Privacy policy

Privacy Policy

1) Introduction and Contact Information

1.1 We are pleased that you are visiting our website and thank you for your interest. The following policy informs you about how we handle your personal data when using our website. Personal data means any information that can identify you as an individual.

1.2 Controller for data processing on this website is:

Nutrasium S.r.l., Industriestrasse 8, 39011 Lana, Italy

Tel.: +39 3486487611

E-mail: info@nutrasium.com

For UK residents, Nutrasium acts as Data Controller under the UK GDPR and Data Protection Act 2018.

For US residents, Nutrasium processes your personal data in accordance with applicable state privacy laws (e.g., California Consumer Privacy Act (CCPA/CPRA)).

2) Data Collection When Visiting Our Website

2.1 When you visit our website for informational purposes only, certain technical data (server log files) are collected automatically. This may include:

Website visited

Date and time of access

Amount of data transferred

Referrer URL

Browser type and version

Operating system used

IP address (possibly in anonymized form)

This is based on our legitimate interest to ensure website stability and security (UK GDPR Art. 6(1)(f) / EU GDPR Art. 6(1)(f)).

2.2 Our website uses SSL/TLS encryption for security reasons. You can identify an encrypted connection by the “https://” and the padlock symbol in your browser.

3) Hosting & Content Delivery Network

3.1 Shopify – We use Shopify to host our online store. Data may be transferred to Shopify International Ltd. (Ireland) and Shopify Inc. (Canada). For UK/EU visitors, transfers outside the EEA/UK are safeguarded by adequacy decisions and standard contractual clauses.

3.2 Cloudflare – Content Delivery Network by Cloudflare Inc. (USA). Data transfers to the US rely on the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework.

4) Cookies and Similar Technologies

We use cookies and similar technologies to provide core website functions, analyze traffic, and improve your experience.

In the UK/EU, we use cookies based on consent (Art. 6(1)(a) UK/EU GDPR) or legitimate interest (Art. 6(1)(f)).

In the US, cookies may be considered a “sale” or “sharing” of data under certain state privacy laws (e.g., CCPA/CPRA). You have the right to opt-out of such data sharing.

You can manage your cookie preferences through our cookie banner or your browser settings.

5) Contact and Customer Accounts

When contacting us or creating a customer account, we process your personal data only as necessary to answer your inquiry or to provide services.

Legal basis:

Contract performance (Art. 6(1)(b) UK/EU GDPR)

Legitimate interests (Art. 6(1)(f) UK/EU GDPR)

For US residents, we collect, use, and disclose information only as allowed under state privacy laws.

6) Newsletter and Marketing

We send marketing emails only with your explicit consent (opt-in). You can unsubscribe at any time.

UK/EU: Consent under Art. 6(1)(a) UK/EU GDPR.

US: You may opt-out of receiving promotional communications (“Do Not Sell or Share My Personal Information” rights under CCPA/CPRA).

7) Orders and Payments

We process your personal data to fulfill orders, process payments, and deliver goods. Payment service providers (PayPal, Apple Pay, Google Pay, Klarna, Shopify Payments) may receive your payment data.

UK/EU: Legal basis is contract performance (Art. 6(1)(b) UK/EU GDPR).

US: Data is used only for processing your order and payments.

8) Analytics and Tracking

We use services such as Google Analytics 4 and Meta Pixel to analyze website usage and measure advertising effectiveness.

UK/EU: Only with your consent (Art. 6(1)(a) UK/EU GDPR).

US: These tools may involve “sharing” of personal information under the CCPA/CPRA. You may opt out at any time.

9) Your Privacy Rights

UK/EU residents:

You have the right to: access, rectification, erasure, restriction of processing, data portability, withdraw consent, and lodge a complaint with a data protection authority.

US residents (incl. California):

You may have the right to:

Request disclosure of personal data collected, used, or shared

Request deletion of your personal data

Opt-out of sale or sharing of personal data

Non-discrimination for exercising your rights

To exercise your rights, please contact us at info@nutrasium.com.

10) Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy, or as required by law.

11) Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal or operational changes. The most recent version will always be available on our website.