Privacy policy

POLICIES

Privacy policy

Last updated: February 12, 2026

Vitaco Privacy Policy

Our privacy commitment to you

Vitaco Health Australia Pty Limited and Vitaco Health (NZ) Limited (Vitaco, we or us) are committed to protecting your privacy and personal information.

As we operate in Australia, New Zealand, and the U.S., this Privacy Policy outlines how we collect, store, use and disclose personal information and the steps we take to comply with Australian, New Zealand, and U.S. privacy laws (Privacy Laws).

This Privacy Policy describes the personal data collected or generated (processed) when you use our site. It also covers the following topics:

Who is responsible for the processing of your personal information?
What kind of personal information do we collect?
How do we collect your personal information?
How do we use cookies?
What do we use your personal information for?
Who do we disclose your personal information to?
How do we protect your personal information?
How can you access and update your personal information?
How do we handle enquiries and complaints?
Changes to this Privacy Policy.
Additional Information for U.S. Consumers
Health Data Privacy Statement for Nevada and Washington Consumers

You agree that by:

using any of our websites
purchasing Products from any of our websites
taking part in any of our promotional or marketing campaigns
applying for employment with us; or
visiting our premises,

you consent to the collection and use of your personal information as set out below.

If you find any links to other websites on any of our websites, this Privacy Policy does not apply to them. Always check the privacy policy of any website you access.

We may also provide you with separate privacy notices when we collect your personal information which may outline additional uses and disclosures not detailed in this Privacy Policy. If there is any inconsistency between these separate privacy notices and this Privacy Policy, you should rely on the information in those notices.

The site is not intended for children under the age of 13. We do not knowingly collect personal information online from visitors in this age group.

Who is responsible for the processing of your personal information?

Vitaco Health Australia Pty Limited or its affiliate Vitaco Health (NZ) Limited are responsible for the processing of your personal information.

What kind of personal information do we collect?

The kinds of personal information we collect vary depending on our interaction with you and may include:

Contact & business details: Your name, address, telephone number, email address, residential address, shipping address, and where we are dealing with you on a business-to-business basis, your ABN, NZBN, trading name, delivery address and vehicle registration details if you visit one of our premises.
Purchase history: Details about your orders from us and product preferences.
Digital information: Such as cookies, pixels, software versions used, device identifiers (like IP address), location data (where available and not disabled by you), dates, times, file metadata, referring website, data entered, and your user activity such as links clicked, adding items to a shopping cart, and making purchases.
Financial information: Including credit card details.
Employment details: Where you apply for employment with us, your CV and pre-employment history, contact and emergency details, and other similar information.
Volunteered information: Information that you voluntarily provide to us through your responses to competitions, promotions, surveys, feedback and enquiries.

Sensitive Information

Some personal information we may collect from you is ‘sensitive information’. The collection of such sensitive information will depend on the nature of our interaction with you, but may include information which we require for the purpose of providing advice to you. This might include information about your weight, height, age, health, diet, lifestyle and if needed, your medical background.

You may decide not to provide us with your personal information we ask for. However, if you do so, or if you provide us with personal information that is inaccurate or incomplete, we may not be able to respond adequately to your enquiries or provide you with the products or services you require.

If you contact our Naturopath & Nutritionist hotline or our Customer Services Representatives we may need to collect sensitive information from you. In such circumstances, we will advise you of this in a separate privacy notice at the time of collection.

How do we collect your personal information?

We collect most personal information directly from you. We may collect personal information when:

you purchase any products from us online
you use Naturopathic & Nutrition Team hotline
you contact our Customer Service representative
you communicate and interact with us, including in person, by email, by letter, telephone, online or via social media, when you apply for employment, or participate in any of our marketing or promotional campaigns
you visit one of our premises.

Other ways we may collect personal information from you:

From third parties: We may also collect personal information from third parties, such as from nominated referees during job applications, or through competitions or promotions operated in conjunction with Vitaco by one of our partners.
Voice messages: If you contact us by the hotline or our Customer Service phone number your personal information may be collected by us as a recorded voice message if our Naturopaths, Nutritionists or Customer Service team are temporarily unavailable to answer a call and you choose to leave a voice message.
On-site security: If you visit one of our premises, we may also collect personal information about you on CCTV as part of our security and crime prevention measures. We may also collect your name and contact details and, where applicable, your vehicle registration through our visitor registration system VisitorRego, for security and health and safety purposes, and your visiting history to our premises, and to provide facilities such as Wi-Fi. This information, including CCTV footage may constitute ‘personal information’ as defined in the Privacy Laws.

How do We Use Cookies?

