Privacy Policy

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of VitaDAO. The use of the Internet pages of VitaDAO is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the applicable data protection regulations. This data protection declaration informs the public of the nature, scope, and purpose of the personal data we collect, use and process, and the rights of data subjects.

As the controller, VitaDAO has implemented technical and organizational measures to protect personal data processed through this website. However, Internet-based data transmissions may have security gaps, so absolute protection may not be guaranteed. You may contact us via alternative means (e.g. email) for privacy requests.

This policy uses the terms of the GDPR. For clarity, we define the following:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”).

b) Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing is any operation performed on personal data (by automated means or not), such as collection, recording, organization, storage, use, disclosure, restriction, erasure, or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means automated processing of personal data to evaluate certain personal aspects relating to a natural person.

f) Pseudonymisation

Pseudonymisation is processing so that personal data can no longer be attributed to a specific data subject without additional information kept separately and protected.

g) Controller

Controller is the natural or legal person (or other body) which determines the purposes and means of processing of personal data.

h) Processor

Processor is a natural or legal person (or other body) which processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person (or other body) to whom personal data are disclosed, whether a third party or not (public authorities are not regarded as recipients when acting within a specific inquiry under law).

j) Third party

Third party is any person or entity other than the data subject, controller, processor, and persons authorized to process data under the controller/processor’s authority.

k) Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they agree to the processing of personal data.

Controller for the purposes of the GDPR and other applicable data protection laws is:

The Internet pages of VitaDAO use cookies. Cookies are text files stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a cookie ID, a unique identifier that allows servers to recognize the browser in which the cookie was stored.

Through the use of cookies, VitaDAO can provide users with more user-friendly services that would not be possible without cookie settings, such as remembering preferences or reducing repeated inputs.

You may prevent the setting of cookies through your browser settings and may delete cookies at any time. If you deactivate cookies, not all functions of our website may be entirely usable.

The website of VitaDAO collects general data and information when a data subject or automated system calls up the website. This information may be stored in server log files.

Collected data may include:

1. browser types and versions used
2. operating system used
3. referrer website (the website from which you reached ours)
4. sub-pages accessed
5. date and time of access
6. IP address
7. Internet service provider
8. other similar data for security purposes (e.g., to investigate attacks)

We do not draw conclusions about your identity from this data. This data is used to deliver content correctly, optimize the site, maintain system security, and support law enforcement in the event of a cyber-attack where legally required.

Anonymous server log data is stored separately from personal data provided by a data subject.

You may be able to register on the website by providing personal data through an input form. The specific data transmitted is determined by the respective input mask.

Personal data entered during registration is collected and stored for internal use and for providing services to registered users. We may use processors to perform these services on our behalf.

By registering, we may also store the IP address assigned by your ISP and the date and time of registration to prevent misuse and to allow investigation of offenses. We do not pass this data to third parties unless required by law or for criminal prosecution.

Registered persons may change the personal data provided during registration at any time or request deletion, unless statutory retention obligations apply.

Users may subscribe to our newsletter by providing a valid email address. Newsletters may only be received if (1) you provide a valid email address and (2) you register for newsletter shipping.

We use a double opt-in procedure: a confirmation email is sent to verify the owner of the email address.

During registration for the newsletter, we may store your IP address and the date/time of registration to protect against misuse and for legal protection.

Newsletter subscription can be terminated at any time. You can revoke consent via the unsubscribe link included in each newsletter, or by contacting the controller at dao@vitadao.com.

Newsletters may contain tracking pixels (small graphics embedded in HTML emails) that enable log file recording and analysis. This helps us understand whether an email was opened and which links were clicked.

We use this information to optimize newsletter delivery and tailor future newsletters to recipients’ interests. This information is not passed on to third parties.

You may revoke consent at any time. After revocation, the related personal data will be deleted where applicable. Unsubscribing from the newsletter is treated as a revocation.

We process and store personal data only for the period necessary to achieve the purpose of storage, or as far as required/allowed by applicable laws and regulations.

If the storage purpose no longer applies, or a legally prescribed retention period expires, personal data is routinely blocked or erased in accordance with legal requirements.

