Privacy Policy
Keeping Personal Data secure is a top priority of Nature’s Sunshine. We comply with the various privacy and data protection laws applicable in the countries and markets where we operate. This Privacy Statement outlines our views and practices and how they pertain to you as Consultant, Affiliate, Customer, Site visitor, or office visitor. Please note that not all sections of this Privacy Statement may apply to you based on how you interact with us. Please check back periodically, as these policies may change, and your subsequent use of the Site will be deemed acceptance of such changes. However, our fundamental commitment to protecting visitors’ privacy will not change.
1. Who is Nature’s Sunshine?
Nature’s Sunshine Products, Inc. and its affiliates and subsidiaries (“NSP”, “we”, “us”, or “our”) are leading natural health and wellness companies, marketing and distributing nutritional and personal care products in more than 40 countries through (a) NSP websites; (b) NSP apps and tools; and (c) a network of independent Consultants, Affiliates, and Customers. You will find a list of the NSP entities acting as Personal Data controllers in Table 1 below.
2. What information do we collect?
Personal Data. We may collect Personal Data from you based on how you interact with us. Personal Data is any information that relates either directly or indirectly to an identified living individual, or legal entity where applicable. In this Privacy Statement, Personal Data includes the terms personally identifiable information, personal information, or any other term used by applicable law. We have outlined the categories of Personal Data we collect in various instances below. If you wish to see how we use Personal Data, please refer to Section 3 “How do we use Personal Data?”
Categories of Personal Data. The general categories of Personal Data we collect are:
-
Contact information such as name, title, address, email address, telephone or fax numbers;
-
Biographical information such as gender, birthday, nationality, photographs or videos containing your image, occupation, family life information including children, hobbies, and interests;
-
Identification information such as passport numbers, identification numbers, or photocopies of such documents as long as permitted by applicable law;
-
Registration information such as newsletter or marketing material requests, event and incentive registrations, subscriptions, downloads, signup forms, survey responses, and username/passwords;
-
Financial information such as bank account details, credit/debit card details, copies of bank or other financial statements, and other information necessary to verify or process financial transactions;
-
Product information such as purchase history, product returns, product preferences;
-
IT systems information such as technical information about your equipment used to access Sites, your activity on our Sites;
-
nformation You Volunteer through various interactions including with the Sites, customer service, or other NSP employees;
-
Publicly available information such as identification, content, audio/visual, employment, demographic, or geographic information available via the internet. NSP does not collect information about you from other sources, e.g., public records or bodies, or private organizations.
Information Collected Automatically. We do not automatically log Personal Data, nor do we link information automatically logged by other means to Personal Data about specific individuals. However, we may record certain information that becomes available to us through your use of the Site, including, without limitation, the number of visitors and frequency of visits to the Site, the websites that you access immediately before and after the Site, the Internet browser you use, and your IP address. If we use this information, it is only on an aggregate basis.
Cookies and Other Similar Technologies. Like most websites, we use cookies, or data files automatically stored on your computer, to enhance your visit to the Site by better understanding how visitors use the Site. In general, cookies do not contain any Personal Data unless you as a visitor knowingly supply the information. We use cookies in order to recognize you when you return to the Site and to provide you with a better user experience. We do not use cookies to store Personal Data nor do we link non-Personal Data stored in cookies with Personal Data about specific individuals. We may allow third parties to use cookies or similar technologies on the Site, but we do not control the use or contents of third-party cookies. Web browsers often permit you to erase cookies from your browser cache, block cookies, or receive notification when cookies are used. However, if you block the use of cookies, you may not be able to take full advantage of the Site features.
Do Not Track Requests. Web browsers may allow you to send a “Do Not Track” request with your browsing traffic, which would enable anonymous browsing of the Site. We honor Do Not Track requests from web browsers. However, anonymous browsing may prevent us from providing you with full functionality of the Site.
3. Why do we collect Personal Data?
We may collect Personal Data for a number of reasons, including:
To prepare and perform an agreement with you. This includes agreements such as a Membership Agreement or Affiliate Agreement, which may involve calculating your earnings or those of other NSP Consultants, Affiliates, or Customers, and maintaining such information on your membership genealogy; process an order; deliver/take-back products and manage warranties; or payment processing.
To meet our legal obligations. This includes obligations such as tax and accounting or responding to request from public authorities.
To fulfill our legitimate business purposes. This includes purposes such as providing our services; maintaining the security and integrity of our services; to improve the user/member experience of the Site; to enforce our terms of use, policies and procedures and other rights; or to provide you with information that you may request or opt to receive regarding our products and services.
