Open Menu icon

Privacy Policy

Last Updated: Jul 1, 2025

Expand All
Expand/Collapse Icon

This Privacy Policy describes the information Thorne Research, Inc. and its affiliates and subsidiaries (together, “Thorne,” “we,” “us,” or “our”) collects about you and how it is shared or otherwise used, what rights and choices you have over your personal information and our use of it, and the measures that Thorne takes to protect your information. This Privacy Policy applies to personal information collected by or on behalf of Thorne, including information collected through our websites and mobile versions of our websites (collectively, the “Site”); our mobile app; our AI Chatbot; in person, by phone or other offline method; and anywhere else where we display this Privacy Policy (collectively the “Service”).

We collect the personal information you provide to us when you purchase our products or visit our website. The categories of information we may collect include:

  • Personal Identifiers, including name, email address, postal address, telephone number, and online Identifiers
  • Internet Activity
  • Commercial Information, including purchases
  • Financial Information, including credit or debit card number
  • Biometric Information, including sleep, health, or exercise data
  • Location Information, including general location data
  • Physical and Audio Data, including physical characteristics or descriptions and audio recordings
  • Protected Classifications and Other Personal Characteristics, including age, sex, gender, or gender identity, and race, color, or ethnic origin
  • Health Data, including data related to physical or mental health
  • Professional and Education Information, including professional information
  • Consumer Communications, including direct communications with our consumers
  • Inferences from Other Data, including inferences created from other personal information collected and inferences based on sensitive information

Browser Cookies

We use cookies to create a better experience for you on our site. For example, cookies prevent you from having to login repeatedly, and they help us remember items you've added to your cart. We also use third-party cookies, which are cookies placed by third parties for advertising and analytics purposes. Cookies are small text files containing a string of alphanumeric characters. We may use session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and can be used by your browser on subsequent visits to our Services. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Services, then you might not be able to utilize the features of the Services to their fullest potential.

Information from other sources

We may collect personal information about you from third-party sources, including Data Brokers.

The categories of information we may collect include:

Data Brokers

  • Personal Identifiers, including Name, Email address, Postal address, and Telephone number
  • Professional and Education Information, including Professional information

How long we keep your data

We do not retain data for any longer than is necessary for the purposes described in this Policy.

We generally retain data according to the guidelines below.

Data Retention Periods
Type of DataRetention Period
Cookies and online data we collect while you use our website, including Online Identifiers, Internet Activity, General location dataWe delete or anonymize data concerning your use of our website within 15 years of collecting it.
Data we collect in order to process and ship orders you place with us, including Name, Email address, Postal address, Telephone number, Purchases, Credit or debit card numberWe keep personal information related to products and services you purchase for as long as the personal data is required for us to fulfill our contract with you, and for 15 years from your last purchase with us. We may keep data beyond this period in anonymized form.
Data we collect when you contact us for customer support and other inquiries, including Name, Email address, Telephone number, Purchases, Audio recordings, Direct communications with our consumersWe keep customer feedback and correspondence with our customer service for up to 15 years to help us respond to any questions or complaints. We may keep data beyond this period in anonymized form.
Data we collect when you sign up for promotional and marketing communications, including Name, Email address, Postal address, Telephone number, Online Identifiers, Internet Activity, Purchases, Inferences created from other personal information collectedWhere you have signed up to receive promotional and marketing communications from us, we will retain any data collected until you opt out or request its deletion. We may keep data beyond this period in anonymized form. We will further retain a record of any opt-outs in order to prevent sending you future communications.
Data we collect when you review our products, answer surveys, or send feedback, including Name, Email address, PurchasesWe retain review, survey, and feedback data for up to 10 years following your last contact with us. We may keep data beyond this period in anonymized form to help improve our products and services.
Data we collect in connection with privacy requests, including Name, Email address, Online IdentifiersWe retain records related to privacy requests as long as necessary to comply with our legal obligations.
Data we collect for security purposes, including Name, Email address, Telephone number, Online Identifiers, General location dataWe retain security-related data as long as necessary to comply with our legal obligations and to maintain and improve our information security measures.
Data we collect when you complete the health profile, including Name, Email address, Postal address, Telephone number, Online Identifiers, Sleep, health, or exercise data, Physical characteristics or descriptions, Age, Sex, gender, or gender identity, Race, color, or ethnic origin, Data related to physical or mental health, Professional information, Inferences based on sensitive informationWe retain health profile data for up to 10 years following your last contact with us. We may keep data beyond this period in anonymized form to help improve our products and services.

