General Data Protection Regulation (GDPR) Privacy Policy
Effective Date: 2/22/2022
Nutri-Biome, LLC and subsidiaries, (“NB,” “we” or “us”) are committed to protecting the privacy of all visitors to the NBresults.com website. NB has established this GDPR Privacy Policy to inform you of the specific practices and guidelines that help ensure the security and confidentiality of your personal information. This GDPR Privacy Policy (the “Policy”) sets forth the privacy principles that NB follows with respect to the processing of personal data for all that use our products or services.
By using or accessing in any way the Website(s) we control and operate, including https://NBresults.com (our “Website(s)”), and “Client Portal”) or by transmitting information to us by email or other electronic means, you agree to the terms of this GDPR Privacy Policy. If you do not agree with the terms of this GDPR Privacy Policy, please do not access or use the Website(s). NB is committed to upholding the confidentiality of personal information and strives to collect, use and disclose personal information in a manner consistent with the laws and regulations of the countries in which it does business.
Term | Definition |
---|---|
Personal Data | Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Genetic Data | Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question |
Processing | Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. |
Processor | A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
Data Protection Authority | An independent public authority that is legally tasked with overseeing compliance with applicable data protection laws. |
Sensitive Personal Data | Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. |
1. Your Legal Rights to Your Data.
Subject to applicable law, you have a number of rights regarding the Processing of your Personal Data. These rights include:
- The right to request access to, or copies of, your Personal Data that NB Processes or controls; together with information regarding the nature, processing and disclosure of your Personal Data.
- The right to request rectification of any inaccuracies in your Personal Data that NB Processes or controls.
- The right to request erasure of your Personal Data or restriction of Processing of your Personal Data that NB controls or Processes.
- The right to have your Personal Data that NB controls or Processes transferred to another Controller, to the extent applicable.
- Where NB processes your Personal Data on the basis of your consent, the right to withdraw that consent.
- The right to lodge a complaint with a Data Protection Authority regarding the Processing of Personal Data by NB or on NB’s behalf.
- The right to object to the Processing of your Personal Data by NB.
- The right to object to the Processing of your Personal Data by NB, or to Processing on our behalf, for direct marketing purposes.
2. How Much Data We Collect
NB takes reasonable steps to ensure that Personal Data Processed by NB is limited to the Personal Data reasonably required in connection with the purposes set out in this Policy.
3. How Long We Hold Your Data
NB takes reasonable steps to ensure that your Personal Data is only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which NB retains your Personal Data is as follows:
- NB will retain copies of your Personal Data in a form that permits identification only for as long as:
- NB maintains an ongoing relationship with you; or
- Your Personal Data is necessary in connection with the lawful purposes set out in this Policy, for which NB has a valid legal basis.
- Additionally, NB will retain copies of your Personal Data for the duration of:
- Any applicable limitation period under applicable law (i.e. any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data may be relevant).
- An additional 2 (two) month period following the end of any such applicable limitation period.
- In addition, if any relevant legal claims are brought, NB may continue to Process your Personal Data for such additional periods as are necessary in connection with that claim.
During the periods noted in paragraph ii (A) and ii (B), NB will restrict our Processing of your Personal Data to storage of, and maintaining the security of, that data, except to the extent that the data need to be reviewed in connection with any legal claim or obligation.
Once the applicable period has ended, NB will in accordance with local and federal guidelines, either:
- Permanently Destroy or delete the relevant Personal Data
- Archive your Personal Data so that it is beyond use
- Anonymize the Relevant Personal Data
4. How We Keep Your Data Safe and Secure
NB has implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful loss, alteration, disclosure, access, destruction, and unlawful or unauthorized forms of Processing.
Information that you provide to NB through these Website(s) is encrypted using industry standard Secure Sockets Layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access. Unfortunately, we cannot ensure or warrant the security of any information you transmit to our Website(s), and you do so at your own risk. As a consequence, NB disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
5. How We Ensure the Accuracy of Your Data
NB takes reasonable steps to ensure that Personal Data that is Processed by NB is accurate, and, if necessary, up to date, and to ensure that if any of your Personal Data processed by NB is inaccurate (having regard to the purposes for which it is Processed) it is erased or rectified. NB may also ask you to confirm the accuracy of your Personal Data.
