Privacy Policy

Compliance and Data Protection

At NutriBox, we are deeply committed to protecting your privacy and ensuring the security of your personal information. We strive for full compliance with all applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA) of the State of California, and other relevant legislation around the globe. We understand the importance of your personal data and are dedicated to handling it with the utmost care and responsibility.

Our commitment to data protection is demonstrated through the implementation of robust industry-standard security measures designed to safeguard your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

• *Encryption:* We utilize encryption technologies to protect your data both in transit and at rest. This ensures that your sensitive information is scrambled and unreadable to unauthorized parties.
• *Access Controls:* We implement strict access control policies to limit access to personal information to only authorized personnel who require it for legitimate business purposes.
• *Regular Security Audits:* We conduct regular security audits and assessments of our systems and processes to identify and address potential vulnerabilities, ensuring our security measures remain effective and up-to-date with the latest industry best practices.
• *Employee Training:* All employees receive comprehensive training on data protection and privacy principles, ensuring they are aware of their responsibilities and how to handle personal data securely and in compliance with this Privacy Policy.
• *Data Minimization:* We adhere to the principle of data minimization, collecting only the personal information that is necessary for the specified purposes outlined in this policy.

We continuously review and update our data protection practices to adapt to evolving legal requirements and technological advancements, ensuring we maintain the highest standards of data privacy and security.

Data Collection and Usage

We collect, store, and process personal information strictly in accordance with legal requirements and ethical standards. Our data-handling practices are regularly reviewed and updated to maintain compliance with evolving regulations and industry best practices. We are committed to transparency in our data collection and usage practices, ensuring you understand how your information is used.

The types of personal information we may collect and process include:

• *Contact Information:* This may include your name, email address, phone number, postal address, and other contact details you provide to us. We use this information to communicate with you, respond to your inquiries, and provide customer support.
• *Account Information:* If you create an account with us, we may collect your username, password (stored in an encrypted format), purchase history, preferences, and other account-related information. This allows you to manage your account, track orders, and personalize your experience.
• *Website Usage Information:* We may automatically collect information about your interaction with our website, such as your IP address, browser type, operating system, pages visited, time spent on the site, and referring URLs. We use cookies and similar tracking technologies to collect this data to analyze website traffic, improve our website's functionality, and enhance user experience.
• *Transaction Information:* When you make a purchase, we collect information necessary to process your transaction, such as order details, shipping address, and payment information. Please note that payment information is typically processed by secure third-party payment processors, and we do not directly store sensitive payment details on our servers.
• *Marketing and Communication Preferences:* We collect information about your preferences for receiving marketing communications from us to ensure we respect your choices and provide you with relevant information.
• *Customer Support Interactions:* We may collect information when you contact our customer support, such as the content of your communications and contact details, to assist you effectively and improve our services.

We use your personal information for the following purposes:

• *Providing and Improving Our Services:* To operate our website, provide you with the products and services you request, and improve our offerings based on user feedback and usage patterns.
• *Order Processing and Fulfillment:* To process your orders, arrange for delivery, and provide you with order updates and related information.
• *Customer Support:* To respond to your inquiries, resolve issues, and provide effective customer support.
• *Personalization:* To personalize your experience on our website, such as recommending products or content that may be of interest to you.
• *Marketing Communications (with consent):* To send you newsletters, promotional offers, and marketing materials about our products and services, where you have provided your consent to receive such communications. You have the right to opt out of marketing communications at any time.
• *Website and Service Analytics:* To analyze website usage, identify trends, and gather statistical information to improve our website, services, and user experience.
• *Legal Compliance:* To comply with applicable legal obligations, regulations, and legal processes, such as responding to legal requests and maintaining records as required by law.
• *Security and Fraud Prevention:* To protect against fraud, unauthorized transactions, claims, and other liabilities, and to manage risk exposure and quality.

We will only use your personal information for purposes that are compatible with the original purpose for which it was collected or subsequently authorized by you, or as permitted by applicable law.

Transparency and Accountability

Transparency and accountability are fundamental principles that guide our data processing operations. We are committed to providing you with clear, understandable, and easily accessible information about our methods of collecting, using, and storing your data. This Privacy Policy is a key component of our transparency efforts and reflects our ongoing work to ensure compliance and accountability in data protection matters.

We ensure transparency in the following ways:

• *Clear and Accessible Privacy Policy:* This Privacy Policy is readily available on our website and is written in clear and plain language to help you understand our data processing practices. We encourage you to review it periodically for any updates.
• *Data Collection Notices:* When we collect personal information, we provide clear notices explaining the types of data being collected, the purposes for which it will be used, and your rights regarding your data. This may be through website forms, cookie banners, or other means.
• *Purpose Limitation:* We collect personal information for specified, explicit, and legitimate purposes and do not further process it in a manner that is incompatible with those purposes without your consent or as permitted by law.
• *Data Minimization:* We strive to collect only the minimum amount of personal information necessary to achieve the specified purposes.

Our accountability measures include:

• *Internal Policies and Procedures:* We have established internal policies and procedures governing the collection, use, and storage of personal information. These policies are regularly reviewed and updated to ensure compliance and effectiveness.
• *Data Protection Officer (DPO):* We may appoint a Data Protection Officer (or equivalent role) who is responsible for overseeing our data protection compliance and serving as a point of contact for privacy-related inquiries.
• *Regular Audits and Assessments:* We conduct regular audits and assessments of our data processing activities to ensure compliance with this Privacy Policy and applicable data protection laws.
• *Access Control and Security Measures:* We implement robust technical and organizational security measures to protect personal information from unauthorized access, use, or disclosure.
• *Employee Training and Awareness:* We provide regular training to our employees on data protection principles and best practices to foster a culture of privacy and security within our organization.
• *Incident Response Plan:* We have a documented incident response plan in place to address any data breaches or security incidents promptly and effectively, including notification to affected individuals and relevant authorities as required by law.

We are committed to fostering a culture of privacy and data protection within NutriBox and to maintaining your trust through transparent and accountable data processing practices.

User Rights and Choices

As part of our commitment to compliance with data protection regulations, we fully respect your rights regarding your personal information and provide you with the ability to control its use. You have the following rights:

• *Right of Access:* You have the right to request confirmation as to whether we process your personal information, and, if so, to access that data and certain information about how we process it.
• *Right to Rectification:* You have the right to request the correction of inaccurate or incomplete personal information that we hold about you.
• *Right to Erasure ("Right to be Forgotten"):* In certain circumstances, you have the right to request the deletion of your personal information. This right may be limited, for example, if we need to retain the data to comply with legal obligations.
• *Right to Restriction of Processing:* In certain circumstances, you have the right to request the restriction of the processing of your personal information. For example, if you dispute the accuracy of the data, processing may be restricted until the accuracy is verified.
• *Right to Object to Processing:* You have the right to object to the processing of your personal information in certain circumstances, such as processing for direct marketing purposes.
• *Right to Data Portability:* You have the right to receive your personal information, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller.
• *Right to Withdraw Consent:* If the processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• *Right to Lodge a Complaint with a Supervisory Authority:* If you believe that our processing of your personal information violates data protection laws, you have the right to lodge a complaint with a data protection supervisory authority in the country of your residence or work, or in the place of the alleged infringement.

Contact Us:

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at: [email protected].