Privacy Policy

Last updated: 27 June 2026

This Privacy Policy explains how VitaPop ("we", "us" or "our") collects, uses, shares and protects your personal data when you visit our website at vitapop.co.uk, place an order, subscribe to our emails or otherwise interact with us. We are committed to protecting your privacy and handling your personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

Please read this policy carefully. By using our website and services, you understand how we handle your personal data as described below.

1. Who we are and who is responsible for your data

VitaPop is the data controller responsible for your personal data. This means we decide how and why your personal data is processed.

  • Legal name: VitaPop
  • Email: hello@vitapop.co.uk

If you have any questions about this policy or about how we use your personal data, please contact us using the details at the end of this policy.

2. What personal data we collect

We collect and process the following categories of personal data:

  • Identity and contact data: your name, billing and delivery address, email address and telephone number.
  • Order and transaction data: details of the products you buy, your order history, subscription details, and records of payments to and from you.
  • Payment data: we do not store your full card details. Payment card information is collected and processed securely by our payment providers. We may receive limited information such as the last four digits of your card, the card type and confirmation that a payment was successful.
  • Account data: if you create an account or a Subscribe and Save subscription, this includes your login details and saved preferences.
  • Communications data: the content of messages you send us by email or contact form, and our responses, including any customer service or returns history.
  • Marketing and preferences data: your preferences for receiving marketing from us and your communication preferences.
  • Technical and usage data: your IP address, browser type and version, device information, time zone setting, operating system, and information about how you use our website, collected through cookies and similar technologies.

We collect this data when you place an order, create an account, start a subscription, sign up to our newsletter, contact us, or browse our website.

3. How and why we use your personal data, and our lawful bases

Under UK GDPR we must have a lawful basis for processing your personal data. The list below sets out how we use your data and the lawful basis we rely on for each purpose.

  • To process and deliver your orders, manage payments, fees and charges, and arrange delivery. Lawful basis: performance of a contract with you.
  • To manage your Subscribe and Save subscription, including taking recurring payments, sending renewal and shipping notifications, and processing skips, pauses and cancellations. Lawful basis: performance of a contract with you.
  • To manage our relationship with you, including notifying you about changes to our terms or policies and responding to your enquiries and customer service requests. Lawful basis: performance of a contract and our legitimate interests in running our business and keeping our records up to date.
  • To handle returns, refunds and complaints and to maintain records relating to them. Lawful basis: performance of a contract, legal obligation and our legitimate interests.
  • To send you marketing communications such as newsletters and offers by email. Lawful basis: your consent, or, where you are an existing customer who bought or asked about a similar product from us and you have not opted out, the "soft opt-in" permitted under PECR (you can opt out at any time).
  • To improve our website, products and services and to understand how customers use our site through analytics. Lawful basis: your consent for non-essential cookies, and our legitimate interests in improving and growing our business.
  • To advertise to you and measure our advertising on platforms such as Meta and Google. Lawful basis: your consent for advertising and tracking cookies.
  • To prevent fraud, ensure the security of our website and protect our business and customers. Lawful basis: our legitimate interests and, where applicable, legal obligation.
  • To comply with our legal and regulatory obligations, including tax, accounting and consumer protection law. Lawful basis: legal obligation.

4. Cookies and tracking technologies

Our website uses cookies and similar technologies (such as pixels and tags) to make the site work, to remember your preferences, to understand how you use the site, and to deliver and measure advertising.

  • Strictly necessary cookies are essential for the website and checkout to function, for example to remember the contents of your basket. These do not require your consent.
  • Analytics cookies help us understand how visitors use our site so we can improve it.
  • Advertising and tracking cookies, including those set by Meta (Facebook and Instagram) and Google, allow us to show you relevant ads and measure their performance.

Non-essential cookies are only set with your consent, which you can give or withdraw at any time through our cookie banner or your browser settings. You can also block or delete cookies through your browser settings, although some parts of the website may not work properly if you do.

