VITAMIN WELL’S PRIVACY POLICY

1. Introduction

Vitamin Well is committed to safeguarding your privacy and to processing your personal data in a transparent, secure and legal manner. This Privacy Policy, which addresses everyone who in any way interacts with us, lays out how we process your personal data at Vitamin Well and what your rights are as a data subject.

Unless stated otherwise, the Vitamin Well Group, Garvargatan 9, 11221 Stockholm, (“Vitamin Well”, “we”, “us”) is the controller of the personal data. Vitamin Well includes No Carbs Company AB, Barebells Functional Foods AB (including the brand Snackbros), Tyngre Distribution AB and NOBE Drycker Stockholm AB, as well as a branch in Finland and subsidiaries in Denmark, Norway, Germany, France, Austria, Poland, Spain, the United Kingdom, Hong Kong and the United States of America.

Vitamin Well has also opted to appoint a Data Protection Officer (“DPO”) to ensure data protection. If you have any questions about how we process your personal data or to enforce any of your rights, please write to dpo@vitaminwell.se.

2. What is personal data?

Personal data is any information relating to an identified or identifiable natural person (‘data subject’), i.e. any type of data that allows for identifying a person. Examples include names, email addresses or phone numbers if they can be associated to a certain living physical person, but also e.g. a photo in which the person can be recognised.

3. What does “processing” personal data mean?

The term “processing” covers all sorts of operations that are performed on personal data. The definition is very wide and includes all forms of handling data from collection, recording, storage and adaptation, to use, dissemination and even erasure of personal data.

4. What personal data do we process, for what purposes and on what legal bases?

4.1 We process personal data to be able to fulfil or enter into an agreement with you:

  • If you are an ambassador for our company, you have provided us with personal data such as contact details (e.g. name, social security number, address, phone number, entrance code, email address and possibly a bank account number), name(s) on social media, clothing size and photos. We process this data to be able to fulfil our agreement with you, e.g. to compensate and/or send products to you, and to cooperate on participation at events and other types of marketing. We also process public data from e.g. social media sources, such as number of followers and activity/posts related to the trademarks you are an ambassador for, to monitor and follow up on our agreement.
  • If you have concluded a modelling agreement with us, you have provided us with personal data such as name, address, e-mail address, phone number, bank account number and photos and films that you appear in. The data will be used to remunerate you, to link, in our internal databases, your name to the photos and films you appear in and to associated events, and to promote our trademarks and products.
  • If you have concluded a photographer agreement with us, you have provided us with personal data such as name, address, e-mail address, phone number and bank account number. We process this information to remunerate you and to be able to link, in our internal databases, your name to associated photos, films and events.
  • If you have agreed to our terms and conditions for participating in an event organised by us, you have provided us with personal data such as contact details (e.g name, email address, address and phone number) and possibly also health information (e.g. injuries or allergies). We require this data in order to organise and safely carry out the event. Since we take photos and films during our events for future marketing purposes, as agreed in the terms, we may also collect, edit and on social media disseminate photos and films on which you are visible and may be identified.
  • If you have agreed to our terms and conditions for entering a sweepstake, contest or other competition that we organise, you have provided us with personal data such as your name, address, phone number, email address, social media name(s) and possibly a contribution (e.g. a photo or film) on which you can be identified. We use this data to carry out the promotion, and in some cases also as a basis for further promotions. Where the prize is a trip, we may also process data such as citizenship and health information (e.g. allergies) that we need to know of for safety reasons.
  • If you have agreed to our terms and conditions on the use of content that you have posted on social media, such as a photo, video, caption or other text, we will process associated personal data for the purpose of promoting our products and trademarks.
  • If you have applied for a job at Vitamin Well, you have provided us with personal data such as your contact details (e.g. name, email address, address and phone number) and possible other personal information (e.g. photo) in your application. We use this information to evaluate your application and suitability for employment, i.e. in order to take steps at your request prior to entering into a contract.
  • If you have concluded an agreement with us regarding the sponsorship of an event, manufacturing of products or other professional collaboration, you have provided us with personal data such as your contact details (e.g. name, address, phone number, position and employer). We use such data to be able to fulfil our agreement with you.

The legal basis for our processing of this personal data relating to you is that the processing is necessary to enter into or to fulfil a contract with you.

4.2 We process personal data based on our legitimate interest

  • If you have expressed an interest in or signed up for news updates from us (e.g. via Mynewsdesk), you have provided us with personal data such as your name and email address. We use this information to send relevant news and press releases to you.
  • If you freely collaborate with us as an ambassador or if you are a potential ambassador, you may have provided us with personal data such as your name, address, phone number, email address, social media name(s), clothing size and photos in order for us to send you products and cooperate on participation at events and other forms of marketing. We may also store such information and/or public data such as number of followers on social media and activity related to our trademarks, in order to be able to initate such a collaboration or enter into an ambassador agreement with you.
  • If you have signed up for an event or trip that we organise, you have provided us with data such as your contact details (e.g. name, address, phone number and email address) and possibly also health information (e.g. allergies) which we need to know for safety reasons. As it is the nature of such events to take photos and films for visibility and marketing purposes, we may also process such material on which you can be identified.
  • If you have contacted us with questions or complaints on our products, you have provided us with personal data such as your name, address, email address and phone number and possible health information (e.g. product-related health issues). We use this information to be able to answer your questions, investigate product issues, trace or report health risks, compensate you, and to prevent fraudulent behaviour e.g. through unfounded complaints and compensation claims.
  • If you visit our homepage and accept our cookies, you have agreed to our collection of potential personal data in the form of online behaviour (e.g. your IP address, click history, previously visited websites, etc.) as described in our Cookie Policy. We analyse this information on an aggregaged and pseudonymised level for statistical purposes, optimisation of our homepage to market our products and trademarks by analysing what parts of our homepages are most often visited.
  • If you otherwise choose to get in touch with us, at our general invitation or on your own initiative, via one of our general email addresses (e.g. info@barebells.com) with ideas on new tastes, products or campaigns, you provide us with personal data that we use to be able to reply and evaluate the content of your email.

We process this personal data based on our assessment that it is necessary for the purposes of our legitimate interest to promote our products and trademarks and to remain competitive as a company. We assess that our legitimate interest in this case is not overridden by your interest or fundamental rights and freedoms that require protection of personal data, as you have yourself or even on your initiative provided us with your personal data and we process the data for purposes that should be in line with your expectations.

If we have concluded an agreement regarding any of the above listed activities, our processing of associated personal data will instead be based on the fulfilment of that agreement.

4.3 Legal requirements, public interest and consent

We may need to process your personal data to fulfil legal requirements (e.g. obligations to keep records) and at the instruction of courts or public authorities (e.g. the Swedish Tax Agency). We may also be legally required or compelled by public interest to process personal data relating to product issues in order to trace and monitor potential health risks.

In addition, we may process your personal data based on your consent. We will in that case obtain your consent in advance, for a specific purpose, and ensure that it is freely given, specific, informed and unambiguous. You have the right to withdraw a given consent at any time and are in that case welcome to contact our Data Protection Officer. Please note that a withdrawal will not retroactively apply for already performed processing.

5. Who are the recipients of the personal data?

Your personal data will, where and to the extent necessary, be processed by Vitamin Well employees and its advisors, suppliers, partners and distributors. For instance, our product managers will primarily have access to incoming questions and complaints on our products, whereas our HR department primarily will process employee information.

Vitamin Well concludes data processing agreements with third parties who through their services or collaboration gain access to or process personal data on our behalf. We thereby ensure that the third parties we work with process data in the same legal and secure way as us.

Vitamin Well currently has sister and daughter companies in Norway, Denmark, Germany, France, Austria, Poland, Spain, the United Kingdom, Hong Kong and the U.S.A., as well as a branch office in Finland, and is continuing to expand internationally. We also work with partners and distributors in many countries both within and outside of the European Union (the “EU”) and European Economic Area (the “EEA”) and may therefore also need to share personal data with e.g. service providers and legal advisors not based in the EU/EEA.

This means that your personal data may be transferred outside of the EU/EEA. Such transfers will be based on adequacy decisions by the EU Commission where possible, and otherwise primarily on the performance of an agreement concluded between us. In other cases, any third country transfer of your personal data will rely on adequate safeguards such as standard contractual clauses. Exceptionally, we may also perform such transfers based on your explicit consent, important reasons of public interest, the management of legal claims, or to protect your or someone else’s vital interests.

6. Does Vitamin Well process special categories of personal data?

Vitamin Well never processes sensitive information such as information on racial or ethnic origin, political opinions, religious beliefs or sexual orientation. In some cases, however, we are required to collect and, for a limited period of time, process data concerning health for safety reasons, such as information on allergies or other conditions that we need to know of when organising trips or training events. Such data will always be deleted as soon as the purpose for which it was collected is no longer applicable.

7. For how long is the personal data retained?

7.1 When we process personal data is based on an agreement

We will retain your personal data during the term of the agreement and erase it when the agreement is terminated. However, the following exceptions apply:

If we are legally required to retain or disclose any of your personal data after termination of the agreement, such as employment information, we will retain the data for as long and to the extent required under law or as instructed by a court or public authority.

Photos or films will not automatically be erased upon request or after completion of a given event, but will be used in accordance with our agreement.

If you have spontaneously applied for a job at Vitamin Well, we will retain your personal data for six months from the application date in order to be able to contact you if a suitable position comes up. If you have unsuccessfully applied for a job with us, we will erase your application upon notifying you that we will not offer you the position, unless we agree otherwise.

7.2 When we process personal data based on our legitimate interest

News updates: We will retain your personal data for as long as you remain signed up up for or indicate your interest in our news updates. You may at any time cancel our news updates.

Collaborators/ambassadors: We will retain your personal data for as long as our informal collaboration continues or as your personal profile is relevant for our marketing purposes.

Events: We will retain your personal data until the event is completed. Photos and films from the event will, however, not automatically be erased after completion of the event, but may be used for as long as they are relevant for our marketing purposes.

Product questions and complaints: We will process the personal data for two years upon receiving it, in order to perform statistical analyses on questions and complaints, to investigate, trace and report potential health risks or product issues, to monitor and improve our customer service, pay compensation, and to prevent fraudulent behaviour (e.g. unfounded compensation claims).

Website visitors: We will process your personal data until you reject our website cookies.

Ideas etc.: We process any spontaneously received personal data for as long as it is relevant tous.

8. What are your rights as a data subject?

You have many rights a data subject. For one, you have a right to know what personal data we hold about you. You may also request that we rectify inaccurate data on you, that we erase no longer relevant data, and that we transfer the data. You always have the right to lodge a complaint with the Data Inspection Board.

Further, you may ask us to restrict our processing of your personal data. Please note that such a request may mean that we can no longer fulfil our obligations towards you, and that an erasure will not include photos or films, which will be used in accordance with our agreement.

If we have concluded an agreement with you, you may also receive a copy of the personal data that you have provided us with in a digital format. If we process your data based on our legitimate interest, you may at any time object to our processing.

If you have any questions or wish to invoke any of your rights, please contact our DPO at dpo@vitaminwell.se.

9. Other

This Privacy Policy will regularly be updated to align with our business operations and to comply with applicable law, i.e. Swedish law including the requirements in the General Data Protection Regulation (EU Regulation no. 2016/679). This version was last updated on 29 March 2019.