6. Who We May Provide Your Data To
With your consent, NB may disclose your Personal Data to other entities for legitimate business purposes (including providing services to you and operating our Website(s)) in accordance with applicable law. In addition, NB may disclose your Personal Data to:
- You, and, where appropriate, your family or authorized legal representative.
- Your Physician (where appropriate) having signed a HIPAA release form.
- Third party Processors (e.g. payment services providers, shipping companies, etc).
- Web service providers: (e.g. cloud storage, data aggregation services, targeted marketing)
- Information NB shares with commonly owned entities.
- Any relevant third-party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).
- Disclosures required by law or for regulatory compliance.
- Any relevant party for the purposes of prevention, investigation, detection or prosecution of illegal activity that may expose us to legal liability or costs, to enforce our policies governing our Website(s).
Our Website(s) may use third party plugins or content. If you choose to interact with any such plug-in or content, your Personal Data may be shared with the third-party provider of the relevant social media platform. NB recommends that you review that third party’s privacy policy before interacting with its plugins or content. If NB engages a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to only Process the Personal Data in accordance with our prior written instruction, and to use measures to protect the confidentiality and security of the Personal Data, along with any additional requirements under applicable law.
7. How Our Website Collects Information
Certain pages of our Website(s) or email correspondence may use session cookies, persistent cookies, or web beacons to anonymously track unique visitors, save website preferences, and allow us to recognize visits from the same computer and browser. You have the option to reject our Website’s cookies and still use our Website(s); however, your access may be limited.
8. Contacting you about new products or services.
NB may Process your Personal Data to contact you, primarily via email, so NB may provide you with information concerning products, updates, and services that may be of interest. If you do not wish to receive marketing emails from us, you can opt out at any time.
9. Why We May Need to Transfer Your Data Overseas
As it applies to our customer base that extends to countries outside of the United States, your location may require us to ship our products and/or transfer your Personal Data overseas to provide you with the services you have selected. For this reason, NB may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements. There is the possibility these countries will have a lower standard of protection than those that would apply in the country in which NB is located. Therefore, if you are located outside of the United States please be aware your Personal Data may be more vulnerable.
For more information on these safeguards, please contact NB via the information provided herein.
10. The Personal Data We Collect From You
NB collects Personal Data about you from a variety of sources:
- NB obtains your Personal Data when you provide it to us (e.g. when you contact us via email, telephone, or by other means).
- NB may request your Personal Data when such collection is necessary to fulfill the services you have selected.
- NB collects your Personal Data in the ordinary course of our relationship with you.
- NB receives Personal Data from authorized third parties who provide it to us (e.g. your doctor, law enforcement agencies).
- NB receives Personal Data from third parties when you purchase any of our products or services through such third parties (e.g. Systemic Formulas Inc).
- NB collects or obtains Personal Data when you visit our Website(s) or use any features or resources available on or through our Website(s). When you visit our Website(s), your device and browsers may automatically disclose certain information, such as device type, operating system, browser type, browser settings, IP address, language settings, time and date of connection, and other technical information, some of which may constitute Personal Data.
11. The Personal Data We May Create About You
NB creates Personal Data about you, such as records of your interactions with us, and details about your account, subject to applicable law.
12. The Relevant Personal and Sensitive Personal Data That We Process
The categories of Personal and Sensitive Personal Data about you that NB Processes, subject to applicable law, are as follows:
- Registration Information: Personal Details (name; gender; date of birth)
- Authentication data (email address; username; passwords)
- Contact details (address; telephone number; email address; account number)
- Referral Information: Details on people or entities you’d like your data shared with (i.e. Practitioner, Doctor, Family Member)
- Genetic Data: As submitted to us for testing in relation to NB Products.
