VITATEKA has set itself the goal of being a reliable partner that respects your rights when processing personal data. Accordingly, we have established the principles of our privacy policy, which govern the collection, use, disclosure, transmission, and storage of customer data.
1. DEFINITIONS
1.1. A Data Subject is a natural person about whom VITATEKA has information or whose identity can be determined from that information. Data subjects include, for example, natural person Customers, partners, and employees about whom VITATEKA holds personal data.
1.2. Privacy Terms means this document, which sets out the principles for the Processing of Personal Data by VITATEKA.
1.3. Personal Data means any information relating to an identified or identifiable natural person.
1.4. Processing of Personal Data means any operation performed on Data Subject’s Personal Data, such as collection, recording, organization, storage, modification, disclosure, access provision, querying, extraction, use, transmission, combination, restriction, erasure, or destruction, whether automated or not.
1.5. A Customer is any natural or legal person who uses or has expressed a wish to use VITATEKA’s services.
1.6. A Contract is any agreement between VITATEKA and a Customer for the provision of Services or other contractual relationship.
1.7. The Website (www.vitateka.ee) is VITATEKA’s online portal.
1.8. A Visitor is any person using VITATEKA’s Website.
1.9. A Child means in the context of Personal Data Processing a person under 13 years of age in the Republic of Estonia.
1.10. Services means any products or services offered by VITATEKA.
1.11. Cookies are data files sometimes stored on a Visitor’s device by the Website.
1.12. The Data Protection Officer is the person responsible for ensuring compliance with VITATEKA’s Personal Data Processing principles and to whom a Data Subject may address complaints.
1.13. Sales Channels means any means used by VITATEKA to communicate with Data Subjects, sell goods, or provide services (e.g., email, phone, social media, chat lines, personalized ads).
1.14. The Product Portfolio comprises all products and Services offered by VITATEKA, as listed on the Website (www.vitateka.ee).
In the Privacy Terms, the Contract, the General Terms, and in communications between the parties, these terms shall have the meanings defined above.
2. GENERAL PROVISIONS
2.1. VITATEKA is a legal entity, VITATEKA OÜ, registry code 12779903, located at Mõisa tee 5, Kostivere, Jõelähtme Parish, Harju County, 74204, Estonia.
2.2. VITATEKA may process Personal Data as:
2.2.1. a Data Controller, determining the purposes and means of processing;
2.2.2. a Data Processor, acting on the instructions of another controller;
2.2.3. a Recipient, receiving Personal Data from another controller.
2.3. The Privacy Terms apply to all Data Subjects. All VITATEKA employees and partners who handle personal data must comply with these terms.
2.3.1. The Privacy Terms may be supplemented or amended by separate privacy notices on the Website or in applications.
3. PRINCIPLES
3.1. VITATEKA processes Personal Data always in the interests, rights, and freedoms of Data Subjects.
3.2. VITATEKA strives for responsible processing following best practices, ready to demonstrate compliance with stated purposes.
3.3. All VITATEKA processes and activities related to Personal Data Processing adhere to these principles:
3.3.1. Lawfulness: Processing must have a legal basis (e.g., consent).
3.3.2. Fairness: Data Subjects must be adequately informed about how their data is processed.
3.3.3. Transparency: Processing must be transparent to Data Subjects.
3.3.4. Purpose Limitation: Data are collected for specified, legitimate purposes and not further processed incompatibly.
3.3.5. Accuracy: Data must be accurate and, where necessary, kept up to date.
3.3.6. Storage Limitation: Personal Data are kept only for as long as necessary; thereafter they are anonymized. Customer data are retained for 2 years after the last purchase or until consent is withdrawn.
3.3.7. Integrity and Confidentiality: Appropriate security measures are employed to protect data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
4. CATEGORIES OF PERSONAL DATA
4.1. VITATEKA collects, among other things, the following Personal Data:
4.1.1. Data provided by the Data Subject (name, email address, postal address, birth date, phone number);
4.1.2. Data arising from communication between the Data Subject and VITATEKA;
4.1.3. Publicly available data (e.g., social media);
4.1.4. Data generated when using Services (e.g., online purchase data);
4.1.5. Website usage data (e.g., time spent on pages);
4.1.6. Data received from third parties;
4.1.7. Data created or combined by VITATEKA (e.g., correspondence history, order history).
5. PURPOSES AND BASES OF PROCESSING
5.1. VITATEKA processes Personal Data only on the basis of consent or legal requirement.
5.2. With consent, data are processed only for the specific purposes indicated by the Data Subject.
5.3. Legitimate Interest allows processing necessary for business operations, customer relationship management, fraud prevention, marketing analysis, service improvement, security, and legal claims.
5.4. Processing may occur to comply with statutory obligations (e.g., payment processing, anti–money laundering).
5.5. If new purposes arise, VITATEKA will assess their compatibility and legal basis before proceeding.
6. DISCLOSURE TO THIRD PARTIES
6.1. VITATEKA works with partners who may receive Personal Data for lawful and contractually defined purposes (e.g., marketing, surveys, IT services, logistics).
6.2. Third parties process data only under VITATEKA’s instructions and contracts.
7. DATA SECURITY
7.1. Personal Data are retained only as long as needed and then securely destroyed.
7.2. VITATEKA has organizational and technical procedures to safeguard data security.
7.3. In case of a data incident, VITATEKA will take measures to mitigate impact, record the incident, and notify authorities and affected Data Subjects as required.
8. PROCESSING OF CHILDREN’S DATA
8.1. VITATEKA’s Services are not directed to Children under 13.
8.2. VITATEKA does not knowingly collect data from Children; if discovered, such data processing will cease immediately.
9. DATA SUBJECT RIGHTS
9.1. Rights related to consent withdrawal at any time (e.g., newsletter unsubscription).
9.2. Other rights include access, rectification, erasure, restriction, and complaint to supervisory authorities.
10. EXERCISE OF RIGHTS AND COMPLAINTS
10.1. Data Subjects may contact VITATEKA at [email protected] for any data-related inquiries or complaints.
10.2. Complaints can also be made to the Estonian Data Protection Inspectorate (AKI contacts).
11. COOKIES AND OTHER TECHNOLOGIES
11.1. VITATEKA may use Cookies and similar technologies to collect Visitor data for service provision, quality assurance, personalization, marketing, and analytics.
11.2. Types of cookies include session, persistent, and third-party cookies. Visitors control cookie preferences via browser or service settings.
12. KEY DOCUMENTS AND PROCEDURES
12.1. Implementation is guided by the processing activities register, security measures policy, and “All About Cookies” notice.
13. CONTACT INFORMATION
13.1. For privacy inquiries, Data Subjects may write to [email protected].
14. OTHER TERMS
14.1. VITATEKA reserves the right to amend these Privacy Terms unilaterally; changes will be published on the Website. Continued use of the Website implies acceptance of changes.
14.2. VITATEKA shares necessary payment data with its payment processor, Maksekeskus AS, under contractual terms.