PRIVACY POLICY

Last update: August 5th, 2021

Table of Contents

1. SUMMARY OF OUR PROCESSING ACTIVITIES

1.1 The following summary provides you with a quick overview of the processing activities that are undertaken on Vitacodis. You will find more detailed information under the indicated sections below.

1.2 When you visit Vitacodis for informational reasons without setting up an account, only limited personal data will be processed to enable you to use Vitacodis (see Section 3).

1.3 In case you register for one our services (e.g. online course, discussion forum or blog) or subscribe to our newsletter, further personal data will be processed in the scope of such services (see Sections 4, 5 and 6).

1.4 Furthermore, your personal data may be used to provide you with interesting advertising for our services and products (see Section 8) and for statistical analysis that helps us to improve our website (see Section 8). Additionally, we improve your website experience with third-party content (see Section 9).

1.5 We have implemented appropriate safeguards to secure your personal data (see Section 8) and retain your personal data only as long as necessary (see Section 10).

1.6 Under the legislation applicable to you, you may be entitled to exercise certain rights regarding the processing of your personal data (see Section 11).

2. DEFINITIONS

2.1 Personal data: means any information relating to a natural person who can be identified, directly or indirectly, by reference to an identifier such as a name, email address, an identification number, location data, or an online identifier.

2.2 Processing: means any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or any kind of disclosure or other use.

3. INFORMATIONAL USE OF THE WEBSITE

3.1 When you visit our website for informational reasons, i.e., without registering for any of our services and without providing us with personal data in any other form, we may automatically collect additional information about you which will contain personal data only in limited cases (for example, your IP address is considered to be personal data) and which is automatically recognized by our server, such as:

• The date and time of your requests;
• Your device type, screen resolution and browser version;
• The website from which you have been directed to our offer;
• Information on your operating system, including language settings;
• Information on the offers you have visited on our website; and
• IP address.

3.2 We use such information only to assist us in providing an effective service (e.g., to adapt our website to the needs of your device), collect broad demographic information for internal anonymized aggregated use, ensure proper functioning of our website, and enforce our terms.

3.3 The personal data automatically collected is necessary for us to provide an effective service, and for our legitimate interest to guarantee the website’s stability and security. The legal basis on which we rely is ‘pursuing our legitimate business interests.’

3.4 Personal data that is collected automatically is anonymized immediately and properly erased afterwards.

3.5 We collect only the IP address assigned to you on the date you visit our website, rather than your name or any other identifying information. We use this information to evaluate your use of the website, to compile reports on website activities and to improve our services.

3.6 We rely on the following legal bases: ‘our legitimate business interest (i.e., to analyze our website’s traffic to improve the user’s experience and to optimize the website in general) and ‘your consent’ (when tracking technologies are enabled as explained in our Cookie Policy).

3.7 When you contact us through the contact form available on our website, we collect your name, email address, phone number, country, and any information that you decide to include in your message. We use such data to respond to your inquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). We keep your personal data until you stop communicating with us.

4. REGISTRATION FOR OUR SERVICES

4.1 Our website offers access to learning content, including a broad variety with its interaction. To use Vitacodis services, you have to set up an account. Regarding the registration of an account and its subsequent use, we process:

• Information (such as your first name, surname, and email address) that is provided by registration;
• If you choose to sign up by using your social media account (e.g., Facebook, Google, or LinkedIn), we collect information that your social media provider shares with us, subject to the privacy settings that you set. Such information includes your first name, surname, email address, profile image, and any other information that you allow the social media provider to share with us.
• You can update your user account by uploading a profile photo, adding your date of birth, city, country, phone number, social media links, and any other information you deem necessary (e.g., your country, place of living, age, and areas of interest in the field of wellbeing). The provision of such information is entirely optional. Please note that some of such information may become visible to other users of Vitacodis. Therefore, we encourage you to use your due diligence when disclosing your personal data.

