Effective Date: February 28, 2020.

We at Vitamin Packs, Inc. DBA Persona ("Persona," "we," "us," or "our") provide this privacy policy ("Privacy Policy") to help inform you about how we collect information, how we use the information, and with whom we disclose such information. This Privacy Policy relates to our online services (the "Services"), which are available to you through a variety of platforms, including our website www.personanutrition.com (the "Website"), mobile application, and other interaction by telephone, e-mail, chat or other media (collectively, the "Platform"). Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use.

1. The Information We Collect

1.1. Information You Provide to Us

We collect information you provide to us. For example, we collect information when you sign up to become a subscriber, use our chat services, email us, call us, order a gift subscription, or enter a contest, promotion, or sweepstakes. Such information may include your name, e-mail address, date of birth, mailing address, and phone number.

Additionally, when you take our Vitamin Advisor assessment, you may also voluntarily provide us with additional information about yourself such as your hobbies, personal interests, household income range, gender, number of children, and other demographic information. You may also voluntarily provide us with information about your health and diet, and product and service preferences.

1.2. Information We Collect Automatically

We automatically collect information about you when you access or use the Platform. Such information may include your IP address, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, order information, device identifier, and other similar information concerning your use of the Services and Platform.

We may use cookies or similar technologies to help us collect information and to enhance your experience using the Services. Cookies are small packets of data that a website stores on your browser so that your computer will "remember" information about your visit. We use both session and persistent tracking technologies. For example, we collect information on our Platform through session cookies, which disappear when you close your Internet browser, and through persistent cookies, which remain on your computer until they are deleted. If you do not want the Platform to place a cookie on your hard drive or mobile device, you may be able to turn that feature off on your computer or mobile device. However, the Services may not function properly and your experience with the Platform and Services may be impacted.

Additionally, we use data analytics tools like Google Analytics and other third-party technologies to understand how users interact with our advertisements and Services. For more information, you can visit www.google.com/policies/privacy/partners/ ("How Google Uses Information From Sites Or Apps That Use Our Services").

For more information about cookies and how to disable them or to opt out of receiving certain advertising tailored to you from third parties, please visit:

  • http://www.aboutads.info/choices/
  • https://policies.google.com/technologies/ads
  • http://optout.networkadvertising.org/?c=1#!%2F
  • http://www.networkadvertising.org/choices/
  • www.allaboutcookies.org/manage-cookies/

Options you select are browser and device specific.

1.3. Information from Other Sources

We may receive information from third parties that provide us with information about you from online and offline sources. These third parties may use cookies or other similar technologies. For example, we may use third party web analytics tools to help us provide you with a better experience, determine your interest in our products, and improve the quality of our offerings. Additionally, such third parties may collect and combine your email address with other information they have access to solely so that we may serve relevant marketing offers to you via direct email.

Persona does not share any personal health information with third parties.

1.3.1. Digital Advertising

We may partner with third party companies that collect data from our Services, as well as from other non-affiliated websites and mobile apps over time in order to infer what interests you to deliver more relevant advertising to your browser or device, as well as browsers and devices associated with it. These partners, however, do not collect or receive information about your responses to assessment questions answered on the Platform for advertising or marketing purposes. This type of advertising is known as interest-based advertising. To learn more about this type of advertising for your browser, and your choices about it for companies that participate in the Digital Advertising Alliance's ("DAA") WebChoices tool, you can visit www.aboutads.info/choices. To learn about your choices about this activity on your mobile device for companies that participate in the DAA's AppChoices you can download the appropriate version of the app from www.youradchoices.com/appchoices.

We adhere to the DAA's Self-Regulatory Principles. When you exercise choice through these tools, data will no longer be collected from that browser or device for interest-based advertising, and data collected from associated browsers or devices will not be used on the browser or device for interest-based advertising on the browser or device where choice was exercised. Note that you will still see advertising, but that advertising may be less relevant to your interests. If you use multiple browsers or devices, clear your cookies, or reset your device identifier, you may need to exercise choice again.

1.4. Payment Information

When you sign up to become a subscriber or order a gift subscription, you provide certain payment information. Such information may include a debit card number, credit card number, and similar information (collectively, the "Billing Information") in order to complete your transaction. Billing Information is collected and processed through third-party vendors pursuant to the terms and conditions of their privacy policies and terms of use.

