Privacy policy

Effective Date: 30th June 2025
Website: www.vital-light.com

Vital Light respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Portuguese data protection laws. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website or interact with our services.

1. Introduction

This Privacy Policy sets out the principles under which we process your personal data when you visit or use our website, make a purchase, subscribe to our communications, or contact us. By using the Website, you agree to the terms of this Privacy Policy.

We only collect and process personal data to the extent necessary for specific, explicit, and legitimate purposes and in full compliance with applicable law.

2. Data Controller Information

The data controller responsible for the processing of your personal data is:

Vital Light
 Registered in Portugal
 Email: info@vital-light.com
 Address: Rua Américo Martins Pereira, 3850-837, Albergaria-a-Velha, Portugal

If you have questions about this policy or your data rights, you can contact us using the above details.

3. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website (www.vital-light.com)
  • Customers who place orders
  • Individuals who contact us via forms, email, or support channels

This policy does not apply to third-party websites or services linked to from our site.

3A. Notice to U.S. Visitors (Including California Residents)

While Vital Light operates from the European Union and complies with the General Data Protection Regulation (GDPR), we recognize that visitors from the United States, including California residents, may be subject to regional privacy laws such as the California Consumer Privacy Act (CCPA) or other state-level laws.

If you are a U.S. resident, you are hereby informed that:

  • We do not sell your personal information as defined by U.S. privacy laws.
  • We only collect and use personal data for essential business purposes such as order fulfillment, customer communication, and site performance analytics.
  • You may have the right to request:
    • Information about the categories of data we collect
    • Access to your personal data
    • Deletion of personal data (subject to certain exceptions)
    • Opt-out of any future sale or sharing of your data (we currently do not sell data)

To exercise your rights, you may contact us at info@vital-light.com with the subject line: "US Privacy Request". We will respond within applicable timeframes.

We will not discriminate against you for exercising any of your privacy rights.

4. Types of Personal Data Collected

We collect and process the following types of personal data:

  • Identity Data: Full name, email address, phone number
  • Contact Data: Billing address, shipping address
  • Transaction Data: Purchase history, order details (Note: We do not store payment card data)
  • Technical Data: IP address, browser type, device type, time zone, operating system
  • Usage Data: Site interactions, page views, clicks
  • Marketing Data: Email preferences and opt-in status (if applicable)

We do not collect any special categories of personal data (e.g., health, political views, biometric data).

5. How We Collect Personal Data

We collect personal data:

  • Directly from you when you:
    • Place an order
    • Fill out forms on our website
    • Contact customer service
    • Subscribe to our newsletter
  • Automatically through your use of our Website, using cookies and similar technologies
  • From third parties such as:
    • Payment processors (for confirmation of payment)
    • Shipping providers (for logistics tracking)
    • Analytics services (e.g., Google Analytics)

6. Purposes and Legal Basis for Processing

We process your data for the following purposes and under the following legal bases:

Purpose

Legal Basis

To process and fulfill your orders

Contract performance (Art. 6(1)(b) GDPR)

To respond to customer service requests

Legitimate interest (Art. 6(1)(f))

To send marketing emails (if opted-in)

Consent (Art. 6(1)(a))

To improve website performance

Legitimate interest

To comply with tax, legal obligations

Legal obligation (Art. 6(1)(c))

7. Use of Personal Data

We use the collected personal data for:

  • Processing and shipping orders
  • Providing customer support
  • Managing returns and warranty claims
  • Sending service-related updates (e.g., order confirmations, delivery tracking)
  • Conducting internal analytics and website improvements
  • Sending optional marketing materials, if consented

We will not use your personal data for any purpose that is incompatible with the above, unless required or permitted by law.

8. Marketing Communications

We only send email marketing communications if you have explicitly opted in by subscribing to our newsletter or selecting the marketing consent option at checkout.

