Updated: March 20, 2023
PERSONAL DATA WE OBTAIN
The personal data we may obtain includes:
- Contact information, such as your name, telephone number, and postal and email address;
- Professional information, such as your job title, company name, industry, and professional and employment background;
- Personal characteristics, such your age and birthdate;
- Account information, such as login information, account preferences and other account details;
- Information about the products or services purchased, requested, obtained or considered (including order history, preferences or tendencies);
- Payment information, such as name, billing and delivery address, bank account information and payment card details;
- Social media information (including your social media handle);
- Device information, as described in the “Automated Data Collection” section below;
- Job application information, such as your resume and any additional application information provided to us (for example, employment history and education);
- Education-related information (including school information);
- Health information, such as weight, medical history and Adverse Event information; and
- Any other information you submit through our websites or in communications with us, such as through forms, surveys, registration pages, emails, calls, comments and other features on our websites.
If you are using our services to purchase a product on behalf of another, we may require you to provide certain personal data about that person, such as their medical history. If this is the case, we ask that you inform this person that you have provided us their personal data and make them aware of this Policy.
We may collect this information when you use our websites (including to make purchases), apply for jobs with ChromaDex, attend one of our live events, visit our booth at trade shows or otherwise interact with us (for example, call or email us). In some cases, we also may obtain your personal data from other parties, such as through referrals, from your employer, our providers of recruiting services, or from our affiliates, vendors and other third parties with whom we work. We also may obtain other personal data about you in ways that we describe at the time of collection or otherwise with your consent.
Where we need to collect personal data by law or under the terms of a contract with you, and you choose not to provide that information when requested, we may not be able to provide you with our services. In this case, we may need to cancel a service you obtain from us but we will notify you if this is the case. For example, if you purchase a product from us, we require certain personal data about you (and the intended recipient of the product, if different) in order to complete the sale. Without such personal data, we may not be able to provide our products to you or the intended recipient. Similarly, if we purchase any products or services from you, we may require certain personal data about you in order to complete the purchase and without such personal data, we would be unable to procure products or services from you.
Automated Data Collection
When you use our websites or open our emails, we may obtain certain information by automated means, such as through cookies, web server logs, web beacons (including pixels and tags) and other technologies. A “cookie” is a small file stored on your device that contains information about your device. These technologies help us (1) remember your information so you will not have to re-enter it; (2) track, understand and analyze how you use and interact with our websites; (3) personalize your experience with our websites, including providing you advertising and content based on your interests and location; (4) measure the usability of our websites and the effectiveness of our communications; (5) authenticate your identity, protect against fraud and provide our products and services; and (6) otherwise manage and enhance our products and services, and help ensure they are working properly.
We may use these automated technologies through our websites to collect information about your device, browsing actions, usage patterns and location. Through these automated means, we obtain certain device and browser information, such as your device IP address, general location information, unique device identifiers, device type and model, device characteristics and settings, browser information (e.g., browser type, settings and characteristics), operating system information (e.g., type and version), time zone setting and location, language and country preferences, referring or exit URLs and other device and application details. We also may obtain information about your interactions with our websites, such as pages visited (including the webpages you visited before coming to our websites), links clicked, features used, dates and times of access, session information, and other information about your use of our websites.
If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of the features on our websites.
HOW WE USE PERSONAL DATA WE OBTAIN
We use the personal data we obtain about you to perform our contract with you, or to take steps to form a contract with you, such as to:
- Provide products and services;
- Manage our relationship with you; and
- Provide, onboard and manage your account.
We also use your personal data to pursue our legitimate interests in managing our customer relationships, securing and managing our websites, and running our business and recruitment process efficiently. For example, we process your personal data to:
- Verify your identity;
- Communicate with you and provide technical and customer support;
- Investigate and manage complaints;
- Personalize your experience on our websites;
- Advertise and market our products and services and provide you with offers and other communications about the products and services of ChromaDex;
- Administer participation in surveys, sweepstakes, promotions or other programs;
- Manage career opportunities with us, including for recruitment purposes, candidate screening and evaluation, and employee onboarding;
- Compile, anonymize or aggregate personal data for our business purposes;
- Perform analytics and market, trend or statistical research and analysis (including developing, deriving and compiling market research, data sets, insights, trends, benchmarks, algorithms, models and other analyses or information);
- Operate, evaluate and improve our business (including developing new products and services; enhancing, improving and analyzing our websites, products and services; managing our relationships with current or prospective partners, customers and vendors and other business partner personnel; and performing accounting, auditing and other internal functions);
- Maintain and enhance the safety and security of our websites, products and services, prevent misuse and troubleshoot technical issues;
- Prevent or detect fraud and other criminal activities, claims and other liabilities;
- Exercise our rights and remedies and defend against legal claims;
- Respond to regulatory requests; and
We also may use the information in other ways for which we provide specific notice at the time of collection or with your consent, if required under applicable law.
If you are a based in the EEA or the UK, please see our EEA and UK Privacy Supplement for additional information on your rights in relation to the personal data we hold about you.
Third-Party Analytics Services
We may use third-party analytics services on our websites, such as Google Analytics. The providers of these analytics services use technologies such as cookies and web beacons to help us analyze your use of our websites. The information collected through these means may be disclosed to or collected directly by these analytics services. To learn more about Google Analytics, please visit: https://www.google.com/policies/privacy/partners/.
PERSONAL DATA WE SHARE
We may share personal data, as described below:
- Affiliated Entities: We share personal data with our affiliates and subsidiaries for the purposes described in this Policy.
- Service Providers: We share personal data with vendors and other entities to perform services for us on our behalf, such as consultants, auditors, attorneys, providers of information and communication technology (including cloud storage and hosting providers), advertising and marketing, data enrichment, information verification, analytics, security, ecommerce, payment processing and billing, shipping and logistics, customer support, customer relationship management, referral programs, and other services.
- Your Company: If you are an employee or agent of our business partners, we may share your personal data with your colleagues and employer in connection with establishing, maintaining and managing our relationship with your company.
- Research Organizations: We share personal data with academic and other research organizations.
- Social Networks: We may share your personal data with social media platforms if you use those services to connect with us through the features on our websites. Where required under applicable law, we will ask for your consent to do so.
- Business Transfers: We reserve the right to transfer any personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution or liquidation).
- Others: We may disclose personal data (1) if we are required to do so by law or legal process, such as a court order or subpoena; (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss, or to protect the safety, property or rights of ChromaDex or any third party; (5) in connection with an investigation of suspected or actual illegal activity or security issues; (6) where you apply for a job, with your references who you have provided to us in connection with your application; or (7) otherwise with your consent or as directed by your representative.
We reserve the right to use, transfer, sell and share aggregated or other anonymous data, which does not include any personal data, about the users of our services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients and customers.
HOW WE PROTECT PERSONAL DATA
ChromaDex maintains administrative, technical, organizational and physical security measures to help protect personal data from accidental, unlawful or unauthorized processing, such as unauthorized access, disclosure, use, alteration, loss or destruction.
To the extent required by applicable law, we keep the personal data we obtain about you for the period necessary to achieve the purposes described in this Policy, taking into account applicable statute of limitations periods and any legal, regulatory, tax, accounting or other records retention requirements. We may retain your personal data for a longer period in the event of a complaint or in reasonable anticipation of litigation. We generally seek to delete personal data within thirteen months of the last interaction with the respective data subject, unless such data is otherwise necessary to retain pursuant to the criteria described above.
If you are a job candidate, we will typically retain your personal data for a period of at least a year following the application process, unless otherwise permitted by law. We may keep some specific types of data, for example, your resume, for longer where we have a legitimate business reason to do so, such as to contact you for future opportunities.
YOUR RIGHTS AND CHOICES
Subject to applicable law, you may (1) request access to the personal data ChromaDex maintains about you; (2) request that ChromaDex update, correct, amend or delete your personal data; (3) request the restriction of ChromaDex’s use of your personal data; or (4) opt-out of the processing of your personal data for purposes of targeted advertising, certain profiling or the sale of your personal data. In addition, subject to applicable law, you may receive, in a structured, commonly used and machine-readable format, certain elements of your personal data that you have provided to ChromaDex. Subject to applicable law, you may have the right to have this information transmitted to another company, where it is technically feasible.
To exercise these rights, please contact us using the information in the “Contact Us” section of this Policy. We reserve the right to verify your identity in connection with any requests regarding personal data to help ensure that we provide the data we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that data. You may appeal our decision with respect to a request you have submitted by contacting us as described in the “Contact Us” section below.
