We Revitacare UK welcome you to our website www.revitacare.uk. The protection of your data is very important to us and the processing of your personal data when using our website is always done in accordance with the UK`s Data Protection Act (DPA), the General Data Protection Regulation (GDPR). As the controller, IRB Trade Limited trading as Revitacare UK of 13 Chelsea Lodge 5 Wintergreen Boulevard, West Drayton, England, UB7 9FQ (“Revitacare UK”, “we”, “our” or “us”) has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone and or email.
Principles of data processingWe process users’ personal data only in compliance with the relevant data protection regulations. User data is only processed if the following legal permissions exist:
- in order to provide our contractual services and online services
- processing is required by law
- with your consent
- on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes, and collecting access data and using third-party services).
- Consent Art. 6 para. 1 lit. a. and Art. 7 GDPR
- Processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b. GDPR
- Processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c. GDPR
- Processing to protect our legitimate interests Art. 6 para. 1 lit. f. GDPR
General processing of visitor dataThe use of our website is generally possible without providing personal data. However, we would like to point out that access data is also collected in this case and stored in the server log files. In particular, this involves the following data:
- IP address,
- date and time of the request,
- time zone difference to Greenwich Mean Time (GMT),
- content of the request (specific page),
- access status/HTTP status code,
- amount of data transferred in each case,
- website from which the request came,
- operating system and its interface,
- language and version of the browser software.
- Enabling the use of special functions,
- (pseudonymised) analysis of user behaviour in order to optimise our website,
- Increasing the attractiveness and user comfort of our website,
- improvement and demand-oriented design of our offer.
ContactIf you contact us using the contact details provided or our contact form, we will process the data you provide in order to deal with your enquiry. In principle, your data will be deleted after the enquiry has been processed, unless there is a contractual or legal obligation to retain it. If you provide us with contractually relevant information, we will transfer this to our inventory system. Processing of personal data after consent (Art. 6 para. 1 p. 1lit. a) GDPR)
Contract initiation and fulfilmentIn order to accept and process your order, we collect the following data from you during the ordering process:
- First name, surname and title
- E-mail address
- Delivery address
- Billing address
- Telephone number, if applicable
- Payment details
- Purchased products and returns
- Date and time of order
- Business details
- Professional details such as certificates
- Customer number
Storage of data in the user accountFor the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen, depending on the individual case. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored there. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it. Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is therefore based on Art. 6 para. 1 lit. b GDPR. You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order. We collect, process, and use the information you provide in the context of a guest order for the purpose of executing the contract in accordance with Art. 6 Para. 1 lit. b GDPR. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes.
Order confirmation/dispatch confirmationIn order to process the contract and provide you with our services, for example the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is based on Art. 6 para. 1 lit. b GDPR.
Service providers for order processingIn connection with the processing of an order, we use various service providers or partner companies to assist us in processing orders, providing customers with information and providing delivery services. These companies are our processors according to Art. 28 GDPR and may only use your data to fulfil their tasks on our behalf. Revitacare UK is responsible for ensuring that these service providers comply with data protection regulations and has concluded corresponding order processing agreements with the service providers.
Payment processingPayments are processed through our payment service provider Takepayments. As part of the ordering process, the information provided by the User together with information about the order (name, address, account number, sort code, possibly credit card number, invoice amount, currency and transaction number) will be passed on to Takepayments, in accordance with Art. 6 Para. 1 lit. b GDPR. The data will be disclosed solely for the purpose of processing the payment with Takepayments and only to the extent necessary for this purpose. The processing of the data can be objected to at any time by sending a message to Takepayments.
TrustpilotWe use the rating portal Trustpilot, which is operated by TrustPilot A/S, Pilestraede 58, 5th floor, 1112 Copenhagen, Denmark. In order to constantly improve our service, we offer our customers the opportunity to rate us via this independent portal, without us being able to influence this in any way. An invitation to submit a rating is generated for each order placed via our website. For this purpose, your surname, first name, email address and a reference number (order number for unique allocation) are transmitted to Trustpilot. This data is neither used by Trustpilot itself nor passed on to third parties. The verification of the rating is carried out on the basis of the reference number (order number) via a specially generated link. The submission of a rating is voluntary. In order to submit a rating or to record customer feedback, it is necessary to create/open a user profile on Trustpilot. In addition to a rating for the inviting company, ratings can then also be entered for any company on the Trustpilot rating portal. If a rating is submitted by clicking on the link contained in the invitation, a user profile is automatically created on TrustPilot after entering the personal data (name and email address for verification). By placing an order via our website, you expressly consent to the aforementioned transmission of reference data to Trustpilot and to the automated dispatch of an evaluation invitation from this application in accordance with Art. 6 Para. 1 lit. a) GDPR.
Social media pluginsSome of our websites include social plugins, which are, however, deactivated in the default setting for reasons of data protection. If a user calls up our website, no data is therefore transmitted to the social media services (e.g., Facebook). Profiling by third parties is thus excluded. Users have the option of activating the social plugins with one click and thus giving their consent to communication with the respective social network. If a social plugin is activated, certain data is transmitted to the respective social network, e.g., the user’s IP address, information about the browser and operating system used, the website accessed, and the date and time. In the course of this communication, data is also uploaded to our website from a server of the social media provider. The respective provider of the social plugin receives information about which websites the user visits. This may happen regardless of whether the user is currently logged in to the provider of the social plugin (e.g., Facebook) or not. The provider may also process this data outside the European Union and may be able to create individualised usage profiles. We have no influence on the type, scope and purpose of data processing by the providers of the respective social media services.
Twitter:Our website uses social plugins (e.g., “Twitter” button) of the messaging service Twitter, operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). You can recognise the corresponding plugins by a Twitter logo (e.g., blue “Twitter bird”). You can find out more about the Twitter plugins at the following link: https://twitter.com/about/resources/buttons. If you are on a page of our website that contains such a plugin, your browser will only establish a direct connection with the Twitter servers when the user activates the “Twitter” button by clicking on it. The content of the plugin is then transmitted by Twitter to your browser and integrated by it into the website. By activating the plugin, Twitter receives the information that you have accessed the corresponding page of our website. Content is then transmitted by Twitter to your browser and included on the page. Twitter thereby receives the message that you are on the corresponding page of our website. This happens even if you do not have a Twitter profile or are not logged in. Personal data (including your IP address) is then automatically forwarded to a Twitter server located in the USA and stored. A direct allocation on the part of Twitter only takes place if you are logged in to Twitter. A corresponding interaction also takes place if you actively press the button (“tweet”). This results in publication on your Twitter account and display in your contacts. Further details on how Twitter handles your personal data can be found on the following page: https://twitter.com/privacy. To prevent your data from being linked to the Twitter account, you must log out of Twitter before using our website. You can also prevent the loading of Twitter plugins by using the script blocker “NoScript” (https://noscript.net/). We process the data on the basis of your consent declared when activating the plugin in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR. The data transfer is permissible based on your consent in accordance with Art. 49 (1) a) GDPR.
Instagram:Our website uses social plugins of the messaging service Instagram, Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). You can recognise the corresponding plugins by an Instagram logo (e.g., “Instagram camera”). If you are on a page of our website that contains such a plugin, your browser only establishes a direct connection with the Instagram servers when you activate the relevant button by clicking on it. The content of the plugin is then transmitted by Instagram to your browser, which integrates it into the website. By activating the plugin, Instagram receives the information that you have accessed the corresponding page of our website. Content is then transmitted by Instagram to your browser and included on the page. Instagram thereby receives the message that you are on the corresponding page of our website. This happens even if you do not have a profile on Instagram or are not logged in. Personal data (including your IP address) is then automatically forwarded to an Instagram server located in the USA and stored. A direct attribution on the part of Instagram only takes place if you are logged in to Instagram. A corresponding interaction also takes place if you actively press the corresponding button. The result is a publication on your Instagram account and the display in your contacts. Further details on how Instagram handles your personal data can be found on the following page: https://help.instagram.com/155833707900388/. To prevent your data from being linked to the Instagram account, you must log out of Instagram before using our website. You can also prevent the loading of Instagram plugins by using the script blocker “NoScript” (https://noscript.net/). We process the data on the basis of your consent declared when activating the plugin in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR. The transfer of data is permitted on the basis of your consent in accordance with Art. 49 para. 1 lit. a) GDPR. We pass on data to other third parties if and to the extent that we have delegated the fulfilment of tasks to them. The data is only passed on insofar as this is necessary for the fulfilment of the assigned tasks. The data transfer takes place within the framework of a contract for order processing, which ensures compliance with all data protection requirements. Otherwise, data is only passed on in the cases provided for by law, for example in the case of a legal obligation to provide information to law enforcement authorities.
Duration of data storageYour personal data will be deleted by us immediately as soon as the data is no longer required for the fulfilment of contractual and legal obligations. Personal data will be stored at least for as long as is necessary for the fulfilment of contractual obligations and the exercise of contractual rights. This period may extend beyond the actual contractual period, as the data may still be relevant after the end of the contract within the framework of the limitation periods. In addition, deletion can only take place once any retention periods under tax and commercial law have expired. The criteria for the duration of the storage of cookies can be found in the corresponding section.
ConsentWhen we obtain consent from you in individual cases for certain purposes expressly designated in connection with the collection of data (in particular enquiries via a contact form). Data processing only takes place if you give us your consent. It is possible that the processing of your request is not possible without your consent and must therefore be made dependent on it. The data will be processed exclusively for the purpose(s) expressly stated. You can revoke your consent at any time with effect for the future. The revocation has no effect on the lawfulness of the processing until the time of revocation.
Cross-border data transferIf personal data is transferred to a third country, we comply with the data protection requirements in that the data transfer is based on standard contractual clauses or we obtain your consent to this in accordance with Art. 49 (1) a) GDPR. Data is only transferred in connection with the use of specific services. Due to the use of these services, data is transferred to the United States of America. The data transfer only takes place if you give us your consent. The specific details of the recipient, the personal data transferred, and the purpose of the data transfer can be found in the notes on the respective processing above. There is a risk to your personal data as a result of the data transfer. In the United States of America, there is no level of data protection comparable to EU law (GDPR) and / or national regulations (UK`s DPA) or sufficient guarantees to ensure an adequate level of data protection. Any deficits cannot be compensated by other specific guarantees due to the US legal situation. Nevertheless, depending on the service, standard contractual clauses are sometimes used in order to achieve the greatest possible protection for your data. You can find out whether standard contractual clauses are used in the information on the respective services. You can revoke your consent at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of the revocation.
When you send a data subject access requestThe legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of t data subject access request is both our legitimate interest and our legal obligation. The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defence and enforcement of our rightsThe legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.
SSL encryptionTo protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g., SSL) via HTTPS.
Economic analyses and market researchFor business reasons and in order to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties and users of our online offer. The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g., regarding services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e., anonymised values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarised data).
Automated decision-makingAutomated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Revitacare UK.
Direct marketing in the context of a customer relationshipWe use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 (1) (b) GDPR or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, and advertising purposes, Revitacare UK is entitled to contact you for these purposes via the communication channels you have ticked in this consent.
Your RightsYou have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website (www.ico.org.uk).
- information about the processing of your personal data.
- obtain access to the personal data held about you.
- ask for incorrect, inaccurate or incomplete personal data to be corrected.
- request that personal data be erased when it’s no longer needed or if processing it is unlawful.
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
- request the restriction of the processing of your personal data in specific cases.
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
- You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.