Privacy Policy

At OneVit, we place immense value on safeguarding your privacy. It is our policy to respect your privacy regarding any information we collect from you across our website, https://onevit.co.uk, and any other sites or applications we own and operate.

To help you understand how we do this, we’ve put together this privacy policy outlining how we handle your personal information and comply with applicable laws and regulations.

This policy does not cover any links to third-party sites, and we recommend that you review their respective privacy policies when you leave our site.

All of the information referred to in this privacy policy is shared with our parent company, Pharmica Ltd of 236 Gray’s Inn Road, London, WC1X 8HB.

These Terms of Service were last updated on 22 November 2024

1. Information Collection

We categorise the informaiton we collect as either "automatically collected" or "voluntarily provided".

1.1 Automatically Collected

This refers to any information automatically shared by your device while accessing our services, including IP addresses, browser types, pages visited, and items in your cart during your session.

This data is collected automatically, even if you have not accepted our cookie banner. Further details are provided below:

  • IP addresses: Collected for rate limiting, page restriction, and ensuring site security and integrity
  • Requested URL and Web Request Details: Standard data sent by your browser, used for site functionality and analytics.
  • Session Cookie: A temporary cookie (lasting 30 minutes) that stores essential information, such as your shopping cart contents, applied promo codes, and other necessary data for the normal functioning of our e-commerce services. The session data is stored securely in our SQL Server session database.
  • Anti-Forgery Token Cookie: Implemented to protect against cross-site request forgery attacks, ensuring the security of your interactions with our Site.
  • Essential Cookies: Used to maintain core functionalities of the Site. No personally identifiable information (PII) is collected, unless it is necessary for service provision.

We also collect information automatically using Google Analytics 4 (GA4) to analyse website traffic and user interactions:

  • Consent Mode: If you have not accepted our cookie banner, GA4 operates in consent mode. In this mode:
    • Event Tracking: We continue to track events such as page views, add-to-cart actions, checkout starts, and other interactions.
    • Limited Data Collection: GA4 does not store cookies or use identifiers that link events to individual users or sessions. Events are independent, and we cannot associate them with a specific user journey or session.
    • Purpose: This allows us to gather aggregate data on Site performance and functionality without compromising your privacy.
  • With Consent: Once you accept our cookie banner:
    • Enhanced Data Collection: GA4 collects additional data and uses cookies to link events to your user session.
    • User Journey Analysis: We can associate your interactions across the Site, enabling us to understand your user journey from starting a checkout to completing a purchase.
    • Purpose: This helps us improve our services, personalise your experience, and optimise the OneVit website based on user behaviour.

1.2 Voluntarily Provided

This refers to any information you knowingly provide when you register and create a OneVit account, purchase a OneVit product, contact us and/or participate in any of our services.

This information includes, but is not limited to:

  • Account Registration Information:
    • Full Name
    • Email Address
    • Marketing Preferences: Whether you opt-in to receive marketing communications from us.
  • Order Placement Information - to process your orders and comply with regulatory requirements associated with Pharmica, we collect the following additional information (refer to Pharmica’s Privacy Policy for additional details):
    • Sex at Birth
    • Date of Birth
    • Email Address
    • Telephone Number (Optional)
    • Full Name
    • Shipping Address

    This information is stored by us and shared with Pharmica for order fulfilment. It is also transmitted to Stripe via metadata when processing your payment.

  • Payment Information - We use Stripe as our payment processor. When you proceed to payment, the following applies to your card details, billing address, and alternative payment methods you might use.
    • Card Details: Handled exclusively by Stripe. If you choose to save your card for future purchases while logged in, we create a customer profile on Stripe and store the associated customer ID in our database. We do not store or handle your card details directly.
    • Billing Address: Collected by Stripe for payment verification.
    • Alternative Payment Methods: You may also check out using PayPal or Klarna, managed through Stripe's integration.

1.3 Log Data

During your interaction with the Site, including the checkout process, we collect log data that may include:

  • IP Address
  • Session ID
  • User ID
  • Item IDs Added to Cart

This log data is stored securely using Amazon Web Services (AWS) CloudWatch, which is located in the United Kingdom (London Region). AWS acts as our data processor, processing data according to our instructions and in compliance with the GDPR.

Please note:

  • Data Retention: We retain log data for 30 days to monitor system performance, detect security incidents, and improve our services. After this period, logs containing personal data are securely deleted.
  • Limited Personal Information: We do not log emails or other personal user information in our logs, aside from the user ID necessary for service functionality

2. Information Useage

We use the information we collect to:

  • Personalise and improve your experience on our website and provide you with the highest possible level of service.
  • Communicate with you by sending information or promotions on supplements, services and/or third-party content that may interest you.
  • Enhance our services by researching and analysing user data.
  • Ensure compliance with all applicable laws and legal processes.

We may share your information with the following third parties:

  • Pharmica: For order processing and compliance with healthcare regulations.
  • Stripe: For secure payment processing. Stripe handles your payment information in accordance with their privacy policy.
  • Royal Mail: To facilitate shipping and delivery of your orders.
  • Amazon Web Services (AWS): We use AWS for data hosting and storage services, including; AWS CloudWatch and Amazon S3: For storing logs and data backups, which may include personal data such as IP addresses, session IDs, user IDs, and item IDs added to your cart.
  • Google Analytics 4 (GA4): We use GA4 to analyze website traffic and usage patterns. Google processes this data in accordance with their privacy policy. We use the information collected to analyze website performance, understand user behaviour, and enhance your experience on our Site. GA4 operates in two modes on our Site:
    • Consent Mode: If you have not accepted our cookie banner, GA4 operates in consent mode. In this mode:
      • Event Tracking: We continue to track events such as page views, add-to-cart actions, checkout starts, and other interactions.
      • Limited Data Collection: GA4 does not store cookies or use identifiers that link events to individual users or sessions. As a result, events are independent, and we cannot associate them with a specific user journey or session.
      • Purpose: This allows us to gather aggregate data on Site performance and functionality without compromising your privacy.
    • Standard Mode (With Consent): Once you accept our cookie banner:
      • Enhanced Data Collection: GA4 collects additional data and uses cookies to link events to your user session.
      • User Journey Analysis: We can associate your interactions across the Site, enabling us to understand your user journey from starting a checkout to completing a purchase.
      • Purpose: This helps us improve our services, personalize your experience, and optimize the Site based on user behaviour.

3. Information Useage

We take the security of your data extremely seriously and implement stringent means to safeguard it from unauthorised access, alteration or deletion. We acknowledge that no method of electronic transmission or storage is 100% secure, so we cannot guarantee absolute security, but we do everything within our power to safeguard your information every day. You are responsible for maintaining the confidentiality and security of your account details and any password you use with our services.

  • Secure Servers: Hosted on AWS in London with robust security protocols.
  • Encryption: Sensitive data transmitted to and from our Site is encrypted using SSL/TLS technology.
  • Access Controls: Restricted access to personal information to authorized personnel only.
  • Regular Security Assessments: We regularly review our security practices to enhance data protection.

4. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. When we no longer require your personal information, we will delete or anonymise it.

6. Disclosure of Information

To enable us to provide our core services, we may share parts of your personal information with:

  • Our parent company, Pharmica Ltd of 236 Gray’s Inn Road, London, WC1X 8HB, for order processing and compliance with healthcare regulations.
  • Affiliates and partners, including third-party service providers, to enable them to deliver services on our behalf.
  • Legal authorities as required by law, in connection with actual or potential legal proceedings, or to protect our rights.
  • Participants in business transitions, such as stakeholders in mergers or acquisitions, where personal information may be transferred as part of the assets.
  • Third parties, including but not limited to:
    • Stripe: For secure payment processing. Stripe handles your payment information in accordance with their privacy policy.
    • Royal Mail: To facilitate shipping and delivery of your orders.
    • Amazon Web Services (AWS): We use AWS for data hosting and storage services. This includes:
      • AWS CloudWatch and Amazon S3: For storing logs and data backups, which may include personal data such as IP addresses, session IDs, user IDs, and item IDs added to your cart.

7. Your Rights and Control Over Your Information

At OneVit, we abide by and uphold your rights in line with the General Data Protection Regulation (GDPR) and The Data Protection Act 2018. You have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate data or update information.
  • Delete personal data under certain conditions.
  • Restrict or object to the processing of information where applicable.
  • Request the transfer of your personal data to you or a third party.
  • Withdraw consent for data processing, such as for marketing, at any time.

Where feasible, we will provide data in a structured, commonly used format. You can request these rights by contacting us.

8. Use of cookies

Our website uses cookies to enhance user experience and improve our services. Cookies may be used for analytics, marketing, and/or to store user preferences. Cookies can be classified as:

  • Essential Cookies
    • Purpose: These cookies are necessary for our website to function properly and cannot be disabled in our systems.
    • Usage: They are usually only set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms.
    • Note: These cookies ensure that essential services and functionalities, such as remembering user sessions, remain operational.
  • Non-Essential Cookies
    • Purpose: These cookies help us improve our website by collecting and reporting information on its usage.
    • Usage: These cookies are set only if you consent to them through our cookie banner.
    • Note: Non-essential cookies are used for analytics, user behaviour tracking and/or marketing purposes, which help enhance the user experience.
  • First-Party Cookies
    • Purpose: These cookies are set by our website domain (www.onevit.co.uk) directly.
    • Usage: Although the functionality of these cookies may be provided by third-party services such as Stripe or Google Analytics, they are stored on our domain, making them first-party cookies.
    • Note: First-party cookies are used to enhance our website's performance and user experience while remaining directly linked to the website itself.

OneVit website uses the following types of cookies:

Cookie Name Purpose Data Collected Duration Type First / Third Party
.AspNet.Consent Stores user's cookie consent preference Consent preference (accepted/rejected) 1 year Essential First‑Party
.AspNetCore.Antiforgery Anti‑forgery token to prevent CSRF attacks Randomly generated token Session Essential First‑Party
.AspNetCore.Session Maintains user session, shopping cart, and preferences Session identifier Session Essential First‑Party
__stripe_mid Fraud prevention and secure payment processing Device identification data 1 year Essential First‑Party (Stripe)
__stripe_sid Fraud prevention and secure payment processing Session identification data 30 minutes Essential First‑Party (Stripe)
_ga User identification for analytics Anonymous unique identifier 2 years Non‑Essential First‑Party (GA4)
_gid Session identification for analytics Anonymous session identifier 24 hours Non‑Essential First‑Party (GA4)
_gat Throttle request rate to Google Analytics None (used to limit requests) 1 minute Non‑Essential First‑Party (GA4)

Please refer to the additional information regarding each type of cookie below:

  1. .AspNet.Consent
    • Purpose: Remembers your cookie consent preferences.
    • Essential: Yes, as it stores your choices regarding cookie usage.
    • Duration: 1 year.
    • Data Collected: Records whether you have accepted or rejected cookies.
  2. .AspNet.Antiforgery
    • Purpose: Protects the website against Cross-Site Request Forgery (CSRF) attacks.
    • Essential: Yes, necessary for website security.
    • Duration: Session (deleted when you close your browser).
    • Data Collected: A randomly generated token to validate form submissions.
  3. .AspNet.Session
    • Purpose: Maintains your session information, including shopping cart contents and preferences.
    • Essential: Yes, required for the functionality of the website.
    • Duration: Session (deleted when you close your browser).
    • Data Collected: Session identifier.
  4. __stripe_mid
    • Purpose: Used by Stripe to prevent fraud and ensure secure payment transactions.
    • Essential: Yes, necessary for processing payments securely.
    • Duration: 1 year.
    • Data Collected: Device identification data to distinguish users.
    • First-Party/Third-Party: First-Party (Stripe)
  5. __stripe_sid
    • Purpose: Also used by Stripe for fraud prevention during payment processing.
    • Essential: Yes, necessary for processing payments securely.
    • Duration: 30 minutes.
    • Data Collected: Session identification data.
    • First-Party/Third-Party: First-Party (Stripe)
  6. __ga
    • Purpose: Used by Google Analytics to distinguish users for website analytics.
    • Essential: No, this is a non-essential cookie used only with your consent.
    • Duration: 2 years.
    • Data Collected:Anonymous unique identifier to track user interactions.
  7. __gid
    • Purpose: Used by Google Analytics to distinguish users for website analytics.
    • Essential: No, this is a non-essential cookie used only with your consent.
    • Duration: 24 hours.
    • Data Collected: Anonymous session identifier.
  8. __gat
    • Purpose: Used by Google Analytics to throttle request rates, limiting data collection on high-traffic sites.
    • Essential: No, this is a non-essential cookie used only with your consent.
    • Duration: 1 minute.
    • Data Collected: Does not store personal data; it limits the number of requests.

We also work with other companies (such as Google Ads, Google Analytics and Bing Ads) which may use cookies and other technologies to improve your browsing experience.

If you have any questions regarding the usage and management of cookies, please contact us.

9. Policy updates

We reserve the right to update this policy without notice to reflect changes in our practices or legal requirements. The date marked ‘Last Updated’ at the beginning of this policy will indicate the last update. Please check this page periodically for updates.

10. Contact us

For any questions or concerns regarding your privacy, please contact:

OneVit Customer Support

236 Gray’s Inn Road

London

WC1X 8HB

hello@onevit.co.uk

Your continued use of OneVit services after any changes to this policy constitutes your acceptance of the updated policy.