4.2 We will process the personal data you provide to: a) identify you at sign-in; b) provide you with the services and information offered through the website or which you request; c) administer your account; d) communicate with you; and e) maintain our business records. The legal bases on which we rely are ‘performing a contract with you,’ ‘pursuing our legitimate business interests’ (i.e., to operate and administer our business), and ‘your consent’ (when you provide optional personal data.

4.3 Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account is used. After deletion of your account, your personal data will be erased immediately. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

5. PURCHASE TRANSACTIONS

5.1 Whenever you complete transactions using our website (for example, purchase an online course or book a consultation), we collect your payment data that includes your first name, surname, billing address, credit card number, security codes, and expiration date.

5.2 Please note that we do not process payments – it is done by our third-party payment processors Stripe and PayPal. We may have access to a limited amount of your personal data as disclosed to us by them (e.g., your email address).

5.3 Your payment data is used to process your payments and maintain our accounting records. The legal bases on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (i.e., administering our business and complying with our legal obligations).

5.4 We store such data for the time period we are required by law to keep our accounting records.

6. INFORMATION ABOUT THE SPECIFIC USES THAT REQUIRE REGISTRATION

6.1 For the use of the following services you have to set up an account as described in Section 4. Your customer account retains your personal data for future purchases and other activities. You can delete the personal data as well as the account in your account’s settings.

6.2 Our discussion forums can be accessed only after registration. Anything you post on the discussion forum will be available to other registered uses; you can delete your posts by submitting a request for deletion to us by email.

6.3 You can delete your user account by clicking “Delete my account” within “Account privacy” . In case you decide to delete your user account, all your account data, including all communication will be deleted. Information posted by you into our discussion forums will remain visible, but any link to your person will be deleted.

6.4 For our services we offer an email notification service. If you choose this service through your user account or posting your comment, you will receive a notification email when another user replies to the same topic or article. This service is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. You can end this service by opting out via the link provided in each notification email. This notification service is based on your consent.

6.5 We do not collect any special categories of personal data from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, sex life, or sexual orientation. If you decide, at your sole discretion, to provide us with the said sensitive data, we will process such data for the purpose of fulfilling our contractual obligations to you.

7. NEWSLATTER AND INTEREST-BASED ADVERTISING

7.1 With your email address you can subscribe to our newsletter that provides you with the latest news about our products and services. You can do so by submitting your email address on the dedicated banner available on our website or by providing opt-in consent to receive newsletters when signing up.

7.2 We may also send you a newsletter if you have previously concluded a service contract with us (e.g., purchased one of our courses or consultations).

7.3 Our newsletters may also contain topic-specific advertisements. You can choose the topics that are of interest to you via the “Email notifications” section.

7.4 Your email address will be retained as long as you subscribe to our newsletter. You can unsubscribe from our newsletter at any time via the link provided in each newsletter.

7.5 The newsletters sent by us may contain tracking pixels that allow us to conduct analysis of our marketing campaigns. Tracking pixels allow us to see whether you opened the newsletter and what links you have clicked on. We use such information to conduct analytics and pursue our legitimate business interests.

7.6 You may encounter targeted interest-based advertising based on your use of Vitacodis and other websites on the Internet because our cookies may contain your Google Advertising ID (for more information on our use of cookies, please consult our Cookie Policy). You can control how such advertising is shown to you or opt-out from targeted advertising by adjusting your cookies settings, consulting the guide powered by the Digital Advertising Alliance available at https://youradchoices.com. For more information on opting-out from advertising features on your device, please visit https://www.networkadvertising.org .

7.7 We do not use your personal data for automated decision making which produces legal effects concerning you or similarly significantly affects you.

