Effective Date: December 12, 2019
TABLE OF CONTENTS
- Information You Provide Us
- Website Usage Information & Device Identifiers
- Cookies, Web Beacons, Scripts and Mobile Device Identifiers
- Legal Protections and Law Enforcement
- Third Parties Providing Services on Our Behalf
- Sweepstakes, Contests and Promotions
- Business Transfers
- Non-Personal Information
1. What Type of Information is Collected and How Do We Use It?
Information You Provide Us: You may provide information to us using the interactive functions of the Websites which may include: personal information, which is information that could reasonably be used to identify you personally,
such as your name, address, zip code, e-mail address, credit card number, telephone and fax number(s); images you upload, success stories and other content you upload or provide us, and demographic information, such as gender, or similar information.
You may also be asked certain questions about you or your business, which will help us to better meet your needs and respond to your inquiries concerning our products and services. We may collect information at various places and in various forms
on the Websites. We may use the information we collect from you on the Websites to:
We may use the information we collect from you on the Websites to:
- Send you newsletters, e-mails and/or other non transactional communications you have consented to receive;
- Communicate with you regarding transactions between you and us (e.g. fulfilling and modifying orders, checking shipping and shipping status etc.)
- Authorize or decline a new account request (e.g., for the Medical Portal);
- Contact you regarding a sweepstakes, contest, or promotion in which you have participated;
- Monitor and statistically analyze usage of the Websites and to improve the Websites and/or product offerings;
- Administer the Websites systems and for other internal business purposes;
- Contact you regarding comments, questions, or requests that you may have provided or information that you requested from us;
- Customize the advertising and content you see;
- Interact with you on other websites that are designed to enhance interpersonal, business to consumer and consumer to consumer interactions such as Facebook®, Twitter®, Google®, YouTube®, Pinterest® and other similar sites (in this policy, "Social Media Site(s)")
- us offline or through any other means, including on any other website operated by any third party;
- any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Websites.
Website Usage Information & Device Identifiers: We may receive and store certain types of usage information whenever you visit or interact with the Websites. For example, we may collect information about the page served, the time spent on a page, the source and terms used to request or find a page, the type of browser making the request, the preceding and subsequent page viewed and other similar information. We may also collect your internet protocol (IP) address or some other unique numeric identifier for the particular device you use to access the internet, as applicable (collectively referred to as a "Device Identifier"). A Device Identifier is a number that is automatically assigned to your computer, your mobile device, or other device used to access the internet, and our computers identify your device by its Device Identifier. We may associate your Device Identifier with other information you provide. When analyzed, Website usage information helps us determine how visitors arrive at the Websites, what type of content is most popular, what type of content you may find most relevant, and what type of visitors are interested in particular kinds of content and advertising.
Web Beacons: The Websites and our e-mail messages may also utilize web beacons, pixel tags or similar technologies (as they become available), which are small graphic images or other web programming code (also known as "1x1 GIFs" or "clear GIFs" or “pixel tags” or “single-pixel gifs”) that allow monitoring and collection of information about the user of a web page, web-based document or message sent by the Websites or in emails or other electronic communications, such as the type of browser/device and software accessing the Websites. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or e-mail can act as a web beacon. Web beacons and similar technologies may be used for a variety of purposes, including, without limitation, to serve users with relevant content at the Websites, count Website visitors, and monitor Website traffic patterns.
Scripts: Our Websites may use programming code that collects information about a user's interactions with the Websites, such as what pages are visited, how many times they are visited, and for how long. This code is downloaded onto your computer from our web server or a third party service provider, is active only while you are connected to the Websites, and does not operate unless you are on the Website.
Mobile Device Identifiers: Certain mobile service providers uniquely identify mobile devices and we or our third-party service providers may receive such device information if you access the Websites through mobile devices or mobile device applications. Certain features of the Websites may require collection of mobile phone numbers and location identification data (i.e. your global positioning system location) and we may associate that information to your mobile device identification information. Additionally, some mobile phone service providers operate systems that pinpoint the physical location of devices that use their service. Depending on the provider, we and our third-party service providers may receive this information. We may also be provided this information in connection with your use of Social Media Sites, but you may be able to restrict that data using settings in those Social Media Sites.
