Unless stated otherwise, Vitamin Well AB, reg. no. 556701–6505, Garvargatan 9, 11221 Stockholm, (“Vitamin Well”, “we”) is the controller that determines the purposes and means of the processing of personal data. Vitamin Well includes No Carbs Company AB, Barebells Functional Foods AB (including the brand Snackbros), Tyngre Distribution AB and NOBE Drycker Stockholm AB as well as a branch in Finland and subsidiaries in Denmark, Norway, Germany, Poland, Spain, the United Kingdom, Hong Kong and the United States of America(“Vitamin Well Group”).
Vitamin Well has also, on a voluntary basis, appointed a Data Protection Officer (“DPO”) to ensure data protection. If you have any questions about how we process your personal data or to enforce any of your rights as described further down, please write to firstname.lastname@example.org.
2. What is personal data?
Personal data means any information relating to an identified or identifiable natural person (‘data subject’). It can thus be any type of data that allows for identifying a person. Examples include names, email addresses or phone numbers if they can be associated to a certain living physical person, but also e.g. a photo in which the person can be recognised.
3. What does “processing” personal data mean?
The term “processing” covers all sorts of operations that are performed on personal data. The definition is very wide and includes all forms of handling data, from collection, recording, storage and adaptation to use, dissemination and even erasure of personal data.
4. What personal data do we process, for what purposes and on what legal bases?
4.1 We process personal data to be able to fulfil or enter into an agreement with you
- If you have concluded an agreement with us regarding the sponsorship of an event, manufacturing of products or other professional collaboration, you have provided us with personal data such as your contact details (e.g. name, address, phone number, position and employer). We use such data to be able to fulfil our agreement with you.
- If you are an ambassador for our company, you have provided us with personal data such as contact details (e.g. name, address, phone number), name on social media, clothing size and potential photos. We process this data to be able to fulfil our agreement with you, e.g. by sending products to you, or to cooperate on participation or organisation of events and other types of marketing.
- If you have agreed to our terms and conditions for participating in an event organised by us, you have provided us with personal data such as contact details (e.g name, address and phone number) as well as potentially important health information (e.g allergies). We require this data in order to organise and safely carry out the event. Since we take photos and films during our events for future marketing purposes we may also collect, edit and on social media disseminate photos and films on which you are visible and may be identified.
- If you have applied for a job at Vitamin Well, you have provided us with personal data such as your contact details (e.g. name, address and phone number) and possible other personal information (e.g. photos, family relations) in your application. We use this information to evaluate your application and suitability for employment, i.e. in order to take steps at your request prior to entering into a contract.
The legal basis for our processing of this personal data relating to you is that the processing is necessary to enter into or fulfil a contract with you. This may mean that we need to terminate the agreement if you ask that we erase data or otherwise limit our processing of your data.
4.2 We process personal data based on our legitimate interest
- If you have expressed an interest in or signed up for news updates from us on certain topics (e.g. via Mynewsdesk), you have provided us with personal data such as your name and email address. We use this information to be able to send targeted and relevant news and press releases to you.
- If you have registered for or submitted a contribution to a contest that we organise, you have provided us with personal data such as your name, address, phone number, email address, name on social media and/or a contribution (e.g. a photo or film) on which you can be identified. We use this information to be able to evaluate your contribution, appoint a winner and award a prize. Where the prize is a trip, we may also process data such as your passport number and important health information (e.g. allergies) which we for safety reasons need to know of as organisers of the trip.
- If you collaborate with us as an ambassador for us or are a potential ambassador, you may have provided us with personal data such as your contact details (e.g. name, address and phone number, email address, name on social media, clothing size and photos) on social media and via email, in order for us to be able to send you products and for us to cooperate on participation at events and other forms of marketing. We may also have compiled some of such data or public data on you if you are a potential ambassador for us, in order to be able to initate such a collaboration or enter into an ambassador agreement with you.
- If you have signed up for an event that we organise, you have provided us with personal data such as your contact details (e.g. name, address, phone number and email address) and possibly also some health information (e.g. allergies) which we for safety reasons need to know of and may have to inform medical staff about. As it is the nature of such events to take photos and films during the events for future marketing purposes, we may also collect, edit and disseminate photos and films on which you can be identified.
- If you have contacted us with questions or complaints on our products, you have provided us with personal data such as contact details (e.g. name, address, email address and phone number) as well as possible additional information (e.g. product-related health issues). We use this information to be able to answer questions, investigate product issues, trace or report health risks, pay compensation and prevent fraud/cheating e.g. through repeated unfounded complaints with compensation claims.
- If you otherwise choose to get in touch with us, at our general invitation or on your own initiative, viaone of our general email addresses (e.g. email@example.com)g. with ideas on new tastes, products or campaigns, you provide us with personal data that we use to be able to reply and evaluate the content of your email.
We process this personal data based on our assessment that it is necessary for the purposes of our legitimate interest to market our products and trademarks and remain competitive on the market. We assess that our legitimate interest in this case is not overridden by your interest or fundamental rights and freedoms that require protection of personal data, as you have yourself or even on your initiative provided us with your personal data and we process the data for purposes that should be in line with your expectations.
4.3 Legal requirements, public interest and consent
We may process your personal data to be able to fulfil our legal requirements (e.g. obligations to keep records) and at the instruction from public authorities (e.g. the Swedish Tax Agency). We may also be legally required or compelled by public interest to process personal data relating to product issues in order to trace and monitor potential health risks.
In addition, we may process your personal data based on your consent. We will in that case obtain your consent for a specific purpose and ensure that it is freely given, specific, informed and unambiguous. You have the right to withdraw your consent at any time and are in that case welcome to contact our Data Protection Officer.
5. Who are the recipients of the personal data?
Those who will have access to your personal data are authorised staff within the Vitamin Well Group who need to have access to the data to perform their work tasks. For instance, our product and customer managers will have access to incoming questions and complaints on our products. Personal data may also be processed by both in-house and external IT experts and other service providers, as necessary for the conduct of the business.
Vitamin Well has concluded data processing agreements with service providers who through their services gain access to or process personal data for our purposes and at our instructions. Through the agreements, we ensure that our suppliers, e.g. of our digital sales support system, process the data in the same legal and secure way as us.
Vitamin Well currently has sister and daughter companies in Norway, Denmark, Germany, Poland, Spain, the United Kingdom, Hong Kong and the U.S.A, as well as a branch office in Finland. We apply the same strict EU data protection laws in all our companies and your data will primarily be processed within the European Union (the “EU”) or European Economic Area (the “EEA”). We may also need to transfer personal data to third parties, such as service providers and advisors, that are based outside the EU/EEA. Such transfers will be performed subject to appropriate safeguards required by applicable data protection laws, such as through data processing agreements.
6. Does Vitamin Well process sensitive personal data?
Vitamin Well rarely processes sensitive information (e.g. racial or ethnic origin, political opinions, religious beliefs or sexual orientation). In some cases, however, we are required to collect and use health information for safety reasons, such as information on allergies or other conditions that we need to know of when organising trips and training events.
7. For how long is the personal data retained?
7.1 When we process personal data is based on an agreement
We will retain your personal data during the term of the agreement and erase it when the agreement is terminated. However, the exceptions below apply:
If we are legally required to retain or disclose any of your personal data after termination of the agreement, such as employment information, we will retain the data for as long and to the extent required under law or as instructed by a public authority.
Photos or films from events that we have organised will not automatically be erased after the event has been held, but may also be used for marketing purposes going forward. The material will be erased when it is no longer relevant for these purposes. Sensitive data such as information on allergies or other health information will, however, always be erased as soon as the event is completed.
If you have applied for a job at Vitamin Well, we will retain your personal data for six months from the date of your application if it was a spontaneous application. We keep the application for the purpose of being able to contact you if a suitable position should come up.
If you have unsuccessfully applied for a certain position with us, we will erase your application upon notifying you that we will not offer you the position, unless both parties specifically agree otherwise.
7.2 When we process personal data based on our legitimate interest
News updates: We will retain your personal data for the duration of the period during which you yourself choose to sign up for or indicate your interest in our news updates. You may at any time cancel our news updates.
Contests: We will retain your personal data until the contest in question is completed, usually when the prize has been awarded. When the prize is a trip, we will erase the data upon completion of the trip.
Collaborations/ambassadors:We will retain your personal data in the form of contact details for the duration of our informal collaboration or for as long as your personal profile remains in line with our company and products profile.
Events: We will retain your personal data in the form of contact details until the event is completed. Photos and films from the event will, however, not automatically be erased after completion of the event, but may also be used for marketing purposes going forward. The material will be erased when it is no longer relevant for these purposes.
Product questions and complaints: We will process the personal data you have provided in your email to us with for a period of two years from the date of sending the email. We keep the information for the purpose of being able to perform statistical analyses on questions and complaints, to investigate, trace and report potential health risks or product issues, to monitor and improve our customer service, to pay compensation and to prevent fraud through e.g. repeated unfounded complaints with compensation claims.
Website visitors: We will process your personal data in the form of online behaviour collected through cookies as long as you continue to agree to these cookies on our websites.
Ideas etc.: We process the personal data that you may spontaneously provide us with ideas on e.g. new tastes, products and campaigns for as long as they are relevant for us.
Sensitive data such as health data will always be deleted as soon as the purpose for which it was collected is no longer applicable, i.e. after the event or trip organised by us has been completed.
When consent is the legal basis for our processing, we will erase the data as soon as you withdraw the consent. Please note that the right to withdraw your consent is not retroactive.
8. What are your rights as a data subject?
You have several rights that you may invoke as a data subject.
For one, you have a right to know what personal data we hold about you. You may also request that we rectify inaccurate data on you and that we erase certain data or information that is no longer necessary for the purposes for which it was collected. You always have the right to lodge a complaint with the Data Inspection Board.
Further, you may ask us to restrict our processing of your personal data. Please note that such a request may mean that we can no longer fulfil our potential obligations towards you.
If our processing of your data is based on your consent, you may at any time withdraw your consent. In that case, or if we have concluded an agreement with you, you may also receive a copy of the personal data that you have provided us with in a digital format. If we process your data based on our legitimate interest, you may at any time object to our processing.
If you have any questions or to invoke any of your rights, please contact our DPO at firstname.lastname@example.org.