Why we process your information

We process personal information for the following business and commercial purposes:

  • Analyzing Data
  • Conducting Surveys
  • Creating Customer Profiles
  • Delivering Targeted Ads
  • Fulfilling Customer Orders
  • Improving our Products & Services
  • Meeting Compliance & Legal Requirements
  • Operating Our Website or Mobile Apps
  • Preventing Fraud
  • Processing Payments
  • Providing Customer Support
  • Providing Cybersecurity
  • Sending Promotional Communications
  • Tracking Purchases & Customer Data

Information you provide to us

We collect the personal information you choose provide to us when you purchase our products or interact with the Service. The categories of information we may collect include:

  • Personal Identifiers, including name, email address, postal address, telephone number, and online Identifiers
  • Internet Activity
  • Commercial Information, including purchases
  • Financial Information, including credit or debit card number
  • Biometric Information, including sleep, health, or exercise data
  • Location Information, including general location data
  • Physical and Audio Data, including physical characteristics or descriptions and audio recordings
  • Protected Classifications and Other Personal Characteristics, including age, sex, gender, or gender identity, and race, color, or ethnic origin
  • Health Data, including data related to health conditions or medications
  • Professional and Education Information, including professional experience and other resume details
  • Consumer Communications, including direct communications with our consumers
  • Inferences from Other Data, including inferences created from other personal information you provide to us

Cookies and Online Tracking Technologies

We use cookies to create a better experience for you on our Site. For example, cookies prevent you from having to login repeatedly, and they help us remember items you’ve added to your cart. We also use third-party cookies, which are cookies placed by third parties for advertising and analytics purposes. Cookies are small text files containing a string of alphanumeric characters. We may use session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and can be used by your browser on subsequent visits to our Service. Our service providers and third-party partners (e.g., ad networks and advertising partners), may collect personal information and other unique identifiers via cookies and other tracking technologies. We also may use analytics services which provide us with a clearer picture of how you use the Service, and we may identify and track you when you use different devices and Service. In addition, we and our service providers and third-party partners may also collect and store your personal information via cookies (which are stored on your computer in a file), web beacons and remarketing pixel tags. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, then you might not be able to utilize the features of the Service to their fullest potential. By using the Service, you consent to the use of cookies and tracking technologies described in this Privacy Policy.

We, and our third-party partners, use tracking technologies to automatically collect usage and device information, such as:

Essential Cookies

We use these cookies for things like security, logins, site errors, and processing payments. We can't turn these necessary cookies off, but you can control them in your browser.

Analytics Cookies

These cookies tell us how you use our Services, and provide information to help us improve your experience.

Personalization Cookies

We do not use cookies to personalize content for you.

Advertising Cookies

These cookies help us decide which products, services and offers may be relevant for you. We use this data to customize the marketing content you see on websites, apps and social media, and to measure your interactions with that content. We might use these cookies to advertise our products to you when you visit other websites.

Cookie Notice

We use cookies to improve your experience on our site and to allow us and third parties to personalize the marketing content you see on other websites and social media. Website visitors from European Privacy Law regions can control cookie settings. Manage your region specific consent settings here.

Essential Cookies

We use these cookies for things like security, logins, site errors, and processing payments. We can't turn these necessary cookies off, but you can control them in your browser.

