Updated: February 15, 2024
ChromaDex, Inc. and its affiliates (“ChromaDex”, “we”, “us”, or “our”) takes the protection of personal data very seriously. This Privacy Policy (the “Policy”) is designed to help you understand how we collect, use, share and protect the personal data of individuals in connection with providing our services and business operations. This Policy applies to the personal data we collect online and offline in the course of our business operations, including on our websites: www.chromadex.com, www.truniagen.com, www.truniagen.co.uk, www.truniagen.ca, www.truniagen.cn, pro.truniagen.com, aboutnad.com, investors.chromadex.com, and standards.chromadex.com.
PERSONAL DATA WE OBTAIN
Personal data is any information which relates to a person, and directly or indirectly allows that person to be identified. The personal data we may obtain includes:
- Contact information, such as your name, telephone number, and postal and email address;
- Professional information, such as your job title, company name, industry, and professional and employment background;
- Personal characteristics, such your age and birthdate;
- Account information, such as login information, account preferences and other account details;
- Information about the products or services purchased, requested, obtained, or considered (including order history, preferences, or tendencies);
- Payment information, such as name, billing and delivery address, bank account information and payment card details;
- Social media information (including your social media handle);
- Device and other tracking information, as described in the “Automated Data Collection” section below;
- Job application information, such as your resume and any additional application information provided to us (for example, employment history and education);
- Health information, such as weight, medical history, and potential adverse event information; and
- Any other information you submit through our websites or in communications with us, such as through forms, surveys, registration pages, emails, calls, comments, and other features on our websites.
If you are using our services to purchase a product on behalf of another, we may require you to provide certain personal data about that person, such as their medical history. If this is the case, we ask that you inform this person that you have provided us their personal data and make them aware of this Policy.
We may collect this information when you use our websites (including to make purchases), apply for jobs with ChromaDex, attend one of our live events, visit our booth at trade shows or otherwise interact with us (for example, when you call or email us).
In some cases, we also may obtain your personal data from other parties, such as through referrals, from your employer, our providers of recruiting services, or from our affiliates, vendors and other third parties with whom we work. We also may obtain other personal data about you in ways that we describe at the time of collection or otherwise with your consent.
Where we need to collect personal data by law or under the terms of a contract with you, and you choose not to provide that information when requested, we may not be able to provide you with our services. In this case, we may need to cancel a service you obtain from us but we will notify you if this is the case. For example, if you purchase a product from us, we require certain personal data about you (and the intended recipient of the product, if different) in order to complete the sale. Without such personal data, we may not be able to provide our products to you or the intended recipient. Similarly, if we purchase any products or services from you, we may require certain personal data about you in order to complete the purchase and without such personal data, we would be unable to procure products or services from you.
AUTOMATED DATA COLLECTION
When you use our websites or open our emails, we may obtain certain information by automated means, such as through cookies, web server logs, web beacons (including pixels and tags) and other technologies. A “cookie” is a small file stored on your device that contains information about your device. These technologies help us (1) remember your information so you will not have to re-enter it; (2) track, understand and analyze how you use and interact with our websites; (3) personalize your experience with our websites, including providing you advertising and content based on your interests and location; (4) measure the usability of our websites and the effectiveness of our communications; (5) authenticate your identity, protect against fraud and provide our products and services; and (6) otherwise manage and enhance our products and services, and help ensure they are working properly. Note that we do not use cookies for profiling or identification purposes unless you have actively consented to these uses.
We may use these automated technologies through our websites to collect information about your device, browsing actions, usage patterns and location. Through these automated means, we obtain certain device and browser information, such as your device IP address, general location information, unique device identifiers, device type and model, device characteristics and settings, browser information (e.g., browser type, settings, and characteristics), operating system information (e.g., type and version), time zone setting and location, language, and country preferences, referring or exit URLs and other device and application details. We also may obtain information about your interactions with our websites, such as pages visited (including the webpages you visited before coming to our websites), links clicked, features used, dates and times of access, session information, and other information about your use of our websites.
If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies or click on the cookie icon in the left corner of the page. Note, if you reject certain cookies, you may not be able to access all of the features on our websites.
For more information, please visit our Cookie Policy.
