Privacy Policy
Effective Date: 1 December 2023
This Privacy Policy (the “Policy”) describes how Vitamin Well LLC, including its subsidiaries and affiliates (“Company”), collect and use personal information about you when you visit our site www.shop.nocco.com (“Site”), make purchases, contact us, sign up for news, invites and offers or call us on the phone.
By “personal information”, Company means information that directly identifies you, such as your name, address, or email address. In this Policy, “you” means any person who visits our Site, makes purchases, contact us, sign up for news, invites, competitions and offers or calls us on the phone.
You can download a pdf version of this Policy here.
1. COLLECTION OF PERSONAL INFORMATION
Company collects different types of categories of personal information from users who visit our Site, make purchases, contact us, sign up for news, invites, competitions and offers or call us on the phone. The personal information is something that relates to an identified or identifiable natural person, i.e. any type of data that can be associated with a person. Examples include names, email addresses or phone numbers if they can be associated to a certain living physical person, but also e.g. a photo in which the person can be recognized. This Policy sets forth the practices that Company intends to follow with respect to such personal information, as well as other information that can be used to identify a visitor’s computer or device.
Company collects personal information from the following sources:
- Directly from you. For example, when you contact or request information from us including via the Site, make an online purchase, or create an account.
- Third Parties, including Service Providers. For example, service providers that Company uses, analytics companies, advertising networks, email marketing platforms and cooperatives, and other third parties that Company chooses to collaborate or work with.
- Social media platforms and networks. For example, companies that you use in connection with the Site, or that share or allow you to share information with Company, such as Meta. For more information on network privacy practices, please review the privacy policies and settings of the social media platforms and networks that you use.
- Using cookies and automatic collection methods. Company and its service providers may collect information from the computer, tablet, phone, or other device that you use to access our Site, or that you use to open an email or click on an advertisement from Company. Methods Company uses include: cookies (which may be session-based or persistent, and are typically small data files that are stored on your hard drive or in connection with your Internet browser); web beacons or tags; flash cookies or Local Stored Objects; any other technologies.
If you wish to exercise any of your rights under applicable laws and as mentioned in Section 6 of this Policy, you may contact the Company by any of the means provided below, specifying your identity and the precise purpose of your request (you may be asked to provide proof of your identity if we are unsure of the same).
For any question relating to the use of your personal data and your related rights, you can contact the Company by any of the following means:
– by e-mail at: dpo@vitaminwell.com;
– by post at: Vitamin Well LLC, c/o Corporation Service Company, 251 Little Falls Drive, Wilmington, New Castle County, Delaware 19808, United States.
2. WHAT PERSONAL DATA DO WE PROCESS AND FOR WHICH PURPOSES?
We process personal data in order to fulfil or enter into an agreement with you in relation to the following circumstances:
• Purchase of products or services. If you purchase products or services from us, we will process your personal data in order to fulfil our contractual obligations to you.
o Relevant personal data is first and last name, delivery address/billing address, telephone number, e-mail address, order information, payment details, payment history, credit card information and payment reference number. IP address in relation to order data.
• Participation in events. If you have agreed to our terms and conditions for participation in an event organised by us, you will have provided us with personal data such as:
o Contact details (e.g. name, address, email address and phone number).
We need this information to organise and host the event in a safe manner. If you provide us with health or other information we will also ask for your explicit, specific and informed consent for such processing. Because we take photos and films during our events for future marketing purposes, as agreed in the terms and conditions we may also collect, edit and distribute photos and films on social media in which you are visible and identifiable subject to your acceptance to exploit your image unless you showed yourself in a conspicuously public position on the occasion of those events.
• Participation in prize draws. If you choose to participate in a prize draw or competition that we arrange, you will have provided us with personal data such as:
o Your name, delivery address, phone number, email address, social media handle, age and possibly a contribution (e.g., a photo or film) in which you can be identified. We use this information to complete the prize draw/competition (e.g., for identification and age checks or to select a winner and for distribution of the relevant benefit or prize) and in some cases, also as the basis for further prize draw/competitions.
