PERSONAL DATA WE OBTAIN

The personal data we may obtain includes:

  • Contact information, such as your name, telephone number, and postal and email address;

  • Personal characteristics, such as your age and birthdate;

  • Account information, such as login information, account preferences, and other account details;

  • Information about the products or services purchased, requested, obtained, or considered (including order history, preferences, or tendencies);

  • Payment information, such as name, billing and delivery address, bank account information, and payment card details;

  • Social media information (including your social media handle);

  • Device information, as described in the “Automated Data Collection” section below;

  • Health information, such as weight, medical history, and Adverse Event information; and

  • Any other information you submit through our websites or in communications with us, such as through forms, surveys, registration pages, emails, calls, comments, and other features on our websites.

If you are using our services to purchase a product on behalf of another, we may require you to provide certain personal data about that person, such as their medical history. If this is the case, we ask that you inform this person that you have provided us their personal data and make them aware of this Policy.

We may collect this information when you use our websites (including to make purchases), attend one of our live events, visit our booth at trade shows or otherwise interact with us (for example, call or email us). In some cases, we also may obtain your personal data from other parties, such as through referrals, or from our affiliates, vendors and other third parties with whom we work. We also may obtain other personal data about you in ways that we describe at the time of collection or otherwise with your consent.

Where we need to collect personal data by law or under the terms of a contract with you, and you choose not to provide that information when requested, we may not be able to provide you with our services. In this case, we may need to cancel a service you obtain from us but, we will notify you if this is the case. For example, if you purchase a product from us, we require certain personal data about you (and the intended recipient of the product, if different) in order to complete the sale. Without such personal data, we may not be able to provide our products to you or the intended recipient.

 

Automated Data Collection

When you use our websites or open our emails, we may obtain certain information by automated means, such as through cookies, web server logs, web beacons (including pixels and tags), session-replay software and other technologies. A “cookie” is a small file stored on your device that contains information about your device. These technologies help us (1) remember your information so you will not have to re-enter it; (2) track, understand, and analyze how you use and interact with our websites; (3) personalize your experience with our websites, including providing you advertising and content based on your interests and location; (4) measure the usability of our websites and the effectiveness of our communications; (5) authenticate your identity, protect against fraud, and provide our products and services; and (6) otherwise manage and enhance our products and services, and help ensure they are working properly. We may use these automated technologies through our websites to collect information about your device, browsing actions, usage patterns, and location. Through these automated means, we obtain certain device and browser information, such as your device IP address, general location information, unique device identifiers, device type and model, device characteristics and settings, browser information (e.g., browser type, settings, and characteristics), operating system information (e.g., type and version), time zone setting and location, language and country preferences, referring or exit URLs, and other device and application details. We also may obtain information about your interactions with our websites, such as pages visited (including the webpages you visited before coming to our websites), links clicked, features used, dates and times of access, session information, and other information about your use of our websites. We may use third-party session replay services that records users’ interactions with our websites, including users’ clicks, mouse movements and scrolls. To learn more about these services, please visit www.fullstory.com/legal/privacy-policy/. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of the features on our websites.

For more information, please visit our Cookie Policy.

Rakuten Advertising may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage, and how you interact with our properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes. For more information about Rakuten Advertising’s collection, use, and sale of your personal data and your rights, please use the links below:

Privacy policy: https://rakutenadvertising.com/legal-notices/services-privacy-policy/

Your rights: https://rakutenadvertising.com/legal-notices/services-privacy-rights-request-form/

HOW WE USE PERSONAL DATA WE OBTAIN

We use the personal data we obtain about you to perform our contract with you, or to take steps to form a contract with you, such as to:

  • Provide products and services;

  • Manage our relationship with you; and

  • Provide, onboard, and manage your account.

We also use your personal data to pursue our legitimate interests in managing our customer relationships, securing and managing our websites, and running our business. For example, we process your personal data to:

  • Verify your identity;

  • Communicate with you and provide technical and customer support;

  • Investigate and manage complaints;

  • Personalize your experience on our websites;

  • Advertise and market our products and services and provide you with offers and other communications about the products and services of ChromaDex;

  • Administer participation in surveys, sweepstakes, promotions, or other programs;

  • Compile, anonymize, or aggregate personal data for our business purposes;

  • Perform analytics and market, trend, or statistical research and analysis (including developing, deriving, and compiling market research, data sets, insights, trends, benchmarks, algorithms, models, and other analyses or information);

  • Operate, evaluate, and improve our business (including developing new products and services; enhancing, improving and analyzing our websites, products, and services; managing our relationships with current or prospective partners, customers and vendors, and other business partner personnel; and performing accounting, auditing, and other internal functions);

  • Maintain and enhance the safety and security of our websites, products, and services, prevent misuse, and troubleshoot technical issues;

  • Prevent or detect fraud and other criminal activities, claims, and other liabilities;

  • Exercise our rights and remedies and defend against legal claims;

  • Respond to regulatory requests; and

  • Comply with and enforce applicable legal requirements, relevant industry standards, and our policies and terms and conditions, including Terms of Use.

We also may use the information in other ways for which we provide specific notice at the time of collection or with your consent, if required under applicable law.

If you are based in the EEA or the UK, please see our EEA and UK Privacy Supplement.

Third-Party Analytics Services

We may use third-party analytics services on our websites, such as Google Analytics. The providers of these analytics services use technologies such as cookies and web beacons to help us analyze your use of our websites. The information collected through these means may be disclosed to or collected directly by these analytics services. To learn more about Google Analytics, please visit: https://www.google.com/policies/privacy/partners/.

Interest-Based Advertising

You may see our ads on other websites because we use third-party ad services on our websites. Through these ad services, we can tailor our messaging to individuals considering demographic data, inferred interests, and browsing context. These ad services track information about your online activities over time and across third-party websites and apps by collecting information through automated means, including through the use of cookies, web server logs, web beacons and other similar technologies. These ad services may collect data about your visits to websites and apps that participate in these services, such as the pages or ads you view and the actions you take on the websites or apps. This data collection takes place both on our websites and on third-party websites and apps that participate in these ad services. These ad services use this information to show you ads that may be tailored to your individual interests. This process also helps us track the effectiveness of our marketing efforts. 

To learn how to opt out of interest-based advertising, please visit: www.aboutads.info/choices, www.networkadvertising.org/choices, or http://preferencemgr.trustee.com/ In the EEA and UK, please visit: www.youronlinechoices.eu (or www.youronlinechoices.com/uk in the UK). For additional information on how we use cookies in connection with these services, please see our Cookie Policy.

PERSONAL DATA WE SHARE

We may share personal data, as described below:

  • Affiliated Entities: 

    We share personal data with our affiliates and subsidiaries for the purposes described in this Policy.

  • Service Providers: 

    We share personal data with vendors and other entities to perform services for us on our behalf, such as consultants, auditors, attorneys, providers of information and communication technology (including cloud storage and hosting providers), advertising and marketing, data enrichment, information verification, analytics, security, ecommerce, payment processing and billing, shipping and logistics, customer support, customer relationship management, referral programs, and other services. 

  • Your Company:

    If you are an employee or agent of our business partners, we may share your personal data with your colleagues and employer in connection with establishing, maintaining, and managing our relationship with your company.

  • Social Networks:

    We may share your personal data with social media platforms if you use those services to connect with us through the features on our websites. Where required under applicable law, we will ask for your consent to do so.

  • Business Transfers: 

    We reserve the right to transfer any personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation).

  • Others: 

    We may disclose personal data (1) if we are required to do so by law or legal process, such as a court order or subpoena; (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise, or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss, or to protect the safety, property, or rights of ChromaDex or any third party; (5) in connection with an investigation of suspected or actual illegal activity or security issues; or (6) otherwise with your consent or as directed by your representative. 

We reserve the right to use, transfer, sell, and share aggregated or other anonymous data, which does not include any personal data, about the users of our services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers. 

Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

HOW WE PROTECT PERSONAL DATA

ChromaDex maintains administrative, technical, organizational, and physical security measures to help protect personal data from accidental, unlawful, or unauthorized processing, such as unauthorized access, disclosure, use, alteration, loss, or destruction. 

DATA RETENTION

To the extent required by applicable law, we keep the personal data we obtain about you for the period necessary to achieve the purposes described in this Policy, taking into account applicable statute of limitations periods and any legal, regulatory, tax, accounting, or other records retention requirements. We may retain your personal data for a longer period in the event of a complaint or in reasonable anticipation of litigation. We generally seek to delete personal data within thirteen months of the last interaction with the respective data subject, unless such data is otherwise necessary to retain pursuant to the criteria described above.

YOUR RIGHTS AND CHOICES

Depending on where you reside, you may have the right to (1) request access to the personal data ChromaDex maintains about you; (2) request that ChromaDex update, correct, amend, or delete your personal data; (3) request the restriction of ChromaDex’s use of your personal data; or (4) opt-out of the processing of your personal data for purposes of targeted advertising, certain profiling or the sale of your personal data. In addition, subject to applicable law, you may receive, in a structured, commonly used and machine-readable format, certain elements of your personal data that you have provided to ChromaDex. Subject to applicable law, you may have the right to have this information transmitted to another company, where it is technically feasible.

