Last updated: September 6, 2025 • Controller: Vita Haute
Our commitment. At Vita Haute, we value your privacy and are committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This page explains what data we collect, why we collect it, how we use it, how long we keep it, who we share it with, where we store it, and the rights you have.
1. Who We Are
Vita Haute (“we,” “us,” or “our”) operates vitahaute.com and may provide services, products, and digital content to users worldwide. For the activities described here, we generally act as a data controller—deciding why and how personal data is processed. In limited cases we may act as a data processor on behalf of another organization; where that occurs, we follow their documented instructions and enter into a compliant data processing agreement.
If you have questions about how we handle personal data, please reach out:
Data Protection Contact
Vita Haute Privacy Team
Email: daniel@vitahaute.com
Address: New York City
2. What Personal Data We Collect
Depending on your interactions with us, we may process the following categories of personal data:
- Identity Data (e.g., name, username, title, country/region).
- Contact Data (e.g., email address, telephone number, postal/billing/shipping address).
- Account Data (e.g., login credentials you create, preferences, saved items).
- Transactional and Payment Data (e.g., order details, invoices, masked card details). Payment card data is handled by PCI-compliant processors; we do not store full card numbers.
- Technical Data (e.g., IP address, device identifiers, browser type/version, operating system, time zone settings, and server logs).
- Usage Data (e.g., pages visited, referring/exit pages, engagement metrics, clicks, session duration).
- Marketing & Communications Data (e.g., newsletter opt-ins, preferences, and communication history).
We do not intentionally collect special categories of personal data (such as health data, political opinions, or biometric identifiers). If a specific service requires such data, we will obtain explicit consent or rely on another lawful basis permitted by GDPR and will apply additional safeguards.
3. How We Collect Personal Data
- Direct interactions: You provide data when you fill in forms, subscribe to our emails, participate in promotions, contact support, or complete transactions.
- Automated technologies: We use cookies, pixels, and similar technologies to gather Technical and Usage Data as you navigate our site.
- Third-party sources: We may receive data from advertising networks, analytics providers, payment and delivery services, identity verification services, affiliates, or social platforms—only as permitted by law and your settings with those services.
4. Legal Bases for Processing
We process personal data only when a lawful basis applies under Articles 6 and 9 GDPR. The main bases we rely on are:
- Consent: e.g., for marketing emails, non-essential cookies, or optional surveys. You may withdraw consent at any time (see Your GDPR Rights).
- Contract: processing needed to perform a contract or take steps at your request before entering into one (e.g., fulfilling an order).
- Legal obligation: compliance with laws such as tax, accounting, or regulatory reporting.
- Legitimate interests: for purposes such as improving services, ensuring security, preventing fraud, or understanding how our website is used—balanced against your rights and expectations.
5. Purposes of Processing
- Provide, maintain, and enhance our site, products, and services.
- Register your account and authenticate access.
- Process orders, payments, refunds, and deliver digital or physical goods.
- Provide support and respond to questions or requests.
- Send service-related notices (e.g., transactional emails, policy updates).
- With your consent, send newsletters or promotions and measure their effectiveness.
- Analyze performance, troubleshoot issues, and conduct research to improve user experience.
- Detect, prevent, and address security incidents, abuse, or fraud.
- Comply with legal obligations and enforce our terms.
6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined here, including satisfying legal, accounting, and reporting obligations. Retention periods are determined using criteria such as the nature and sensitivity of data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes through other means.
- Account data: retained while your account remains active and for a reasonable period thereafter for recordkeeping and dispute resolution.
- Transactional records: typically retained for [insert period, e.g., 7 years] to meet tax and audit requirements.
- Marketing consent records: kept until you withdraw consent or the data is no longer needed.
When retention ends, we securely delete or irreversibly anonymize the data.
8. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA) or the United Kingdom, we ensure an adequate level of protection by using one or more of the following safeguards:
- Transfers to countries recognized by the European Commission (or UK Government) as providing an adequate level of protection.
- Execution of the European Commission’s Standard Contractual Clauses (SCCs) (and UK equivalents where applicable) with recipients.
- Additional technical and organizational measures, such as encryption, access controls, and data minimization.
- Where applicable, participation of recipients in approved frameworks (e.g., EU-U.S. Data Privacy Framework).
Details about specific transfer mechanisms are available upon request.
9. Your GDPR Rights
If you are in the EEA, Switzerland, or the UK, you have the following rights (subject to conditions and exceptions under law):
- Access: request confirmation that we process your data and obtain a copy.
- Rectification: correct inaccurate or incomplete data.
- Erasure (“right to be forgotten”): request deletion in certain situations.
- Restriction: request that we limit processing in certain cases.
- Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
- Object: object to processing based on our legitimate interests, and to direct marketing at any time.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.
- Lodge a complaint: with your local supervisory authority. A list of EU authorities is available from the European Data Protection Board (EDPB).
To exercise your rights, email daniel@vitahaute.com. We may need to verify your identity to protect your data. We will respond within one month, extendable in complex cases as permitted by GDPR.
11. Data Security
We maintain appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege practices, secure development and testing, regular monitoring, vulnerability management, and staff training. While no method is 100% secure, we work to minimize risks and respond promptly to potential issues.
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, when required, communicate the breach to affected individuals.
12. Children’s Data
Our services are not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact daniel@vitahaute.com so we can take appropriate action.
13. Automated Decision-Making
We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects about you. If this changes, we will update this page and explain the logic involved, the significance and envisaged consequences, and your rights related to such processing.
14. Third-Party Links
Our site may contain links to third-party websites and services. Their privacy practices are independent of ours. We encourage you to review the privacy information of any third-party site you visit.
15. Changes to This Page
We may update this GDPR Compliance Page from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will take appropriate steps to notify you (for example, by posting a prominent notice on our website or sending you an email). The “Last updated” date at the top shows when this page was last revised.
16. Contact Information
If you have questions, requests, or concerns about this page or our handling of personal data, please contact us:
Vita Haute
Email: daniel@vitahaute.com
Phone: 718-776-4761
Address: New York City
When contacting us about your rights, please indicate the right you wish to exercise (e.g., Access, Erasure) and provide sufficient information for us to verify your identity. Do not include sensitive information unless we request it for verification.
17. Summary
We are committed to transparency, security, and respecting your choices. GDPR gives you meaningful control over your personal data. At Vita Haute, we strive to process only what we need, for clear purposes, using appropriate safeguards, and for no longer than necessary.
To learn more or to exercise your rights, email daniel@vitahaute.com. We’re here to help.