With your consent, further compatible use of such information may also be stated in the terms and conditions and the information we provide before the competition. If the prize is a trip, we may also process information such as:
o Citizenship and health information (e.g., allergies) that we need to know for safety reasons (when applicable).
If you do not want us to process data for the above purposes, we may not be able organise your participation in a draw or competition.
• Sponsorship, etc. If you have entered into an agreement with us regarding sponsoring an event, manufacturing of products or other professional collaboration, you will have provided us with personal data such as your contact details (e.g., name, address, telephone number, title and employer). We use such data in order to be able to fulfil our agreement with you. If you do not want us to process data for the above purposes, we may not be able to fulfil the agreement.
In addition, we may process your personal data based on your consent.
In such cases, we will obtain your consent in advance for a specific purpose and will ensure that it is provided voluntarily, expressly and unambiguously. You have the right to withdraw your given consent at any time and are welcome to adjust your position on privacy here in relation to cookies, or contact our Data Protection Officer (“DPO”) at dpo@vitaminwell.com or refer to the contact details below. Note that the withdrawal of consent will not apply retroactively to processing that has already been implemented.
• News, invitations, etc. If you sign up for news, invitations and offers (direct marketing), we will process your personal data in order to provide the services you request. Our direct marketing may be based on profiling, which means that based on certain factors, we can personalise the information you receive from us. We use the following types of personal data to compile a profile:
o Your gender, your approximate location, your previous purchases, your behaviour on our Site and/or your previous behaviour when you receive direct marketing from us (if we have such information).
Categories of personal data are all data that is collected in association with a purchase (see above):
o Email address, location (based on the Company Site at which you register for our marketing communications), all communication that has been sent to you, order history and the emails that you have clicked on, and your interactions with our Site if you have followed a link in any of the emails sent to you.
• Cookies and similar technologies. If you visit the Site and accept our cookies, we may collect personal data for example:
o In the form of information about IP address, user-generated data from cookies (e.g. clicks, displayed page, page visits, time spent on the page, products displayed and clicked, orders, average order value, how you access and exit the Site etc.), approximate geographical location, technical data (e.g. type of device, browser settings, time zone, operating system, platform), which is further described in our cookie settings.
We analyse this information at an aggregate and pseudonymised level for statistical purposes, and for optimisation of our Site to market our products and brands by analysing which parts of our Site is visited most often, and similar.
However, in relation to strictly necessary cookies our processing is necessary for our legitimate interest in being able to provide you with a functioning Site when you visit and use the services provided on the Site.
If you visit the Site and consent to our cookies for personalised advertising, we will use the data collected (IP address, user-generated data from cookies, for example: clicks, displayed page, page visits, products displayed and clicked on, orders, average order value, approximate geographical location), for targeted marketing on third-party marketing platforms such as Meta, Google, YouTube, TikTok, etc. The purpose is to present you with marketing targeted at you based on your behaviour and browsing patterns, at specific points in time and locations for these platforms to increase the effectiveness of our advertising campaigns. Your personal data is shared with a third party for use on relevant marketing platforms and they will try to match your profile in their database to determine the optimal time and location (the page on which you are browsing) to display an advertisement from us. We also need to analyse information in order to gain insight into the results of our marketing. If you do not accept that we track your data for this purpose you can still see our advertisements on other platforms randomly.
The purpose for our processing of personal data described above is either your consent or that the processing is necessary in order to enter into or fulfil an agreement with you. However, certain processing may take place on the basis of our legitimate interests, where your consent is not collected or where we do not prepare entry into nor enforce an agreement directly with you or when the purpose is not directly linked to this preparation or enforcement of an agreement. Then, we process this personal data based on our assessment that it is necessary for our legitimate interest in marketing our products and brands, to remain competitive as a company or to conduct our business in a safe manner.
