Effective January 1, 2020
Your privacy is important to Onnit Labs, Inc (Onnit). To better protect your privacy, we are providing this notice explaining our online information practices and what choices you have about the way your information is collected and used.
- Who we are
- The information we collect
- How we use the information we collect
- How we protect your information and data retention
- If and when we share your information, and why
- How you can exercise your privacy rights
- Other useful information
If you have any questions or concerns, you may contact us.
Onnit is an Austin, TX-based health and wellness brand focused on encouraging a peak level of performance through the best in nutritional supplementation, health-conscious foods, and unconventional fitness equipment and training. Our mission is to help everyone achieve a new level of well-being we call Total Human Optimization.
What information do we collect?
We collect information from you when you register on our site, place an order, subscribe to our newsletter, respond to a survey or fill out a form.
When ordering or registering on our website, as appropriate, you may be asked to enter your name, e-mail address, mailing address, phone number or credit card information.
Additionally, when visiting our website, we may automatically collect certain information about your device and usage of our products and services. This is common data collection information and helps us provide a better experience for you.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals.
The categories of information we collect and have collected, including in the last 12 months, are as follows:
- Identifiers, including name, email address, IP address, and an ID or number assigned to your account.
- Other individual records such as phone number, billing address, or credit or debit card information.
- Demographics, such as your age or gender.
- Commercial information, including purchases and engagement with the site.
- Internet activity, including your interactions with our Services and what led you to our Services.
- Geolocation data provided through location enabled services such as WiFi and GPS.
- Inferences, including information about your interests, preferences and favorites.
How do we use the information we collect?
Any of the information we collect from you may be used in one of the following ways where in our legitimate business interests:
- To personalize and continually improve your shopping experience; to provide support; to update our records and generally maintain your accounts with us; to improve our store and platform; to enable third parties to carry out technical, logistical, or other functions on our behalf; and for day-to-day running and management of the business.
- To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)
- To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
- To process transactions
- To administer a contest, promotion, survey or other site feature
- To send periodic emails (The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.)
Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
How do we protect your information and data retention?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
All traffic to and submitted on Onnit.com is transmitted via industry standard, bank-level, Secure Socket Layer (SSL) 2048-bit encryption. Examples of this traffic includes login credentials, order forms, contact forms, and normal webpage views. All credit card and other payment details are secured in the same way, and is neither stored by Onnit, nor directly accessible by their employees.
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of processing your orders, delivering the purchased product or service requested or otherwise facilitating your use of our website or products.
We will retain your Personal Data for as long as you maintain an account or as otherwise necessary to provide the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you have questions about our data retention practices, please contact us through our Support Team.
Do we share any information with outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, facilitating transactions with us for you or otherwise servicing you. Onnit.com uses a variety of third-party service providers to help us provide services related to the Onnit.com Platforms(s) and our services. Service providers may be located inside or outside of the European Economic Area (“EEA”. For example, services provided may help us: (i) conduct fraud prevention and risk assessments; (ii) perform product development, maintenance, and debugging; (iii) provide customer service, advertising, payment, and transactional services; (iv) help us track website analytics, such as conversion and traffic metrics; and (v) verify information against public databases. We only share your information with trusted third parties that agree to keep it confidential and comply with privacy obligations. Examples of such third parties are payment gateways and warehouse programs used in the shipping of orders. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. In certain situations, we may also be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Your options and privacy rights under the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)
- Limiting use of, or deleting, your personal information may impact features and uses that rely on that information. However, we will not discriminate against you for exercising any of your rights, including otherwise denying you goods or services, providing you with a different level or quality of services, or charging you different prices or rates for services.
- Onnit does not sell personal information to third parties for monetary value. However, the term “sale” is defined broadly under the California Consumer Privacy Act. To the extent that “sale” under the CCPA is interpreted to include interest based advertising or other data uses described in the “How do we use the information we collect?” and “Do we share any information with outside parties?” Sections above, we will comply with applicable law as to those activities. Onnit discloses the following categories of information for commercial purposes:
- Commercial Information;
- Demographic Data;
- Location Data;
- Inferences; and
- Internet activity.
- Opting out. If you have consented to receive information from us, you can always opt out or unsubscribe. If you no longer wish to be contacted for marketing purposes, please click here.
- Accessing your information. You have the right to request a copy of the information we have collected about you. If you would like to request a copy of some or all of your information, please contact us at firstname.lastname@example.org and we will assist you with your request.
- Correct, update or request deletion. You may contact us directly at email@example.com to manage your account information or correct, update or request deletion of any of your personal information.
- Cookies: If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly. However, you can still place orders over the telephone or by contacting customer service. For more information about cookies and how to remove them from your browser you can visit www.aboutcookies.org or www.allaboutcookies.org.
- Issue a complaint. You have the right to complain to a data protection authority about the collection and use of your personal information. For more information, please contact your local data protection authority. Information regarding data protection authorities in the EEA is available at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
- Concerns. Additional questions and concerns regarding the information in this policy can be directed to firstname.lastname@example.org.
Other useful information
Privacy Shield Frameworks for Data Transferred to the United States from the EU/Switzerland
Our servers and offices are located in the United States, so your information may be collected, transferred to and stored in the U.S. In order to take steps to further protect your information, Onnit participates in and has certified its compliance with the Privacy Shield Frameworks.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, Onnit is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
Onnit’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Onnit remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Onnit proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Onnit commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Onnit at email@example.com.
Onnit has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Legal Basis for Collecting Personal Information (EEA Persons Only)
EU Privacy Shield Policy
If you are from the European Economic Area, our legal basis for collecting and using your information will depend upon the information we collect and why. We typically collect and use your information where it is in our legitimate interest and that interest is not overridden by your privacy rights and data protection interests. Our legitimate interests may include giving you a better experience on our website, providing you with a service or product, marketing our products and services, and maintaining and enhancing our technology for your use.
Third party links
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
California Online Privacy Protection Act Compliance
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.
Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older. If you become aware that a child has provided us with Personal Data without parental consent, please contact us through our Support Team. If we become aware that a child under 13 has provided us with Personal Data without parental consent, we will take steps to remove the data and cancel the child’s account.
Terms and Conditions
This policy was last modified on January 1, 2020.