Everyone’s Privacy

1. Who we are

Ddrops Company manufactures high quality supplements and health products. It was founded in response to a need for a simply better way to provide vitamin D. Ddrops Company research and development is geared toward developing and marketing safe, effective, convenient and high-quality supplements under the Ddrops® brand. Ddrops Company is a global company that also offers additional information and helpful answers to frequently asked questions.

Ddrops Company is a company incorporated in Canada with a registered office at 126 Trowers Road, Woodbridge, Ontario L4L 5Z4, Canada.

This Privacy Policy reflects the new EU General Data Protection Regulation (GDPR) introduced on May 25, 2018 and applies to all Ddrops Company activities and initiatives, including:

  • Ddrops Company website, including blog articles
  • Ddrops Company interactions with employees, consumers, healthcare professionals, and business partners
  • Ddrops Company activity and participation at events, meetings and conferences
  • The Ddrops Community, including social media activity and contests
  • Ddrops Company surveys and questionnaire
2. Purpose
This Privacy Policy outlines the privacy practices of Ddrops Company. (“Ddrops Company”, “data controller”, “we”, “our”, “us”). This document explains when and why we collect personal information about people who open an account with us or visit our website. It explains how we use information, the conditions under which we may disclose it to others, and how we keep it secure. Ddrops Company is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy policy. Whether through this policy or otherwise, we aim to provide a good understanding of why and where we process personal information and the rights our visitors have.
3. Our Commitment

Ddrops Company is fully committed to handling personal information in accordance with local data protection legislation and data protection and information security best practices. This means that your personal information will be:

  • Processed lawfully, fairly, and in a transparent manner
  • Collected for specified, explicit, and legitimate purposes
  • Only collected so far as required for our purposes
  • As accurate and up to date as possible
  • Retained for a reasonable period of time, in accordance with retention periods under applicable law
  • Processed in a manner which ensures an appropriate level of security
4. The Information We Collect

The types of personal information we collect include: name, mailing address, email address, telephone number, professional designation (for healthcare practitioners), products ordered, credit card information (if applicable), payment (if applicable) and order history. Credit card information is used for billing purposes only and is not stored.

Ddrops Company collects information by various methods including:

  • Customer submission of information in creating accounts
  • Application forms and other information requests
  • Information actively provided by its lead providers and its customers
  • Information arising from customer surveys and general feedback
  • Contact information at events and conferences
  • Email, telephone, and written correspondence
  • Our social media pages
  • Other companies or third parties to help us maintain the accuracy of your data and provide you with better service (such as validate your mailing address)
  • Record calls to or from our sales/customer service representatives for purposes of accuracy, performance reviews, training, and general quality assurance, if you give your prior consent
    • Personal information provided by third parties: If you purchase products from us via third party retailers, we will receive the following personal information about you from these third parties: name, shipping address information, products ordered, and order details.

5. Cookies
Ddrops Company uses cookies to collect information to provide you with a better experience when you visit our website. Third party partners may also use cookies on our sites. Some of these cookies are temporary while others are stored for longer periods so that when you return to our website we remember who you are. At any time, you can delete cookies by managing the cookie settings on your computer. Please remember to reject/delete cookies in all the browsers you use to visit our website.

For more information about cookies and how we use cookies on our site please visit our Cookie Policy.

6. Legal Basis For Processing

We are allowed to process your personal data for the following reasons and on the following legal bases:

Contract. If the processing is necessary for our performance of the contract you have agreed to enter with us, the legal basis is Art. 6(1)(b) GDPR. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.

Legal obligation. If we are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, and to make mandatory disclosures to government bodies and law enforcements, the legal basis is Art. 6(1)(c) GDPR.

Legitimate Interests. We are permitted to process your personal data if it is based on our ‘legitimate interests’ according to Art. 6(1)(f) GDPR, i.e. we have good, sensible, practical reasons for processing your personal data, which is in the interests of Ddrops Company. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. Where personal data are processed based on legitimate interests, e.g. for the purposes of direct marketing, you have the right to object to such processing at any time and free of charge. See the section headed “Your Legal Rights” to find out how. If you object to us processing your personal data, we must demonstrate compelling grounds for continuing to do so.

Consent. Sometimes we want to use your personal data in a way that is entirely optional for you, such as to send you our promotions and news. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.

7. Sharing Information And International Transfers

Ddrops Company does not share personal information with any third parties except as disclosed in this policy. Ddrops Company may provide personal information to Ddrops Company subcontractors and professional advisers (who are located in North America or the EU and bound by privacy obligations) to assist Ddrops Company uses disclosed herein.

All third parties that obtain personal information from us (e.g. service providers that perform tasks on our behalf) are contractually required to protect your confidentiality and personal information in a manner consistent with this policy, and/or as required by applicable law.

We may also disclose your personal information to third parties if we have reason to believe that disclosing such information is necessary to:

  • Conduct investigations of possible breaches of law
  • Identify, contact, or bring legal action against someone who may be violating an agreement they have with us
  • To protect our rights, safety or property, or
  • To carry out any other purpose permitted or required by law.
  • We may also use your personal information to investigate security breaches or cooperate with government authorities pursuant to a legal matter.

Personal information we collect is maintained with the source of the information at Woodbridge, Ontario. The European Commission has recognized Canada (commercial organizations) as providing an adequate level of data protection.

We may also hold your personal data on carefully selected third-party cloud-based servers in Na United States. This means that some or all of the personal information we collect may be stored or processed on servers located outside your jurisdiction of residence and outside the European Economic Area, including, the United States and Canada, whose data protection laws may differ from the jurisdiction in which you live. In case of the United States of America, we ensure that the relevant company has entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission, has adopted corporate binding rules, benefits from the U.S. “Privacy Shield” accreditation, or has otherwise implemented appropriate safeguards. In case of Canada, there is an adequacy decision of the European Commission pursuant to Directive 95/46/EC which allows transfers under article 45 of the GDPR. In case of other countries outside the European Economic Area apart from Canada and the United States and where no adequacy decision of the European Union exists, we ensure that the relevant company has entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or has otherwise implemented appropriate safeguards. Subject to applicable laws in such other jurisdictions, we will use reasonable efforts to ensure that appropriate protections are in place to require the data processor in that country to maintain protections on the Personal Information that are equivalent to those that apply in Canada.

8. Security

Your personal information may be stored in a combination of paper and electronic files. They are protected against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access, and any other unlawful forms of processing by technical and organizational measures appropriate to the nature of the information. Personal information may only be accessed by persons within our organization or our third party service providers or third parties (such as law enforcement), who require such access to carry out the purposes indicated above.

Although we have taken reasonable and prudent measures to protect this website, computer systems, and any personal information that it has collected from unauthorized use, access, disclosure, misuse, alteration or destruction, no security measures can provide absolute protection. As a result, while we are committed to protecting your personal information, we cannot ensure or warrant the security of any information you provide to us.

9. Retention Period

We retain personal information that we collect only as long as reasonably necessary to fulfill the purposes for which it was collected or to meet any legal requirements. We have retention standards which meet these requirements.

When you open an account, we will retain your product information and product ordering history for as long as the account is active. When your account is closed we will retain your information in order to continue to communicate with you about our products that may be of interest to you, unless you have opted out of receiving marketing and or newsletter communication. We may also retain your account information and product history to communicate with you on important business information that may affect you, such as in the unlikely event of a product related issue. This information is retained for a period of up to 5 years from the date of your last order shipment.

Tradeshow attendee information is kept for two years and used as a reference and to evaluate participation at similar tradeshows in the future. Account applications that have been declined or where the applicant has not been processed, are retained for a period of two years to understand and monitor potentially fraudulent activity – i.e. false account openings in alias’, alternate business names, addresses etc. In these cases, the personal information will be destroyed within 2 years after it has been collected. Other personal information that has been collected will be destroyed when the purpose for which it was collected ceases to exist, or where the processing was based on consent upon withdrawal of the consent.

10. Your Legal Rights

You have rights under data protection laws in relation to your Personal Information. You have the right to:

Accessing Information. You have a right (subject to limited exceptions under relevant data protection laws) to request access to your personal information. Individuals may send requests to review their personal information contained in Ddrops Company files to the Ddrops Company privacy officer using the contact information provided in below section, ‘Company Contact Information/Data Protection Officer”.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no sufficient reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for profiling and direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data, in accordance with Art. 6 GDPR. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us using the contact methods and details set out in below section ‘Company Contact Information/Data Protection Officer’.

Notwithstanding the general terms of this policy, the collection, use, and disclosure of personal information may be made outside of the terms herein to the extent required by applicable law, or with your consent. Ddrops Company may disclose personal information to another entity purchasing (including, but not limited to, for diligence purposes prior to purchase) the assets of (or otherwise acquiring) Ddrops Company provided that entity abides by this or a similar privacy policy.

11. Your Choices
You have a choice to receive information from us or not. If you do not want to receive direct marketing communications from us about the products, promotions, information or services we offer then you can select your choices by ticking the relevant boxes situated on emails or within your account profile. You can also change your preferences at any time by contacting us by email at privacy@vitaminddrops.com.
12. Changes To Our Privacy Policy
From time to time we may make changes to our Privacy Policy. Please periodically review this Privacy Policy so that you know what personal information we collect, how we use it, and with whom we may share it. The date of the most recent revision will be published on the top of the Privacy Policy web page.
13. Complaints To The Regulator
You have the right to make a complaint at any time to a supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
14. Links
Ddrops Company website may contain links to information at other websites. When you click on one of these links, you are moving to another website. We encourage you to read the privacy statements of these linked sites as their privacy policy may differ from ours. We are not responsible for the privacy practices or the content of any website(s) owned and operated by any third party.
15. Company Contact Information / Data Protection Officer
Ddrops Company is a company incorporated in Canada with a registered office at 126 Trowers Road, Woodbridge, Ontario L4L 5Z4, Canada. For more information on Ddrops Company and privacy, or if you would like to exercise your legal rights, please contact our privacy officer at privacy@vitaminddrops.com, or by writing to 126 Trowers Road, Woodbridge, Ontario L4L 5Z4.
The contents of this website are for informational purposes and are not intended to offer personal medical advice. You should seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have read on this website.