We will also process personal data based on our legitimate interests:
• News and press releases. If you are an existing customer of ours and have provided us with personal data, such as:
o Your name and your email address, we will use such information to send you relevant news and press releases about products or services similar to those you have previously bought from us, provided that you have not opted out to such news and press releases.
In each mailing from us, you can choose to unsubscribe from receiving future news and press releases from us.
• Participation in events. If you participate in an event or trip that we arrange, and you provided us with details such as:
o Your contact details (e.g., name, address, phone number and email address).
o As it is common to take photos and films for publicity and marketing purposes at these events, we may also process such material in which you can be identified (subject to your acceptance to exploit your image unless you showed yourself in a conspicuously public position on the occasion of those events).
• Customer Service. If you request customer service from us via our support channels, we will process your personal data in order to assist you with the relevant matter (i.e., your name, email address and other contact details, order details, purchase amount, purchase history, invoice, payment method, our correspondence with you, technical information about devices and operating systems used).
• Questions and complaints. If you have contacted us with questions or complaints about our products (not based on an agreement with you), you may have provided us with personal data such as your name, address, email address and phone number. We use this data to answer your questions, investigate product issues, track or report health risks, compensate you when required and prevent fraudulent behaviour, for example through unfounded complaints and claims for compensation.
• Contacting us on your own initiative. If you choose to contact us following our general invitation or on your own initiative via one of our general email addresses, with ideas about new flavours, products or promotions or other comments, you provide us with personal data that we use to answer and evaluate the content of your email or if you apply for a job with us.
• Protect our rights. If it is necessary to protect our rights, as we have a legitimate interest in establishing, exercising and defending legal claims.
• M&A. If we sell or otherwise dispose of parts of our business and/or our assets.
We process this personal data based on our assessment that it is necessary for our legitimate interest in marketing our products and brands, to remain competitive as a company or to conduct our business in a safe manner.
If we have entered into an agreement regarding any of the activities listed above and the processing of your data is necessary for the enforcement of this agreement, our processing of associated personal data will instead be based on the fulfilment of that agreement.
Legal requirements and claims, public interest and consent:
We may need to process your personal data in order to meet statutory requirements (e.g. requirements to keep records or in our reply to a request of yours to exercise your individual rights) and by order of the courts or public authorities (e.g., for tax reasons). We may also be required by law or forced by public interest to process personal data relating to product problems in order to facilitate tracking and monitoring of potential health risks.
3. WHO ARE THE RECIPIENTS OF THE PERSONAL DATA?
Only the parties that need to process personal data for the purposes mentioned above will have access to your personal data. We may need to share your personal data with the internal marketing, commercial, administrative, financial, compliance, legal and other competent services of our group companies involved in the processing of your data for the purposes listed above, both within and outside of the United States.
We may also work with partners in many countries both within and outside USA and may therefore also need to share personal data, for example with service providers and legal advisers that are not based in USA. Company does not provide personal information about you to other companies for money.
When and to the extent necessary, your personal data is processed by Company employees of our marketing, commercial, administrative financial, compliance, legal and other services and their advisers, suppliers, service providers, partners and distributors having a need to access the data for the relevant data processing services and to the sole extent required by the same. For example, our e-commerce team will have access to personal data related to your purchases and our product managers will primarily have access to incoming questions and complaints about our products.
More specifically, personal data related to this Site is mainly shared with the following categories of service providers that process such data on our behalf:
- IT service provider (Wootemple AB, based in EU, https://templ.io/)
- Logistics partner (FST, https://fstlogistics.com/)
- Newsletter service provider (Rule Communication – Nordic AB, based in EU https://www.rule.io/ and Klaviyo, based in US https://www.klaviyo.com/ )
- Cookie processors – please see cookie list by clicking Cookie Settings
We also share your personal data with other Data Controllers. Such Data Controllers may be authorities (Police, tax authorities or other authorities) with whom we are required to share data in accordance with law or as a result of suspected criminal activity, payment providers and banks to facilitate transactions, external advisors (lawyers and auditors) and courts to protect our rights, companies that buy all or part of our operations/assets, and transport companies in order to manage and deliver your order. When your personal data is shared with other Data Controllers, they will be responsible for your personal data and we refer to them for more information about how they process your personal data.
