Privacy policy

PRIVACY POLICY 

Vitalgong s.r.o.

Last Updated: December 18, 2025

1. INTRODUCTION

Vitalgong s.r.o. (“we,” “us,” “our,” or “Company”), with registered office at Balbínova 1093, Hlavní město Praha, 120 00, Czech Republic (Registration Number: 23669918, Business Register), operates this website and related services to provide you with a curated shopping experience for wellness and specialty products (the “Services”).

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR), the Czech Personal Data Protection Act of 2019, and other applicable data protection laws.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described herein.

2. DATA CONTROLLER INFORMATION

For purposes of applicable data protection laws, Vitalgong s.r.o. is the data controller of your personal information.

Contact Details:

  • Company: Vitalgong s.r.o.
  • Address: Balbínova 1093, Hlavní město Praha, 120 00, Czech Republic
  • Email: info@vitalgong.com
  • Website: www.vitalgong.com
  • Registration Number (IČO): 23669918

If you have questions about our privacy practices or wish to exercise your rights regarding your personal information, please contact us using the details above.

3. PERSONAL INFORMATION WE COLLECT OR PROCESS

3.1 Definition of Personal Information

Personal information refers to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you.

3.2 Categories of Personal Information Collected

Depending on how you interact with the Services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal information:

Contact Information:

  • Your name, address, billing address, shipping address, phone number, and email address

Financial Information:

  • Credit card, debit card, and financial account numbers
  • Payment card information
  • Financial account information
  • Transaction details and payment confirmation
  • Other payment details

Account Information:

  • Username and password
  • Security questions
  • Account preferences and settings

Transaction Information:

  • Items you view, add to cart, add to wishlist, or purchase
  • Returns, exchanges, and cancellations
  • Your past transaction history

Communications with Us:

  • Information included in communications with customer support
  • Messages you send to us

Device and Connection Information:

  • Information about your device, browser, and network connection
  • Your Internet Protocol (IP) address
  • Device identifiers and unique identifiers
  • Device operating system and type

Usage Information:

  • Information regarding your interaction with the Services
  • How and when you use or navigate the Services
  • Browsing history and behavior on our website
  • Time spent on pages

Location Information:

  • Your approximate geographic location (derived from IP address or other sources)
  • This helps us provide region‑specific services and comply with applicable laws

Cookies and Similar Technologies:

  • Information collected through cookies, pixels, web beacons, and similar tracking technologies
  • Your browsing preferences and behavior

4. SOURCES OF PERSONAL INFORMATION

We may collect personal information from the following sources:

4.1 Directly from You

  • When you create an account or register
  • When you visit or use the Services
  • When you communicate with us (via email, phone, contact forms, customer support)
  • When you submit information voluntarily
  • When you make purchases or transactions

4.2 Automatically Through the Services

  • Through your device when you use our products or services
  • Through our website when you access it
  • Through cookies and similar tracking technologies
  • Through web server logs
  • Through analytics tools

4.3 From Our Service Providers

  • Payment processors and financial institutions
  • Shipping and logistics providers
  • Cloud hosting and storage providers
  • Customer support platforms
  • Email service providers
  • Marketing and advertising partners
  • Data analytics providers

4.4 From Our Partners and Third Parties

  • Business partners and affiliates
  • Marketing partners
  • Social media platforms (if you use social login features)
  • Publicly available sources
  • Third parties engaged to provide services on our behalf

4.5 From Shopify

The Services are hosted by Shopify, which may collect personal information about your access to and use of the Services. Shopify is our data processor and operates under a Data Processing Agreement.

5. LAWFUL BASES FOR PROCESSING PERSONAL INFORMATION

Under the GDPR and Czech Personal Data Protection Act, we process your personal information only where we have a lawful basis to do so. Our lawful bases for processing include:

5.1 Consent (Article 6(1)(a) GDPR)

  • We obtain your explicit consent for certain types of processing, particularly for marketing communications and non‑essential cookies.
  • You may withdraw your consent at any time by contacting us.