List of Essential Cookies
Cookie NameProviderDuration
_upscope__regionAnywhere3651 Month
intercom-device-id-fzj5140x8 Months 26 Days
intercom-id-fzj5140x8 Months 26 Days
intercom-session-fzj5140x7 Days
kFirst PartySession
localeFirst PartySession
polaris_consent_settingsTrueVault5 Months 27 Days
SESSIONFirst PartySession
us_privacyTrueVault5 Months 27 Days
Analytics Cookies

These cookies tell us how you use our sites and apps, and provide information to help us improve your experience.

List of Analytics Cookies
Cookie NameProviderDuration
__pdstFirst Party1 Year
_clckMicrosoft Clarity1 Year
_clskMicrosoft Clarity1 Day
_conv_sFirst Party21 Mins
_conv_vFirst Party6 Months
_gaGoogle Analytics1 Year 1 Month 4 Days
_ga_5HGW7QT97VGoogle Analytics1 Year 1 Month 4 Days
_ga_WY52NWYB73Google Analytics1 Year 1 Month 4 Days
ANONCHKMicrosoft Clarity11 Mins
CLIDMicrosoft Clarity1 Year
MC_CIDMicrosoft Clarity1 Year
MRMicrosoft Clarity7 Days
SMMicrosoft ClaritySession
Personalization Cookies
We do not use cookies to personalize content for you.
Advertising Cookies

These cookies help us decide which products, services and offers may be relevant for you. We use this data to customize the marketing content you see on websites, apps and social media, and to measure your interactions with that content. We might use these cookies to advertise our products to you when you visit other websites.

List of Advertising Cookies
Cookie NameProviderDuration
__utmzzsesSession
_fbpMeta Ads2 Months 29 Days
_gcl_auGoogle Ads2 Months 29 Days
_pin_unauthPinterest Ads1 Year
_pinterest_ct_uaPinterest Ads1 Year
_rdt_uuidReddit Ads2 Months 29 Days
_tt_enable_cookieTiktok Ads1 Year 25 Days
_ttpTiktok Ads1 Year 25 Days
_ttpTiktok Ads1 Year 25 Days
_uetsidMicrosoft Ads1 Day
_uetvidMicrosoft Ads1 Year 25 Days
ad-idPattern6 Months 25 Days
ad-privacyPattern1 Year 1 Month 4 Days
ANONCHKMicrosoft Clarity11 Mins
ar_debugPinterest Ads1 Year
barometric[cuid]Claritas1 Year
MRMicrosoft Ads7 Days
MRMicrosoft Ads7 Days
MUIDMicrosoft Ads1 Year 25 Days
MUIDMicrosoft Clarity1 Year 25 Days
SRM_BMicrosoft Ads1 Year 25 Days
test_cookieGoogle Ads16 Mins

Information from other sources

We may collect personal information about you from other sources, including Thorne affiliates and subsidiaries or other third-parties.

The categories of information we may collect from third-party sources include:

  • Personal Identifiers, including Name, Email address, Postal address, and Telephone number
  • Professional and Education Information

How we process your information[WBD1]

We process personal information, including consumer health data (including with your consent, as may be required by applicable law), for the following business and commercial purposes:

  • Analyzing Data
  • Conducting Surveys
  • Creating Customer Profiles
  • Delivering Targeted Ads
  • Fulfilling Customer Orders
  • Providing the Services, which may include use of artificial intelligence and generative AI
  • Improving our Products & Services, including artificial intelligence and generative AI
  • Meeting Compliance & Legal Requirements
  • Operating Our Website or Mobile Apps
  • Preventing Fraud
  • Processing Payments
  • Providing Customer Support
  • Providing Cybersecurity
  • Sending Promotional Communications
  • Tracking Purchases & Customer Data

For more information about our consumer health data practices, please review our Consumer Health Data Privacy Policy.

How we disclose your information

We may disclose personal information about you for business and commercial purposes when you purchase our products or engage with our Service:

  • Thorne Entities: We may share personal information with other companies owned or controlled by Thorne, and other companies owned by or under common ownership as Thorne, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns, particularly when we collaborate in providing the Services.
  • Your Employer / Company: If you interact with our Services through your employer or company, we may disclose your information to your employer or company, including another representative of your employer or company.
  • Other Service Providers:We engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, marketing customer service, communications, infrastructure provisioning, IT services, analytics services, employment application-related services, payment processing services, and administrative services.
  • Ad Networks and Advertising Partners:We work with third-party ad networks and advertising partners to deliver advertising and personalized content on our Services, on other websites and services, and across other devices. These parties may collect information directly from a browser or device when an individual visits our Services through cookies or other data collection technologies. This information is used to provide and inform targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. Please see the Cookies and Online Tracking Technologies section above for more information.
  • Business Partners: From time to time, we may share personal data with our business partners or we may allow our business partners to collect your personal information. Our business partners will use your information for their own business and commercial purposes, including to send you any information about their products or services that we believe will be of interest to you.
  • Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal information to a third party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal information may also be disclosed in the event of insolvency, bankruptcy or receivership.
  • Legal Obligations and Rights: We may disclose personal information to third parties, such as legal advisors and law enforcement:
    • in connection with the establishment, exercise, or defense of legal claims;
    • to comply with laws or to respond to lawful requests and legal process;
    • to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
    • to detect, suppress, or prevent fraud;
    • to protect the health and safety of us and others; or
    • as otherwise required by applicable law.
  • With Your Consent: We may disclose personal information about an individual to certain other third parties or publicly with their consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our Sites or service-related publications.

Security

We have implemented measures designed to secure your personal information from accidental loss or unauthorized access, use, alteration, and disclosure. However, because no measure is ever 100% effective when transmitting information over the Internet, we do not guarantee that your information will be secure from theft, loss, or unauthorized access.

How long we keep your data

We will usually store the personal information we collect about you for no longer than necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.

To determine the appropriate duration of the retention of personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.

For example, if your personal information is subject to the EU GDPR or UK GDPR, the criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:

  • Contract. Where we are processing personal data is based on contract, we generally will retain your personal data for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.
  • Legitimate Interests. Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account your fundamental interests and your rights and freedoms.
  • Consent. Where we are processing personal data based on your consent, we generally will retain your personal data until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal data.
  • Legal Obligation. Where we are processing personal data based on a legal obligation, we generally will retain your personal data for the period of time necessary to fulfil the legal obligation.
  • Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

When an individual discontinues the use of our services, we will retain their personal data for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices they have made, such as to receive marketing communications. In particular, we will retain personal data supplied when joining our services, including complaints, claims and any other personal data supplied during the duration of an individual’s contract with us for the services until the statutory limitation periods have expired, when this is necessary for the establishment, exercise or defense of legal claims.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.

Once retention of the personal data is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if this is not possible (for example, because personal data has been stored in backup archives), then we will securely store the personal data and isolate it from further processing until deletion or deidentification is possible.


[WBD1]Subsection Header

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Once you have opted-in, depending on the choices you made, we or our service providers may send you text messages (i) regarding your account, your purchase, and/or the status of your order; (ii) to investigate or prevent fraud; (iii) to alert you in the event of an emergency; or (iv) for transactional and promotional purposes described below. We may send you text messages and alerts (including cart reminders) using autodialer technology. We will not contact you via text messages or alerts for marketing purposes without your prior affirmative consent. You do not have to opt-in to text messages and alerts to use and enjoy our Service or to make purchases from Thorne. If you opt-in, standard messaging and data rates may apply.

You can unsubscribe from receiving all Thorne text messages (also known as Thorne SMS) by texting “STOP”, “QUIT”, “END”, “CANCEL” or “UNSUBSCRIBE” to "25816", or by replying “STOP” , “QUIT”, “END”, “CANCEL” or “UNSUBSCRIBE” to any text message sent by Thorne.

Transactional Messages and Alerts.When you agree to text messaging and alert services through our Service, we or our service providers may send you SMS text messages or push notifications related to your transaction or order.

Promotional Messages. By joining Thorne’s promotional and marketing text messaging programs, you may receive reoccurring promotional SMS (text messages) about Thorne products, services, or sales.