5. Who we share your data with

We do not sell your personal data. We share it only with trusted third parties who help us run our business, and only to the extent necessary. These include:

  • Shopify - our e-commerce platform, which hosts our website and processes orders and account data on our behalf.
  • Payment processors - to securely process your payments. They handle your card details under their own privacy policies and security standards.
  • Omnisend - our email marketing provider, which sends our newsletters and lifecycle emails and stores your email address and marketing preferences.
  • Couriers and delivery partners - to deliver your order, we share your name, delivery address, email and telephone number so they can complete and update you on your delivery.
  • Meta and Google - for advertising, analytics and measuring the performance of our marketing, where you have consented to advertising and analytics cookies.
  • Professional advisers and service providers - such as accountants, IT and security providers, and legal advisers, where necessary.
  • Authorities and regulators - where we are required to do so by law, or to establish, exercise or defend our legal rights.

If our business is sold or merged, your personal data may be transferred to the new owner, who will continue to handle it in line with this policy.

6. International transfers

Some of our service providers, including Shopify, Omnisend, Meta and Google, are based outside the United Kingdom or process data outside the UK. Where your personal data is transferred outside the UK, we make sure it is protected by appropriate safeguards, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or a transfer to a country that the UK government has decided provides an adequate level of protection. You can ask us for more information about these safeguards using the contact details below.

7. How long we keep your data

We keep your personal data only for as long as we need it for the purposes set out in this policy. In particular:

  • We keep order and transaction records for as long as necessary to fulfil your order and manage any subscription, and then for at least six years afterwards to meet our legal, tax and accounting obligations.
  • We keep account and subscription data for as long as your account or subscription is active, and for a reasonable period afterwards.
  • We keep marketing data until you unsubscribe or withdraw your consent, and for a short period afterwards to record your preference.
  • We keep customer service and returns correspondence for as long as needed to handle your query and any follow-up.

When we no longer need your personal data, we will securely delete or anonymise it.

8. Your data rights

Under UK GDPR you have the following rights in relation to your personal data:

  • The right to be informed about how we use your personal data, as set out in this policy.
  • The right of access - to ask for a copy of the personal data we hold about you.
  • The right to rectification - to ask us to correct personal data that is inaccurate or incomplete.
  • The right to erasure - to ask us to delete your personal data in certain circumstances, sometimes known as the right to be forgotten.
  • The right to restrict processing - to ask us to limit how we use your personal data in certain circumstances.
  • The right to object - to object to our processing of your personal data where we rely on legitimate interests, and to object to direct marketing at any time.
  • The right to data portability - to ask us to provide your personal data to you, or another provider, in a structured, commonly used and machine-readable format.
  • The right to withdraw consent - where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing before your withdrawal.

To exercise any of these rights, please contact us at hello@vitapop.co.uk. We will respond within one month. We will not normally charge a fee, and we may need to verify your identity before acting on your request.

9. Marketing and how to unsubscribe

We will only send you marketing emails where you have agreed to receive them, or where you are an existing customer and we are telling you about similar products and you have not opted out. You can unsubscribe at any time by clicking the "unsubscribe" link in any marketing email, by updating your preferences in your account, or by emailing us at hello@vitapop.co.uk. Even if you opt out of marketing, we will still send you essential service messages relating to your orders and subscriptions, such as order confirmations, delivery updates and subscription renewal reminders.

10. Children

Our website and products are intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Keeping your data secure

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration. Our website uses secure encrypted connections, and our payment processing is handled by providers who meet recognised security standards. While no method of transmission over the internet is completely secure, we take all reasonable steps to keep your data safe.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

13. How to contact us and how to complain

If you have any questions about this Privacy Policy, or if you wish to exercise any of your data rights, please contact us:

  • VitaPop
  • Email: hello@vitapop.co.uk
  • Legal name: VitaPop

We hope to resolve any concerns you may have, so please contact us in the first instance. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters, if you are unhappy with how we have handled your personal data.

  • Information Commissioner's Office
  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Nothing in this policy affects your statutory rights under the Consumer Rights Act 2015, the Consumer Contracts Regulations 2013 or other applicable consumer protection law.

14. Important information about our products

VitaPop lollipops are a food supplement and confectionery product, not a medicine. Food supplements are not a substitute for a varied, balanced diet and a healthy lifestyle. Our products are not intended to diagnose, treat, cure or prevent any disease. Do not exceed the recommended daily intake. If you are pregnant, breastfeeding, taking any medication or under 18, please consult a doctor before use. Keep out of the reach of young children.