1. Who We Are (Data Controller)
The data controller for vital-mand.eu is:
Filip Komarek
Sole trader (živnostník), Czech Republic
IČO (Business ID): 23808578
Address: Novodvorská 1068/7, 619 00 Brno, Czech Republic
Email: support@vital-mand.eu
If you have any questions about how we handle your personal data, please contact us at the email address above.
2. What Data We Collect and Why
We collect personal data for specific, legitimate purposes only. Here is an overview:
| Data | Source | Purpose | Legal Basis (GDPR) |
|---|---|---|---|
| Name and email address | LemonSqueezy checkout | Delivering your digital product; order confirmation; customer support | Art. 6(1)(b) — Performance of contract |
| Purchase and transaction data | LemonSqueezy (payment processor) | Order fulfilment; fraud prevention; legal accounting obligations | Art. 6(1)(b)(c) — Contract; legal obligation |
| IP address and approximate location | Web server logs | Security; abuse prevention; regional compliance (VAT) | Art. 6(1)(f) — Legitimate interests |
| Browser, device type, pages visited | Google Analytics 4 (anonymised) | Website analytics; understanding visitor behaviour; improving conversion | Art. 6(1)(a) — Consent (cookie banner) |
| Cookie consent status | Your browser (localStorage) | Remembering your cookie preference | Art. 6(1)(c) — Legal obligation (ePrivacy) |
We do not collect: payment card numbers (handled entirely by LemonSqueezy), sensitive health data, or data from children under 18.
3. Third-Party Data Processors
We share data with the following processors, strictly to deliver our service:
LemonSqueezy (Lemon Squeezy, LLC)
Our payment platform and Merchant of Record. LemonSqueezy processes all payments and handles EU VAT on our behalf. When you purchase through our checkout, LemonSqueezy's own Privacy Policy applies to your payment data. We receive only your name, email, and order confirmation from them.
Google Analytics 4 (Google LLC)
We use Google Analytics 4 to understand how visitors interact with our website. IP anonymisation is enabled. Data is stored on Google servers in the United States under the EU–US Data Privacy Framework. Analytics cookies are only set after you accept our cookie banner. You can opt out at any time via Google's opt-out tool.
Email / Hosting Infrastructure
Our website is hosted on Vercel, Inc. (USA). Vercel processes access logs as part of content delivery. Their Privacy Policy applies.
4. Cookies
We use the following types of cookies:
| Cookie name / key | Type | Purpose | Duration |
|---|---|---|---|
vm_cookie_accepted |
Strictly necessary | Stores your cookie consent choice | 1 year (localStorage) |
vm_en_timer_expiry |
Functional | Remembers countdown timer state within your browser session | Session only (sessionStorage) |
_ga, _ga_* |
Analytics (opt-in) | Google Analytics 4 — visitor counting, page performance | Up to 2 years |
You can withdraw your consent for analytics cookies at any time by clearing your browser cookies and not accepting the cookie banner again. Most browsers also allow you to block cookies in settings.
5. Data Retention
We retain your data only as long as necessary:
- Order / transaction data: 10 years from the date of purchase, as required by Czech accounting law (Act No. 563/1991 Coll.).
- Customer support correspondence: 3 years from the last contact.
- Analytics data (Google Analytics 4): 14 months (default GA4 retention setting).
- Server access logs: Maximum 30 days, then automatically deleted.
6. International Data Transfers
Some processors (Google, Vercel) are based in the United States. Data transfers are covered by the EU–US Data Privacy Framework and, where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives an equivalent level of protection to that required under EU law.
7. Your Rights Under GDPR
As a data subject in the European Economic Area, you have the following rights:
- Right of access (Art. 15): Request a copy of your personal data we hold.
- Right to rectification (Art. 16): Ask us to correct inaccurate data.
- Right to erasure (Art. 17): Ask us to delete your data ("right to be forgotten"), subject to our legal retention obligations.
- Right to restriction (Art. 18): Request that we limit how we use your data.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests (e.g., analytics).
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at support@vital-mand.eu. We will respond within 30 days. We may ask you to verify your identity before fulfilling the request.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. Since our business is registered in the Czech Republic, the primary supervisory authority is:
Úřad pro ochranu osobních údajů (ÚOOÚ)
Czech Data Protection Authority
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
www.uoou.cz
If you are located in Denmark, you may also contact the Danish Data Protection Authority:
Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby, Denmark
www.datatilsynet.dk
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption on all pages, restricted access to order data, and minimisation of data collected. No online transmission is 100% secure; if you believe your data has been compromised, please contact us immediately.
10. Children
Our products are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects when changes were last made. We encourage you to review this policy periodically. Continued use of our website after a change constitutes acceptance of the revised policy.
12. Contact
For any privacy-related questions, data subject requests, or concerns:
Email: support@vital-mand.eu
Response time: Within 30 days (typically within 2 business days)