In the context of this Policy, ChromaDex acts as a data controller for the Personal Data we process. This means that we decide why and how your Personal Data will be processed.
Depending on whether you are a current or prospective customer, a website visitor or a current or prospective business partner (e.g. a supplier), we may process various types of Personal Data, as described in the Table below. The Table below also shows you how and why we collect Personal Data and the categories of third parties with whom we share Personal Data.
Within the scope of this Policy, we may rely on one or more of the following legal grounds for processing your Personal Data:
We may share your Personal Data with service providers, as indicated in the Table. We will require that these third-party service providers maintain at least the same level of data protection that we maintain for such Personal Data.
|Category of Personal Data||Examples of the Personal Data Falling Under This Category||Categories of Sources of This Personal Data||Business/Commercial Purpose(s) for the Collection||Categories of Third Parties with Whom We Share This Personal Data|
|Identifiers and other Personal Data||First and last name, postal address, email address, signature, phone number and for current and prospective customers who wish to create an account, account name, account password, or other similar identifiers.||When you share it with us directly as a website visitor, as a current or prospective customer, as a current or prospective business partner, based on publicly available information, or when we receive your Personal Data from online marketplaces like Amazon.||Marketing, selling, and delivering our products to you, enquiring about your level of satisfaction with our products and services, procuring products and services from you, as a fundamental aspect of a contractual relationship between us and/or responding to your requests and inquiries.||
We may disclose these Categories of Personal Information to third parties which are commercially
reasonable and strictly necessary to fulfil the purposes for collecting your Personal Information,
including but not limited to the following service providers:
|Commercial Information||Records of products or services supplied, purchased, obtained, or considered, or other purchasing or consuming histories, preferences or tendencies.||Marketing, selling, and delivering our products to you and/or establishing your purchasing or consuming history, preferences or tendencies.|
|Inferences Drawn From Other Personal Data||Profiles reflecting a person's preferences, characteristics, predispositions, and behavior.||Establishing your purchasing or consuming history, preferences or tendencies.|
|Special Categories of Personal Data||First and last name, postal address, email address, signature, phone number, physical characteristics or description, medical or health information. Some information in this category may overlap with other categories.||Marketing, selling, and delivering our products to you, enquiring about your level of satisfaction and experiences with our products and services, establishing your purchasing or consuming history, preferences or tendencies.|
Some of our service providers who receive your Personal Data may be located in countries outside of the EU or the EEA. In some cases, the European Commission may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under European law. Transfers of your Personal Data to such service providers will typically be subject to appropriate safeguards, such as the standard contractual clauses for the transfer of Personal Data to third countries, as approved by, and available directly from, the European Commission.
We may also disclose your Personal Data:
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
ChromaDex has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Personal Data will be deleted within thirteen months of the last interaction with the respective data subject.
If you are a data subject about whom we store Personal Data, you may have the legal right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may also have the right to ask that we limit our processing of your Personal Data, as well as the right to object to our processing of your Personal Data. You may also have the right to ask to have your Personal Data exported in a machine-readable format. To make such requests, if applicable, please contact us using the information in the “Contact Us” section of this Policy.
Our websites are not designed to collect data from children under the age of 13. We do not knowingly collect Personal Data from anyone under 18. If you believe your child’s Personal Data may be processed in the services, you can contact us using the information in the “Contact Us” section of this Policy to request that we delete the Personal Data.
If we make any material change to this Policy, we will post the revised Policy to this web page and update the “Effective on” date above to reflect the date on which the new Policy became effective.
If you are a California resident, please refer to our California Privacy Notice https://www.TruNiagen.com/privacy-policy-ca.
If you have any questions about this Policy or our processing of your Personal Data, please call us at
+1-949-419-0288 or send us an email to
Our Data Protection Officer may be contacted as follows:
Please allow up to 30 days for us to reply.
VeraSafe has been appointed as ChromaDex’s representative in the EU for data protection matters, pursuant to
Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in
addition to ChromaDex only on matters related to the processing of Personal Data. To make such an inquiry,
please contact VeraSafe using this contact form:
Alternatively, VeraSafe can be contacted at:
If you are a data subject whose Personal Data we process,
you may also have the right to lodge a complaint with
a data protection regulator in one or more of the European Union member states.
Effective January 1, 2020.