This section provides additional information for people in the European Economic Area (EEA) or United Kingdom (UK). The terms used in this section have the same meaning as in the General Data Protection Regulation and the UK Data Protection Act (GDPR). The term “personal information” as used in this notice has the same meaning as “personal data” in the GDPR.

Collection and Disclosure of Personal Data

The personal data we collect and how we share it is described above in our Privacy Policy.

We may disclose your personal information to the following third party controllers for business purposes: PayPal - Pay with PayPal, Venmo, Pay Later, USPS, FedEx, Claritas, Reddit Ads, Tiktok Ads. To understand how these parties handle your data, please refer to their respective privacy policies.

Lawful Bases and Legitimate Interests

We process personal data on the following lawful bases:

  • Complying with legal obligations
  • Fulfilling contracts
  • Consent
  • Legitimate interests

Where we process personal data on the basis of our legitimate interests, we pursue the following interests: Analyzing Data, Creating Customer Profiles, Conducting Surveys, Delivering Targeted Ads, Fulfilling Customer Orders, Improving our Products & Services, Meeting Compliance & Legal Requirements, Operating Our Website or Mobile Apps, Preventing Fraud, Processing Payments, Providing Customer Support, Providing Cybersecurity, Sending Promotional Communications, and Tracking Purchases & Customer Data.

International Data Transfers

We may send the personal data of individuals in the EEA/UK/Switzerland to third countries, including the United States, where it may be stored or processed, for example on our service providers’ cloud servers. When we transfer personal data, we rely either on Adequacy Decisions as adopted by the European Commission (EC), the UK Information Commissioner's Office (ICO), or the Swiss Federal Data Protection and Information Commissioner (FDPIC) on the basis of the EU-US Data Privacy Framework, UK-US Data Bridge, and Swiss-U.S. Data Privacy Framework agreements, Standard Contractual Clauses (SCCs) issued by the EC or the FDPIC, or International Data Transfer Agreements (IDTAs) approved by the ICO. Data protection authorities have determined that the SCCs and IDTA provide sufficient safeguards to protect personal data transferred outside the EEA/UK/Switzerland. You may read more about international data transfer mechanisms at the following links:

Privacy Rights

Individuals in the EEA/UK/Switzerland have the following rights regarding their personal data. Make a Privacy Request by clicking here. Once you submit a request, we will verify your identity and process your request in most cases within 30 days.

Right to access. You have the right to request a copy of the personal data we hold about you.

Right of portability. You have the right to ask us to transfer your data to another party.

Right to rectification. You have the right to request that we rectify any incorrect information we have about you.

Right of erasure. You have the right to request that we erase (delete) any personal information we hold about you.

Right to withdraw consent. You have the right to withdraw your consent at any time when we rely on your permission to process your personal data.

Right to object. You have the right to object to our use of data about you.

Right to restrict processing. In certain circumstances, you have the right to restrict our processing of your personal data to storage only, subject to some exceptions. This right applies when:

  • You have contested the accuracy of your personal data and we are still verifying its accuracy.
  • Your personal data has been unlawfully processed under the GDPR.
  • You need for us to keep your data in order to establish, exercise, or defend a legal claim.
  • You have previously objected to our processing of your personal data and the status of that review is still pending.

Right to lodge a complaint with a supervisory authority. You have a right to lodge a complaint with a supervisory authority. For more information, you can visit the Information Commissioner’s Office website at https://ico.org.uk/, the Federal Data Protection and Information Commissioner’s website at https://www.edoeb.admin.ch/, or see a list of EU Data Protection Authorities athttps://www.gdprregister.eu/gdpr/dpa-gdpr/.

Inquiries

Controller contact information

Thorne

moc.enroht@ycavirp

These US State Privacy Disclosures (“US Disclosures”) provide additional information about our personal information processing practices relating to individual residents of the States of California, Colorado. Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Tennessee, Utah, Nevada, and Virginia. For the purposes of these US Disclosures, personal information does not include publicly available information or deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.

