Click to view our accessibility statement or contact us with accessibility-related questions

Privacy Policy

INTRODUCTION AND SCOPE

ChromaDex, Inc. and its affiliates (“ChromaDex”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Policy (the “Policy”) is designed to assist you in understanding how we will process your Personal Data on our websites: https://www.truniagen.comhttps://www.truniagen.co.ukhttps://www.truniagen.cahttps://www.truniagen.cn, https://www.truniagenpro.comhttps://practitioner.truniagen.comhttps://www.aboutnad.com, https://www.chromadex.com, our blogs and landing pages, as well as in the course of our business operations, including selling our products and providing you with customer support.

CONTROLLERSHIP

In the context of this Policy, ChromaDex acts as a data controller for the Personal Data we process. This means that we decide why and how your Personal Data will be processed.

PROCESSING OF PERSONAL DATA

Depending on whether you are a current or prospective customer, a website visitor or a current or prospective business partner (e.g. a supplier), we may process various types of Personal Data, as described in the Table below. The Table below also shows you how and why we collect Personal Data and the categories of third parties with whom we share Personal Data.

BASIS OF PROCESSING

Within the scope of this Policy, we may rely on one or more of the following legal grounds for processing your Personal Data:

  • the need to perform our obligations under a contract or to perform related pre-contractual duties;
  • the need to pursue our legitimate interests or those of a third party, such as our interest in marketing our products;
  • your consent or explicit consent (which you may withdraw at any time);
  • the need to comply with applicable laws, especially those related to your health and safety; and any other grounds, as required or permitted by law.

If you purchase a product from us, we require certain Personal Data about you (and the intended recipient of the product, if different) in order to complete the sale. Without such Personal Data, we may not be able to provide our products to you or the intended recipient. Similarly, if we purchase any products or services from you, we require certain Personal Data about you in order to complete the purchase and without such Personal Data, we are unable to procure products or services from you.

SHARING PERSONAL DATA WITH SERVICE PROVIDERS

We may share your Personal Data with service providers, as indicated in the Table. We will require that these third-party service providers maintain at least the same level of data protection that we maintain for such Personal Data.

Category of Personal Data Examples of the Personal Data Falling Under This Category Categories of Sources of This Personal Data Business/Commercial Purpose(s) for the Collection Categories of Third Parties with Whom We Share This Personal Data
Identifiers and other Personal Data First and last name, postal address, email address, signature, phone number and for current and prospective customers who wish to create an account, account name, account password, or other similar identifiers. When you share it with us directly as a website visitor, as a current or prospective customer, as a current or prospective business partner, based on publicly available information, or when we receive your Personal Data from online marketplaces like Amazon. Marketing, selling, and delivering our products to you, enquiring about your level of satisfaction with our products and services, procuring products and services from you, as a fundamental aspect of a contractual relationship between us and/or responding to your requests and inquiries. We may disclose these Categories of Personal Information to third parties which are commercially reasonable and strictly necessary to the purposes for collecting your Personal Information, including but not limited to the following service providers:

  • eCommerce shopping cart software;
  • customer support and live chat software;
  • email marketing software;
  • landing page management software;
  • referral programs;
  • product review management software;
  • advertising services;
  • cloud storage;
  • shipping/ logistics services; and
  • payment processing services.
  • academic and other research organizations; and
  • safety information hosting providers.
Commercial Information Records of products or services supplied, purchased, obtained, or considered, or other purchasing or consuming histories, preferences or tendencies. Marketing, selling, and delivering our products to you and/or establishing your purchasing or consuming history, preferences or tendencies.
Inferences Drawn From Other Personal Data Profiles reflecting a person’s preferences, characteristics, predispositions, and behavior. Establishing your purchasing or consuming history, preferences or tendencies.
Special Categories of Personal Data First and last name, initials, age, sex, postal address, email address, signature, phone number, physical characteristics or description, medical or health information (potentially including, without limitation, name, initials, age, sex, weight, Adverse Event description and date, Product, Lot #, expiration, dosage, method of administration, time of taking Product, medical history and/or other supplements or medication being taken at the same time). Some information in this category may overlap with other categories. Marketing, selling, and delivering our products to you, enquiring about your level of satisfaction and experiences with our products and services, establishing your purchasing or consuming history, preferences or tendencies, ensuring compliance with applicable laws and best industry practices relating to your health and safety in connection with the use of our products.

TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

We are headquartered in the United States. However, both the EU General Data Protection Regulation and the so-called UK GDPR (together, “GDPR”) may apply to our processing of Personal Data due to the nature of our processing operations concerning individuals in the European Economic Area and/or the United Kingdom (together, “EEA+”).

Some of the third party recipients noted above who receive your Personal Data may be located in countries outside the EEA+.

In some cases, the European Commission and/or the UK Government (as and where applicable) may not have determined that the legal environment in certain of those countries provides a level of data protection that is essentially equivalent to the level of protection provided under the GDPR and other applicable laws in the EEA+ (such countries, “Restricted Countries”).

Where we transfer your Personal Data to a recipient in a Restricted Country, we will either:

  • enter into an appropriate data transfer / processing agreement with such recipient, which incorporates the so-called Standard Contractual Clauses issued or approved from time-to-time under the GDPR by the European Commission, the UK Information Commissioner’s Office and/or the UK Government (as and where applicable); or
  • rely on other appropriate transfer mechanisms permitted by the GDPR (e.g., your explicit consent to that transfer).

You may ask for a copy of the Standard Contractual Clauses referred to above by contacting us using the contact details provided below.

HOW WE DISCLOSE PERSONAL DATA

We may also disclose your Personal Data:

  • to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
  • if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change;
  • to our subsidiaries or affiliates only if necessary for business and operational purposes.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about the users of our services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.

TRACKING TECHNOLOGY

A “cookie” is a small file stored on your device that contains information about your device. We may use cookies for the purposes of session management, site analytics, and advertising (including on social media). If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of the features on our websites. For more information, please visit https://www.TruNiagen.com/cookie-policy.html.

DATA INTEGRITY & SECURITY

ChromaDex has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

DATA RETENTION

Personal Data will be deleted within thirteen months of the last interaction with the respective data subject.

ACCESS, REVIEW, OBJECTION TO PROCESSING & PORTABILITY

If you are a data subject about whom we store Personal Data, you may have the legal right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may also have the right to ask that we limit our processing of your Personal Data, as well as the right to object to our processing of your Personal Data. You may also have the right to ask to have your Personal Data exported in a machine-readable format. To make such requests, if applicable, please contact us using the information in the “Contact Us” section of this Policy.

PRIVACY OF CHILDREN

Our websites are not designed to collect data from children under the age of 13. We do not knowingly collect Personal Data from anyone under 18. If you believe your child’s Personal Data may be processed in the services, you can contact us using the information in the “Contact Us” section of this Policy to request that we delete the Personal Data.

CHANGES TO THIS POLICY

If we make any material change to this Policy, we will post the revised Policy to this web page and update the “Effective on” date above to reflect the date on which the new Policy became effective.

CALIFORNIA USERS

If you are a California resident, please refer to our California Privacy Notice.

CONTACT US

If you have any questions about this Policy or our processing of your Personal Data, please call us at +1-949-419-0288 or send us an email to [email protected].

Our Data Protection Officer may be contacted as follows:
Mercy Lopez
[email protected]

Please allow up to 30 days for us to reply.

EU REPRESENTATIVE

VeraSafe has been appointed as ChromaDex’s representative in the EU for data protection matters, pursuant to Article 27 of the EU GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of Personal Data under the EU GDPR. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe s.r.o.
Klimentska 46
Prague 1, 11002
Czech Republic

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

UK REPRESENTATIVE

VeraSafe has been appointed as ChromaDex’s representative in the UK for data protection matters, pursuant to Article 27 of the UK GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of Personal Data under the UK GDPR. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contactdata-protection-representative or via telephone at +44 (20) 4532 2003

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

SUPERVISORY AUTHORITY OVERSIGHT

If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the EEA+ states.

 

Effective February 3, 2021.