To exercise these rights, please contact us using the information in the “Contact Us” section of this Policy. We may take steps to verify your identity in connection with any requests regarding personal data to help ensure that we provide the data we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that data. We may verify your identity by requiring you to authenticate the email address you use to make the request or provide information about your prior transactions or interactions with us. You may appeal our decision with respect to a request you have submitted by contacting us as described in the “Contact Us” section below.

In addition, you may ask us to stop sending you marketing emails or other promotional communications. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by contacting us as specified in the “Contact Us” section of this Policy. You also may update certain elements of your account details and settings by logging into your account on our websites.

If you are a California resident, please refer to our California Consumer Privacy Statement for more information about our privacy practices and your privacy rights under California law.

If you are based in the EEA or UK, please see our EEA and UK Privacy Supplement for additional information on your rights in relation to the personal data we hold about you.

PRIVACY OF CHILDREN

Our websites are designed for a general audience and are not directed to children under the age of 13. We do not knowingly solicit or collect personal data from anyone under the age of 18. If you believe your child’s personal data may be processed in the services, you can contact us using the information in the “Contact Us” section of this Policy to request that we delete the personal data.

For your convenience and information, our websites may provide links to other online services, and may include third-party features such as apps, tools, widgets, and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the data they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by ChromaDex, we are not responsible for these third parties’ information practices.

CHANGES TO THIS POLICY

We may update this Policy from time to time without notice to you to reflect changes in our privacy practices and the law. We will indicate at the top of the Policy when it was most recently updated. If we make any significant change to this Policy, we will post a notice on our website or otherwise notify you, to the extent required by applicable law. We encourage you to periodically review this page for the latest information on our privacy practices.

CONTACT US

If you have any questions about this Policy or our processing of your personal data, please call us at +1.888.642.4361 or send us an email to privacy@chromadex.com.

Our Data Protection Officer may be contacted as follows: privacy@chromadex.com.

EEA AND UK PRIVACY STATEMENT

This EEA and UK Privacy Statement supplements our Privacy Policy and applies solely if you reside in the European Economic Area (EEA), the United Kingdom or Switzerland.

CONTROLLERSHIP

In the context of this Policy, ChromaDex, Inc. acts as a data controller for the personal data we process. This means that we decide why and how your personal data will be processed.

TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

We may transfer the personal data we collect about you to recipients in countries other than the country in which personal data was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the personal data. When we transfer your personal data to recipients in other countries, we will protect that personal data as described in this Policy.

We are headquartered in the United States and your personal data will be transferred to or accessed by ChromaDex and our affiliates in the United States for the purposes described in this Policy. Where we transfer your personal data to the United States, or any other jurisdiction that has not been deemed to provide an adequate level of data protection, we will comply with applicable legal requirements regarding the provision of appropriate safeguards for the transfer of personal data to such jurisdictions. These safeguards include entering into EU approved Standard Contractual Clauses and/or the UK Data Transfer Addendum (as applicable) or relying on other appropriate transfer mechanisms permitted by the EU/UK GDPR.

You may ask for a copy of these safeguards by contacting us using the contact details provided below.

YOUR RIGHTS

As a data subject located in the EEA or UK, you may have the following rights regarding your personal data, subject to applicable law:

  • Right of access: You may ask us to confirm whether we are processing your personal data and, if so, to provide you with a copy of that personal data (along with certain other details).

  • Right to rectification: If the personal data we hold about you is inaccurate or incomplete, you are entitled to ask that we correct or complete the data.

  • Right to erasure: You may ask us to delete or remove your personal data in some circumstances, such as if you believe we no longer need it or if you withdraw your consent (where applicable).

  • Right to restrict processing: You may ask us to restrict the processing of your personal data in some circumstances.

  • Right to data portability: You have the right to obtain personal data you have provided to us in a structured, commonly used and machine-readable format and/or ask us to transmit your personal data to another company under certain circumstances.

  • Right to object: You may ask us at any time to stop processing your personal data, and we will do so under appropriate circumstances, if we (i) rely on legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing, or (ii) process your personal data for direct marketing. Right to withdraw consent: If we rely on your consent as legal basis for processing your personal data, you have the right to withdraw that consent at any time with effect for the future.

You may exercise your rights by contacting us as described “Contact Us” section of this Policy.

You also have the right to lodge a complaint with a supervisory authority in your country if you are not satisfied with our response.

EU REPRESENTATIVE

VeraSafe has been appointed as ChromaDex’s representative in the EU for data protection matters, pursuant to Article 27 of the EU GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of personal data under the EU GDPR. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o Klimentská 46 Prague 1, 11002 Czech Republic

VeraSafe Ireland Ltd Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland

UK REPRESENTATIVE

VeraSafe has been appointed as ChromaDex’s representative in the UK for data protection matters, pursuant to Article 27 of the UK GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of personal data under the UK GDPR. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL United Kingdom