HOW WE USE PERSONAL DATA WE OBTAIN
We use the personal data we obtain about you to perform our contract with you, or to take steps to form a contract with you, such as to:
- Provide products and services;
- Manage our relationship with you; and
- Provide, onboard, and manage your account.
We also use your personal data to pursue our legitimate interests in managing our customer relationships, securing, and managing our websites, and running our business and recruitment process efficiently. For example, we process your personal data to:
- Verify your identity;
- Communicate with you and provide technical and customer support;
- Investigate and manage complaints and adverse event claims;
- Personalize your experience on our websites;
- Advertise and market our products and services and provide you with offers and other communications about the products and services of ChromaDex;
- Administer participation in surveys, sweepstakes, promotions, or other programs;
- Manage career opportunities with us, including for recruitment purposes, candidate screening and evaluation, and employee onboarding;
- Compile, anonymize or aggregate personal data for our business purposes;
- Perform analytics and market, trend or statistical research and analysis (including developing, deriving, and compiling market research, data sets, insights, trends, benchmarks, algorithms, models and other analyses or information);
- Operate, evaluate, and improve our business (including developing new products and services; enhancing, improving, and analyzing our websites, products, and services; managing our relationships with current or prospective partners, customers and vendors and other business partner personnel; and performing accounting, auditing, and other internal functions);
- Maintain and enhance the safety and security of our websites, products, and services, prevent misuse and troubleshoot technical issues;
- Prevent or detect fraud and other criminal activities, claims, and other liabilities;
- Exercise our rights and remedies and defend against legal claims;
- Respond to regulatory requests; and
- Comply with and enforce applicable legal requirements, relevant industry standards and ChromaDex policies and terms and conditions, including our Terms of Use.
We also may use the information in other ways for which we provide specific notice at the time of collection or with your consent, if required under applicable law.
If you are a based in the EEA or the UK, please see our EEA and UK Privacy Supplement for additional information on your rights in relation to the personal data we hold about you.
If you are a resident of California, please see our California Consumer Privacy Statement for additional information on the data we collect and the purpose for which it is used.
THIRD-PARTY ANALYTICS SERVICES
We may use third-party analytics services on our websites, such as Google Analytics. The providers of these analytics services use technologies such as cookies and web beacons to help us analyze your use of our websites. The information collected through these means may be disclosed to or collected directly by these analytics services. To learn more about Google Analytics, please visit: https://www.google.com/policies/privacy/partners/.
INTEREST-BASED ADVERTISING
You may see our ads on other websites because we use, with your consent, third-party ad services on our websites. Through these ad services, we can tailor our messaging to individuals considering demographic data, inferred interests, and browsing context. These ad services track information about your online activities over time and across third-party websites and apps by collecting information through automated means, including through the use of cookies, web server logs, web beacons and other similar technologies. These ad services may collect data about your visits to websites and apps that participate in these services, such as the pages or ads you view and the actions you take on the websites or apps. This data collection takes place both on our websites and on third-party websites and apps that participate in these ad services. These ad services use this information to show you ads that may be tailored to your individual interests. This process also helps us track the effectiveness of our marketing efforts.
To learn how to opt out of interest-based advertising, please visit: www.aboutads.info/choices, www.networkadvertising.org/choices/, or http://preferencemgr.trustee.com/
In the EEA and UK, please visit: www.youronlinechoices.eu/ (or www.youronlinechoices.com/uk/ in the UK).
For additional information on how we use cookies in connection with these services, please see our Cookie Policy.
PERSONAL DATA WE SHARE
We may share personal data, as described below:
- Affiliated Entities: We share personal data with our affiliates and subsidiaries for the purposes described in this Policy.
- Service Providers: We share personal data with vendors and other entities to perform services for us on our behalf, such as consultants, auditors, attorneys, providers of information and communication technology (including cloud storage and hosting providers), advertising and marketing, data enrichment, information verification, analytics, security, ecommerce, payment processing and billing, shipping and logistics, customer support, customer relationship management and referral programs.
- Your Company: If you are an employee or agent of our business partners, we may share your personal data with your colleagues and employer in connection with establishing, maintaining, and managing our relationship with your company.
- Research Organizations: We share personal data with academic and other research organizations.
- Social Networks: We may share your personal data with social media platforms if you use those services to connect with us through the features on our websites. Where required under applicable law, we will ask for your consent to do so.
- Business Transfers: We reserve the right to transfer any personal data we have about you in the context of a sale or transfer of all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation).
- Others: We may disclose personal data (1) if we are required to do so by law or legal process, such as a court order or subpoena; (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss, or to protect the safety, property or rights of ChromaDex or any third party; (5) in connection with an investigation of suspected or actual illegal activity or security issues; (6) where you apply for a job, with your references who you have provided to us in connection with your application; or (7) otherwise with your consent or as directed by your representative.
We reserve the right to use, transfer, sell and share aggregated or other anonymous data, which does not include any personal data, about the users of our services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
HOW WE PROTECT PERSONAL DATA
ChromaDex maintains administrative, technical, organizational, and physical security measures to help protect personal data from accidental, unlawful, or unauthorized processing, such as unauthorized access, disclosure, use, alteration, loss, or destruction. The data that we collect is encrypted and stored in servers that only authorized personnel have access to on a need-to-know basis.
TRANSFERS OF PERSONAL DATA TO OTHER JURISDICTIONS
We may transfer the personal data we collect about you to recipients in countries other than the jurisdiction in which personal data was originally collected. Those jurisdictions may not have the same data protection laws as the jurisdiction in which you initially provided the personal data, and your personal data may be subject to the laws of, and accessible by, legal authorities in those other jurisdictions. When we transfer your personal data to recipients in other jurisdictions, we will protect that personal data as described in this Policy.
We are headquartered in the United States and your personal data will be transferred to or accessed by ChromaDex and our affiliates in the United States for the purposes described in this Policy. Where we transfer your personal data to the United States, or any other jurisdiction that has not been deemed to provide an adequate level of data protection, we will comply with applicable legal requirements regarding the provision of appropriate safeguards for the transfer of personal data to such jurisdictions.
DATA RETENTION
To the extent required by applicable law, we keep the personal data we obtain about you for the period necessary to achieve the purposes described in this Policy or to which you have consented to separately, taking into account applicable statute of limitations periods and any legal, regulatory, tax, accounting, or other records retention requirements. We may retain your personal data for a longer period in the event of a complaint or in reasonable anticipation of litigation.
If you are a job candidate, we will typically retain your personal data for a period of at least a year following the application process, unless otherwise permitted by law. We may keep some specific types of data, for example, your resume, for longer where we have a legitimate business reason to do so, such as to contact you for future opportunities.
YOUR RIGHTS AND CHOICES
Subject to applicable law, you may (1) request access to the personal data ChromaDex maintains about you; (2) request that ChromaDex update, correct, amend or delete your personal data; (3) request the restriction of ChromaDex’s use of your personal data; or (4) opt-out of the processing of your personal data for purposes of targeted advertising, certain profiling or the sale of your personal data. In addition, subject to applicable law, you may receive, in a structured, commonly used and machine-readable format, certain elements of your personal data that you have provided to ChromaDex. Subject to applicable law, you may have the right to have this information transmitted to another company, where it is technically feasible.
To exercise these rights, please contact us using the information in the “Contact Us” section of this Policy. We reserve the right to verify your identity in connection with any requests regarding personal data to help ensure that we provide the data we maintain to the individuals to whom it pertains and allow only those individuals or their authorized representatives to exercise rights with respect to that data.
In addition, you may ask us to stop sending you marketing emails or other promotional communications. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by contacting us as specified in the “Contact Us” section of this Policy. You also may update certain elements of your account details and settings by logging into your account on our websites.
If you are a California resident, please refer to our California Consumer Privacy Statement for more information about our privacy practices and your privacy rights under California law.
If you are a based in the EEA or UK, please see our EEA and UK Privacy Supplement for additional information on your rights in relation to the personal data we hold about you.
PRIVACY OF CHILDREN
Our websites are designed for a general audience and are not directed to children under the age of 13. We do not knowingly solicit or collect personal data from anyone under the age of 18. If you believe your child’s personal data may be processed in the services, you can contact us using the information in the “Contact Us” section of this Policy to request that we delete the personal data.