2. Disclosure of Information to Third Parties.
Legal Protections and Law Enforcement: We may disclose your information, including personally identifiable information, by compulsion of law, in response to a court or administrative order, regulation, search warrant, subpoena, discovery request or other valid law enforcement measure, to comply with a legal obligation, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the policies governing the Websites and applicable laws, or to protect the legal rights, interests, or safety of the Websites, our users or others. We may also use Device Identifiers to identify users, and may do so in cooperation with copyright owners, internet service providers, wireless service providers, or law enforcement agencies in our discretion. Such disclosures may be carried out without notice to you.
Third Parties Providing Services on Our Behalf: We employ third parties to perform functions on our behalf. Examples include the companies hosting or operating the Websites, processing and/or fulfilling orders for products purchased through the Websites, sending e-mail and/or other communications, maintaining customer and user information and databases, and credit card payment processing. These third parties may have access to your personal information in connection with performing such functions.
Sweepstakes, Contests and Promotions: We may offer sweepstakes, contests and other promotions through the Websites that may require registration. If you choose to enter a sweepstakes, contest or other promotion, your personal information may be disclosed to third parties in connection with the administration of such promotion, including, without limitation, in connection with winner selection, prize fulfilment, and as required by law, such as on a winners list. Also, by entering a promotion, you are agreeing to the official rules that govern that promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor(s) of the promotion to use your name, voice and/or likeness in advertising or marketing associated with the promotion.
Business Transfers: We may share the information collected through the Websites with and among our affiliates and divisions. If we transfer any of our business, either by selling our assets, merging, consolidating, divestiture, restructuring, reorganizing, dissolution, or by other means such as by a stock sale or other sales or transaction in which we effectively transfers all or a portion of our business, or other corporate change (including, without limitation, during the course of any due diligence process), we reserve the right to disclose and transfer our assets, including, without limitation, the Websites, all information you have provided or we have otherwise collected, and its customer and sales files.
EEOC:In conjunction with laws and regulations enforced by the Equal Employment Opportunity Commission ("EEOC"), the Office of Federal Contract Compliance Programs ("OFCCP") and similar state and local regulatory agencies, we may ask you to provide us with self-identifying information, such as veteran status, gender and ethnicity. Providing such self-identifying information is voluntary, but if you do provide us with such information, we may submit that information to the EEOC, the OFCCP, and similar state and local regulatory agencies for business-related purposes, including, but not limited to responding to information requests, fulfilling regulatory reporting requirements and defending against employment-related complaints.
Non-Personal Information: We may also provide third parties with non-personal information, such as aggregate information regarding users of the Websites, demographic information, and Website usage information without restriction. For example, third parties may have access to information regarding the number of unique page requests, unique users of our Websites, and aggregate information on the types of activities users conducted while on our Websites.
3. Third-Party Ad Serving and Traffic Analysis and Measurement Services.
4. Security for Personally Identifiable Information.
We use reasonable efforts to protect and secure your personal information against unauthorized access or accidental loss. Although we do our best to protect your personal information, please remember that the security measures taken are not foolproof; no Website can guarantee that personally identifiable information will be protected in all situations. Therefore, we can only state that we will make a reasonable effort to protect from unauthorized access the information that you provide. All information you transmit to us via the Websites is at your own risk. We encourage you to use caution when using the Internet. This includes not sharing your passwords.
5. Updating/Correcting Your Personal Information and Contacting Us.
The Websites may contain web pages through which you can change your preferences or update the personal information you have provided to us through the Websites. If you register to receive e-mail or other electronic communications from one of our divisions,
you may unsubscribe by following the instructions provided to you in the applicable communication.
