1. WHO WE AREDdrops Company manufactures high quality supplements and health products. It was founded in response to a need for a simply better way to provide vitamin D. Ddrops Company research and development is geared toward developing and marketing safe, effective, convenient and high-quality supplements under the Ddrops® brand. Ddrops Company is a global company that also offers additional information and helpful answers to frequently asked questions.
Ddrops Company is a company incorporated in Canada with a registered office at 126 Trowers Road, Woodbridge, Ontario L4L 5Z4, Canada.
- Ddrops Company website, including blog articles
- Ddrops Company interactions with employees, consumers, healthcare professionals, and business partners
- Ddrops Company activity and participation at events, meetings and conferences
- The Ddrops Community, including social media activity and contests
- Ddrops Company surveys and questionnaires
3. OUR COMMITMENTDdrops Company is fully committed to handling personal information in accordance with local data protection legislation and data protection and information security best practices. This means that your personal information will be:
- Processed lawfully, fairly, and in a transparent manner
- Collected for specified, explicit, and legitimate purposes
- Only collected so far as required for our purposes
- As accurate and up to date as possible Retained for a reasonable period of time, in accordance with retention periods under applicable law
- Processed in a manner which ensures an appropriate level of security
4. THE INFORMATION WE COLLECTThe types of personal information we collect include: name, mailing address, email address, telephone number, professional designation (for healthcare practitioners), products ordered, credit card information (if applicable), payment (if applicable) and order history. Credit card information is used for billing purposes only and is not stored.
Ddrops Company collects information by various methods including:
- Customer submission of information in creating accounts
- Application forms and other information requests
- Information actively provided by its lead providers and its customers Information arising from customer surveys and general feedback
- Contact information at events and conferences
- Email, telephone, and written correspondence
- Our social media pages
- Other companies or third parties to help us maintain the accuracy of your data and provide you with better service (such as validate your mailing address)
- Record calls to or from our sales/customer service representatives for purposes of accuracy, performance reviews, training, and general quality assurance, if you give your prior consent
7. LEGAL BASIS FOR PROCESSINGWe are allowed to process your personal data for the following reasons and on the following legal bases:
Contract. If the processing is necessary for our performance of the contract you have agreed to enter with us, the legal basis is Art. 6(1)(b) GDPR. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
Legal obligation. If we are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, and to make mandatory disclosures to government bodies and law enforcements, the legal basis is Art. 6(1)(c) GDPR.
Legitimate Interests. We are permitted to process your personal data if it is based on our 'legitimate interests' according to Art. 6(1)(f) GDPR, i.e. we have good, sensible, practical reasons for processing your personal data, which is in the interests of Ddrops Company. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. Where personal data are processed based on legitimate interests, e.g. for the purposes of direct marketing, you have the right to object to such processing at any time and free of charge. See the section headed "Your Legal Rights" to find out how. If you object to us processing your personal data, we must demonstrate compelling grounds for continuing to do so.
Consent. Sometimes we want to use your personal data in a way that is entirely optional for you, such as to send you our promotions and news. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.
8. SHARING INFORMATION AND INTERNATIONAL TRANSFERSDdrops Company does not share personal information with any third parties except as disclosed in this policy. Ddrops Company may provide personal information to Ddrops Company subcontractors and professional advisers (who are located in North America or the EU and bound by privacy obligations) to assist Ddrops Company uses disclosed herein.
All third parties that obtain personal information from us (e.g. service providers that perform tasks on our behalf) are contractually required to protect your confidentiality and personal information in a manner consistent with this policy, and/or as required by applicable law.
We may also disclose your personal information to third parties if we have reason to believe that disclosing such information is necessary to:
- conduct investigations of possible breaches of law
- identify, contact, or bring legal action against someone who may be violating an agreement they have with us
- to protect our rights, safety or property, or
- to carry out any other purpose permitted or required by law.
Personal information we collect is maintained with the source of the information at Woodbridge, Ontario. The European Commission has recognized Canada (commercial organizations) as providing an adequate level of data protection.
We may also hold your personal data on carefully selected third-party cloud-based servers in Na United States. This means that some or all of the personal information we collect may be stored or processed on servers located outside your jurisdiction of residence and outside the European Economic Area, including, the United States and Canada, whose data protection laws may differ from the jurisdiction in which you live. In case of the United States of America, we ensure that the relevant company has entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission, has adopted corporate binding rules, benefits from the U.S. "Privacy Shield" accreditation, or has otherwise implemented appropriate safeguards. In case of Canada, there is an adequacy decision of the European Commission pursuant to Directive 95/46/EC which allows transfers under article 45 of the GDPR. In case of other countries outside the European Economic Area apart from Canada and the United States and where no adequacy decision of the European Union exists, we ensure that the relevant company has entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or has otherwise implemented appropriate safeguards. Subject to applicable laws in such other jurisdictions, we will use reasonable efforts to ensure that appropriate protections are in place to require the data processor in that country to maintain protections on the Personal Information that are equivalent to those that apply in Canada.
9. SECURITYYour personal information may be stored in a combination of paper and electronic files. They are protected against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access, and any other unlawful forms of processing by technical and organizational measures appropriate to the nature of the information. Personal information may only be accessed by persons within our organization or our third party service providers or third parties (such as law enforcement), who require such access to carry out the purposes indicated above.
Although we have taken reasonable and prudent measures to protect this website, computer systems, and any personal information that it has collected from unauthorized use, access, disclosure, misuse, alteration or destruction, no security measures can provide absolute protection. As a result, while we are committed to protecting your personal information, we cannot ensure or warrant the security of any information you provide to us.
10. RETENTION PERIODWe retain personal information that we collect only as long as reasonably necessary to fulfill the purposes for which it was collected or to meet any legal requirements. We have retention standards which meet these requirements.
When you open an account, we will retain your product information and product ordering history for as long as the account is active. When your account is closed we will retain your information in order to continue to communicate with you about our products that may be of interest to you, unless you have opted out of receiving marketing and or newsletter communication. We may also retain your account information and product history to communicate with you on important business information that may affect you, such as in the unlikely event of a product related issue. This information is retained for a period of up to 5 years from the date of your last order shipment.
Tradeshow attendee information is kept for two years and is used as a reference and to evaluate participation at similar tradeshows in the future. Account applications that have been declined or where the applicant has not been processed, are retained for a period of two years to understand and monitor potentially fraudulent activity – i.e. false account openings in alias’, alternate business names, addresses etc. In these cases, the personal information will be destroyed within 2 years after it has been collected. Other personal information that has been collected will be destroyed when the purpose for which it was collected ceases to exist, or where the processing was based on consent upon withdrawal of the consent.
11. YOUR LEGAL RIGHTSYou have rights under data protection laws in relation to your Personal Information. You have the right to:
Accessing Information. You have a right (subject to limited exceptions under relevant data protection laws) to request access to your personal information. Individuals may send requests to review their personal information contained in Ddrops Company files to the Ddrops Company privacy officer using the contact information provided in below section, 'Company Contact Information/Data Protection Officer''.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no sufficient reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for profiling and direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data, in accordance with Art. 6 GDPR. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us using the contact methods and details set out in below section 'Company Contact Information/Data Protection Officer'.