Our payment service provider Stripe. Inc. is based in the United States and controller for the personal data when providing the Stripe products and services, for more information see https://stripe.com/legal/privacy-center.
4. DOES THE COMPANY PROCESS SPECIAL CATEGORIES OF PERSONAL DATA?
The Company never processes sensitive information such as information about race or ethnic origin, political opinions, religious beliefs or sexual orientation. However, in some cases we are required to collect and process data about health for safety reasons for a limited period of time, such as information about allergies or other health conditions, which we need to know when we are investigating a product complaint, organising travel, training events and similar.
Such data will only be processed after we have received your informed consent and will always be deleted as soon as the specific individual purpose for which it was collected is no longer applicable.
When contacting us on your own initiative, please only share personal data that is absolutely necessary to share in order to handle your request.
5. WHAT ARE YOUR RIGHTS?
Subject to the conditions of applicable regulations, which may vary from state to state, we grant you the following rights:
• Right of access: At any time, you may request access to your personal data. Upon request, we will provide information about what personal information we store about you in a commonly used electronic format.
• Right to correction: You have the right to have incorrect personal data corrected and to have incomplete personal data completed.
• Right to deletion: Under certain circumstances (including processing based on your consent), you can request that we delete your personal data. Please note that this is not an unconditional right. Therefore, an attempt to exercise the right may not lead to a measure from us.
• Right to object: At any time, subject to conditions in this policy and applicable laws, you may object to any processing by us in relation to your personal data. We will then only process your personal data if it can be shown that there are definitive legitimate reasons why the data must be processed, which outweigh your interests, rights and freedoms or if the processing is taking place to establish, exercise or defend legal claims.
You always have the right to object to your personal data being used for direct marketing, including profiling. Such an objection can be made at any time.
• Right to withdraw: You have a right to withdraw your consent to the processing of your data (when the processing of your data is based on your consent).
• Right not to be discriminated against: You may not be discriminated against because you exercise any of your rights under applicable laws.
• Right to data portability: You have the right to get your personal data that you have provided to us (or have such personal data transferred directly to another data controller, if technically possible by using reasonable efforts) in a structured, generally used and machine-readable format, in cases where the processing of your personal data is based on consent or in order to fulfil an agreement with you.
• Right to opt-out: To provide you with more interesting and customized information, promotions, and advertising, we disclose personal data to third-party providers of advertising services who may use such personal data for their own purposes or to serve other customers, including to display our advertisements to you on sites and services that we do not operate. If you reside in certain states in the United States, you have or will soon have the right to opt out of the use of your personal data for these targeted advertising or cross-context behavioral advertising purposes. To submit such a request, please click the following link: “Do Not Sell or Share My Personal Information // Your Opt-Out Rights,” in which case we will respond to your request in accordance with applicable law.
The rights and options described above are subject to limitations and exceptions under applicable law. We will respond to your requests to exercise your privacy rights in accordance with applicable law. We may request additional information from you to verify your identity and complete your request. If we deny your request, we will explain why. In some states in the United States, you have the right to appeal our denial of your request, which you may exercise by responding to the message we send to you communicating our denial stating that you appeal our decision. In these cases, we will reconsider your request and then notify you of our decision.
If you have any questions or wish to exercise any of your rights, please contact our DPO at dpo@vitaminwell.com by specifying your identity and the precise purpose of your request (proof of identity may be requested).
For any question relating to the use of your data and your rights, you can contact the Company by one of the following means:
– by e-mail at: dpo@vitaminwell.com,
– Vitamin Well LLC located at c/o Corporation Service Company, 251 Little Falls Drive, Wilmington, New Castle County, Delaware 19808, United States
For the management of cookies and other tracking tools, the Company invites you to consult Article 7 below.
