skip to main content

Privacy Policy

Updated: November 14, 2022

 

ChromaDex, Inc. and its affiliates (“ChromaDex”, “we”, “us”, or “our”) takes the protection of personal data very seriously. This Privacy Policy (the “Policy”) is designed to help you understand how we collect, use, share and protect the personal data of individuals in connection with providing our services and business operations. This Policy applies to the personal data we collect online and offline in the course of our business operations, including on our websites: www.truniagen.com, www.truniagen.co.ukhttps://www.truniagen.cnwww.truniagenpro.comhttps://practitioner.truniagen.comwww.aboutnad.com, and www.chromadex.com.

PERSONAL DATA WE OBTAIN

The personal data we may obtain includes:

  • Contact information, such as your name, telephone number and postal and email address;
  • Professional information, such as your job title, company name, industry, and professional and employment background;
  • Personal characteristics, such your age and birthdate;
  • Account information, such as login information, account preferences and other account details;
  • Information about the products or services purchased, requested, obtained or considered (including order history, preferences or tendencies);
  • Payment information, such as name, billing and delivery address, bank account information and payment card details;
  • Social media information (including your social media handle);
  • Device information, as described in the “Automated Data Collection” section below;
  • Job application information, such as your resume and any additional application information provided to us (for example, employment history and education);
  • Education-related information (including school information);
  • Health information, such as weight, medical history and Adverse Event information; and
  • Any other information you submit through our websites or in communications with us, such as through forms, surveys, registration pages, emails, calls, comments and other features on our websites.

 

We may collect this information when you use our websites, apply for jobs with ChromaDex, attend one of our live events, visit our booth at trade shows or otherwise interact with us (for example, call or email us). In some cases, we also may obtain your personal data from other parties, such as through referrals, from your employer, our providers of recruiting services, or from our affiliates, vendors and other third parties with whom we work. We also may obtain other personal data about you in ways that we describe at the time of collection or otherwise with your consent.

 

If you purchase a product from us, we require certain personal data about you (and the intended recipient of the product, if different) in order to complete the sale. Without such personal data, we may not be able to provide our products to you or the intended recipient. Similarly, if we purchase any products or services from you, we require certain personal data about you in order to complete the purchase and without such personal data, we are unable to procure products or services from you.

 

Automated Data Collection

When you use our website or open our emails, we may obtain certain information by automated means, such as through cookies, web server logs, web beacons (including pixels and tags) and other technologies. A “cookie” is a small file stored on your device that contains information about your device. These technologies help us (1) remember your information so you will not have to re-enter it; (2) track, understand and analyze how you use and interact with our websites; (3) personalize your experience with our websites, including providing you advertising and content based on your interests and location; (4) measure the usability of our websites and the effectiveness of our communications; (5) authenticate your identity, protect against fraud and provide our products and services; and (6) otherwise manage and enhance our products and services, and help ensure they are working properly.

 

We may use these automated technologies through our websites to collect information about your device, browsing actions, usage patterns and location. Through these automated means, we obtain certain device and browser information, such as your device IP address, general location information, unique device identifiers, device type and model, device characteristics and settings, browser information (e.g., browser type, settings and characteristics), operating system information (e.g., type and version), language and country preferences, referring or exit URLs and other device and application details. We also may obtain information about your interactions with our websites, such as pages visited, links clicked, features used, dates and times of access, session information, and other information about your use of our websites.

 

If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of the features on our websites. For more information, please visit our Cookie Policy. Our websites are not designed to respond to “do not track” signals from browsers in the U.S.

 

HOW WE USE PERSONAL DATA WE OBTAIN

We use the personal data we obtain for the following purposes:

  • Provide products and services;
  • Manage our relationship with you;
  • Provide, onboard and manage your account;
  • Verify your identity;
  • Communicate with you and provide technical and customer support;
  • Personalize your experience on our websites;
  • Advertise and market our products and services and provide you with offers and other communications about the products and services of ChromaDex;
  • Administer participation in surveys, sweepstakes, promotions or other programs;
  • Manage career opportunities with us, including for recruitment purposes, candidate screening and evaluation, and employee onboarding;
  • Compile, anonymize or aggregate personal data for our business purposes;
  • Perform analytics and market, trend or statistical research and analysis (including developing, deriving and compiling market research, data sets, insights, trends, benchmarks, algorithms, models and other analyses or information);
  • Operate, evaluate and improve our business (including developing new products and services; enhancing, improving and analyzing our websites, products and services; managing our relationships with current or prospective partners, customers and vendors and other business partner personnel; and performing accounting, auditing and other internal functions);
  • Maintain and enhance the safety and security of our websites, products and services, prevent misuse and troubleshoot technical issues;
  • Prevent or detect fraud and other criminal activities, claims and other liabilities;
  • Exercise our rights and remedies and defend against legal claims; and
  • Comply with and enforce applicable legal requirements, relevant industry standards and ChromaDex policies and terms and conditions, including our Terms of Use .