Information We Collect and How It Is Shared

In the last 12 months, we have collected each of the categories of personal information as noted in the table below and disclosed it, for business purposes, to the categories of recipients listed below. The table also indicates when we sold or shared the personal information to third parties in the last 12 months or processed such information for targeted or cross-contextual advertising and the types of third parties. For purposes of these US Disclosures, when we use the term “third party” we mean entities that are not a Thorne entity or processors providing services on behalf of Thorne and that are not entities with whom you interact with directly.

Category of Personal Information
Categories of Recipients to Whom Personal Information is Disclosed for Business Purposes
Categories of Third Parties to Whom Personal Information Is Sold or Shared for Targeted Advertising
Identifiers, such as name, email address postal address, and telephone number
Thorne Affiliates and Subsidiaries, Business Operations Tool, Commerce Software Tools, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
Thorne Affiliates and Subsidiaries, Ad Networks, Data Analytics Providers, IT Infrastructure Services, and Shipping Services
California Customer Records (Cal. Civ. Code § 1798.80(e)), such as payment information such as credit or debit card number and billing address.
Thorne Affiliates and Subsidiaries, Business Operations Tool, Commerce Software Tools, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
N/A
Protected Classification Characteristics such as age, sex, gender or gender identity, race, color, or ethnic origin.
N/A
IT Infrastructure Services
Commercial Information, such as purchases.
Thorne Affiliates and Subsidiaries, Business Operations Tool, Commerce Software Tools, Data Analytics Providers, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
Thorne Affiliates and Subsidiaries, Ad Networks, IT Infrastructure Services, and Payment Processors
Biometric Information, such as sleep, health or other exercise data that contains identifying information.
N/A
N/A
Internet/Network Information, such as browsing history, search history, and information regarding your interaction with an internet website application or advertisement, such as IP address, device information, and log and analytics data.
Thorne Affiliates and Subsidiaries, Business Operations Tool, Commerce Software Tools, Data Analytics Providers, IT Infrastructure Services, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
Thorne Affiliates and Subsidiaries, Ad Networks and Data Analytics Providers
Geolocation Data, such as location information from your device or estimated based on your IP address.
Thorne Affiliates and Subsidiaries, Business Operations Tool, Data Analytics Providers, IT Infrastructure Services, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
Thorne Affiliates and Subsidiaries, Ad Networks and Data Analytics Providers
Sensory Information, such as recordings of phone calls between you and us, where permitted by law.
Thorne Affiliates and Subsidiaries, Business Operations Tool, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
N/A
Professional and Education Information, such as job title, professional license, educational credentials, employer identification number
Thorne Affiliates and Subsidiaries, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
N/A
Other Personal Information, such as information you post on our Service or on social media pages, information you submit to us, and direct communications with you.
Thorne Affiliates and Subsidiaries, Business Operations Tool, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
N/A
Inferences, such as shopping history, products and services purchased, obtained or considered or other purchasing or consuming histories or tendencies, inferences created from other personal information collected.
Thorne Affiliates and Subsidiaries, Business Operations Tool, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
N/A
Types of Sensitive Personal Information
We will process your Sensitive Personal Information in accordance with applicable law, such as obtaining your consent prior to processing. If you are a resident of a state with a law governing “consumer health data,” we provide details about our consumer health data practices in our Consumer Health Data Privacy Policy. We do not use or disclose sensitive personal information outside of the permitted purposes set forth under Section 7027(m) of the California Consumer Privacy Act Regulations.
Sensitive Personal Information, such as: Social Security number, driver's license number or other state-issued ID; account number; account log-in credentials; financial account, debit or credit card number with any required PIN or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs; content of mail, email or text messages where we are not the recipient; genetic data; information concerning a consumer's health, sex life or sexual orientation.
Thorne Affiliates and Subsidiaries, Business Operations Tool, Commerce Software Tools, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Sales & Marketing Tools, Law Enforcement, Government Authorities or Agencies if required
N/A

Sources of Personal Information

As described in the “Personal Information We Collect and How We Collect It” section of this Privacy Policy, we collect personal information directly from you when you provide it to us, automatically using cookies and other online tracking technologies, from third parties, and by combining personal information we may otherwise obtain.

