments you use. For more details on these linking capabilities, please refer to the privacy policy found on the aforementioned platforms or the explanations below.
You will also find the Criteo opt-out function in Criteo's data protection policy: https://www.criteo.com/de/privacy.
To display our Trusted Shops quality seal and, if applicable, the collected reviews, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops Trustbadge is integrated on this website.
This serves to safeguard our predominant legitimate interests in optimal marketing of our offer within the scope of a balancing of interests. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the Trustbadge is called up, the web server automatically stores a so-called server logfile, which includes, for example, your IP address, date and time of access, transferred data volume, and the requesting provider (access data) and documents the access. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
These access data are not evaluated and are automatically overwritten at the latest seven days after the end of your visit to the site.
Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered for use. In this case, the contractual agreement made between you and Trusted Shops applies.
We use plugins for the social media networks: Facebook, Instagram and Twitter on our website, as well as for the online video portal YouTube
When a user calls up a web page for one of the social media networks which contain a plugin, their browser establishes a direct connection to the social media network's servers. The content of the plugin is transmitted directly from the social media network to your browser and integrated into the website. Vitamin Express, therefore, has no influence on the extent of the data collected by social media networks via plugins, and informs users accordingly, to the best of their knowledge:
By incorporating the plugins, the social media networks receive the information that a user has called up a specific page and offering. If the user is logged into a particular social media network, that network is able to assign the site visit to his/her account. When users interact with the plugins, for example, if they press the 'like' button or leave a comment, the information is transmitted from your browser directly to the social media network and stored there. If a user is not yet a member of the social media network, there is still a possibility that this network will recognize and store the user's IP address. In Germany, according to Facebook, for example, only an anonymized IP address is stored.
To find out more about the purpose and scope of the data collection, further processing and use of the data by the social media network, as well as user rights and privacy settings protecting your personal privacy, please refer to the data protection information supplied the respective social media network.
If a user is already a registered social media network user, and does not want the social media network to collect data about him/her via the Vitamin Express website, linking it with his/her existing data, s/he must log out of the social media network before visiting the website.
Our website uses plugins from the Google-powered YouTube page. If you visit one of our sites which have a YouTube plugin, you will be connected to the YouTube servers. This tells the YouTube server which of our pages you have visited.
If you are logged in to your YouTube account, it will allow YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Please find the data protection notices of the respective social networks:
Vitamin Express does not offer or sell any products to minors. Products intended for children may only be purchased by adults. If you are not yet 18 years old, you may only buy products from us, together with a parent or guardian.
If you have any questions about any of the privacy or data protection issues, please contact us via our contact form.