 

We also may use the information in other ways for which we provide specific notice at the time of collection or with your consent, if required under applicable law.

 

If you are a European-based data subject, please see our EU/UK Privacy Supplement for additional information on your rights in relation to the personal data we hold about you.

Third-Party Analytics Services

We may use third-party analytics services on our websites, such as Google Analytics. The providers of these analytics services use technologies such as cookies and web beacons to help us analyze your use of our websites. The information collected through these means may be disclosed to or collected directly by these analytics services. To learn more about Google Analytics, please visit https://www.google.com/policies/privacy/partners/.

Interest-Based Advertising

You may see our ads on other websites because we use third-party ad services on our websites. Through these ad services, we can tailor our messaging to individuals considering demographic data, inferred interests and browsing context. These ad services track information about your online activities over time and across third-party websites and apps by collecting information through automated means, including through the use of cookies, web server logs, web beacons and other similar technologies. These ad services may collect data about your visits to websites and apps that participate in these services, such as the pages or ads you view and the actions you take on the websites or apps. This data collection takes place both on our websites and on third-party websites and apps that participate in these ad services. These ad services use this information to show you ads that may be tailored to your individual interests. This process also helps us track the effectiveness of our marketing efforts.

 

To learn how to opt out of interest-based advertising, please visit www.aboutads.info/choices, www.networkadvertising.org/choices/, or http://preferences-mgr.truste.com/. In the EU, please visit www.youronlinechoices.eu/ (or www.youronlinechoices.com/uk/ in the UK). For additional information on how we use cookies in connection with these services, please see our Cookie Policy.

PERSONAL DATA WE SHARE

We may share personal data, as described below:

  • Affiliated Entities: We share personal data with our affiliates and subsidiaries for the purposes described in this Policy.
  • Service Providers: We share personal data with vendors and other entities to perform services for us on our behalf, such as consultants, auditors, attorneys, providers of information and communication technology (including cloud storage and hosting providers), advertising and marketing, data enrichment, information verification, analytics, security, ecommerce, payment processing and billing, shipping and logistics, customer support, customer relationship management services, referral programs, and others.
  • Your Company: If you are an employee or agent of our business partners, we may share your personal data with your colleagues and employer in connection with establishing, maintaining and managing our relationship with your company.
  • Research Organizations: We share personal data with academic and other research organizations.
  • Social Networks: We may share your personal data with social media platforms if you use those services to connect with us through the features on our websites. Where required under applicable law, we will ask for your consent to do so.
  • Business Transfers: We reserve the right to transfer any personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution or liquidation).
  • Others: We may disclose personal data (1) if we are required to do so by law or legal process, such as a court order or subpoena; (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss, or to protect the safety, property or rights of ChromaDex or any third party; (5) in connection with an investigation of suspected or actual illegal activity or security issues; (6) where you apply for a job, with your references who you have provided to us in connection with your application; or (7) otherwise with your consent or as directed by your representative.

We reserve the right to use, transfer, sell and share aggregated, anonymous data, which does not include any personal data, about the users of our services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients and customers.

HOW WE PROTECT PERSONAL DATA

ChromaDex has implemented and will maintain administrative, technical, organizational and physical security measures to help protect personal data from accidental, unlawful or unauthorized processing, such as unauthorized access, disclosure, use, alteration, loss or destruction.

DATA RETENTION

To the extent required by applicable law, we keep the personal data we obtain about you for the period necessary to achieve the purposes described in this Policy, taking into account applicable statute of limitations periods and any legal, regulatory, tax, accounting or other records retention requirements. We may retain your personal data for a longer period in the event of a complaint or in reasonable anticipation of litigation.  We generally seek to delete personal data within thirteen months of the last interaction with the respective data subject, unless such data is otherwise necessary to retain pursuant to the criteria described above.

YOUR RIGHTS AND CHOICES

Subject to applicable law, you may (1) request access to the personal data ChromaDex maintains about you; (2) request that ChromaDex update, correct, amend or delete your personal data; (3) request the restriction of ChromaDex’s use of your personal data; or (4) opt-out of the processing of your personal data for purposes of targeted advertising, certain profiling or the sale of your personal data. In addition, subject to applicable law, you may receive, in a structured, commonly used and machine-readable format, certain of your personal data that you have provided to ChromaDex. Subject to applicable law, you may have the right to have this information transmitted to another company, where it is technically feasible.

To exercise these rights, please contact us using the information in the “Contact Us” section of this Policy. We reserve the right to verify your identity in connection with any requests regarding personal data to help ensure that we provide the data we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that data.  You may appeal our decision with respect to a request you have submitted by contacting us as described in the “Contact Us” section below.

In addition, you may ask us to stop sending you marketing emails or other promotional communications. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by contacting us as specified in the “Contact Us” section of this Policy. You also may update certain of your account details and settings by logging into your account on our websites.