  • You can withdraw your consent at any time by clicking the “unsubscribe” link in our emails or contacting us directly.
  • We do not send unsolicited marketing messages.
  • We do not share your data with third parties for their marketing purposes.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Recognize returning visitors
  • Understand how our website is used
  • Improve functionality and user experience
  • Monitor performance metrics

Cookies may be necessary for website operation (essential cookies) or optional (e.g., analytics, preferences). You can manage cookie settings via your browser or through our cookie banner.

For more information, please refer to our [Cookie Policy].

10. Third-Party Service Providers

We engage trusted third-party service providers to support our operations. These may include:

  • Payment processors (e.g., Stripe, PayPal): to process transactions securely
  • Shipping and logistics partners: for product fulfillment
  • Website hosting and maintenance: to ensure uptime and performance
  • Analytics tools (e.g., Google Analytics): to help us understand visitor behavior

Each provider only receives the data necessary to perform their function and is contractually obligated to handle your data in compliance with GDPR and our data protection standards.

11. International Data Transfers

Although we operate from Portugal, certain service providers we use may process data in countries outside the European Economic Area (EEA). When personal data is transferred internationally, we ensure adequate protection is in place, including:

  • The use of Standard Contractual Clauses approved by the European Commission
  • Transfers only to countries with an adequacy decision from the EU Commission
  • Contractual obligations on data processors to maintain GDPR-level safeguards

By using our services, you acknowledge that such international data transfers may occur.

12. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Fulfillment of contractual obligations
  • Compliance with legal, tax, and accounting requirements
  • Customer service, returns, or warranty support

Typical retention periods are:

  • Order data: Up to 6 years (for tax and contract records)
  • Marketing data: Until you withdraw consent
  • Technical/analytics data: Up to 26 months

Once no longer needed, data is securely deleted or anonymized.

13. Data Security

We take appropriate technical and organizational measures to protect your personal data, including:

  • SSL encryption for all transactions
  • Access controls and restricted permissions
  • Regular monitoring of systems for vulnerabilities

However, no method of transmission or storage is entirely secure. While we strive to protect your data, we cannot guarantee absolute security.

14. Your Data Protection Rights (EU Users)

If you are located in the EU, you have the following rights under the GDPR:

  • Right of Access – Request a copy of your personal data
  • Right to Rectification – Request corrections to inaccurate or incomplete data
  • Right to Erasure – Request deletion of your data where applicable
  • Right to Restrict Processing – Limit how we use your data
  • Right to Data Portability – Obtain a copy of your data in a usable format
  • Right to Object – Object to processing based on legitimate interests or direct marketing

Requests can be made at any time by contacting us at info@vital-light.com.

15. Right to Withdraw Consent

Where we rely on your consent to process data (e.g., for marketing), you have the right to withdraw that consent at any time. Withdrawal will not affect the legality of processing based on consent before its withdrawal.

16. How to Exercise Your Rights

To exercise any of the rights outlined above, please email us at info@vital-light.com with the subject line: "Data Request – [Your Name]".

We may request proof of identity before processing your request. We aim to respond within one month as required by GDPR. If your request is unusually complex, we may extend this by a further two months.

17. Children’s Privacy

Our Website is not intended for or directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe that a child has provided us with personal data, please contact us and we will delete it promptly.

18. Automated Decision-Making

We do not use personal data to make decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects.

19. Links to Other Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices, content, or security of those websites. We encourage users to review the privacy policies of any third-party site they visit.

20. Changes to This Policy

We reserve the right to update or amend this Privacy Policy at any time. Any changes will be published on this page with an updated "Effective Date" at the top. We recommend checking this page periodically to stay informed.

Material changes will be notified to users by email or a notice on the Website.

21. Supervisory Authority Contact

If you believe we have not handled your data in compliance with the law, you have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD), the Portuguese Data Protection Authority:

Website: www.cnpd.pt
Email: geral@cnpd.pt
Phone: +351 213 928 400

We encourage you to contact us first so we can resolve any concerns directly.

22. Contact Information

For any questions about this Privacy Policy or to exercise your data rights, please contact us at:

Vital Light
Email: info@vital-light.com
Website: www.vital-light.com
Registered Address: Rua Américo Martins Pereira, 3850-837, Albergaria-a-Velha, Portugal