2. How We Use the Information

We use the information we collect to process transactions; provide you with the Services; solicit your feedback; provide information about our products, Services, or otherwise market to you; inform you about upcoming events, recipes, and special promotions; administer and process contests, promotions, and sweepstakes; analyze use of the Services; improve our Services; or as disclosed at the time of collection.

3. How We Share the Information

We may share your information in the following situations:

  • With service providers to provide services such as food services, delivery services, marketing assistance, information technology support, and customer service. These service providers will have access to the information only as necessary to perform their functions and to the extent permitted by law. We do not allow these service providers to share your information with others without our authorization or to use it for their own purposes;
  • With our affiliates and subsidiaries;
  • In the event of a business transaction or sale of all or part of our assets, including at bankruptcy;
  • In response to a court order, subpoena, warrant, or as otherwise required to by law;
  • To other parties with your consent or as disclosed at the time of collection; and
  • To protect our rights and the rights of third parties.

We may also aggregate information together in order to operate, maintain, manage, and improve the Services. We may share this aggregated data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products and Services to current and prospective business partners and to other third parties for other lawful purposes.

4. Accessing and Modifying Personal Information and Communication Preferences

If you have registered for the Services, you may access, review, and make changes to your Personal Information and Billing Information by following the instructions found on the Platform. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the "unsubscribe" link located on the bottom of any Persona marketing email.

5. Data Security

We take reasonable and appropriate measures to help protect information we collect and maintain from loss and unauthorized access. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet.

6. Retention of Data

In broad terms, we retain your personal data for as long as is necessary for the purposes described in this Privacy Policy. This means that the retention periods will vary according to the type of the data and the reason that we have the data.

We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the legal basis for doing so.

7. Important Notice to European and Swiss Economic Area Residents

The Platform and the Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using the Services and/or providing us with any information, you consent to this transfer.

The following terms apply to transfers of personal data from the European and Swiss Economic Areas to the United States in connection with Persona's services.

Certification. Persona complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Persona has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, and to view our certification, please visit the Privacy Shield website.

The U.S. Federal Trade Commission has jurisdiction over Persona's compliance with this Policy, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

Notice. As explained above, Persona collects the data you provide when you take our Vitamin Advisor assessment, subscribe, use our chat services, email or call us, order a gift subscription, or enter a contest, promotion, or sweepstakes. Additionally, when you take our Vitamin Advisor assessment, for example, you may also voluntarily provide us with additional information about yourself such as your hobbies, personal interests, household income range, gender, number of children, and other demographic information. You may also voluntarily provide us with information about your health and diet, and product and service preferences. Persona will subject all personal information received from the EU in reliance on the Privacy Shield to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. In cases of onward transfers of data, received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield, Persona is potentially liable.

Choice. Persona allows EEA and Swiss individuals to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by emailing us at privacy@personanutrition.com.

Persona will obtain affirmative express consent from individuals to collect sensitive personal information if that information is to be disclosed to a third party or used for a purpose other than that for which it was originally collected or authorized by your choice to opt-in.

Transfers to Third-Parties. Persona may transfer personal data to third-party agents or service providers who perform functions on our behalf, as described in Section 3 of this privacy policy. In such cases, we will take reasonable and appropriate measures to ensure that our third-party agents and service providers process personal data in accordance with our Privacy Shield obligations. Under certain circumstances, we remain liable under the Privacy Shield Principles if third-party agents that we engage to process personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles.

In certain situations, Persona may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Security. Persona takes reasonable and appropriate measures to protect personal data in our possession from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation. Persona will use personal information only in ways that are compatible with the purposes for which it was collected and subsequently authorized by the individual. Persona will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

Access. If you have registered for the Services, you may access, review, and make changes to your Personal Information and Billing Information by following the instructions found on the Platform. You may request to correct, amend, or delete information where it is inaccurate, or has been processed in violation of the Principles. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the "unsubscribe" link located on the bottom of any Persona marketing email.

Dispute Resolution. If you have questions or concerns, please write to us at privacy@personanutrition.com. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data in accordance with the Privacy Shield Principles.

In the event we are unable to resolve your concern, Persona commits to cooperate with the relevant EU Data Protection Authority and the Swiss Federal Data Protection and Information Commissioner and comply with their advice regarding personal data transfers and the Privacy Shield Principles. Per the terms of the frameworks and under certain circumstances, you may invoke binding arbitration.