Because of your consent. You may consent to receive services or offerings; participate in events and challenges; have your information used in connection with marketing of our products and or services; the use of cookies as explained below. You may withdraw your consent as set out below, but you may not be able to the Site or our products or services if you do.
*You may have the right to oppose certain of these reasons under applicable law, but if so, you may not be able to experience the full functionality of the Site.
4. How do we use Personal Data?
If you choose to provide us with Personal Data, we will use it to provide you with the services you have requested, to serve you with content, to analyze trends, and to enhance your overall experience while visiting the Site. You may also subscribe to email lists and request that we refer you to an NSP Consultant who can provide you with more information about how to purchase NSP products and become an NSP Consultant. If you purchase NSP products or become a NSP Consultant, we will also use your Personal Data to (1) provide services to you (such as processing product orders and/or returns and calculating and paying commissions); (2) support and improve the services you render to customers and downline Consultants; (3) provide you with additional services; (4) maintain our genealogy database and the proper functioning of our compensation plan; (5) issue payment and report income to taxing authorities; and (6) ensure compliance with legal obligations and our Policies & Procedures. In furtherance of these purposes, NSP may share your information with its parent company in the United States and its subsidiaries located in other countries. We do not collect, use, or disclose Personal Data for any other purposes that are materially different from the purposes set forth herein. We process Personal Data on legal grounds including (a) fulfilling obligations under a contract to you; (b) to comply with our own legal obligations; (c) when we have a legitimate interest to use Personal Data; or (d) based on your consent. If we wish to process Personal Data for any other purpose that stated in this section, we always obtain your consent first and offer you the choice to opt out of such collection, use, or disclosure.
5. Sharing Information with Third Parties
NSP may use internal and external service providers to operate the Site and perform other work on our behalf in the course of providing you with services you have requested such as developing the Site; fulfilling orders; delivering packages; administrative or accounting functions; and providing customer service. These service providers may have access to your Personal Data but are contractually bound to use your Personal Data only for the purpose of performing their duties. Even so, we remain responsible for your Personal Data and in cases of onward transfer to third parties of data of EEA data subjects received pursuant to the EU-U.S. Data Privacy, NSP is potentially liable. Some of these service providers may be established in countries that offer less privacy protection than your country of residence.
NSP does not currently sell, trade or rent your Personal Data to any unaffiliated third parties for marketing purposes. We value your privacy and will not jeopardize our relationship with you by selling your information to solicitors without your prior consent.
NSP may, however, share your Personal Data to fulfill our legal obligations (i) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) in response to lawful requests by private parties, in connection with a lawsuit, subpoena, investigation or similar proceeding, (iii) to respond to a matter of personal or public safety, (iv) to investigate security incidents, (v) to protect our interests, rights and property, or (v) in the event of a sale or transfer of assets, or in the context of similar business negotiations.
6. Security of Information
NSP takes administrative, technical and physical measures to help ensure that your Personal Data remains accurate, timely and secure. However, no data transmission over the Internet, or through an electronic database, is guaranteed to be 100% secure. Although we strive to protect your information through measures such as the following steps, we cannot guarantee or warrant its security:
NSP uses Secure Socket Layers (SSL) to ensure a secure connection whenever transmitting or receiving Personal Data. With SSL, information transmitted between two computers via the Internet is sent in an encrypted format so that only the sending and receiving computers can decode it. SSL ensures that no one intercepts any of your Personal Data while it is being transferred to us. A secure connection is maintained until the checkout process is either completed or canceled.
NSP restricts access to Personal Data to our employees, contractors and agents who need to know that information in order to perform their jobs. They are obligated to respect the confidentiality of your Personal Data and may be disciplined or terminated for failing to meet these obligations.
7. Data Integrity & Access or Corrections
NSP keeps Personal Data in active files or systems as long as necessary in order to fulfill the purposes for which it was collected or as required to perform our contractual relationship with our Consultants, Affiliates, or Customers. After a Consultant, Affiliate, or Customer terminates his or her relationship with us, we must keep some information for accounting purposes, for the calculation of earnings under our compensation plan, and for compliance purposes. We will make reasonable efforts to ensure that the information is accurate and complete and will update or correct your information as needed when notified by you. You may request copies of your Personal Data by contacting us at our contact information listed below in Section 10. You or your representatives may edit your Personal Data by accessing your account profile. In instances where a Customer purchases product offline, directly from a Consultant, we may not have access to the Customer’s Personal Data, and you will need to contact your Consultant directly.