If you are a California resident, please refer to our California Privacy Notice for more information about your privacy rights under California law.

If you are a European-based data subject, please see our EU/UK Privacy Supplement for additional information on your rights in relation to the personal data we hold about you.

PRIVACY OF CHILDREN

Our websites are designed for a general audience and are not directed to children under the age of 13. We do not knowingly solicit or collect personal data from anyone under the age of 18. If you believe your child’s personal data may be processed in the services, you can contact us using the information in the “Contact Us” section of this Policy to request that we delete the personal data.

LINKS TO THIRD-PARTY SERVICES AND FEATURES

For your convenience and information, our websites may provide links to other online services, and may include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the data they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by ChromaDex, we are not responsible for these third parties’ information practices.

CHANGES TO THIS POLICY

We may update this Policy from time to time without notice to you to reflect changes in our privacy practices and the law. We will indicate at the top of the Policy when it was most recently updated. If we make any significant change to this Policy, we will post a notice on our website or as otherwise required by applicable law. We encourage you to periodically review this page for the latest information on our privacy practices.

CONTACT US

If you have any questions about this Policy or our processing of your personal data, please call us at +1.888.642.4361 or send us an email to [email protected]. Our Data Protection Officer may be contacted as follows: [email protected]

EU AND UK PRIVACY STATEMENT

This EU and UK Privacy Statement supplements our Privacy Policy and applies solely if you reside in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway), the United Kingdom or Switzerland.

CONTROLLERSHIP

In the context of this Policy, ChromaDex, Inc. acts as a data controller for the personal data we process. This means that we decide why and how your personal data will be processed.

BASIS OF PROCESSING

We may rely on one or more of the following legal grounds for processing your personal data:

  • the need to perform our obligations under a contract or to perform related pre-contractual duties;
  • the need to pursue our legitimate interests or those of a third party, such as our interest in marketing our products;
  • your consent or explicit consent (which you may withdraw at any time); or

the need to comply with applicable laws, especially those related to your health and safety; and any other grounds, as required or permitted by law.

TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

We are headquartered in the United States. However, both the EU General Data Protection Regulation and the so-called UK GDPR (together, “GDPR”) may apply to our processing of personal data due to the nature of our processing operations concerning individuals in the European Economic Area and/or the United Kingdom (together, “EEA+”). Some of the third party recipients noted above who receive your personal data may be located in countries outside the EEA+.

In some cases, the European Commission and/or the UK Government (as and where applicable) may not have determined that the legal environment in certain of those countries provides a level of data protection that is essentially equivalent to the level of protection provided under the GDPR and other applicable laws in the EEA+ (such countries, “Restricted Countries”).

Where we transfer your Personal Data to a recipient in a Restricted Country, we will either:

  • enter into an appropriate data transfer / processing agreement with such recipient, which incorporates the so-called Standard Contractual Clauses issued or approved from time-to-time under the GDPR by the European Commission, the UK Information Commissioner’s Office and/or the UK Government (as and where applicable); or
  • rely on other appropriate transfer mechanisms permitted by the GDPR (e.g., your explicit consent to that transfer).

You may ask for a copy of the Standard Contractual Clauses referred to above by contacting us using the contact details provided below.

YOUR RIGHTS

As a data subject located in the EU/EEA or UK, you may have the following rights regarding your personal data, subject to applicable law:

  • Right of access: You may ask us to confirm whether we are processing your personal data and, if so, to provide you with a copy of that personal data (along with certain other details).
  • Right to rectification: If the personal data we hold about you is inaccurate or incomplete, you are entitled to ask that we correct or complete the data.
  • Right to erasure: You may ask us to delete or remove your personal data in some circumstances, such as if you believe we no longer need it or if you withdraw your consent (where applicable).
  • Right to restrict processing: You may ask us to restrict the processing of your personal data in some circumstances.
  • Right to data portability: You have the right to obtain personal data you have provided to us in a structured, commonly used and machine-readable format and/or ask us to transmit your personal data to another company under certain circumstances.
  • Right to object: You may ask us at any time to stop processing your personal data, and we will do so under appropriate circumstances, if we (i) rely on legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing, or (ii) process your personal data for direct marketing.
  • Right to withdraw consent: If we rely on your consent as legal basis for processing your personal data, you have the right to withdraw that consent at any time with effect for the future.

You may exercise your rights by contacting us as described “Contact Us” section of this Policy.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State where you reside, work or suspect an infringement, if you believe that the processing of personal data concerning you is not in compliance with applicable law.

EU REPRESENTATIVE

VeraSafe has been appointed as ChromaDex’s representative in the EU for data protection matters, pursuant to Article 27 of the EU GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of personal data under the EU GDPR. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o
Klimentská 46
Prague 1, 11002
Czech Republic

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

UK REPRESENTATIVE

VeraSafe has been appointed as ChromaDex’s representative in the UK for data protection matters, pursuant to Article 27 of the UK GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of personal data under the UK GDPR. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.

 

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom