Privacy Policy
We Revitacare UK welcome you to our website www.revitacare.uk. The protection of your data is very important to us and the processing of your personal data when using our website is always done in accordance with the UK`s Data Protection Act (DPA), the General Data Protection Regulation (GDPR).
As the controller, IRB Trade Limited trading as Revitacare UK of 13 Chelsea Lodge 5 Wintergreen Boulevard, West Drayton, England, UB7 9FQ (“Revitacare UK”, “we”, “our” or “us”) has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone and or email.
Principles of data processing
We process users’ personal data only in compliance with the relevant data protection regulations. User data is only processed if the following legal permissions exist:- in order to provide our contractual services and online services
- processing is required by law
- with your consent
- on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes, and collecting access data and using third-party services).
- Consent Art. 6 para. 1 lit. a. and Art. 7 GDPR
- Processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b. GDPR
- Processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c. GDPR
- Processing to protect our legitimate interests Art. 6 para. 1 lit. f. GDPR
General processing of visitor data
The use of our website is generally possible without providing personal data. However, we would like to point out that access data is also collected in this case and stored in the server log files. In particular, this involves the following data:- IP address,
- date and time of the request,
- time zone difference to Greenwich Mean Time (GMT),
- content of the request (specific page),
- access status/HTTP status code,
- amount of data transferred in each case,
- website from which the request came,
- browser,
- operating system and its interface,
- language and version of the browser software.
Use of cookies
During your visit to our website, cookies may be used on various pages. These are text files that are placed on your computer or device and, among other things, enable a smooth visit to our website. We use cookies on the basis of Art. 6 para. 1 p. 1 lit. a) as well as Art. 6 para. 1 p. 1 lit. f) GDPR, whereby we hereby pursue the following legitimate interests:- Enabling the use of special functions,
- (pseudonymised) analysis of user behaviour in order to optimise our website,
- Increasing the attractiveness and user comfort of our website,
- improvement and demand-oriented design of our offer.
Cookie Consent manager
We have integrated the consent management tool “GDPR Cookie Consent” from Mozilor Limited trading as WebToffee, on our website in order to request consent for data processing or the use of cookies or comparable functions. With the help of “GDPR Cookie Consent” you have the possibility to give or refuse your consent for certain functionalities of our website, e.g., for the purpose of integrating external elements, integrating streaming content, statistical analysis, coverage measurement and personalised advertising. You can use “GDPR Cookie Consent” to give or refuse your consent for all functions or to give your consent for individual purposes or individual functions. The settings you have made can also be changed by you afterwards. The purpose of integrating “GDPR Cookie Consent” is to allow the users of our website to decide on the aforementioned matters and, in the course of further use of our website, to offer them the opportunity to change settings they have already made. In the course of using “GDPR Cookie Consent”, personal data as well as information of the end devices used, such as the IP address, are processed. The legal basis for the processing is your consent in conjunction with our legitimate interest. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and other functionalities. “GDPR Cookie Consent” stores your data as long as your user settings are active. After two years after the user settings have been made, you will be asked again for your consent. The user settings made will then be stored again for this period. You can object to the processing. You have the right to object on grounds relating to your particular situation. To object, please contact us.Contact
If you contact us using the contact details provided or our contact form, we will process the data you provide in order to deal with your enquiry. In principle, your data will be deleted after the enquiry has been processed, unless there is a contractual or legal obligation to retain it. If you provide us with contractually relevant information, we will transfer this to our inventory system. Processing of personal data after consent (Art. 6 para. 1 p. 1lit. a) GDPR)Contract initiation and fulfilment
In order to accept and process your order, we collect the following data from you during the ordering process:- First name, surname and title
- E-mail address
- Delivery address
- Billing address
- Telephone number, if applicable
- Payment details
- Purchased products and returns
- Date and time of order
- Business details
- Professional details such as certificates
- Password
- Customer number
Storage of data in the user account
For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen, depending on the individual case. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored there. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it. Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is therefore based on Art. 6 para. 1 lit. b GDPR. You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order. We collect, process, and use the information you provide in the context of a guest order for the purpose of executing the contract in accordance with Art. 6 Para. 1 lit. b GDPR. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes.Order confirmation/dispatch confirmation
In order to process the contract and provide you with our services, for example the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is based on Art. 6 para. 1 lit. b GDPR.Service providers for order processing
In connection with the processing of an order, we use various service providers or partner companies to assist us in processing orders, providing customers with information and providing delivery services. These companies are our processors according to Art. 28 GDPR and may only use your data to fulfil their tasks on our behalf. Revitacare UK is responsible for ensuring that these service providers comply with data protection regulations and has concluded corresponding order processing agreements with the service providers.Payment processing
Payments are processed through our payment service provider Takepayments. As part of the ordering process, the information provided by the User together with information about the order (name, address, account number, sort code, possibly credit card number, invoice amount, currency and transaction number) will be passed on to Takepayments, in accordance with Art. 6 Para. 1 lit. b GDPR. The data will be disclosed solely for the purpose of processing the payment with Takepayments and only to the extent necessary for this purpose. The processing of the data can be objected to at any time by sending a message to Takepayments.Newsletter
When registering for our newsletter, you are required to provide your email address. Insofar as you have given us your consent to data processing when registering for the newsletter, we process and store the personal data provided when registering for the newsletter exclusively for the purpose of providing the newsletter and informing you about Inside Job Academy events, products, services and/or promotions in accordance with the newsletter you have subscribed to. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. When you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on MailChimp’s servers in the USA. With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web-beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g., time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g., email addresses for the member area) remain unaffected by this. For more details, please refer to the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/. We have concluded a so-called “data processing agreement” with MailChimp, in which we oblige MailChimp to protect our customers’ data and not to pass it on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.WooCommerce
To provide our web shop, we use the WooCommerce service developed and operated by Bubblestorm Management (Pty) Ltd (WooCommerce.com), Unit A206, The Old Biscuit Mill (TOBM), 373 – 375 Albert Road, Woodstock, Cape Town, South Africa (hereinafter “WooCommerce”). WooCommerce provides us with their online e-commerce platform through which we can offer our goods for sale to you. Both your inventory data and your usage data are stored on WooCommerce’s servers. For more information, please see WooCommerce’s privacy policy at https://revitacare.uk/privacy-policy/. We create a device ID based on your device data, which can be used to recognise your access device (e.g., PC, tablet or laptop) when you visit our shop again. We also set a cookie for this purpose (see also below under “Cookies”). The cookie contains the device ID, but no personal usage or transaction data about you. This means that your access device can be recognised without identifying you by name and linking it to your device ID.Trustpilot
We use the rating portal Trustpilot, which is operated by TrustPilot A/S, Pilestraede 58, 5th floor, 1112 Copenhagen, Denmark. In order to constantly improve our service, we offer our customers the opportunity to rate us via this independent portal, without us being able to influence this in any way. An invitation to submit a rating is generated for each order placed via our website. For this purpose, your surname, first name, email address and a reference number (order number for unique allocation) are transmitted to Trustpilot. This data is neither used by Trustpilot itself nor passed on to third parties. The verification of the rating is carried out on the basis of the reference number (order number) via a specially generated link. The submission of a rating is voluntary. In order to submit a rating or to record customer feedback, it is necessary to create/open a user profile on Trustpilot. In addition to a rating for the inviting company, ratings can then also be entered for any company on the Trustpilot rating portal. If a rating is submitted by clicking on the link contained in the invitation, a user profile is automatically created on TrustPilot after entering the personal data (name and email address for verification). By placing an order via our website, you expressly consent to the aforementioned transmission of reference data to Trustpilot and to the automated dispatch of an evaluation invitation from this application in accordance with Art. 6 Para. 1 lit. a) GDPR.Social media plugins
Some of our websites include social plugins, which are, however, deactivated in the default setting for reasons of data protection. If a user calls up our website, no data is therefore transmitted to the social media services (e.g., Facebook). Profiling by third parties is thus excluded. Users have the option of activating the social plugins with one click and thus giving their consent to communication with the respective social network. If a social plugin is activated, certain data is transmitted to the respective social network, e.g., the user’s IP address, information about the browser and operating system used, the website accessed, and the date and time. In the course of this communication, data is also uploaded to our website from a server of the social media provider. The respective provider of the social plugin receives information about which websites the user visits. This may happen regardless of whether the user is currently logged in to the provider of the social plugin (e.g., Facebook) or not. The provider may also process this data outside the European Union and may be able to create individualised usage profiles. We have no influence on the type, scope and purpose of data processing by the providers of the respective social media services.Facebook:
Our website uses social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are recognisable by one of the Facebook logos or are marked with the addition “Facebook Social Plugin”. When you call up a website on our website that contains such a plugin, your browser only establishes a direct connection with the Facebook servers when you activate the “Facebook” button by clicking on it. The content of the plugin is then transmitted by Facebook to your browser, which integrates it into the website. By activating the plugin, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. If you are not a member of Facebook, it is still possible that Facebook will obtain and store your IP address. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy. If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your membership data stored on Facebook, you must log out of Facebook before visiting our website. It is also possible to block Facebook social plugins with add-ons for your browser, for example with the “Facebook Blocker”. We process the data on the basis of your consent declared when activating the plugin in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR. The data transfer is permissible on the basis of your consent according to Art. 49 para. 1 lit. a) GDPR.Twitter:
Our website uses social plugins (e.g., “Twitter” button) of the messaging service Twitter, operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). You can recognise the corresponding plugins by a Twitter logo (e.g., blue “Twitter bird”). You can find out more about the Twitter plugins at the following link: https://twitter.com/about/resources/buttons. If you are on a page of our website that contains such a plugin, your browser will only establish a direct connection with the Twitter servers when the user activates the “Twitter” button by clicking on it. The content of the plugin is then transmitted by Twitter to your browser and integrated by it into the website. By activating the plugin, Twitter receives the information that you have accessed the corresponding page of our website. Content is then transmitted by Twitter to your browser and included on the page. Twitter thereby receives the message that you are on the corresponding page of our website. This happens even if you do not have a Twitter profile or are not logged in. Personal data (including your IP address) is then automatically forwarded to a Twitter server located in the USA and stored. A direct allocation on the part of Twitter only takes place if you are logged in to Twitter. A corresponding interaction also takes place if you actively press the button (“tweet”). This results in publication on your Twitter account and display in your contacts. Further details on how Twitter handles your personal data can be found on the following page: https://twitter.com/privacy. To prevent your data from being linked to the Twitter account, you must log out of Twitter before using our website. You can also prevent the loading of Twitter plugins by using the script blocker “NoScript” (https://noscript.net/). We process the data on the basis of your consent declared when activating the plugin in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR. The data transfer is permissible based on your consent in accordance with Art. 49 (1) a) GDPR.Instagram:
Our website uses social plugins of the messaging service Instagram, Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). You can recognise the corresponding plugins by an Instagram logo (e.g., “Instagram camera”). If you are on a page of our website that contains such a plugin, your browser only establishes a direct connection with the Instagram servers when you activate the relevant button by clicking on it. The content of the plugin is then transmitted by Instagram to your browser, which integrates it into the website. By activating the plugin, Instagram receives the information that you have accessed the corresponding page of our website. Content is then transmitted by Instagram to your browser and included on the page. Instagram thereby receives the message that you are on the corresponding page of our website. This happens even if you do not have a profile on Instagram or are not logged in. Personal data (including your IP address) is then automatically forwarded to an Instagram server located in the USA and stored. A direct attribution on the part of Instagram only takes place if you are logged in to Instagram. A corresponding interaction also takes place if you actively press the corresponding button. The result is a publication on your Instagram account and the display in your contacts. Further details on how Instagram handles your personal data can be found on the following page: https://help.instagram.com/155833707900388/. To prevent your data from being linked to the Instagram account, you must log out of Instagram before using our website. You can also prevent the loading of Instagram plugins by using the script blocker “NoScript” (https://noscript.net/). We process the data on the basis of your consent declared when activating the plugin in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR. The transfer of data is permitted on the basis of your consent in accordance with Art. 49 para. 1 lit. a) GDPR. We pass on data to other third parties if and to the extent that we have delegated the fulfilment of tasks to them. The data is only passed on insofar as this is necessary for the fulfilment of the assigned tasks. The data transfer takes place within the framework of a contract for order processing, which ensures compliance with all data protection requirements. Otherwise, data is only passed on in the cases provided for by law, for example in the case of a legal obligation to provide information to law enforcement authorities.Duration of data storage
Your personal data will be deleted by us immediately as soon as the data is no longer required for the fulfilment of contractual and legal obligations. Personal data will be stored at least for as long as is necessary for the fulfilment of contractual obligations and the exercise of contractual rights. This period may extend beyond the actual contractual period, as the data may still be relevant after the end of the contract within the framework of the limitation periods. In addition, deletion can only take place once any retention periods under tax and commercial law have expired. The criteria for the duration of the storage of cookies can be found in the corresponding section.Consent
When we obtain consent from you in individual cases for certain purposes expressly designated in connection with the collection of data (in particular enquiries via a contact form). Data processing only takes place if you give us your consent. It is possible that the processing of your request is not possible without your consent and must therefore be made dependent on it. The data will be processed exclusively for the purpose(s) expressly stated. You can revoke your consent at any time with effect for the future. The revocation has no effect on the lawfulness of the processing until the time of revocation.Cross-border data transfer
If personal data is transferred to a third country, we comply with the data protection requirements in that the data transfer is based on standard contractual clauses or we obtain your consent to this in accordance with Art. 49 (1) a) GDPR. Data is only transferred in connection with the use of specific services. Due to the use of these services, data is transferred to the United States of America. The data transfer only takes place if you give us your consent. The specific details of the recipient, the personal data transferred, and the purpose of the data transfer can be found in the notes on the respective processing above. There is a risk to your personal data as a result of the data transfer. In the United States of America, there is no level of data protection comparable to EU law (GDPR) and / or national regulations (UK`s DPA) or sufficient guarantees to ensure an adequate level of data protection. Any deficits cannot be compensated by other specific guarantees due to the US legal situation. Nevertheless, depending on the service, standard contractual clauses are sometimes used in order to achieve the greatest possible protection for your data. You can find out whether standard contractual clauses are used in the information on the respective services. You can revoke your consent at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of the revocation.When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of t data subject access request is both our legitimate interest and our legal obligation. The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.Legal defence and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g., SSL) via HTTPS.Economic analyses and market research
For business reasons and in order to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties and users of our online offer. The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g., regarding services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e., anonymised values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarised data).Automated decision-making
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Revitacare UK.Direct marketing in the context of a customer relationship
We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 (1) (b) GDPR or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, and advertising purposes, Revitacare UK is entitled to contact you for these purposes via the communication channels you have ticked in this consent.Your Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website (www.ico.org.uk).- information about the processing of your personal data.
- obtain access to the personal data held about you.
- ask for incorrect, inaccurate or incomplete personal data to be corrected.
- request that personal data be erased when it’s no longer needed or if processing it is unlawful.
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
- request the restriction of the processing of your personal data in specific cases.
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
- You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.