In addition, you may ask us to stop sending you marketing emails or other promotional communications. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by contacting us as specified in the “Contact Us” section of this Policy. You also may update certain elements of your account details and settings by logging into your account on our websites.
If you are a California resident, please refer to our California Consumer Privacy Statement for more information about our privacy practices and your privacy rights under California law.
If you are a based in the EEA or UK, please see our EEA and UK Privacy Supplement for additional information on your rights in relation to the personal data we hold about you.
PRIVACY OF CHILDREN
Our websites are designed for a general audience and are not directed to children under the age of 13. We do not knowingly solicit or collect personal data from anyone under the age of 18. If you believe your child’s personal data may be processed in the services, you can contact us using the information in the “Contact Us” section of this Policy to request that we delete the personal data.
LINKS TO THIRD-PARTY SERVICES AND FEATURES
For your convenience and information, our websites may provide links to other online services, and may include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the data they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by ChromaDex, we are not responsible for these third parties’ information practices.
CHANGES TO THIS POLICY
We may update this Policy from time to time without notice to you to reflect changes in our privacy practices and the law. We will indicate at the top of the Policy when it was most recently updated. If we make any significant change to this Policy, we will post a notice on our website or otherwise notify you, to the extent required by applicable law. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have any questions about this Policy or our processing of your personal data, please call us at +1.888.642.4361 or send us an email to [email protected].
Our Data Protection Officer may be contacted as follows: [email protected].
In the context of this Policy, ChromaDex, Inc. acts as a data controller for the personal data we process. This means that we decide why and how your personal data will be processed.
TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
We may transfer the personal data we collect about you to recipients in countries other than the country in which personal data was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the personal data. When we transfer your personal data to recipients in other countries, we will protect that personal data as described in this Policy.
We are headquartered in the United States and your personal data will be transferred to or accessed by ChromaDex and our affiliates in the United States for the purposes described in this Policy. Where we transfer your personal data to the United States, or any other jurisdiction that has not been deemed to provide an adequate level of data protection, we will comply with applicable legal requirements regarding the provision of appropriate safeguards for the transfer of personal data to such jurisdictions. These safeguards include entering into EU approved Standard Contractual Clauses and/or the UK Data Transfer Addendum (as applicable) or relying on other appropriate transfer mechanisms permitted by the EU/UK GDPR.
You may ask for a copy of these safeguards by contacting us using the contact details provided below.
As a data subject located in the EEA or UK, you may have the following rights regarding your personal data, subject to applicable law:
- Right of access: You may ask us to confirm whether we are processing your personal data and, if so, to provide you with a copy of that personal data (along with certain other details).
- Right to rectification: If the personal data we hold about you is inaccurate or incomplete, you are entitled to ask that we correct or complete the data.
- Right to erasure: You may ask us to delete or remove your personal data in some circumstances, such as if you believe we no longer need it or if you withdraw your consent (where applicable).
- Right to restrict processing: You may ask us to restrict the processing of your personal data in some circumstances.
- Right to data portability: You have the right to obtain personal data you have provided to us in a structured, commonly used and machine-readable format and/or ask us to transmit your personal data to another company under certain circumstances.
- Right to object: You may ask us at any time to stop processing your personal data, and we will do so under appropriate circumstances, if we (i) rely on legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing, or (ii) process your personal data for direct marketing.
- Right to withdraw consent: If we rely on your consent as legal basis for processing your personal data, you have the right to withdraw that consent at any time with effect for the future.
You may exercise your rights by contacting us as described “Contact Us” section of this Policy.
You also have the right to lodge a complaint with a supervisory authority in your country if you are not satisfied with our response.
VeraSafe has been appointed as ChromaDex’s representative in the EU for data protection matters, pursuant to Article 27 of the EU GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of personal data under the EU GDPR. To make such an inquiry, please contact VeraSafe using this contact form:
Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o
Prague 1, 11002
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
VeraSafe has been appointed as ChromaDex’s representative in the UK for data protection matters, pursuant to Article 27 of the UK GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of personal data under the UK GDPR. To make such an inquiry, please contact VeraSafe using this contact form:
or via telephone at +44 (20) 4532 2003.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL