Keeping Personal Data secure is a top priority of Nature’s Sunshine. We comply with the various privacy and data protection laws applicable in the countries and markets where we operate. This Privacy Statement outlines our views and practices and how they pertain to you as Consultant, Affiliate, Customer, Site visitor, or office visitor. Please note that not all sections of this Privacy Statement may apply to you based on how you interact with us. Please check back periodically, as these policies may change, and your subsequent use of the Site will be deemed acceptance of such changes. However, our fundamental commitment to protecting visitors’ privacy will not change.
1. Who is Nature’s Sunshine?
Nature’s Sunshine Products, Inc. and its affiliates and subsidiaries (“NSP”, “we”, “us”, or “our”) are leading natural health and wellness companies, marketing and distributing nutritional and personal care products in more than 40 countries through (a) NSP websites; (b) NSP apps and tools; and (c) a network of independent Consultants, Affiliates, and Customers. You will find a list of the NSP entities acting as Personal Data controllers in Table 1 below.
2. What information do we collect?
Personal Data. We may collect Personal Data from you based on how you interact with us. Personal Data is any information that relates either directly or indirectly to an identified living individual, or legal entity where applicable. In this Privacy Statement, Personal Data includes the terms personally identifiable information, personal information, or any other term used by applicable law. We have outlined the categories of Personal Data we collect in various instances below. If you wish to see how we use Personal Data, please refer to Section 3 “How do we use Personal Data?”
Categories of Personal Data. The general categories of Personal Data we collect are:
- Contact information such as name, title, address, email address, telephone or fax numbers;
- Biographical information such as gender, birthday, nationality, photographs or videos containing your image, occupation, family life information including children, hobbies, and interests;
- Identification information such as passport numbers, identification numbers, or photocopies of such documents as long as permitted by applicable law;
- Registration information such as newsletter or marketing material requests, event and incentive registrations, subscriptions, downloads, signup forms, survey responses, and username/passwords;
- Financial information such as bank account details, credit/debit card details, copies of bank or other financial statements, and other information necessary to verify or process financial transactions;
- Product information such as purchase history, product returns, product preferences;
- IT systems information such as technical information about your equipment used to access Sites, your activity on our Sites;
- Information You Volunteer through various interactions including with the Sites, customer service, or other NSP employees;
- Publicly available information such as identification, content, audio/visual, employment, demographic, or geographic information available via the internet. NSP does not collect information about you from other sources, e.g., public records or bodies, or private organizations.
Information Collected Automatically. We do not automatically log Personal Data, nor do we link information automatically logged by other means to Personal Data about specific individuals. However, we may record certain information that becomes available to us through your use of the Site, including, without limitation, the number of visitors and frequency of visits to the Site, the websites that you access immediately before and after the Site, the Internet browser you use, and your IP address. If we use this information, it is only on an aggregate basis.
Do Not Track Requests. Web browsers may allow you to send a “Do Not Track” request with your browsing traffic, which would enable anonymous browsing of the Site. We honor Do Not Track requests from web browsers. However, anonymous browsing may prevent us from providing you with full functionality of the Site.
3. Why do we collect Personal Data?
We may collect Personal Data for a number of reasons, including:
To prepare and perform an agreement with you. This includes agreements such as a Membership Agreement or Affiliate Agreement, which may involve calculating your earnings or those of other NSP Consultants, Affiliates, or Customers, and maintaining such information on your membership genealogy; process an order; deliver/take-back products and manage warranties; or payment processing.
To meet our legal obligations. This includes obligations such as tax and accounting or responding to request from public authorities.
*You may have the right to oppose certain of these reasons under applicable law, but if so, you may not be able to experience the full functionality of the Site.
4. How do we use Personal Data?
If you choose to provide us with Personal Data, we will use it to provide you with the services you have requested, to serve you with content, to analyze trends, and to enhance your overall experience while visiting the Site. You may also subscribe to email lists and request that we refer you to an NSP Consultant who can provide you with more information about how to purchase NSP products and become an NSP Consultant. If you purchase NSP products or become a NSP Consultant, we will also use your Personal Data to (1) provide services to you (such as processing product orders and/or returns and calculating and paying commissions); (2) support and improve the services you render to customers and downline Consultants; (3) provide you with additional services; (4) maintain our genealogy database and the proper functioning of our compensation plan; (5) issue payment and report income to taxing authorities; and (6) ensure compliance with legal obligations and our Policies & Procedures. In furtherance of these purposes, NSP may share your information with its parent company in the United States and its subsidiaries located in other countries. We do not collect, use, or disclose Personal Data for any other purposes that are materially different from the purposes set forth herein. We process Personal Data on legal grounds including (a) fulfilling obligations under a contract to you; (b) to comply with our own legal obligations; (c) when we have a legitimate interest to use Personal Data; or (d) based on your consent. If we wish to process Personal Data for any other purpose that stated in this section, we always obtain your consent first and offer you the choice to opt out of such collection, use, or disclosure.
5. Sharing Information with Third Parties
NSP may use internal and external service providers to operate the Site and perform other work on our behalf in the course of providing you with services you have requested such as developing the Site; fulfilling orders; delivering packages; administrative or accounting functions; and providing customer service. These service providers may have access to your Personal Data but are contractually bound to use your Personal Data only for the purpose of performing their duties. Even so, we remain responsible for your Personal Data and in cases of onward transfer to third parties of data of EEA data subjects received pursuant to the EU-U.S. Privacy Shield, NSP is potentially liable. Some of these service providers may be established in countries that offer less privacy protection than your country of residence.
NSP does not currently sell, trade or rent your Personal Data to any unaffiliated third parties for marketing purposes. We value your privacy and will not jeopardize our relationship with you by selling your information to solicitors without your prior consent.
NSP may, however, share your Personal Data to fulfill our legal obligations (i) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) in response to lawful requests by private parties, in connection with a lawsuit, subpoena, investigation or similar proceeding, (iii) to respond to a matter of personal or public safety, (iv) to investigate security incidents, (v) to protect our interests, rights and property, or (v) in the event of a sale or transfer of assets, or in the context of similar business negotiations.
6. Security of Information
NSP takes administrative, technical and physical measures to help ensure that your Personal Data remains accurate, timely and secure. However, no data transmission over the Internet, or through an electronic database, is guaranteed to be 100% secure. Although we strive to protect your information through measures such as the following steps, we cannot guarantee or warrant its security:
NSP uses Secure Socket Layers (SSL) to ensure a secure connection whenever transmitting or receiving Personal Data. With SSL, information transmitted between two computers via the Internet is sent in an encrypted format so that only the sending and receiving computers can decode it. SSL ensures that no one intercepts any of your Personal Data while it is being transferred to us. A secure connection is maintained until the checkout process is either completed or canceled.
NSP restricts access to Personal Data to our employees, contractors and agents who need to know that information in order to perform their jobs. They are obligated to respect the confidentiality of your Personal Data and may be disciplined or terminated for failing to meet these obligations.
7. Data Integrity & Access or Corrections
NSP keeps Personal Data in active files or systems as long as necessary in order to fulfill the purposes for which it was collected or as required to perform our contractual relationship with our Consultants, Affiliates, or Customers. After a Consultant, Affiliate, or Customer terminates his or her relationship with us, we must keep some information for accounting purposes, for the calculation of earnings under our compensation plan, and for compliance purposes. We will make reasonable efforts to ensure that the information is accurate and complete and will update or correct your information as needed when notified by you. You may request copies of your Personal Data by contacting us at our contact information listed below in Section 10. You or your representatives may edit your Personal Data by accessing your account profile. In instances where a Customer purchases product offline, directly from a Consultant, we may not have access to the Customer’s Personal Data, and you will need to contact your Consultant directly.
Depending on the law in your area, you may have various rights concerning Personal Data, which may include, a right of access, rectification, restriction of or objection to processing (including for direct marketing), portability to another controller, or erasure. You may exercise some of these rights through functionality on the Site. Where the functionality is not available you may contact NSP through the contact information provided below. Please be aware that the rights listed above may be subject to various limitations set out by law.