5.2 Performance of a Contract (Article 6(1)(b) GDPR)

  • Processing is necessary to provide the Services and fulfill your purchase orders.
  • Processing your contact and payment information to execute transactions.
  • Arranging shipping and managing returns or exchanges.

5.3 Compliance with Legal Obligations (Article 6(1)(c) GDPR)

  • Processing necessary to comply with legal, regulatory, or tax obligations.
  • Responding to valid legal requests from law enforcement or government agencies.
  • Maintaining records as required by Czech commercial and tax law.

5.4 Protection of Vital Interests (Article 6(1)(d) GDPR)

  • Processing necessary to protect your vital interests or those of another person.

5.5 Performance of a Task in the Public Interest (Article 6(1)(e) GDPR)

  • Processing for purposes carried out in accordance with public interest obligations, where applicable.

5.6 Legitimate Interests (Article 6(1)(f) GDPR)

We process your personal information for legitimate business purposes, including:

  • Fraud Prevention and Security: Detecting, investigating, and preventing fraudulent, illegal, unsafe, or malicious activity; protecting our Services and customers.
  • Customer Relationship Management: Maintaining and improving our relationship with customers and enhancing our services.
  • Direct Marketing: Sending promotional materials to existing customers (subject to applicable ePrivacy regulations).
  • Business Operations: Internal administration, system testing, and data analysis.
  • Website Optimization: Improving the user experience and functionality of our Services.
  • Legal Defense: Establishing, exercising, or defending legal claims.

Before relying on legitimate interests, we conduct a balancing test to ensure our interests do not override your rights and freedoms.

6. HOW WE USE YOUR PERSONAL INFORMATION

6.1 Providing and Improving the Services

We use your personal information to:

  • Provide you with the Services and fulfill orders.
  • Process your payments and financial transactions.
  • Create and maintain your account.
  • Remember your preferences and items of interest.
  • Send you account notifications and transaction confirmations.
  • Arrange for shipping and delivery of products.
  • Process returns, exchanges, and refunds.
  • Enable you to post reviews and provide feedback.
  • Create a customized shopping experience.
  • Troubleshoot and resolve technical issues.
  • Improve the Services based on your usage and feedback.

6.2 Marketing and Advertising

We use your personal information for:

  • Sending marketing, advertising, and promotional communications via email, SMS, or postal mail.
  • Displaying targeted advertisements for products and services.
  • Showing personalized recommendations based on your purchase history and browsing behavior.
  • Conducting market research and surveys.
  • Creating advertising campaigns and measuring their effectiveness.

We will not send marketing communications without your prior consent, unless you are an existing customer and have not opted out. You may opt out of marketing communications at any time using the unsubscribe option provided in our emails or by contacting us directly.

6.3 Security and Fraud Prevention

We use your personal information to:

  • Authenticate your account and prevent unauthorized access.
  • Detect, investigate, and prevent fraudulent, illegal, unsafe, or malicious activity.
  • Protect public safety and the security of our Services.
  • Verify your identity and perform identity checks.
  • Implement security measures and conduct security testing.
  • Monitor for threats to our infrastructure.

6.4 Communicating with You

We use your personal information to:

  • Provide customer support and respond to your inquiries.
  • Send you administrative information and updates.
  • Maintain our business relationship with you.
  • Notify you of changes to our policies or Services.
  • Resolve complaints and disputes.

6.5 Legal and Compliance Purposes

We use your personal information to:

  • Comply with applicable laws and regulations.
  • Respond to valid legal processes, court orders, and government requests.
  • Participate in civil discovery or litigation.
  • Enforce our Terms of Service and other policies.
  • Investigate potential violations of our policies or laws.
  • Protect the rights, property, and safety of our Company, customers, and the public.