- Electronic identifying Data (IP addresses; cookies; activity logs; online identifiers; unique device identifiers; geolocation data)
13. Collecting and Processing Your Sensitive Personal Data
NB will seek to collect or otherwise Process your Sensitive Personal Data only when:
- NB has, in accordance with applicable law, obtained your explicit consent prior to processing your Sensitive Personal Data. (I.E. in relation to ordering a NB product).
- The Processing is necessary for the detection or prevention of crime, to the extent permitted by applicable law.
- The Processing is necessary for compliance with a legal obligation.
- The Processing is necessary for the establishment, exercise or defense of legal rights.
- The Processing is necessary for reasons of substantial public interest and occurs on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard your fundamental rights and interest.
14. Purposes and Legal Basis for Which NB May Process Your Personal Data
The purposes for which NB may Process Personal Data, subject to applicable law, and the legal basis on which NB may perform such Processing, are:
Processing Purposes | Legal basis for Processing |
---|---|
Genetic Sequencing: Performing genetic sequencing for customers, processing and delivering results. | NB has obtained your express prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary). The processing is necessary in connection with any contract that you may enter into with us, or to take steps prior to entering into a contract with us. |
Customer Contact: To respond to customer inquiries, provide information about our website, communicate with you about transactions, and provide technical support. | The Processing is necessary in connection with any contract that you may enter into with us or take steps prior to entering into a contract with us. NB has obtained your express prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary). |
Legal Compliance: Compliance with legal and regulatory obligations under applicable law, screening against sanction lists. | The Processing is necessary for compliance with a legal obligation. NB has a legitimate interest in carrying out the Processing for the purposes of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms). |
Legal Proceedings: Establishing, exercising, and defending legal rights. | The Processing is necessary for compliance with a legal obligation. NB has a legitimate interest in carrying out the Processing for the purposes of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms). |
Security: Physical security of our premises (including records of visits to our premises and Security recording) and electronic security (including login records, device details, access details). | The Processing is necessary for compliance with a legal obligation. NB has a legitimate interest in carrying out the Processing for the purposes of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms). |
Marketing: communications via email, phone, or other means, subject to ensuring that such communications are provided to you in compliance with applicable law. | NB has a legitimate interest in carrying out the Processing for the purposes of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms). NB has obtained your express prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary). |
Operation of Website: Operation, management, and improvement of our Website, communicating and interacting with you via Our Website. | The Processing is necessary in connection with any contract that you may enter into with us, or take steps prior to entering into a contract with us. NB has a legitimate interest in carrying out the Processing for the purposes of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms). NB has obtained your express prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary) |
IT Operations: Management of our communications systems, operation of IT security, Security audits. | The Processing is necessary for compliance with a legal obligation. The Processing is necessary in connection with any contract that you may enter into with us, or take steps prior to entering into a contract with us. NB has a legitimate interest in carrying out the Processing for the purposes of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms). |
Investigations: Detecting, investigating and preventing breaches of policy | NB has a legitimate interest in carrying out the Processing for the purposes of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms). |
Improving Products & Services: Identifying issues and planning improvements for existing products and services, creating new products and services. | The Processing is necessary in connection with any contract that you may enter into with us, or take steps prior to entering into a contract with us. NB has a legitimate interest in carrying out the Processing for the purposes of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests or fundamental rights and freedoms). NB has obtained your express prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary). |
15. How You Can Contact Us
If you have comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data by NB, please contact NB at:
Nutri-Biome, LLC
1877 W 2800 S
Ogden, UT 84401
1 (800) 445-4647
info@nutri-biome.com
16. How We’ll Contact You If We Update This Document
NB may revise this Privacy Policy from time to time. All updates to this statement will be posted on this web page. If we make significant changes, NB will notify you by posting a notice on our Website(s). Please check our Website(s) for the most current version of our Privacy Policy. Your continued use of the website after we have posted a notice on the website constitutes your acceptance of such changes.