Privacy Policy

Last updated September 08, 2025

This Privacy Policy for VitaLab Limited (“we”, “us”, or “our”) explains how and why we access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

  • visit our website at https://www.vitalab.uk or any site of ours that links to this Privacy Policy

  • engage with us in other related ways, including sales, marketing, or events

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have questions or concerns, contact us at enquiries@vitalab.uk.

Summary of Key Points

  • What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

  • Do we process any sensitive personal information? No. We do not process sensitive (“special category”) personal information.

  • Do we collect information from third parties? No. We do not collect information from third parties.

  • How do we process your information? To provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process information for other purposes with your consent.

  • When and with whom do we share personal information? Only in specific situations and with specific categories of third parties described below.

  • How do we keep your information safe? We use appropriate organisational and technical safeguards, but no method of transmission or storage is 100% secure.

  • What are your rights? Depending on your location, you may have rights over your personal information (access, rectification, erasure, restriction, portability, objection, etc.).

  • How do you exercise your rights? Contact us at enquiries@vitalab.uk. We will act on requests in accordance with applicable data protection laws.

Table of Contents

  1. What Information Do We Collect?

  2. How Do We Process Your Information?

  3. What Legal Bases Do We Rely On to Process Your Information?

  4. When and With Whom Do We Share Your Personal Information?

  5. Do We Use Cookies and Other Tracking Technologies?

  6. Is Your Information Transferred Internationally?

  7. How Long Do We Keep Your Information?

  8. How Do We Keep Your Information Safe?

  9. Do We Collect Information from Minors?

  10. What Are Your Privacy Rights?

  11. Controls for Do-Not-Track Features

  12. Do United States Residents Have Specific Privacy Rights?

  13. Do Other Regions Have Specific Privacy Rights?

  14. Do We Make Updates to This Notice?

  15. How Can You Contact Us About This Notice?

  16. How Can You Review, Update, or Delete the Data We Collect from You?

1. What Information Do We Collect?

Personal information you disclose to us
In short: We collect personal information that you provide to us.

We collect personal information you voluntarily provide when you request information about us or our products and Services, participate in activities on the Services, or otherwise contact us.

Personal Information Provided by You. The personal information we collect depends on the context of your interactions with us and the Services and may include:

  • Name – to personalise your experience and fulfil your order

  • Phone number – to provide order updates and address delivery enquiries

  • Email address – to send order confirmations, offers (per your preferences), and account updates

  • Mailing address – to deliver your purchases

  • Contact preference – to communicate via your preferred method

  • Billing address – to process payments and send invoices/billing communications

Sensitive information. We do not process sensitive (“special category”) information.

Payment data. If you make purchases, we may collect data necessary to process payment (e.g., payment instrument details). All payment data is handled and stored by Stripe and Shopify Payments. See their privacy notices: https://stripe.com/privacy and https://www.shopify.com/legal/privacy.

All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.

Information automatically collected
In short: Some information (such as IP address and device characteristics) is collected automatically when you visit our Services.

We automatically collect device and usage information (e.g., IP address, browser/device characteristics, operating system, language preferences, referring URLs, country and general location, pages viewed, time stamps, and other technical data) primarily for security, operation, analytics, and reporting.

Like many businesses, we use cookies and similar technologies.

Examples include:

  • Log and usage data: Service-related, diagnostic, usage, and performance information recorded in log files (IP address, device/browser info, settings, pages viewed, actions taken, system events).

  • Location data: We may collect coarse location (e.g., based on IP). You can disable location settings, though some features may not function properly without them.

2. How Do We Process Your Information?

In short: To provide, improve, and administer our Services; communicate with you; ensure security and fraud prevention; and comply with law. We may also process information for other purposes with your explicit consent.

We process your personal information to:

  • deliver and facilitate Services you request

  • respond to enquiries and provide support

  • fulfil and manage orders, payments, returns, and exchanges

  • request feedback about the Services

  • send marketing and promotional communications (per your preferences; you can opt out at any time)

  • deliver personalised content/advertising tailored to your interests and location

  • protect our Services, including fraud monitoring and prevention

  • identify usage trends and improve the Services

  • evaluate marketing and promotional effectiveness

  • protect vital interests (e.g., prevent harm)

3. What Legal Bases Do We Rely On to Process Your Information?

In short: We only process your personal information when we have a valid legal basis under applicable law (e.g., consent, contract, legal obligation, legitimate interests, or vital interests).

If you are in the EU/UK (GDPR/UK GDPR):

  • Consent – where you have given consent (you can withdraw at any time).

  • Contract – to perform a contract with you or take steps at your request before entering into a contract.

  • Legitimate interests – where reasonably necessary for our legitimate business interests and not overridden by your rights (e.g., sending offers, personalised advertising, analytics to improve Services, supporting marketing, diagnosing issues/preventing fraud, understanding usage).

  • Legal obligations – to comply with laws (e.g., cooperating with regulators, exercising/defending legal claims).

  • Vital interests – to protect your vital interests or those of another person.

If you are in Canada:
We may rely on express or implied consent, which you can withdraw at any time. In limited cases, we may process without consent where permitted by law (e.g., investigations/fraud prevention; subpoenas/court orders; witness statements for insurance; identifying/communicating with next of kin; where consent is impracticable and collection is clearly in the individual’s interests; certain publicly available information; approved research with safeguards).

4. When and With Whom Do We Share Your Personal Information?

In short: With third parties that perform services for us, under contract, and only as needed.

Vendors/Service Providers/Contractors. We share personal information with third parties that perform services for us or on our behalf and require access to such information (e.g., website hosting, sales and marketing tools, payment processing, analytics). They are contractually bound to:

  • process personal information only on our instructions,

  • protect it appropriately, and

  • not share it with others (except as permitted by us or by law).

Business transfers. We may share or transfer information in connection with or during negotiations of a merger, sale of assets, financing, or acquisition.

5. Do We Use Cookies and Other Tracking Technologies?

In short: Yes. We use cookies and similar technologies for functionality, security, preferences, analytics, and advertising.

We also allow certain third parties to use these technologies for analytics/advertising (e.g., to tailor ads or send cart reminders, per your settings). Details and choices are set out in our Cookie Policy.

Google Analytics. We may use Google Analytics. To opt out: https://tools.google.com/dlpage/gaoptout. For Google’s privacy information, see Google’s Privacy & Terms pages.

6. Is Your Information Transferred Internationally?

In short: Yes. Your information may be transferred to, stored in, and processed in countries other than your own.

Our servers are located in Canada. We may also process in the United Kingdom and other countries where our service providers operate. For EEA/UK/Swiss residents, some countries may not have data protection laws as comprehensive as your own, but we implement appropriate safeguards.

Standard Contractual Clauses (SCCs). We use the European Commission’s SCCs (and UK addenda where applicable) for transfers, requiring recipients to protect EEA/UK personal information per EU/UK data protection law. Copies and further details are available on request.

7. How Long Do We Keep Your Information?

In short: Only as long as necessary for the purposes outlined, unless a longer period is required or permitted by law.

When we have no ongoing legitimate business need to process your personal information, we will delete or anonymise it. If deletion is not immediately possible (e.g., backups), we will securely store it and isolate it from further processing until deletion is possible.

8. How Do We Keep Your Information Safe?

In short: With appropriate organisational and technical measures.

We implement reasonable security measures to protect personal information. However, no electronic transmission or storage method is completely secure, and we cannot guarantee absolute security. Transmission of personal information to and from our Services is at your own risk. You should access the Services in a secure environment.

9. Do We Collect Information from Minors?

In short: No. We do not knowingly collect data from or market to children under 18.

If we learn we have collected personal information from users under 18 (or the equivalent age under local law), we will take reasonable steps to delete it. If you become aware of such collection, contact enquiries@vitalab.uk.