6.6 Business Operations and Analytics

We use your personal information to:

  • Conduct data analysis and research.
  • Generate business intelligence and reports.
  • Track usage patterns and trends.
  • Segment customers for targeted services.
  • Maintain records and documentation.
  • Evaluate new features and service improvements.

7. DISCLOSURE OF PERSONAL INFORMATION

We do not sell your personal information. However, in certain circumstances, we may disclose your personal information to third parties as follows:

7.1 Service Providers and Data Processors

We disclose personal information to third‑party service providers and data processors who perform services on our behalf, including:

  • Payment processors.
  • Shipping and logistics providers.
  • Cloud storage and IT infrastructure providers.
  • Email and communications providers.
  • Customer support platforms.
  • Data analytics providers.
  • Marketing and advertising partners.

All service providers are contractually bound to process your personal information only as instructed and in accordance with GDPR and applicable data protection laws.

7.2 Business and Marketing Partners

We may share your information with business and marketing partners to:

  • Provide marketing services and display targeted advertisements.
  • Support personalized advertising on our Services and other websites.
  • Conduct joint marketing initiatives.
  • Deliver co‑branded services or offerings.

Our partners must use your information in accordance with their own privacy policies and applicable law.

7.3 Shopify

The Services are hosted by Shopify Inc. and its affiliates. Shopify collects and processes personal information to provide and improve the Services. Your information may be transmitted to Shopify and third parties for:

  • Hosting and infrastructure.
  • Data processing and analytics.
  • Enhanced features and services.
  • Fraud prevention and security.

Shopify acts as a data processor under a Data Processing Agreement with us. Shopify may also use certain data for its own legitimate purposes. For more information about Shopify’s data practices, please see the Shopify Privacy Policy at www.shopify.com/legal/privacy.

7.4 User‑Directed Disclosures

We may disclose your information when you:

  • Request or direct us to do so.
  • Use social media login or integration features.
  • Authorize third parties to access your information.
  • Participate in co‑branded services or promotions.

7.5 Affiliates and Corporate Group

We may share personal information within our corporate group and with our affiliates for purposes consistent with this Privacy Policy and applicable law.

7.6 Business Transactions

In connection with business transactions such as:

  • Mergers, acquisitions, or bankruptcy proceedings.
  • Sale of assets or business units.
  • Financing or refinancing activities.
  • Reorganization or dissolution of the Company.

Your personal information may be disclosed to potential acquirers, advisors, and other parties involved, provided they agree to maintain the confidentiality and security of your information.

7.7 Legal and Regulatory Compliance

We may disclose your personal information when:

  • Required by applicable law, regulation, or court order.
  • Responding to subpoenas, search warrants, or similar legal processes.
  • Enforcing our Terms of Service or other agreements.
  • Protecting or defending our legal rights.
  • Protecting the rights, safety, and property of our customers and the public.
  • Preventing, detecting, or uncovering crime or fraud.

7.8 Anonymized and De‑identified Information

We may share information that has been anonymized or de‑identified, as such information is not considered personal information under the GDPR.

8. COOKIES AND SIMILAR TECHNOLOGIES

8.1 What Are Cookies?

Cookies are small files placed on your device that allow websites to recognize your device and store information about your preferences and browsing behavior. We use cookies and similar technologies (pixels, web beacons, tags) to enhance your experience with our Services.

8.2 Types of Cookies We Use

Essential/Necessary Cookies:

  • Required for basic website functionality.
  • Enable shopping cart functionality.
  • Maintain your login session.
  • Process transactions securely.
  • Comply with security obligations.
    These cookies do not require prior consent.

Functional Cookies:

  • Remember your preferences and settings.
  • Enhance user experience and convenience.
  • Store language preferences.
    These cookies require your consent.

Analytical Cookies:

  • Track website usage patterns.
  • Measure Service performance.
  • Understand how you interact with our Services.
  • Help us improve our website.
    These cookies require your consent.

Marketing and Advertising Cookies:

  • Display targeted advertisements.
  • Track advertising effectiveness.
  • Create user profiles for marketing purposes.
  • Share information with advertising partners.
    These cookies require your explicit consent.

Third‑Party Cookies:

  • Set by our partners and service providers.
  • Used for analytics and advertising.
  • Subject to third‑party privacy policies.

8.3 Cookie Consent

When you first visit our website, you will be presented with a cookie consent banner. We only place non‑essential cookies on your device after you have given your explicit consent. You may:

  • Accept all cookies.
  • Reject all non‑essential cookies.
  • Customize your cookie preferences.
  • Withdraw your consent at any time.

Essential cookies will be placed regardless of your consent, as they are necessary for the Services to function.

8.4 Managing Cookies

You can manage your cookie preferences through:

  • Our cookie consent banner (displayed on first visit).
  • Your browser settings (blocking or deleting cookies).
  • Your device settings.
  • Opt‑out tools provided by advertising partners.

Please note that disabling certain cookies may limit your ability to use features of our Services.

8.5 Third‑Party Services

We use third‑party services that may collect information about your online activities:

  • Google Analytics (website analytics and performance measurement).
  • Social media platforms (if you use social login or sharing features).
  • Advertising networks (targeted advertising and marketing).

These services have their own privacy policies and terms.

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Transfers Outside the EU/EEA

We may transfer, store, and process your personal information outside the country where you reside, including outside the European Union or European Economic Area (EEA).

9.2 Transfer Safeguards

When we transfer personal information out of the EU/EEA, we rely on recognized transfer mechanisms, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions where the European Commission has determined that a country provides an adequate level of data protection.
  • Your explicit consent, where applicable.

9.3 Shopify Data Transfers

Your information processed by Shopify may be transferred to various jurisdictions, including the United States. Shopify provides appropriate transfer mechanisms and safeguards as required by applicable law.

10. DATA RETENTION

10.1 Retention Principles

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

10.2 Retention Periods

Account Information:

  • Retained for the duration of your account plus a reasonable period for regulatory compliance and dispute resolution.
  • Deleted upon your request, subject to legal obligations.

Transaction and Order Information:

  • Retained for at least 7 years to comply with Czech accounting and tax regulations.
  • May be retained longer if necessary for dispute resolution or legal defense.

Customer Communications:

  • Retained for the duration of our business relationship plus a reasonable period for legal claims.
  • Marketing communications: retained until you unsubscribe, then for compliance records.

Payment Information:

  • Credit card and sensitive payment data: retained only for the payment processing period.
  • Transaction records: retained for 7 years for accounting and tax purposes.
  • We do not store credit card information for future payments unless you authorize us to do so.

Marketing and Preferences Data:

  • Retained until you unsubscribe or object to processing.
  • Email addresses kept on unsubscribe lists for a limited period to ensure compliance.

Cookies:

  • Essential cookies: for the duration of your session or as needed for functionality.
  • Analytical cookies: typically 2–24 months.
  • Marketing cookies: typically 6–13 months.
    You can delete cookies from your browser at any time.

Device and Usage Information:

  • Log files and analytics data: retained for up to 13 months.
  • IP addresses and device identifiers: retained as long as needed to provide the Services and for security purposes.

Legal and Compliance Data:

  • Retained as long as required by applicable law, including tax, accounting, and fraud prevention regulations.

10.3 Secure Deletion

When we delete personal information, we ensure it is securely and permanently deleted. For data that cannot be deleted, we ensure it is anonymized or encrypted.

11. CHILDREN’S DATA AND PROTECTION

11.1 Age Restriction

The Services are not intended for children and are not knowingly directed to children under the age of 15 years (or the age of digital consent in your jurisdiction).

