This Privacy Notice describes how your personal information is collected and used by Vita London Ltd, a private company registered in England and Wales with company no. 10166895 and with registered office at 46 Nova Road, Croydon, England, CR0 2TL, trading under the name © ViTA (hereinafter “We” or “ViTA”).
Any personal information of yours as well as the information of the devices you use to access to our services through our website https://eatvita.co.uk shall be considered in this notice as your “personal data”.
According to the current General Data Protection Regulations, We are the Data Controller of the personal data We collect from you and therefore We are legally responsible for the collection, use, and processing of such data. Our aim is to respect and protect all of your personal data in accordance with the applicable current data protection regulations.

What kind of personal data We collect:

Upon accessing our website, you are asked to provide information about yourself including your full name, your contact details, your home address and delivery address, order details and preferences, and payment information such as credit or debit card information.
Through our website, we also collect information about the devices you use to access our services, including information about your browser, IP address, and regarding certain cookies installed on your device. For a full Cookies Policy of our Website, and any information on how to disable cookies please see here.

Why We collect your personal data:

We mainly collect your personal data so as to provide you with the services you have requested, as fulfilling your deliveries orders and receiving payments for our supplies. In this case, our lawful basis for collecting and processing your personal data is that We are under a legal obligation to do so and your personal data shall be used for creating a record of your orders and for complying with the legal and regulatory obligations We are subject because of our trading.
Also, We may collect some of your personal data, as your email address, in order to send newsletters and inform you of our new products or offers. In this case, We process and hold your personal data just because We have received your consent to do so.

Who can access your Personal Data:

Please notice that We do not sell, hire or distribute any of your personal data to any third party. However, some of your personal data may be shared with other service providers and suppliers in limited circumstances as long as it may be necessary for the provision and conclusion of the services you have requested. Particularly, third parties include payment service providers and IT service providers. All of these service providers and suppliers are based in the EU and are subject to the same data protection policies as We are. Particularly, We may share some of the personal information We collect from you with our service provider, Mail Chimp, whose privacy policy is available here, or with our Hosting Provider, UK2, whose privacy policy is available here.
Finally, please note that our payment system is provided by a high security PayPal platform external to our website. This is the only circumstance in which some of your personal data may be communicated outside of the EU/EAA.

For how long We retain your personal data:

Our servers and digital registers are based in United Kingdom and We will retain your personal data as long it may be necessary for the uses listed above.
If your data are held and processed on a lawful basis related to the provisions of our services, those shall be retained for the period specifically required by the applicable regulations, laws and regulatory reporting purposes. At the end of each prescribed period, We shall cancel any personal data which is no longer necessary to retain.
Any personal data handled and held on a consent basis only, such as for sending newsletters and information of our new products or offers, shall be cancelled, upon your request, by simply unsubscribing from our mailing list. In this case, We undertake to immediately communicate to any third party We may have shared some of your information with, that the Consent has been withdrawn and that any personal data shared, where permitted by their own privacy policy, must be cancelled as well.

What measures of security We adopt to keep your personal data safe

We adopt appropriate technical and organisational security measures to protect your Personal Data against loss and to guard against access by unauthorised persons. All the personal data We collect and handle are saved into a db MySQL provided by UK2 on a WordPress platform. The access to this data is protected by high security level identifications plugins.

How to exercise your rights

Pursuant to the new GDPR, you may exercise certain rights in regard to the personal data We collect and process. Please do not hesitate to get in touch with us should you want to exercise one of the followings:
Right to be informed. This is your right to be provided with clear, transparent and easily understandable information about how We use your information and your rights.
Right of access. This is your right to obtain access to your information. For example, this includes the right to check that We’re using your information in accordance with data protection law.
Right to rectification. You are entitled to have your information amended and/or implemented if it is inaccurate or incomplete.
Right to be forgotten. You are entitled to request the deletion or removal of certain of the information that We hold about you.
Right to restrict processing. This right enables you to ‘block’ or ‘suppress’ further use of your personal data. When processing is restricted, We may be still able to store your personal data, but will not use it further.
Right to data portability. You have the right to receive a copy of your personal data in an accessible and transferable format so that you can use it across other service providers.
Right to issue a complaint. You have the right to issue a complaint regarding how We process your information with the national data protection authority (https://ico.org.uk/).
Right to withdraw consent. If you have given your consent to anything We do with your personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not, however, make unlawful our use of your personal data while consent had been given.
Right to object to processing. You have the right to object to certain kind of processing, including processing for direct marketing and advertising.

How to get in touch

If you wish to exercise any of these rights, please get in touch with our nominated representative for the purpose of the GDPR, Ms. Roberta Amaltelli, by e-mail at r.almatelli@eatvita.co.uk or by post at 46 Nova Road, Croydon, England, CR0 2TL.