Purposes for Processing

We process personal information for different purposes, depending on how you interact with the Services. We collect, sell, share, or disclose personal information about you for the business and commercial purposes described in the "Why we process your information" section of this Privacy Policy.

Retention

The period for which we retain your personal information varies, depending on the type of personal information and the purpose for which it was collected. The duration is limited to time necessary to fulfill the purposes for which the information was collected, in light of any restrictions or deletion you might request, as well as our need to address our legal obligations or rights. Details can be found in the “How long we keep your data” section of this Privacy Policy.

Financial Incentives

In some cases, we may offer you financial incentives as permitted by law in exchange for the collection, retention, or use of certain personal information about you. Each financial incentive related to the collection and use of personal information is based upon our reasonable, good-faith determination of the estimated value of such information to us. When applicable, we will provide information about the specific terms of the financial incentive and your rights on the webpage or form where the financial incentive is made available.

Your Choices

Opting Out of Cookies and Tracking Technologies. The Help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new Cookies, how to have the browser notify you when you receive a new Cookie, or how to disable Cookies altogether. We use the Global Privacy Platform (“GPP”) mechanism to communicate your opt-out request to third parties that collect information via Cookies on our Services. If you choose, you may also use the Digital Advertising Alliance (“DAA”) WebChoices Toolto globally opt-out of third-party tracking via website cookies. Please keep in mind that, without Cookies, you may not have access to certain features on our Services, including access to your profile or account and certain personalized content. Removing all Cookies from your computer could also affect your subsequent visits to certain Services, by requiring that, for example, you enter your login name when you return. Please note that not all tracking will stop even if you delete cookies.

Mobile Device Location Tracking. You can manage how your mobile device shares location data or prevent geolocation tracking by adjusting the controls and disabling location services on your mobile device or within our mobile application. For example, if you no longer wish to receive location-based offers when visiting our store, you can disable location services or adjust the push notification settings on your device.

Marketing and Interest-Based Advertising. Some content or applications, including advertisements, on the Platforms may be served by our service providers, including advertisers, ad networks and servers, content providers, and application providers, in which event (i) these service providers may use Cookies alone or collect information about your online activities over time and across different sites, (ii) these service providers may use this information to provide you with interest-based (behavioral) advertising or other targeted content on our behalf, and (iii) we do not permit service providers to use this information for the service provider’s or a third party’s own direct marketing or other purposes. We will not control these third parties’ tracking technologies or how they may be used. Many of our marketing service providers are members of the Network Advertising Initiative (NAI), or the Digital Advertising Alliance (DAA), and have agreed to honor consumers' opt-out preferences submitted through those organizations' websites. To learn more about your choices regarding this type of data collection or to opt-out of interest-based advertising by members of the NAI or the DAA, please visit http://optout.networkadvertising.org or https://www.aboutads.info.

Communication Preferences. You may choose not to receive commercial emails from us by following the unsubscribe instructions contained in the commercial emails we send you. Please note that even if you unsubscribe from commercial email messages, we may still email you non-marketing emails related to your account and your transactions. Further, opting out of email marketing does not affect any digital advertising that does not rely on your email information. If you wish to opt out of receiving offers from our business or advertising partners, you can follow the opt-out or unsubscribe instructions in the emails that they send you.

You may also change the push notification and alert settings on your device to adjust whether or when you receive location-based offers and other features available through the app.

Universal Opt-Out Mechanism

Where available, you may choose to enable an online tool that automatically communicates your universal opt-out preferences, such as Global Privacy Control (“GPC”). You may need to use a specific browser or an extension that supports these tools and universal signals. When such signal is detected, we will process as a request to opt out of tracking personal information and as a request to opt out of “sale” or “sharing” your personal information as explained in “Your Privacy Choices” section below.