You can contact us in order to: (i) update or correct the personally identifiable information that we store about you; or (ii) direct us to render inactive on our systems all personally identifiable information that refers or relates to you. We may be reached by telephone at 800-925-5187. Please note that if you request us to render inactive personally identifiable information that you provided, we may still use aggregate non-personal information and some personally identifiable information that you provided may continue to reside on backup tapes and other non-active systems used for data restoration purposes. We will not manually delete personally identifiable information that you provided from such backup media. If we reasonably determine that we owe a legal obligation to retain your information despite your request, we will retain your information, but only so far and to the extent that we reasonably determine that we are required to do so to comply with law. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
6. The Websites Are General Audience Websites.
The Websites are general audience Websites and not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Websites. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at 800-925-5187.
7. Consent to Transfer.
The Websites are operated in the United States. If you are located in the European Union, Canada or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using the Websites or providing us with your information, you consent to this transfer. The Websites are subject to United States laws, which may not afford the same levels of protection as those in your country.
8. Third Party Content and Links to Other Websites.
9. Social Media Sites and tracking.
We may make use of Social Media Sites to communicate with you, to provide you information, and to receive information from you. In some cases, this information exchange may be automated. For example, when you "Like" us on Facebook®, Facebook® may automatically make changes to our Facebook® site, include parts of your profile in our timeline, and may notify your friends that you have liked us. We do not control how Facebook®, or any other Social Media Site, uses your information, and your privacy is determined by those sites. Some Social Media Sites may use "tracking" technology—they may be able to know that you have visited us, and they remain active even after you leave our Websites. Again we do not control how these Social Media Sites operate, and in addition, we make no investigation into, and make no representation to you concerning, the operation, legality or other aspects of such third party tracking technology. We do not knowingly use tracking technology of you, other than as disclosed here in connection with your actual use of our Websites.
11. Nevada Privacy Rights
Nevada law (SB 220) permits customers in Nevada to opt-out of the sale of certain kinds of personal information. As previously mentioned above, we do not sell your personal information to third parties. If you are a Nevada resident and have questions, please contact us toll-free at 800-925-5187.
12. Privacy Notice for California Residents
Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication ("B2B personal information") from some its requirements.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA's scope, like: '
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||NO|
|G. Geolocation data.||Physical location or movements.||NO|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES|
|K. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, when you contact our customer service department, or provide your information to us at a tradeshow or social media.
- Directly and indirectly from activity on our Websites. For example, when you create an account on our Websites, order a product from our online store, or submit a question on our Contact Us webpage.
- From third-parties that interact with us in connection with the services we perform. For example, from customer concern call centers or background check services.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to fulfill or modify orders, process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns or in the event of a recall.
- To create, maintain, customize, and secure your account with us.
- To provide you with newsletters, email alerts, event registrations and other notices and information concerning our products, services, policies, programs (including sweepstakes, contests, promotions, rebate, and loyalty programs), or events or news that may be of interest to you.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide, support, personalize, and develop our Websites, products, and services.
- To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
We disclose your personal information for a business purpose to the following categories of third parties:
- Our subsidiaries and affiliates;
- Service providers;
- Third parties to whom you authorize us to disclose your personal information in connection with products or services we provide to you.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
We do not provide these access and data portability rights for B2B personal information.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request to delete, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these access and data portability rights for B2B personal information.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 800-925-5187
- Emailing us at firstname.lastname@example.org
- Filling out a request on our Contact Us webpage
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
- If you are submitting the request yourself or jointly as a household, the information may include:
- your name
- email address
- phone number
- home address
- If a representative is submitting the request on your behalf, the information may also include:
- a valid power of attorney designating the representative
- a document signed by you that grants the representative permission to make requests on your behalf
- you providing the information mentioned above directly to us
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
While we do not currently sell any personal information, you still have the right to direct us to not sell your personal information at any time if you are 16 years of age or older (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting our Contact Us page and filling out the webform and stating that you do not want us to sell your personal information.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by resubmitting your information to us via our Contact Us page.
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California's “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us via phone, email, or write to us as provided below in our Contact Information section
Changes to Our Privacy Notice
Toll Free Phone: 800-925-5187
Postal Address: Nutramax Laboratories Consumer Care, Inc.
2208 Lakeside Boulevard, Edgewood, MD 21040