11.2 Data Collection from Children

We do not knowingly collect personal information from children under the age of 15. If you are the parent or guardian of a child who has provided us with personal information, please contact us immediately at info@vitalgong.com, and we will delete such information without undue delay.

11.3 Parental Rights

Parents or guardians may request access to, deletion of, or correction of personal information concerning their children by contacting us.

12. SECURITY AND DATA PROTECTION

12.1 Security Measures

We implement technical and organizational security measures to protect your personal information, including:

  • Encryption (SSL/TLS for data in transit, encryption for sensitive data at rest).
  • Access controls and authorization management.
  • Network security, monitoring, and logging.
  • Data minimization and secure deletion.
  • Employee confidentiality and security training.
  • Incident detection and response procedures.

12.2 Limitations on Security

No system is completely secure or impenetrable. We cannot guarantee absolute security of your personal information, and information transmitted over the internet may not be fully secure while in transit.

12.3 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials and password and for all activities under your account.

13. DATA BREACH NOTIFICATION

If a personal data breach occurs, we will:

  • Assess the nature and scope of the breach.
  • Evaluate risks to your rights and freedoms.
  • Notify the Czech Office for Personal Data Protection (ÚOOÚ) without undue delay and, where feasible, within 72 hours, unless the breach is unlikely to result in a risk to your rights and freedoms.
  • Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.

Notifications will outline the nature of the breach, likely consequences, and measures taken or proposed to address it.

14. YOUR RIGHTS AS A DATA SUBJECT

You have the following rights under the GDPR and Czech law:

  • Right of access.
  • Right to rectification.
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object (including to direct marketing).
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with ÚOOÚ.
  • Right to an effective judicial remedy.

15. EXERCISING YOUR RIGHTS

To exercise your rights, contact us at:

  • Email: info@vitalgong.com
  • Mail: Vitalgong s.r.o., Balbínova 1093, Hlavní město Praha, 120 00, Czech Republic

Use “GDPR Data Subject Rights Request” in the subject line.
We will verify your identity where necessary and respond within 30 days, with possible extension in complex cases.

16. MARKETING COMMUNICATIONS AND OPT‑OUT

You may receive marketing communications if you have given consent or if you are an existing customer (soft opt‑in). You can opt out at any time:

  • By clicking “unsubscribe” in any marketing email.
  • By contacting info@vitalgong.com.

Transactional and service‑related emails will continue even if you opt out of marketing.

17. THIRD‑PARTY WEBSITES AND LINKS

Our Services may contain links to third‑party websites and services. We are not responsible for their privacy practices or content. You should review their privacy policies before providing personal information.

18. RELATIONSHIP WITH SHOPIFY

The Services are hosted and powered by Shopify Inc. Shopify processes personal data to provide and improve the Services and may act both as our processor and, in some cases, as an independent controller. For more information about Shopify’s data practices and your rights, see:

19. COMPLAINTS AND DISPUTE RESOLUTION

If you have complaints about our processing of your personal information, contact us at info@vitalgong.com. You also have the right to lodge a complaint with:

Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
Website: www.uoou.cz

20. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will post the updated version on this website and update the “Last Updated” date. Where required by law, we will also notify you and, where necessary, request your consent to material changes.

21. SPECIAL CATEGORIES OF PERSONAL DATA

We do not intentionally collect special categories of personal data (such as health data or data revealing racial or ethnic origin). If we ever need to process such data, it will only be done under the strict conditions of Article 9 GDPR (e.g., explicit consent or legal obligation).

22. AUTOMATED DECISION‑MAKING AND PROFILING

We may use profiling and limited automated processing for:

  • Fraud detection and prevention.
  • Personalized product recommendations and marketing.

You have the right to object and to request human review where decisions are made solely by automated means and have legal or similarly significant effects.

23. CONTACT

Vitalgong s.r.o.
Balbínova 1093
Hlavní město Praha, 120 00
Czech Republic

Email: info@vitalgong.com
Website: www.vitalgong.com