Your Privacy Rights

If you are a California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Tennessee, Utah, or Virginia resident, you may be able to exercise the following rights in relation to the personal information that Thorne or our processors, service providers, or contractors have collected (subject to certain limitations at law):

Right to Know (Categories)
The right to request the following information relating to the personal information we have collected about you and disclosed about you:
Categories of personal information we have collected about you;
Categories of sources from which the personal information was collected;
Business or commercial purposes for collecting, selling, or sharing the personal information;
Categories of third parties with whom the business shares personal information;
Categories of personal information sold, and for each category identified, the categories of third parties to whom it sold that particular category of personal information; and
Categories of personal information that the business disclosed for a business purpose, and for each category identified, the categories of third parties to whom it disclosed that particular category of personal information.

Right to Access (Right to Know Specific Pieces of Information) / Portability
The right to access and obtain a copy of the specific pieces of personal information we have collected about you in a structured, machine-readable format that may be transmitted to another entity without hindrance, to the extent technically feasible.
Right to Correct
The right to request that we correct your inaccurate personal information maintained by us.
Right to Request Deletion
The right to request the deletion or erasure of personal information we have collected from you, subject to certain exceptions under law.
Right to Opt Out of Data Sales or Sharing
The right to direct us not to sell or share personal information we have collected about you to third parties, including for ad targeting or cross-contextual advertising.
Request to Opt Out
"Shine the Light" Law
As provided by California Civil Code § 1798.83, California residents that have an established business relationship with us can request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year or to have the right to opt-out of such disclosures.

Additional Rights

Right to Appeal.Depending on your state of residency, if your request is denied, we will provide an explanation for the denial and instructions on how you may appeal a denied request. You may appeal a denied request by contact us at moc.enroht@ycavirp.

Right to Know Specific Third Parties. If you are a resident of Oregon or Minnesota, you may have a right to request information about specific third parties with whom we share personal information. You may exercise this request by filling out our form or emailing us at moc.enroht@ycavirp.

Right to Revoke Consent.Once you make an opt-out request, you may change your mind and opt back into personal information sales at any time by contacting us at moc.enroht@ycavirp.

How to Exercise Your Rights

We will need to verify your identity and confirm you are a resident of a state that affords these rights before processing most requests, which may require us to request additional personal information from you. In order to verify your identity, we will generally require either the successful authentication of your account, or the matching of information you provide us to the information we maintain about you in our systems. We will use the personal information provided in connection with a request as needed to review and comply with the request. If you do not provide the necessary information, we may not be able to verify or complete your request in all circumstances.

If you wish to submit a verifiable consumer request on behalf of another individual, then we will also need sufficient information to verify that the individual is the person about whom we collected personal information and that you are authorized to submit the request on their behalf. Please see the "Authorized Agents" section below for more information.

We do not discriminate against you for requesting any of the rights noted above. In certain circumstances, we may decline a request to exercise the rights described above, in accordance with applicable law.

To Exercise Your Rights to Know, Access, Correct, Delete and/or "Shine the Light"

Please submit a request by filling out our form or by calling 1-800-228-1966.

To Exercise Your Right to Opt Out of Personal Information Sales or Sharing

To exercise your right to opt-out of personal information sales or sharing, please submit a request by clicking here or by clicking the "Your Privacy Choices" link on our Service.

Please see the section entitled “Your Choices” above for additional information on how you may exercise your choice over personal information collected through cookies and other tracking technologies and used for advertising purposes.

Personal Information of Children Under Age 18

We do not process personal information of consumers we know to be less than 18 years of age. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at moc.enroht@ycavirp. If we become aware that a child under age 18 has provided us with Information, we will delete such information from our files.

Authorized Agents

In certain circumstances, you are permitted to use an "authorized agent" (as that term is defined by applicable law) to submit privacy requests on your behalf. We may verify the authorized agent's authority to act on your behalf as follows:

For requests to know, access, correct or delete personal information, we may ask you to provide sufficient evidence to show that you have provided the authorized agent signed permission to act on your behalf, verified your own identity directly with us pursuant to the instructions set forth in these US Disclosures, and directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.