Privacy Policy

Introduction and Scope

ChromaDex, Inc. and its affiliates (“ChromaDex”, “we”, “us”, “our”) takes the protection of personally identifiable information and/or personal information (“Personal Data”) very seriously. This Privacy Policy (the “Policy”) is designed to assist you in understanding how we will process, collect, use, disclose and protect your Personal Data on our websites https://www.truniagen.ca, https://www.chromadex.com, our blogs, as well as in the course of our business operations, including selling our products and providing you with customer support.
Please read this Policy carefully to understand our policies and practices for collecting, processing, and storing your information. If you do not agree with our policies and practices, your choice is not to use our website(s), blogs or services. By accessing or using our website(s), blogs or services, you indicate that you understand, accept, and consent to the practices described in this Policy. This Policy may change from time to time (see Changes to this Policy).

Controllership

In the context of this Policy, ChromaDex acts as a data controller for the Personal Data we process. This means that we decide why and how your Personal Data will be processed.

PROCESSING OF PERSONAL DATA

Depending on whether you are a current or prospective customer, a website visitor or a current or prospective business partner (e.g. a supplier), we may process various types of Personal Data, as described in the Table below. The Table below also shows you how and why we collect and use Personal Data, and the categories of third parties with whom we share Personal Data.

BASIS OF PROCESSING

Within the scope of this Policy, we may rely on one or more of the following legal grounds for processing your Personal Data:

  • the need to perform our obligations under a contract or to perform related pre-contractual duties;
  • the need to pursue our legitimate interests or those of a third party, such as our interest in marketing our products;
  • your consent (which you may withdraw at any time); and any other grounds, as required or permitted by law.
If you purchase a product from us, we require certain Personal Data about you (and the intended recipient of the product, if different) in order to complete the sale. Without such Personal Data, we may not be able to provide our products to you or the intended recipient. Similarly, if we purchase any products or services from you, we require certain Personal Data about you in order to complete the purchase and without such Personal Data, we are unable to procure products or services from you.

SHARING PERSONAL DATA WITH SERVICE PROVIDERS

We may share your Personal Data with service providers, as indicated in the Table. We will require that these third-party service providers maintain at least the same level of data protection that we maintain for such Personal Data.

Category of Personal Data Examples of the Personal Data Falling Under This Category Categories of Sources of This Personal Data;
How we Collect Information
Business/Commercial Purpose(s) for the Collection Categories of Third Parties with Whom We Share This Personal Data
Identifiers and other Personal Data First and last name, postal address, e-mail address, IP address, signature, phone number and for current and prospective customers who wish to create an account, account name, account password, or other similar identifiers. When you share it with us directly as a website visitor, as a contributor of information for us to publish or display on public website areas or transmit to other third party users via our website(s), as a current or prospective customer, as a current or prospective business partner, based on publicly available information, or when we receive your Personal Data from online marketplaces like Amazon.
We use certain automated technologies and interactions to collect your information as you navigate through our website(s) (which information collected automatically may include usage details, IP addresses and information collected through cookies and other tracking technologies.
Marketing, selling, and delivering our products to you (including by presenting our website(s) and their content to you and notifying you about any changes thereto), enquiring about your level of satisfaction with our products and services, procuring products and services from you (if you are a supplier), as a fundamental aspect of a contractual relationship between us (including to carry out our obligations and enforce our rights arising from any contracts with you) and/or responding to your requests and inquiries. We may disclose these categories of Personal Data to third parties which are commercially reasonable and strictly necessary to fulfil the purposes here in disclosed for which we collect your Personal Data,including but not limited to the following service providers:
  • eCommerce shopping cart software;
  • customer support and live chat software;
  • e-mail marketing software;
  • landing page management software;
  • referral programs;
  • product review management software;
  • advertising services;
  • cloud storage;
  • shipping/ logistics services;
  • payment processing services.
  • academic and other research organizations; and
  • safety information hosting providers.
In each case, the recipient is contractually obligated to keep the information confidential, user it only for the purposes we disclose it to them, and to process such information with the same standards set out in this Policy.
Commercial Information Records of products or services supplied, purchased, obtained, or considered, or other purchasing or consuming histories, preferences or tendencies. Marketing, selling, and delivering our products to you and/or establishing your purchasing or consuming history, preferences or tendencies.
Inferences Drawn From Other Personal Data Profiles reflecting a person’s preferences, characteristics, predispositions, and behavior. This information does not reveal your identity or directly relate to you, and may include demographic information, or statistical or aggregated information. This information may also include technical information (e.g. login or browser type and version information) and non-personal details about your interactions with our website(s) (e.g. full URLs, clickstream to, through and from our website(s), products you viewed or searched for and page interaction information). Establishing your purchasing or consuming history, preferences or tendencies.
Special Categories of Personal Data First and last name, initials, age, sex, postal address, email address, signature, phone number, physical characteristics or description, medical or health information (potentially including, without limitation, name, initials, age, sex, weight, Adverse Event description and date, Product, Lot #, expiration, dosage, method of administration, time of taking Product, medical history and/or other supplements or medication being taken at the same time). Some information in this category may overlap with other categories. Marketing, selling, and delivering our products to you, enquiring about your level of satisfaction and experiences with our products and services, establishing your purchasing or consuming history, preferences or tendencies, ensuring compliance with applicable laws and best industry practices relating to your health and safety in connection with the use of our products.

You may also provide information to be published or displayed on public areas of our website(s) or transmitted to other third party users of our website(s) (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we may limit access to certain pages, please be aware that no security measures are perfect. Additionally, we cannot control the actions of other users of our website(s) with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that unauthorized persons will not view your User Contributions.
We also use the information you provide to us to fulfill the purposes for which you provided the information or that were described when it was collected, or any other purpose with your consent.
We provide an opportunity for any user to unsubscribe from receiving electronic messages from us or opt-out of contact for marketing purposes on an ongoing basis by accessing our website(s), using the unsubscribe mechanism at the bottom of our e-mails, or by contacting us using the information in the “Contact Us” section of this Policy.
We may also use your information to contact you about goods and services that may be of interest to you, as permitted by law. If you do not want us to use your information in this way, please contact us using the information in the “Contact Us” section of this Policy.
We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

Transfers of Personal Data to Third Countries

We are headquartered in the United States. However, both the EU General Data Protection Regulation and the so-called UK GDPR (together, “GDPR”) may apply to our processing of Personal Data due to the nature of our processing operations concerning individuals in the European Economic Area and/or the United Kingdom (together, “EEA+”).
Some of the third party recipients noted above who receive your Personal Data may be located in countries outside the EEA+.
In some cases, the European Commission and/or the UK Government (as and where applicable) may not have determined that the legal environment in certain of those countries provides a level of data protection that is essentially equivalent to the level of protection provided under the GDPR and other applicable laws in the EEA+ (such countries, “Restricted Countries”).

Where we transfer your Personal Data to a recipient in a Restricted Country, we will either:

  • enter into an appropriate data transfer / processing agreement with such recipient, which incorporates the so-called Standard Contractual Clauses issued or approved from time-to-time under the GDPR by the European Commission, the UK Information Commissioner’s Office and/or the UK Government (as and where applicable); or
  • rely on other appropriate transfer mechanisms permitted by the GDPR (e.g., your explicit consent to that transfer).
You may ask for a copy of the Standard Contractual Clauses referred to above by contacting us using the contact details provided below.

HOW WE DISCLOSE PERSONAL DATA

We may also disclose your Personal Data:

  • to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
  • if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change;
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of ChromaDex, our customers, our suppliers, or others;
  • to our subsidiaries or affiliates only if necessary for business and operational purposes.
  • for any other purpose disclosed by us when you provide the information;
  • with your consent.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about the users of our services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.

If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.

Tracking Technology

As you navigate through and interact with our website(s), we may use cookies or other automatic data collection technologies, including Fullstory, to collect certain information about your equipment, browsing actions, and patterns, including details of your visits to our website(s) and information about your device and Internet connection. To learn more about Fullstory’s privacy policies and practices, please click here A “cookie” is a small file stored on your device that contains information about your device. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of the features on our websites. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you direct your browser to our website(s). For more information, please visit https://www.TruNiagen.com/cookie-policy.html.

We may use these tracking technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). The information we collect automatically is statistical information and may include personal information, and we may maintain it or associate it with personal information we collect in other ways, that you provide to us, or receive from third parties. It helps us to improve our website(s) and to deliver a better and more personalized service, including by enabling us to:

  • estimate our audience size and usage patterns;
  • store more information about your preferences, allowing us to customize our websites according to your individual interests;
  • speed up your searches; and
  • recognize you when you return to our website(s).

THIRD PARTY WEBSITES

Our website(s) may include content or applications served by third parties and/or links to third party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. These third parties may use cookies alone or in conjunction with other tracking technologies to collect information about you when you use our website(s). The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioural) advertising or other targeted content.
If you follow a link to a third party website or engage a third party plugin, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies. We do not control these third party websites, and we encourage you to read the privacy policy of every website you visit, and to contact the responsible provider directly.
Depending on where you are located, you can opt-out of third party ad servers’ and networks’ cookies by using available online opt-out tools (e.g. Digital Advertising Alliance of Canada’s Opt-Out Tool, if you are in Canada). You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.

Data Integrity & Security

ChromaDex has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us via the Internet. Any such transmission of Personal Data is at your own risk. We are not responsible for circumvention of any of our privacy settings or security measures.

Data Retention

Except as otherwise permitted or required by applicable law or regulation, Personal Data will be deleted within thirteen months of the last interaction with the respective data subject. We will retain your Personal Data for a shorter time period if the purpose(s) we collected it for have been fulfilled sooner.

Access, Review, Objection to Processing & Portability

If you are a data subject about whom we store Personal Data, you may have the legal right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may also have the right to ask that we limit our processing of your Personal Data, as well as the right to object to our processing of your Personal Data. You may also have the right to ask to have your Personal Data exported in a machine-readable format. To make such requests, if applicable, please contact us using the information in the “Contact Us” section of this Policy.
It is important that the Personal Data we hold about you is accurate and current. As such, please keep us informed if any of your Personal Data changes.
If you delete your User Contributions from our website(s), copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other users of our website(s).

Privacy of Children

Our websites are not designed to collect data from children under the age of 13. We do not knowingly collect Personal Data from anyone under 13. If you are under 13, do not use our website(s). If you believe your child’s Personal Data may be processed in the services, you can contact us using the information in the “Contact Us” section of this Policy to request that we delete the Personal Data. If we learn we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information.

Changes to this Policy

We will notify you in advance if we make any material changes to this Policy and obtain your consent to any new ways that we collect, use and disclose your Personal Data. We will post any revised Policy to this web page and update the “Effective on” date above to reflect the date on which the new Policy became effective. Your continued use of the web page after we make changes indicates that you accept and consent to those changes, so please check the Policy periodically for updates. You are responsible for ensuring we have an up-to-date, active, and deliverable e-mail address for you.

WITHDRAWING CONSENT

Where you have provided your consent to the collection, use, and transfer of your Personal Data, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us using the information in the “Contact Us” section of this Policy. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.

CALIFORNIA USERS

If you are a California resident, please refer to our California Privacy Notice https://www.TruNiagen.com/privacy-policy-ca.html.

Contact Us

If you have any questions about this Policy or our processing of your Personal Data, please call us at +1-949-419-0288 or send us an e-mail to customercare@truniagen.com.
Our Data Protection Officer may be contacted at the following email:
dpo@chromadex.com

Please allow up to 30 days for us to reply.

Contact Us (CANADIAN USERS)

If you have any questions about this Policy or our processing of your Personal Data, please contact us at:
dpo@chromadex.com
We have procedures in place to receive and respond to complaints or inquiries about our handling of Personal Data, our compliance with this Policy, and with applicable privacy laws. To discuss our compliance with this Policy please contact our Privacy Officer using the contact information listed above.

EU Representative

VeraSafe has been appointed as ChromaDex’s representative in the EU for data protection matters, pursuant to Article 27 of the EU GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of Personal Data under the EU GDPR. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at:

VeraSafe s.r.o.
Klimentska 46
Prague 1, 11002
Czech Republic
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

UK REPRESENTATIVE

VeraSafe has been appointed as ChromaDex’s representative in the UK for data protection matters, pursuant to Article 27 of the UK GDPR. VeraSafe can be contacted in addition to ChromaDex only on matters related to the processing of Personal Data under the UK GDPR. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contactdata-protection-representative or via telephone at +44 (20) 4532 2003
Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

Supervisory Authority Oversight

If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the EEA+ states.



Effective: January 1, 2020.
Revised: February 3, 2021.