8. Your GDPR Rights

This section applies to those who live in the European Union that use the Services and Platform.

Persona, in Snoqualmie, Washington, United States, is the controller of any personal data it may collect, process and hold about you. We process personal information with your consent (e.g. when we process personal information to provide vitamin supplement recommendations), to fulfill a contract, provide you with customer service, or as required by law.

You have the right to the following:

  • To request access to your personal information
  • To data portability
  • To rectify your personal information
  • To object to the processing of your personal information
  • To request the erasure of your personal information
  • To restrict the processing of your personal information
  • To withdraw consent to the processing of your personal information

You can exercise your rights by sending an email to privacy@personanutrition.com. You also have the right to lodge a complaint with your national Data Protection Authority.

Please note that Persona uses automated decision making processes (including solely-automated decision making processes) to provide certain Services ("Automated Processes"). The Automated Processes were created by our team of medical doctors, nutritionists, registered dietitians, and pharmacist. Automated Processes are used to provide you with your vitamin supplement recommendation using the Vitamin Advisor assessment by taking into account the personal information you provide to us. For example, the Automated Processes are designed not to process orders that contain supplements that interact with one another or contain more than a certain amount. These are called supplement/supplement interactions. For example, calcium impairs the absorption of iron, so we separate these two supplements into separate packs (e.g. AM and PM), so you do not take them at the same time. Similar to supplement/supplement interactions, certain supplements can have similar affects as some medications or they can cause the medication to not work as well in the body. These are called drug/nutrient interactions (DNIs). Based on the medication you indicate you are taking in our questionnaire, our Automated Processes will not recommend or allow you to add certain supplements to your order that would interact with that medication. This restriction is based on the database that our medical advisory board has created. If your medication is not listed, we encourage you to reach out to our nutritionists before purchasing your order so that they can contact our pharmacist to find out which supplements (if any) interact with your medication.

Human Involvement: Persona has a team comprised of nutritionists and registered dieticians who review certain orders created by our Automated Processes. Whether an order is flagged for review by a human is determined by rules created by the team. Orders that may be flagged for review, for example, include orders that contain pills over a certain count limit, orders that may result in pill interaction errors, or orders that are a result of technical errors that may cause duplicate protocol distributions. Our Automated Processes are designed to set limits regarding supplement orders. For example, we do not allow more than two multivitamins per day in each order because the vitamins contains nutrients that could be harmful if overconsumed. If an order contains more than the limits set, a nutritionist must approve the order before it is fulfilled. There are certain situations when such orders can be bypassed by a nutritionist manually changing a customer's order on the back end before the order is fulfilled.

If an individual informs us of serious medical conditions that are not listed the Vitamin Advisor assessment, a registered dietician will respond to the customer and recommend that he or she works closely with their doctor on what supplements are right for them. Additionally, upon request, nutritionists can review assessments. Even after an individual has placed an order, any nutritionist can review and revise the recommended vitamin supplement recommendation. For example, if an individual has specific needs for a different supplement, a nutritionist will use his or her best judgement to provide an alternate recommendation. If the needs are medical, a registered dietician will inform the individual of this.

At any point, you have the right to object to the Automated Processes, request human intervention, express your point of view about our Automated Processes, or contest any vitamin supplement recommendations. To exercise such a right, please contact us at privacy@personanutrition.com.

9. Children

Our Services and Platform are not directed to, or intended for, individuals under the age of 18 and we do not knowingly collect personal information from individuals under the age of 18. If you are under 18, please do not give us any information. If you believe that we have any such information, please notify us immediately using the contact information provided in Section 14 and we will delete the information as quickly as possible.

10. External Websites

The Platform may contain links to third-party websites. Persona has no control over the privacy practices or the content of any of our business partners, advertisers, sponsors, or other websites to which we provide links. As such, we are not responsible for the content or the privacy policies of those third-party websites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites.

11. Notice to California Residents - Your California Privacy Rights

For our California consumers, please see our California Privacy Notice for your specific privacy rights.

12. Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time, and will post any changes on the Platform as soon as they go into effect. By accessing the Platform or using the Services after we make any such changes to this Privacy Policy, you are deemed to have acknowledged such changes. Please refer back to this Privacy Policy on a regular basis.

14. Contact Us

If you have questions or concerns about this Privacy Policy, you can send an e-mail to privacy@personanutrition.com.