The Company undertakes to reply to you as soon as possible, and in any event within 45 days of receiving your request. If necessary, this period may be extended by 45 days , taking into account the complexity and number of requests that are addressed to the Company. In this case, you will be notified of the extension and the reasons for the delay.
If your request is submitted electronically, information will also be provided electronically where possible, unless you specifically request otherwise.
In the event that the Company is unable to fulfill your request, you will be informed of the reasons for this. Please be aware that you may have a right to appeal our decisions under applicable laws.
6. COOKIE NOTICE
As part of our way of providing personalised services on our Site, we use cookies to store and sometimes track information about you. A cookie is a small data file that is sent to your browser from a web server, is stored on your device and provides easier access the next time you visit the same page as an example. The main purpose thereof is to improve the Site consultation and to allow personalized services to be sent. We will only store and access cookies (which are not absolutely necessary on your hard drive) if you have expressly consented to them.
Some of these navigation tracking tools are used only for purposes strictly necessary for the operation of the Site and are, therefore, exempt from consent, as they are necessary to ensure access and stable operation of the Site. Others are subject to your consent.
On the computer, cookies are managed by the Internet browser. These cookies can be session cookies (in which case the cookie will be automatically deleted when the browser is closed) or persistent cookies (in which case the cookie will remain stored in the terminal until its expiration date).
Follow the links below for instructions on how to change your browser settings from some of the most common browser providers (note that these are links to third-party Sites over which we have no control):
By limiting cookies you may not be able to access all parts of our Site as some features of the Site depend on cookies.
By clicking on Cookie Settings , you will find a detailed list of the cookies we use on our Site. If you have consented to all cookies, you can withdraw your consent (except for the essential cookies) by going to our Cookie Settings.
Except for essential cookies, blocking the installation of cookies does not prevent you from using the Site.
The retention period of the user’s choice is six (6) months. For information on how to adjust your browser settings to delete or control cookies, please visit http://www.aboutcookies.org/.
If you have any further questions, please feel free to contact dpo@vitaminwell.com.
You can also use the Cookie Settings to adjust the use of cookies.
7. SECURITY AND FRAUD
Company has implemented information security practices designed to help safeguard your personal information. Company do not authorize Company employees or our service providers to access or use this information unless they have a need to know it in connection with performing their employment duties or providing services to Company. Company does not use credit card information for any purpose other than to process payment for sales, and does not provide your credit card information to anyone other than the financial services institutions and contractors responsible for the confidential processing of your payment.
While Company will continue to exercise diligence and use measures to protect the security of this Site, Company cannot warrant that all internet communications will be secure.
8. NOTICES, DISCLOSURES, AND STATE-SPECIFIC RIGHTS
- Links to Third Party Sites. Company’s site or mobile application may provide links to other Internet sites, content or videos (embedded or direct links) maintained by third parties. Company is not responsible for the sites, content, or videos accessed via the links, and Company not reviewed the privacy practices of those third parties
- California Privacy Rights. California law entitles residents certain rights. To understand how we honor these California rights, to make requests regarding these rights, and to learn more about how California law defines “personal information,” please visit our CCPA Disclosures.
9. INTERNATIONAL CUSTOMERS
The Site is meant for US customers only. You cannot order products if you do not have a US delivery address.
If you provide personal information through our Site or mobile application separate from a purchase, you agree that the personal information will be transferred to and processed in the United States of America and any other country or jurisdiction at our sole discretion. The laws that apply to the use and protection of personal information in the United States or other countries or jurisdictions in which we transfer or process personal information may be different than the laws and protections in your country.
10. UPDATES TO THIS POLICY
Company may make changes to this Policy, and may apply any changes to information previously collected, as permitted by law. Company will notify you by posting the updated Policy on its site if there are any material changes to this Policy.
11. CONTACT FOR MORE INFORMATION
If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, please do not hesitate to contact us at:
Postal address: Vitamin Well LLC located at c/o Corporation Service Company, 251 Little Falls Drive, Wilmington, New Castle County, Delaware 19808, United States
Email: dpo@vitaminwell.com