My Cart
Privacy Policy
At OneVit, we place immense value on safeguarding your privacy. It is our policy to respect your privacy regarding any information we collect from you across our website, https://onevit.co.uk, and any other sites or applications we own and operate.
To help you understand how we do this, we’ve put together this privacy policy outlining how we handle your personal information and comply with applicable laws and regulations.
This policy does not cover any links to third-party sites, and we recommend that you review their respective privacy policies when you leave our site.
All of the information referred to in this privacy policy is shared with our parent company, Pharmica Ltd of 236 Gray’s Inn Road, London, WC1X 8HB.
These Terms of Service were last updated on 22 November 2024
1. Information Collection
We categorise the informaiton we collect as either "automatically collected" or "voluntarily provided".
1.1 Automatically Collected
This refers to any information automatically shared by your device while accessing our services, including IP addresses, browser types, pages visited, and items in your cart during your session.
This data is collected automatically, even if you have not accepted our cookie banner. Further details are provided below:
- IP addresses: Collected for rate limiting, page restriction, and ensuring site security and integrity
- Requested URL and Web Request Details: Standard data sent by your browser, used for site functionality and analytics.
- Session Cookie: A temporary cookie (lasting 30 minutes) that stores essential information, such as your shopping cart contents, applied promo codes, and other necessary data for the normal functioning of our e-commerce services. The session data is stored securely in our SQL Server session database.
- Anti-Forgery Token Cookie: Implemented to protect against cross-site request forgery attacks, ensuring the security of your interactions with our Site.
- Essential Cookies: Used to maintain core functionalities of the Site. No personally identifiable information (PII) is collected, unless it is necessary for service provision.
We also collect information automatically using Google Analytics 4 (GA4) to analyse website traffic and user interactions:
- Consent Mode: If you have not accepted our cookie banner, GA4 operates in consent mode. In this mode:
- Event Tracking: We continue to track events such as page views, add-to-cart actions, checkout starts, and other interactions.
- Limited Data Collection: GA4 does not store cookies or use identifiers that link events to individual users or sessions. Events are independent, and we cannot associate them with a specific user journey or session.
- Purpose: This allows us to gather aggregate data on Site performance and functionality without compromising your privacy.
- With Consent: Once you accept our cookie banner:
- Enhanced Data Collection: GA4 collects additional data and uses cookies to link events to your user session.
- User Journey Analysis: We can associate your interactions across the Site, enabling us to understand your user journey from starting a checkout to completing a purchase.
- Purpose: This helps us improve our services, personalise your experience, and optimise the OneVit website based on user behaviour.
1.2 Voluntarily Provided
This refers to any information you knowingly provide when you register and create a OneVit account, purchase a OneVit product, contact us and/or participate in any of our services.
This information includes, but is not limited to:
-
Account Registration Information:
- Full Name
- Email Address
- Marketing Preferences: Whether you opt-in to receive marketing communications from us.
-
Order Placement Information - to process your orders and comply with regulatory requirements associated with Pharmica, we collect the following additional information (refer to Pharmica’s Privacy Policy for additional details):
- Sex at Birth
- Date of Birth
- Email Address
- Telephone Number (Optional)
- Full Name
- Shipping Address
This information is stored by us and shared with Pharmica for order fulfilment. It is also transmitted to Stripe via metadata when processing your payment.
-
Payment Information - We use Stripe as our payment processor. When you proceed to payment, the following applies to your card details, billing address, and alternative payment methods you might use.
- Card Details: Handled exclusively by Stripe. If you choose to save your card for future purchases while logged in, we create a customer profile on Stripe and store the associated customer ID in our database. We do not store or handle your card details directly.
- Billing Address: Collected by Stripe for payment verification.
- Alternative Payment Methods: You may also check out using PayPal or Klarna, managed through Stripe's integration.
1.3 Log Data
During your interaction with the Site, including the checkout process, we collect log data that may include:
- IP Address
- Session ID
- User ID
- Item IDs Added to Cart
This log data is stored securely using Amazon Web Services (AWS) CloudWatch, which is located in the United Kingdom (London Region). AWS acts as our data processor, processing data according to our instructions and in compliance with the GDPR.
Please note:
- Data Retention: We retain log data for 30 days to monitor system performance, detect security incidents, and improve our services. After this period, logs containing personal data are securely deleted.
- Limited Personal Information: We do not log emails or other personal user information in our logs, aside from the user ID necessary for service functionality
2. Information Useage
We use the information we collect to:
- Personalise and improve your experience on our website and provide you with the highest possible level of service.
- Communicate with you by sending information or promotions on supplements, services and/or third-party content that may interest you.
- Enhance our services by researching and analysing user data.
- Ensure compliance with all applicable laws and legal processes.
We may share your information with the following third parties:
- Pharmica: For order processing and compliance with healthcare regulations.
- Stripe: For secure payment processing. Stripe handles your payment information in accordance with their privacy policy.
- Royal Mail: To facilitate shipping and delivery of your orders.
- Amazon Web Services (AWS): We use AWS for data hosting and storage services, including; AWS CloudWatch and Amazon S3: For storing logs and data backups, which may include personal data such as IP addresses, session IDs, user IDs, and item IDs added to your cart.
-
Google Analytics 4 (GA4): We use GA4 to analyze website traffic and usage patterns. Google processes this data in accordance with their privacy policy. We use the information collected to analyze website performance, understand user behaviour, and enhance your experience on our Site. GA4 operates in two modes on our Site:
-
Consent Mode: If you have not accepted our cookie banner, GA4 operates in consent mode. In this mode:
- Event Tracking: We continue to track events such as page views, add-to-cart actions, checkout starts, and other interactions.
- Limited Data Collection: GA4 does not store cookies or use identifiers that link events to individual users or sessions. As a result, events are independent, and we cannot associate them with a specific user journey or session.
- Purpose: This allows us to gather aggregate data on Site performance and functionality without compromising your privacy.
-
Standard Mode (With Consent): Once you accept our cookie banner:
- Enhanced Data Collection: GA4 collects additional data and uses cookies to link events to your user session.
- User Journey Analysis: We can associate your interactions across the Site, enabling us to understand your user journey from starting a checkout to completing a purchase.
- Purpose: This helps us improve our services, personalize your experience, and optimize the Site based on user behaviour.
-
Consent Mode: If you have not accepted our cookie banner, GA4 operates in consent mode. In this mode:
3. Information Useage
We take the security of your data extremely seriously and implement stringent means to safeguard it from unauthorised access, alteration or deletion. We acknowledge that no method of electronic transmission or storage is 100% secure, so we cannot guarantee absolute security, but we do everything within our power to safeguard your information every day. You are responsible for maintaining the confidentiality and security of your account details and any password you use with our services.
- Secure Servers: Hosted on AWS in London with robust security protocols.
- Encryption: Sensitive data transmitted to and from our Site is encrypted using SSL/TLS technology.
- Access Controls: Restricted access to personal information to authorized personnel only.
- Regular Security Assessments: We regularly review our security practices to enhance data protection.
4. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. When we no longer require your personal information, we will delete or anonymise it.
6. Disclosure of Information
To enable us to provide our core services, we may share parts of your personal information with:
- Our parent company, Pharmica Ltd of 236 Gray’s Inn Road, London, WC1X 8HB, for order processing and compliance with healthcare regulations.
- Affiliates and partners, including third-party service providers, to enable them to deliver services on our behalf.
- Legal authorities as required by law, in connection with actual or potential legal proceedings, or to protect our rights.
- Participants in business transitions, such as stakeholders in mergers or acquisitions, where personal information may be transferred as part of the assets.
-
Third parties, including but not limited to:
- Stripe: For secure payment processing. Stripe handles your payment information in accordance with their privacy policy.
- Royal Mail: To facilitate shipping and delivery of your orders.
-
Amazon Web Services (AWS): We use AWS for data hosting and storage services. This includes:
- AWS CloudWatch and Amazon S3: For storing logs and data backups, which may include personal data such as IP addresses, session IDs, user IDs, and item IDs added to your cart.
7. Your Rights and Control Over Your Information
At OneVit, we abide by and uphold your rights in line with the General Data Protection Regulation (GDPR) and The Data Protection Act 2018. You have the right to:
- Access the personal information we hold about you.
- Correct inaccurate data or update information.
- Delete personal data under certain conditions.
- Restrict or object to the processing of information where applicable.
- Request the transfer of your personal data to you or a third party.
- Withdraw consent for data processing, such as for marketing, at any time.
Where feasible, we will provide data in a structured, commonly used format. You can request these rights by contacting us.
9. Policy updates
We reserve the right to update this policy without notice to reflect changes in our practices or legal requirements. The date marked ‘Last Updated’ at the beginning of this policy will indicate the last update. Please check this page periodically for updates.
10. Contact us
For any questions or concerns regarding your privacy, please contact:
OneVit Customer Support
236 Gray’s Inn Road
London
WC1X 8HB
Your continued use of OneVit services after any changes to this policy constitutes your acceptance of the updated policy.