8. Consultant and Affiliate/Customer Organizational Data
You may place an order through your Consultant, Affiliate/Customer, or directly with NSP and NSP will share your information with your upline Consultant or Affiliate/Customer in order to process your order. Each customer may choose how to place an order and how to be contacted when placing an order. A Consultant, Affiliate, or Customer who introduces a new Consultant, Affiliate, or Customer to the NSP business is known as a Sponsor and Sponsors may build their own independent sales organizations. To assist with their businesses, NSP provides Sponsors with organizational reports that contain their Consultant, Affiliate, and Customer Personal Data and business data, including, but not limited to, name, address, NSP identification number, telephone number, email address, fax number, level or rank within the NSP Consultant Business Model or Affiliate/Customer Sharing Plan, and volume and sales statistics. These reports are provided to Consultants, Affiliates, and Customers in the strictest confidence and for the sole purpose of developing their NSP businesses and constitute the confidential, proprietary trade secrets of NSP. Some NSP Consultants, Affiliates, or Customers may live in countries that offer less privacy protection than your country of residence.
The Site is a general audience website and is not designed or targeted at children. NSP does not knowingly collect, use or disseminate any Personal Data from children under the age of 13. If you believe we may have collected information from your child on the Sites, please contact us and we will make reasonable efforts to delete the information from our records.
10. Third-Party Links
11. Privacy Shield Statement. EU Personal Data Transfers
NSP recognizes that the European Union and its member states have a data protection regime that generally restricts the transfer of PII about individuals located in the EU to recipients located outside of the European Economic Area (“EEA”). Nature’s Sunshine Products, Inc., Synergy Worldwide, Inc. and their U.S. affiliate entities comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States in reliance on Privacy Shield. NSP has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov. www.privacyshield.gov. EEA data subjects who have questions or complaints regarding NSP’s transfer or treatment of their personally identifiable information may file a complaint with NSP at the contact information below.
In compliance with the Privacy Shield Principles, NSP commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact NSP at:
Nature’s Sunshine Products, Inc.
Privacy Officer, Legal
2901 W. Bluegrass Blvd., 100
Lehi, Utah 84043
NSP has further committed to refer unresolved Privacy Shield complaints to our chosen independent recourse mechanism, the International Centre for Dispute Resolution® of the American Arbitration Association® (ICDR/AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit go.adr.org/privacyshield.html for more information or to file a complaint. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. The ICDR/AAA services are provided at no cost to you. In addition, NSP is subject to the investigatory and enforcement powers of the Federal Trade Commission.
EU Personal Data Transfers with Standard Contractual Clauses. We recognize that the European Union and its member states have a data protection regime that generally restricts the transfer of Personal Data about individuals located in the EU to recipients located outside of the European Economic Area (“EEA”). We inform you that your Personal Data might be transferred to other entities inside our group outside your country of residence, and particularly to the US. These data transfers were done in the past first according to the EU-U.S. Safe Harbor Framework, and later according to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personally identifiable information from the EEA. Now these data transfers are done in compliance with our Standard Contractual Clauses, according to the European Commission Decision C(2004)5721 and the rest of regulations applicable in order to guarantee that your Personal Data are duly protected. In order to get more information, you can access the Standard Contractual Clauses applicable to certain countries linked in Table 1 below.
12. California Privacy Rights
The California Consumer Privacy Act (“CCPA”) provides individuals in California with specific rights regarding their Personal Data. NSP does not discriminate against anyone for exercising rights under the CCPA. This section describes specific rights under the CCPA and how to exercise them. Exercising these rights is subject to NSP receiving and confirming a verifiable request, which process is outlined below.
Collection, Sale, and Disclosure of Personal Data
Information regarding the categories of Personal Data that NSP collects, the categories of sources from which NSP collects this information, and the business purposes for which NSP collects this information, can be found in the sections tilted “What information do we collect?” and “How do we use Personal Data?” set forth above in this Privacy Statement.
Within the past 12 months, NSP has disclosed for business purposes the following categories of Personal Data to our service providers, as well as with any third party with whom you have instructed us to share this information:
- Identifiers (i.e. name, address, IP address, email address, account name, etc.);
- Personal Information collected under California Civil Code Section 1798.80;
- Commercial Information (i.e. purchasing history or tendencies);
- Internet Activity (i.e. browsing or search history, interactions with our Sites); and
- Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information.
We disclose the above-listed categories of Personal Data for business purposes, such as enabling your use of our Sites, services, and products; communicating with you; understanding how you interact with our Sites, services, and products; improving our products, services, and other offerings; helping to detect and prevent against fraud; fulfilling orders; delivering packages; performing administrative or accounting functions; providing customer service; and complying with applicable laws and regulations.
Under the current definitions contained in the CCPA, NSP does not sell, and has not sold in the past 12 months, any personal information.
California residents have the right to ask NSP to disclose what personal information NSP collects and uses. Upon receipt and verification of a verifiable request, NSP will provide an individual with the following information:
- Specific pieces of personal information that NSP possess;
- the categories of personal information NSP has collected in the preceding 12 months;
- the categories of sources from which NSP collected personal information; the business or commercial purpose for which NSP collects personal information; the categories of third parties with whom NSP shares personal information; and
- whether NSP has sold or disclosed personal information for a business purpose and, if so, a list of the categories of personal information sold or disclosed.
A right of access request under the CCPA is free of charge up to two (2) times in a 12-month period. NSP will not respond to requests that are unfounded, fraudulent, repetitive, harassing, or excessive.
California residents also have the right to ask NSP to delete personal information that NSP has collected about them. An individual may submit a verifiable request to delete following the instructions below.
Upon receipt of a verifiable request to delete, NSP will delete personal information from our records and notify our service providers to delete the same personal information from their records. Please note, NSP may delete some information and deidentify some information. In cases where NSP deidentifies information, NSP implements technical safeguards and business processes as outlined in Section 4 “Security of Information”.
NSP may not be able to comply with a deletion request if it is necessary for NSP to keep information in order to, among other things, provide goods or services requested, maintain an ongoing business relationship, comply with legal obligations, protect against fraudulent or illegal activity, or perform other necessary activities as permitted under the CCPA.
How to Exercise Rights Under the CCPA
A California resident wishing to exercise any rights under the CCPA should submit a request to NSP by either:
Emailing us at email@example.com ; or
Writing to us at:
Nature’s Sunshine Products, Inc.
Privacy Officer, Legal
2901 W. Bluegrass Blvd., 100
Lehi, Utah 84043
Please include the following information in your request:
- Whether you want to exercise the right to access or delete personal information.
- Information NSP may already maintain such as first and last name; the email address you use to interact with NSP; your ZIP code; your NSP Member ID number (if you have one), and the order number or description of products purchased for the last order you placed with NSP (if any).
- Whether you are making the request for yourself or for someone for whom you are authorized to act as a designated agent. If you are making the request on behalf of someone else, provide proof of such authorization.
NSP will use the information above, and any information it already maintains to verify identity to make sure we do not provide or delete personal information in response to a fraudulent request. NSP may request additional information to help identify an individual or verify that you want your information deleted. If NSP is unable to confirm that the individual making the request is the same person about whom we have collected personal information, we will not be able to complete the request.
NSP will attempt to provide the requested information or confirm completion of a request to delete personal information within 45 days. NSP will notify you within that time period if we will need additional time to process your request.
13. Notice for Nevada Residents
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
NSP does not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law firstname.lastname@example.org. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
14. Questions and Complaints
Nature’s Sunshine Products, Inc.
Privacy Officer, Legal
2901 W. Bluegrass Blvd., 100
Lehi, Utah 84043
Please summarize the nature of your question in the subject line of any email you send. Thank you for reviewing this policy.
Date of Last Revision: October 29, 2020