Under the GDPR, you have the following rights (subject to legal limitations):

a) Right of confirmation

You may request confirmation as to whether personal data concerning you is being processed.

b) Right of access

You may request access to your stored personal data and a copy, and information about purposes, categories, recipients, retention, and safeguards for international transfers (where applicable).

c) Right to rectification

You may request correction of inaccurate data and completion of incomplete data.

d) Right to erasure (“right to be forgotten”)

You may request deletion of your personal data where applicable, including where data is no longer necessary, consent is withdrawn, processing is unlawful, or deletion is required by law.

e) Right to restriction of processing

You may request restriction where accuracy is contested, processing is unlawful and you oppose erasure, data is needed for legal claims, or you have objected pending verification.

f) Right to data portability

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format and transmit it to another controller, where technically feasible.

g) Right to object

You may object to processing based on legitimate interests, and to processing for direct marketing at any time. You may also object to certain research/statistical processing subject to Article 89(1) GDPR limitations.

h) Automated individual decision-making, including profiling

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects, except where allowed by law or based on explicit consent with safeguards.

i) Right to withdraw consent

You may withdraw consent at any time by contacting dao@vitadao.com. Withdrawal does not affect the lawfulness of processing before withdrawal.

We may use Google Analytics, a web analytics service, for website traffic analysis and optimization. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

For Google Analytics, we may use IP anonymization (e.g.,_gat._anonymizeIp) so that IP addresses are abridged/anonymized when accessing from the EU/EEA, where supported.

Google Analytics places a cookie and processes data such as access time, approximate location derived from IP, and frequency of visits. Data may be transmitted to Google, including to the United States of America, depending on configuration and Google’s processing.

You can prevent cookies by adjusting browser settings and can delete existing cookies at any time.

You can object to Google Analytics collection/processing by installing the browser add-on from https://tools.google.com/dlpage/gaoptout.

More information:
Google Privacy Policy
Google Analytics Terms
Google Analytics overview

The Services may integrate components of Twitter (e.g., Twitter/X buttons). The operating company is Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland.

When visiting a page with a Twitter button, your browser may download and display the component. Twitter may learn which specific sub-page was visited.

If you are logged in to Twitter at the same time, Twitter may associate this visit with your Twitter account. If you do not want this, log out of Twitter before visiting our site.

More information:
Twitter buttons information
Twitter Privacy Policy

The Services may integrate YouTube components (embedded videos). The operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

When visiting a page containing a YouTube video, your browser may download and display the component. YouTube/Google may learn which specific sub-page was visited.

If you are logged in to YouTube, YouTube may associate your visit with your account. If you do not want this, log out of YouTube before visiting our site.

More information:
About YouTube
Google Privacy Policy (applies to YouTube/Google processing)

Where we obtain consent for a specific purpose, processing is based on Art. 6(1)(a) GDPR. Where processing is necessary for performance of a contract or pre-contractual measures, it is based on Art. 6(1)(b) GDPR. Where required to comply with legal obligations, it is based on Art. 6(1)(c) GDPR. Where necessary to protect vital interests, it is based on Art. 6(1)(d) GDPR. Where necessary for legitimate interests (and not overridden by your interests/rights), it is based on Art. 6(1)(f) GDPR.

Where processing is based on Art. 6(1)(f) GDPR, our legitimate interest is to operate and secure the Services and carry out our activities in favor of the well-being of personnel and stakeholders.

The criteria used to determine the period of storage is the respective statutory retention period. After expiration, data is routinely deleted unless it is still necessary for contract fulfillment, contract initiation, or legal compliance.

The provision of personal data may be required by law (e.g., tax regulations) or can result from contractual provisions. In some cases, it may be necessary to provide personal data to conclude a contract. If personal data is not provided where required, the contract may not be concluded.

For clarification about whether provision is required and the consequences of non-provision, contact dao@vitadao.com.

As a responsible organization, we do not use automatic decision-making or profiling that produces legal effects or similarly significantly affects you.

You can manage cookie settings via your browser controls. If this website provides a cookie settings tool, you can access it here: /cookie-preferences.