Effective Date: 25th December 2024
At Vitasigns, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR), where applicable. This GDPR Compliance Statement outlines our responsibilities and practices related to the processing of personal data of individuals located in the European Economic Area (EEA) and the United Kingdom (UK).
While Vitasigns LLC is based in California, USA, we recognize our responsibilities under Article 3(2) of the GDPR, which applies to non-EU entities that offer goods or services to, or monitor the behavior of, individuals in the EU or UK.
1. Data Controller
Vitasigns LLC acts as the data controller for any personal data we collect from individuals located in the EEA or UK when accessing our services.
Contact Information:
Vitasigns LLC
P.O. Box 8592, Newport Beach, CA 92658
Email: hello@vitasigns.com
Phone: (949) 200-6840
2. Lawful Basis for Processing
In accordance with GDPR, we only process personal data when we have a lawful basis to do so. These include:
- Consent: You have given explicit permission for processing your data for specific purposes.
- Contractual Necessity: Processing is required to fulfill a contract with you or to take pre-contractual steps at your request.
- Legal Obligation: Processing is necessary to comply with a legal obligation.
- Legitimate Interests: Processing is necessary for our legitimate interests (e.g., service improvement or fraud prevention), provided it does not override your fundamental rights and freedoms.
3. Special Category Data (Health Information)
As part of providing healthcare-related services, we may process special category data as defined in Article 9 of the GDPR. This includes health-related information such as medical history, diagnosis, and treatment plans.
We only process this type of data when:
- You have provided explicit consent, or
- It is necessary for the provision of healthcare or treatment under Article 9(2)(h), or
- It is required for reasons of public interest in public health under Article 9(2)(i)
4. Your Rights Under GDPR
If you are located in the EEA or UK, you have the following rights under GDPR:
- Right of Access: Request access to your personal data and how it’s used.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure (Right to Be Forgotten): Request deletion of your personal data under certain conditions.
- Right to Restrict Processing: Ask us to restrict or suspend processing of your data under specific conditions.
- Right to Data Portability: Obtain your data in a structured, machine-readable format and transmit it to another controller.
- Right to Object: Object to data processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time if processing is based on your consent.
To exercise any of these rights, please contact us at hello@vitasigns.com.
These rights apply only to individuals located in the EEA and UK. If you are a resident of California, please refer to our Privacy Policy for your applicable rights under U.S. law.
5. Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal or significant effects on individuals. If this changes, we will notify users and provide options to opt out or request human intervention.
6. International Data Transfers
As Vitasigns is based in the United States, your personal data may be transferred to and processed outside the EEA or UK.
To ensure appropriate safeguards, we use the following mechanisms:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with service providers that comply with GDPR standards
By using our Services from within the EEA or UK, you acknowledge and consent to the international transfer of your data as described.
7. Data Security
We use appropriate technical and organizational security measures to protect your personal data, including:
- Secure data encryption and SSL certificates
- Access control and multi-factor authentication for systems
- Regular security audits and vulnerability assessments
However, no online system is 100% secure. We recommend using strong passwords and contacting us immediately if you suspect unauthorized access.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, tax, or contractual obligations.
Once your data is no longer needed, we securely delete or anonymize it.
9. Supervisory Authority and Complaints
If you are located in the EEA or UK and believe your data protection rights have not been respected, you have the right to lodge a complaint with your local data protection supervisory authority.
For UK residents:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: +44 303 123 1113
A list of EU supervisory authorities can be found here:
https://edpb.europa.eu/about-edpb/board/members_en
10. Changes to This GDPR Compliance Page
We may update this GDPR Compliance Statement from time to time. Changes will be posted on this page with a new effective date. Material changes may also be communicated by email or notification through our Services.
We encourage you to review this page regularly to stay informed about how we protect your data.
11. Links to Other Privacy Policies
For additional information on how we collect, use, and protect your personal information—including that of U.S. residents—please review our: