Introduction and Scope
Please read this Policy to learn what personal information we collect about you, why and how we collect and use that information, and with whom we might share it. This Policy also makes you aware of your rights under the California Consumer Privacy Act of 2018 (the “CCPA”). We adopt this Policy to comply with the CCPA. Any terms defined in the CCPA have the same meaning when used in this Policy.
It is essential that you read and understand this Policy. If you have questions or do not understand it fully, feel free to reach out to us.
This Policy addresses California residents whose personal information we process, such as visitors to our website(s), current and prospective users of our Applications and Services, and current and prospective business partners and their representatives (“consumers” or “you”).
This Policy tells you, among other things:
Sometimes Service Providers: We also process personal information as directed by our Customers. In these cases, we do not decide why and how that personal information will be processed.
For the personal information of users or prospective users of our website(s), apps or the Services, business contacts and prospects of ChromaDex, we decide the purposes and means of processing, and we therefore behave as a “business”.
Our Role With Respect to Your Personal Information
Within the scope of this Policy, we act as a “business” for the Personal Information we collect, or that others collect on our behalf. This means that we are responsible for determining how we collect, use, and share your personal information. It also means you can submit requests to us relating to your privacy rights.
What Personal Information Do We Collect, Why and How Do We Obtain It and Who Do We Share It With?
The table below describes the categories of personal information we have collected about you in the last twelve months, the methods we used in order to collect your Personal Information, the categories of Personal Information we've disclosed to third parties for business purposes; and the categories of third party recipients of that Personal Information. We do not sell your personal information to third parties. We don’t collect additional categories of personal information without informing you.
Children Under the Age of 16
We may process personal information of children under the age of 16. However, we do not sell personal information of any individual. Correspondingly, we do not sell personal information of children under the age of 16.
Your Privacy Rights
Your Right to Know Specific Information and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive your request and confirm it was you or your authorized agent who made the request, we will disclose to you:
The categories of personal information we collected about you, the categories of sources of that personal information and our business or commercial purpose for collecting or selling that personal information;
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (this is also called a data portability request); and
If we sold or disclosed your personal information for a business purpose, we will provide two separate lists disclosing:
sales of personal information, identifying the categories of personal information that each category of recipient purchased; and
our disclosures of personal information for a business purpose, identifying the categories of personal information that each category of recipient obtained.
Your Right to Have your Data Deleted
You have the right to request that we delete any of your personal information that we collected from you and retained. Once we receive a request and verify your identity, we will delete (and insofar as is reasonably practicable, direct our service providers to delete) your personal information from our records, unless an exception applies.
Exceptions to the Right to Have your Data Deleted
We may deny a request to delete your personal information if we or our service providers need to retain the personal information to:
a) Complete the transaction and necessary ancillary dealings for which we collected the personal information, or otherwise perform our contract with you;
b) Detect and protect against security incidents, or prosecute those responsible for such activities;
c) Debug products to identify and repair errors that impair existing intended functionality;
d) Exercise rights provided for by law.
e) Engage in public or peer-reviewed scientific, historical, or statistical research in the specific circumstances described in the CCPA;
f) Enable internal uses reasonably aligned with your expectations, based on your relationship with us;
g) Comply with a legal obligation; or
h) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
How Can You Exercise your Privacy Rights?
To exercise any of the rights described above (the right to know, data portability, the right to delete, and the right to opt-out (or opt-in)), please submit a request by either:
Calling us at +1-888-642-4361; or
Contacting us by email at firstname.lastname@example.org. Please use as subject line “Request to delete”, “Request to know”, “Request to opt out” or “Request to opt in”.
You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465. To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with a written permission, we will require that you also verify your identity.
Verification of your identity to respond to your request to know and delete
To evaluate your requests to know or delete, we need to be sure it was you who made the request. We may decide to verify your identity by requesting certain information, including, without limitation, the following: your contact number, your mailing address, your email address, and the last communication you received from ChromaDex. We will only use the personal information you provide us in a request to verify the requestor's identity or authority to make the request. Please note that you may only make a consumer request to know or data portability twice within a 12-month period.
Response Timing and Format of Our Responses
We will confirm receipt of your request in ten (10) days. Please allow us up to 30 days to reply to your request, starting from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and extension period in writing. We will only cover the twelve-month period preceding the moment we receive the request in any disclosures we provide you with. If we cannot satisfy a request, we will explain why in our response. We will not charge a fee for processing or responding to your requests, unless we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
Non-Discrimination & Financial Incentives
We will not discriminate against you for exercising any of your CCPA rights. This right means that, unless the CCPA allows it, we will not:
Deny you goods or services;
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
Provide you a different level or quality of goods or services; nor
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
How Do We Protect Your Personal Information?
We are strongly committed to keeping your personal information safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Information from unauthorized processing, such as unauthorized access, theft, disclosure, alteration, or destruction.
If you have any questions about this Policy or our processing of your Personal information, please call us at +1-949-419-0288 or send us an email to email@example.com. Our Data Protection Officer may be contacted at the following email: firstname.lastname@example.org Please allow up to 30 days for us to reply.
Changes to this Policy
If we make any material change to this Policy, we will post the revised statement to this web page. We will also update the “Effective” date. By continuing to use our services after we post any of these changes, you accept the modified Policy. We will update this Policy at least once per year.
Effective February 3, 2021.