GDPR Compliance

Our Commitment

Sitevita is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy of all users within the European Economic Area (EEA). This page outlines how we handle data in accordance with GDPR requirements and the rights available to you as a data subject.

Data Controller & Processor

Sitevita as Data Controller: For merchant account data and platform usage data, Sitevita (operated by Bakemysite.com) acts as the data controller. We determine the purposes and means of processing this data.

Sitevita as Data Processor: For customer data collected through individual merchant stores (orders, shipping addresses, purchase history), Sitevita acts as a data processor on behalf of the merchant, who is the data controller. Merchants are responsible for ensuring their data collection practices comply with GDPR.

Lawful Basis for Processing

We process personal data under the following lawful bases: contractual necessity (to provide the platform services you signed up for), legitimate interest (to improve our platform and prevent fraud), consent (for analytics cookies and marketing communications — you can withdraw consent at any time), and legal obligation (to comply with tax and financial reporting requirements).

Your Rights Under GDPR

If you are located in the EEA, you have the following rights:

Data Protection Measures

We implement robust technical and organizational measures to protect personal data, including encryption of data in transit (TLS 1.3) and at rest, row-level database security ensuring complete isolation between merchant stores, regular security audits and vulnerability assessments, access controls limiting employee access to personal data, and automated data backup and disaster recovery procedures.

International Data Transfers

Our infrastructure is hosted on cloud providers (Vercel, Supabase/AWS) that may process data in regions outside the EEA. These providers maintain appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives the same level of protection as required under GDPR.

Cookie Consent

In compliance with GDPR and the ePrivacy Directive, we obtain explicit consent before placing any non-essential cookies. Analytics cookies (Google Analytics) are only activated after you click “Accept” on our cookie banner. You can change your preferences at any time on our Cookie Policy page.

Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.

Data Subject Access Requests (DSAR)

To exercise any of your GDPR rights or submit a Data Subject Access Request, contact us at support@sitevita.com with the subject line “GDPR Request.” We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

For Merchants

If you operate a store on Sitevita and serve customers in the EEA, you are the data controller for customer data collected through your store. You are responsible for providing your own privacy notice to your customers, obtaining appropriate consent for data collection, responding to DSAR requests from your customers, and ensuring your store's data practices comply with GDPR. Sitevita provides tools to help you comply, including customer account deletion, data export capabilities, and cookie consent on storefronts.

Contact

For GDPR-related inquiries, contact our data protection team at support@sitevita.com.