8. DISCLOSURE AND TRANSFER OF PERSONAL DATA

8.1 From time to time, your personal data is disclosed to our service providers with whom we cooperate (our data processors). For example, we share your personal and non-personal data with entities that provide certain technical support services to us, such as hosting and email distribution services. We do not sell your personal data to third parties. The disclosure is limited to the situations when your personal data is required for the following purposes:

• Ensuring the proper operation of Vitacodis;
• Ensuring the delivery of the services ordered by you;
• Providing you with the requested information;
• Pursuing our legitimate business interests;
• Enforcing our rights, preventing fraud, and security purposes;
• Carrying out our contractual obligations; or
• If you provide your prior consent to such a disclosure.

8.2 We use a limited number of data processors. We choose them only if they agree to ensure an adequate level of protection of your personal data that is consistent with this Policy and the applicable data protection laws. The data processors that have access to your personal data are:

• Our hosting service provider SiteGround located in Spain;
• Our cloud storage service providers Vimeo and Dropbox located in the United States
• Our payment service providers Stripe and PayPal located in the United States;
• Our newsletter service provider MailPoet located in France;
• Our developing service providers WordPress located in the United States and Zequester located in Serbia;
• Our analytics service provider Google Analytics located in the United States; and
• Our independent contractors and consultants.

8.3 Your analytics data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving Vitacodis, responding to lawful requests from public authorities or developing new products and services.

8.4 If we are contacted by a public authority, we may need to disclose information about you to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

8.5 In case Vitacodis is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Policy. We will notify you of any changes of the data controller.

8.6 We do not directly sell your personal data to third parties. However, some of your personal data, including online identifiers (e.g., cookie-generated data and IP addresses) may be used for advertising, marketing, and monetisation purposes (e.g., programmatic advertising, retargeting, third-party marketing, profiling, or cross-device tracking). To make sure that you have full transparency and control over your personal data, we provide you with a possibility to manage your personal data used for such purposes as described in our Cookie Policy.

8.7 Some of our data processors listed above are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude a data processing agreement with the respective third party that ensures such protection. We will not transfer your personal data internationally if no appropriate level of protection can be granted.

9. SECURITY

9.1 We have reasonable state of the art security measures in place to protect against the loss, misuse, and alteration of personal data under our control. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse, or alteration of information will never occur, we use all reasonable efforts to prevent it.

9.2 Our security measures include access control, secured networks, SSL protocol, strong passwords, anonymisation of personal data (when possible), and carefully selected data processors.

9.3 You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website whilst it is in transit over the internet and any such submission is at your own risk.

10. DATA RETENTION

10.1 We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this Policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements (e.g., for accounting purposes).

10.2 After your personal data is no longer necessary for its primary purposes and we do not have another legal basis for storing it, we securely delete your personal data from our systems.

10.3 We retain non-personal data for as long as necessary for the purposes described in this Policy. For example, we can store it for the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

11. YOUR RIGHTS

11.1 Under the legislation applicable to you, you may be entitled to exercise some or all of the following rights:

• Require information as to whether your personal data is retained and the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
• Request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
• Refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time.
• Object, on grounds relating to your situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
• Take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators.
• Require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller; and/or to be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or affects you with similar significance.

11.2 You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us using the contact details set out below.

11.3 In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.

11.4 If you would like to launch a complaint about the way in which we process your personal data, we kindly ask you to contact us first and express your concerns. If we receive your complaint, we will investigate it and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

11.5 We will not discriminate against you if you decide to exercise your rights. It means that we will not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with lower quality services.

12. CONTACT

12.1 Please submit any questions, concerns or comments you have about this Policy or any requests concerning your personal data by email to privacy@vitacodis.com. Our mailing address is Vitacodis SA , Avenue de la Galaxie 6, Waterloo 1410, Belgium.

12.2 The information you provide when contacting us will be processed to handle your request and will be erased when your request is completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.

13. AMENDMENTS TO THIS POLICY

13.1 We reserve the right to change this Policy from time to time by updating our website respectively and sending you a notification (if we have your email address). Please visit the website regularly and check our respective current Policy.

13.2 This Policy was last updated on August 5th, 2021.