LINKS TO THIRD-PARTY SERVICES AND FEATURES
For your convenience and information, our websites may provide links to other online services, and may include third-party features such as apps, tools, widgets, and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the data they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by ChromaDex, we are not responsible for these third parties’ information practices.
CHANGES TO THIS POLICY
We may update this Policy from time to time without notice to you to reflect changes in our privacy practices and the law. We will indicate at the top of the Policy when it was most recently updated. If we make any significant change to this Policy, we will post a notice on our website or otherwise notify you, to the extent required by applicable law. We encourage you to periodically review this page for the latest information on our privacy practices.
CONTACT US
If you have any questions about this Policy or our processing of your personal data, or wish to make a complaint, please call us at +1.888.642.4361 or send an email to our Data Protection officer at privacy@chromadex.com.
EEA AND UK PRIVACY STATEMENT
This EEA and UK Privacy Statement supplements our Privacy Policy and applies solely if you reside in the European Economic Area (EEA), the United Kingdom or Switzerland.
CONTROLLERSHIP
In the context of this Policy, ChromaDex, Inc. acts as a data controller for the personal data we process. This means that we decide why and how your personal data will be processed.
TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
As mentioned in the Policy, we may transfer the personal data we collect about you to recipients in countries other than the country in which personal data was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the personal data. When we transfer your personal data to recipients in other countries, we will protect that personal data as described in this Policy.
Where we transfer your personal data to another jurisdiction that has not been deemed to provide an adequate level of data protection under EU or UK law, we will comply with applicable legal requirements regarding the provision of appropriate safeguards for the transfer of personal data to such jurisdictions. These safeguards include entering into EU approved Standard Contractual Clauses and/or the UK Data Transfer Addendum (as applicable) or relying on other appropriate transfer mechanisms permitted by the EU/UK GDPR.
You may ask for a copy of these safeguards by contacting us using the contact details provided below.
YOUR RIGHTS
As a data subject located in the EEA or UK, you may have the following rights regarding your personal data, subject to applicable law:
- Right of access: You may ask us to confirm whether we are processing your personal data and, if so, to provide you with a copy of that personal data (along with certain other details).
- Right to rectification: If the personal data we hold about you is inaccurate or incomplete, you are entitled to ask that we correct or complete the data.
- Right to erasure: You may ask us to delete or remove your personal data in some circumstances, such as if you believe we no longer need it or if you withdraw your consent (where applicable).
- Right to restrict processing: You may ask us to restrict the processing of your personal data in some circumstances.
- Right to data portability: You have the right to obtain personal data you have provided to us in a structured, commonly used and machine-readable format and/or ask us to transmit your personal data to another company under certain circumstances.
- Right to object: You may ask us at any time to stop processing your personal data, and we will do so under appropriate circumstances, if we (i) rely on legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing, or (ii) process your personal data for direct marketing.
- Right to withdraw consent: If we rely on your consent as legal basis for processing your personal data, you have the right to withdraw that consent at any time with effect for the future.
You may exercise your rights by contacting us as described “Contact Us” section of this Policy.
You also have the right to lodge a complaint with a supervisory authority in your country if you are not satisfied with our response.
EU REPRESENTATIVE
VeraSafe has been appointed as ChromaDex’s representative in the EU for data protection matters, pursuant to Article 27 of the EU GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of personal data under the EU GDPR. To make such an inquiry, please contact VeraSafe using this contact form:
https://www.verasafe.com/privacy-services/contact-article-27-representative.
Alternatively, VeraSafe can be contacted at:
Klimentská 46
Prague 1, 11002
Czech Republic
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
UK REPRESENTATIVE
VeraSafe has been appointed as ChromaDex’s representative in the UK for data protection matters, pursuant to Article 27 of the UK GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of Personal Data under the UK GDPR. To make such an inquiry, please contact VeraSafe using this contact form:
https://verasafe.com/public-resources/contact-data-protection-representative
or via telephone at +44 (20) 4532 2003.
Alternatively, VeraSafe can be contacted at:
37 Albert Embankment
London SE1 7TL
United Kingdom