10. What Are Your Privacy Rights?

In short: Depending on your location (e.g., EEA, UK, Switzerland, Canada), you may have rights to access, rectify, erase, restrict processing, object, data portability, and not be subject to decisions based solely on automated processing with legal or similarly significant effects. Where we rely on consent, you may withdraw it at any time.

To exercise rights, contact us at enquiries@vitalab.uk. We will respond in accordance with applicable law. You may also lodge a complaint with your local supervisory authority (e.g., your EEA Member State authority, the UK Information Commissioner’s Office, or the Swiss FDPIC).

Marketing opt-out. You can unsubscribe from marketing emails at any time via the link in our emails or by contacting us. We may still send non-marketing communications (e.g., service or transactional messages).

Cookies. Most browsers accept cookies by default. You can remove or reject cookies in your browser settings; some features may not function properly without them.

11. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track (DNT) setting. No uniform standard exists for recognising DNT signals, so we do not currently respond to them. If a standard is adopted that we must follow, we will update this Policy.

12. Do United States Residents Have Specific Privacy Rights?

In short: Certain US state laws (e.g., CA, CO, CT, DE, FL, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA) grant additional rights (subject to limits), including access, correction, deletion, copy/portability, and opt-out rights (targeted advertising, “sale”/“sharing,” profiling producing legal or similarly significant effects).

Categories of personal information collected in the last 12 months (illustrative):

  • A. Identifiers (YES): name, alias, postal address, phone, IP address, email, account name

  • B. Customer Records per CA law (YES): name, contact info, financial info (as applicable)

  • C. Protected characteristics (NO)

  • D. Commercial information (NO)

  • E. Biometric information (NO)

  • F. Internet/network activity (NO)

  • G. Geolocation data (YES): device location (coarse)

  • H. Audio/electronic/sensory (NO)

  • I. Professional/employment (NO)

  • J. Education information (NO)

  • K. Inferences (NO)

Sources, uses, and sharing are described elsewhere in this Policy.

Authorised agents. Where state law allows, you may use an authorised agent to submit a request. We may require proof of authority and identity verification.

Verification. We will verify your identity before fulfilling requests, using information you provide and/or information already on file.

Appeals. Where applicable, if we deny your request, you may appeal by emailing enquiries@vitalab.uk. If your appeal is denied, you may contact your state attorney general.

California “Shine the Light.” California residents may request, once per year and free of charge, information about categories of personal information disclosed to third parties for their direct marketing and the names/addresses of those third parties. Submit requests to enquiries@vitalab.uk.

13. Do Other Regions Have Specific Privacy Rights?

Australia & New Zealand. We process personal information under the Privacy Act 1988 (AU) and Privacy Act 2020 (NZ). This Policy provides required notices (what we collect, sources, purposes, recipients). If you do not provide necessary data, we may be unable to deliver certain services. You may request access/correction (see Section 16). Complaints may be made to the OAIC (Australia) or the NZ Privacy Commissioner.

Republic of South Africa. You may request access/correction (see Section 16). Complaints may be made to the Information Regulator (South Africa):
General: enquiries@inforegulator.org.za
Complaints: PAIAComplaints@inforegulator.org.za and POPIAComplaints@inforegulator.org.za

14. Do We Make Updates to This Notice?

In short: Yes. We will update this Policy as necessary to remain compliant with laws. The updated version will be indicated by the “Last updated” date at the top. If we make material changes, we may notify you via a prominent notice or direct communication.

15. How Can You Contact Us About This Notice?

Phone: +44 20 3576 4839
Email: enquiries@vitalab.uk
Address: 86-90 Paul St, London EC2A 4NE, United Kingdom

Support Hours:
Monday to Friday: 09:00 AM to 5:00 PM

Company Information:
Company Name: VitaLab Ltd
Company Reg No: 13110728

16. How Can You Review, Update, or Delete the Data We Collect from You?

Depending on your local laws, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, delete your personal information, withdraw consent (where applicable), or obtain a copy. To submit a request, email enquiries@vitalab.uk. We will respond in accordance with applicable law.

Login

Forgot your password?

Don't have an account yet?
Create account