Depending on the law in your area, you may have various rights concerning Personal Data, which may include, a right of access, rectification, restriction of or objection to processing (including for direct marketing), portability to another controller, or erasure. You may exercise some of these rights through functionality on the Site. Where the functionality is not available you may contact NSP through the contact information provided below. Please be aware that the rights listed above may be subject to various limitations set out by law.
8. Consultant and Affiliate/Customer Organizational Data
You may place an order through your Consultant, Affiliate/Customer, or directly with NSP and NSP will share your information with your upline Consultant or Affiliate/Customer in order to process your order. Each customer may choose how to place an order and how to be contacted when placing an order. A Consultant, Affiliate, or Customer who introduces a new Consultant, Affiliate, or Customer to the NSP business is known as a Sponsor and Sponsors may build their own independent sales organizations. To assist with their businesses, NSP provides Sponsors with organizational reports that contain their Consultant, Affiliate, and Customer Personal Data and business data, including, but not limited to, name, address, NSP identification number, telephone number, email address, fax number, level or rank within the NSP Consultant Business Model or Affiliate/Customer Sharing Plan, and volume and sales statistics. These reports are provided to Consultants, Affiliates, and Customers in the strictest confidence and for the sole purpose of developing their NSP businesses and constitute the confidential, proprietary trade secrets of NSP. Some NSP Consultants, Affiliates, or Customers may live in countries that offer less privacy protection than your country of residence.
9. Children
The Site is a general audience website and is not designed or targeted at children. NSP does not knowingly collect, use or disseminate any Personal Data from children under the age of 13. If you believe we may have collected information from your child on the Sites, please contact us and we will make reasonable efforts to delete the information from our records.
10. Third-Party Links
The Site may contain links to websites operated and maintained by third parties over which we have absolutely no control. Any information you provide to third party websites will be governed under the terms of each websites’ privacy policy and we encourage you to investigate and ask questions before disclosing any information to the operators of third-party websites. We have no responsibility or liability whatsoever for the content, actions or policies of third-party websites. The inclusion of third-party websites on our Site in no way constitutes an endorsement of such websites’ content, actions or policies.
11. Data Privacy Framework Statement. EU Personal Data Transfers
NSP complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. NSP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. NSP has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively Principles), the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the DPF Principles, NSP commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our DPF policy should first contact NSP at:
Nature’s Sunshine Products, Inc.
Privacy Officer, Legal
2901 W. Bluegrass Blvd., 100
Lehi, Utah 84043
(801) 341-7800
privacy@natr.com
NSP has further committed to refer unresolved DPF complaints to our chosen independent recourse mechanism, the International Centre for Dispute Resolution® of the American Arbitration Association® (ICDR/AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org.html for more information or to file a complaint. Under certain conditions, more fully described on the DPF website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. The ICDR/AAA services are provided at no cost to you. In addition, NSP is subject to the investigatory and enforcement powers of the Federal Trade Commission.
EU Personal Data Transfers with Standard Contractual Clauses. We recognize that the European Union and its member states have a data protection regime that generally restricts the transfer of Personal Data about individuals located in the EU to recipients located outside of the European Economic Area (“EEA”). We inform you that your Personal Data might be transferred to other entities inside our group outside your country of residence, and particularly to the US. These data transfers were done in the past according to the EU-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personally identifiable information from the EEA. Now these data transfers are done in compliance with our Standard Contractual Clauses, according to the European Commission Decision C(2004)5721 and the rest of regulations applicable in order to guarantee that your Personal Data are duly protected. In order to get more information, you can access the Standard Contractual Clauses applicable to certain countries linked in Table 1 below.
12. California Privacy Rights
The California Consumer Privacy Act (“CCPA”) provides individuals in California with specific rights regarding their Personal Data. NSP does not discriminate against anyone for exercising rights under the CCPA. This section describes specific rights under the CCPA and how to exercise them. Exercising these rights is subject to NSP receiving and confirming a verifiable request, which process is outlined below.
Collection, Sale, and Disclosure of Personal Data
Information regarding the categories of Personal Data that NSP collects, the categories of sources from which NSP collects this information, and the business purposes for which NSP collects this information, can be found in the sections tilted “What information do we collect?” and “How do we use Personal Data?” set forth above in this Privacy Statement.
Within the past 12 months, NSP has disclosed for business purposes the following categories of Personal Data to our service providers, as well as with any third party with whom you have instructed us to share this information:
-
Identifiers (i.e. name, address, IP address, email address, account name, etc.);
-
Personal Information collected under California Civil Code Section 1798.80;
-
Commercial Information (i.e. purchasing history or tendencies);
-
Internet Activity (i.e. browsing or search history, interactions with our Sites); and
-
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information.
We disclose the above-listed categories of Personal Data for business purposes, such as enabling your use of our Sites, services, and products; communicating with you; understanding how you interact with our Sites, services, and products; improving our products, services, and other offerings; helping to detect and prevent against fraud; fulfilling orders; delivering packages; performing administrative or accounting functions; providing customer service; and complying with applicable laws and regulations.
Under the current definitions contained in the CCPA, NSP does not sell, and has not sold in the past 12 months, any personal information.
CCPA Rights
California residents have the right to ask NSP to disclose what personal information NSP collects and uses. Upon receipt and verification of a verifiable request, NSP will provide an individual with the following information:
-
Specific pieces of personal information that NSP possess;
-
the categories of personal information NSP has collected in the preceding 12 months;
-
the categories of sources from which NSP collected personal information; the business or commercial purpose for which NSP collects personal information; the categories of third parties with whom NSP shares personal information; and
-
whether NSP has sold or disclosed personal information for a business purpose and, if so, a list of the categories of personal information sold or disclosed.
A right of access request under the CCPA is free of charge up to two (2) times in a 12-month period. NSP will not respond to requests that are unfounded, fraudulent, repetitive, harassing, or excessive.
California residents also have the right to ask NSP to delete personal information that NSP has collected about them. An individual may submit a verifiable request to delete following the instructions below.
Upon receipt of a verifiable request to delete, NSP will delete personal information from our records and notify our service providers to delete the same personal information from their records. Please note, NSP may delete some information and deidentify some information. In cases where NSP deidentifies information, NSP implements technical safeguards and business processes as outlined in Section 4 “Security of Information”.
NSP may not be able to comply with a deletion request if it is necessary for NSP to keep information in order to, among other things, provide goods or services requested, maintain an ongoing business relationship, comply with legal obligations, protect against fraudulent or illegal activity, or perform other necessary activities as permitted under the CCPA.
How to Exercise Rights Under the CCPA
A California resident wishing to exercise any rights under the CCPA should submit a request to NSP by either:
Emailing us at privacy@natr.com ; or
Writing to us at:
Nature’s Sunshine Products, Inc.
Privacy Officer, Legal
2901 W. Bluegrass Blvd., 100
Lehi, Utah 84043
Please include the following information in your request:
-
Whether you want to exercise the right to access or delete personal information.
-
Information NSP may already maintain such as first and last name; the email address you use to interact with NSP; your ZIP code; your NSP Member ID number (if you have one), and the order number or description of products purchased for the last order you placed with NSP (if any).
-
Whether you are making the request for yourself or for someone for whom you are authorized to act as a designated agent. If you are making the request on behalf of someone else, provide proof of such authorization.
NSP will use the information above, and any information it already maintains to verify identity to make sure we do not provide or delete personal information in response to a fraudulent request. NSP may request additional information to help identify an individual or verify that you want your information deleted. If NSP is unable to confirm that the individual making the request is the same person about whom we have collected personal information, we will not be able to complete the request.
NSP will attempt to provide the requested information or confirm completion of a request to delete personal information within 45 days. NSP will notify you within that time period if we will need additional time to process your request.
13. Notice for Nevada Residents
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
NSP does not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law privacy@natr.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
14. Questions and Complaints
NSP takes your privacy seriously. If you believe we have not complied with this Privacy Policy, please contact us so we can investigate your complaint.
Direct inquiries or concerns about our privacy policy to:
Nature’s Sunshine Products, Inc.
Privacy Officer, Legal
2901 W. Bluegrass Blvd., 100
Lehi, Utah 84043
(801) 341-7800
privacy@natr.com
Please summarize the nature of your question in the subject line of any email you send. Thank you for reviewing this policy.
15. Mobile Message Service Privacy Policy
This Messaging Program Privacy Policy explains how Nature’s Sunshine collects and uses information about you in relation to its text message marketing program (the “Messaging Service”). We use Klaviyo to provide the Messaging Service to you. For the purposes of the Messaging Service, Klaviyo acts as our service provider and data processor of your information. Learn more
Date of Last Revision: November 3, 2023