We may use “cookies” which enable us to monitor traffic patterns on our websites and to serve you more efficiently if you revisit our websites. A cookie does not identify you personally but it does identify your computer or device. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
Third party vendors, including Google, show our ads on sites on the internet and use cookies to serve ads based on a user’s prior visits to a website.
You may opt out of Google’s use of cookies by visiting the Google advertising opt-out page.
We use cookies for the purposes of conducting re-marketing campaigns. Google’s Display Network use the DoubleClick Cookie.
Our cookies typically expire after 30 days. After the expiry date, your browser will delete the cookie (depending on browser used and your browser settings). You can manually delete cookies in your browser anytime.

What do we use your personal information for?

The main purpose for collecting your personal information is to enable us to operate our business, assess your employment application, provide our products and services to you, and to comply with the law.

We may use and share your personal information for these purposes, including in order to:

Charge you for products we provide to you
Communicate with you
Let you know about promotions, competitions, products and services which we think you may be interested in
Deal with enquiries, feedback, complaints and requests about our products or services
Manage and improve our products and services and other relationships and arrangements
Provide advice to you regarding our products from naturopaths and nutritionists
Undertake product recalls
Monitor our sales of products and for quality control purposes, including undertaking customer surveys and analysis, or seeking feedback from you
Develop new products
Undertake contact tracing in relation to the Covid-19 outbreak (if you attend our premises)
Undertake recruitment and staffing functions
Meet our legal obligations
Undertake any other purpose disclosed to you at the time the relevant personal information is collected and for purposes directly related to any of the above.

We may use CCTV footage specifically for the following purposes:

Detecting and deterring criminal behaviour on our premises.
Monitoring the safety and security of our staff and our premises, and completing incident investigations.

If you do not wish to receive information about promotions or activities we think you may be interested in, you can opt-out by contacting us on the details below, or by using the unsubscribe function in emails.

Who do we disclose your personal information to?

We may disclose your personal information for the purposes listed above to third parties that include the following:

Our related entities, such as Vitaco offices located in New Zealand or Australia.
Other companies or individuals who assist us in supplying our products and services or who perform functions on our behalf, such as delivery contractors, professional services organizations, couriers, credit card processors, mailing houses, advertising and media agencies and technology hosting providers.
Other persons that we need to deal with in connection with employment and engagement of staff (such as insurers, next-of-kin, referees) where required or authorised by law to do so and to anyone else whom you authorise us to disclose it.

Otherwise, we will only disclose your personal information without your consent if doing so is:

To assist with any request from WorkSafe, the Ministry of Health or a District Health Board in New Zealand or any Commonwealth, State or Territory health authority in Australia in relation to contact tracing for Covid-19.
Necessary to protect or enforce our legal rights or interests, or to defend any claims made against us by any person (including you).
Necessary in order to report a data breach, cyber incident or for cyber security purposes (including to prevent unauthorised access to, or attacks on, our systems).
Necessary to lessen a serious threat to a person’s health or safety.
In connection with any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Unless otherwise disclosed to you in a separate privacy notice, the only overseas disclosures of personal information Vitaco makes is to and between our offices in New Zealand and Australia which assist us with the following functions:

Storage of personal information of past, current and prospective employees
Staffing of the Naturopathic & Nutrition Team and Customer Service hotlines and customer complaints and enquiries handling

How do we protect your personal information?

We take such steps designed to protect your personal information from risks such as misuse, interference and loss, and from unauthorised access, modification or disclosure including:

Using software on a number of our websites which encrypts information (where a lock symbol appears on the browser window).
Utilising passwords, firewalls and virus scanning tools, and protection in buildings where personal information is stored, to prevent against unauthorised access to our systems.
Restricting staff and authorised contractors that have access to the databases that store personal information to those on a “need to know” basis.
If we no longer require your personal information, taking reasonable steps to destroy or de-identify it. We retain personal information for as long as needed or permitted for the purposes for which it was collected as outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable law. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have a relationship with us or keep using the Services); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records or communications for a certain period before we can delete them); or (iii) whether retention is advisable considering our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

CCTV footage will usually be retained for a period of 60 days, after which time it will be overwritten. Site visitor logs and personal information collected for the purposes of COVID-19 contact tracing using the VisitorRego system will be retained for a period of 60 days, after which time they will be deleted.

The security of your personal information is important to us and we are committed to handling such information carefully. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

How can you access and update your personal information?

We seek to ensure that all personal information collected and stored in our files and database systems is correct and accurate.
If you wish to request that we delete your personal information, request that we no longer use your information to provide you with marketing communications, or withdraw your consent to use your personal information please contact us as set out below. We may require you to verify your identity so that we can ensure your personal information is disclosed only to you and specify what personal information you want access to.
We will respond to your request within 30 days.

How we handle enquiries and complaints

For any privacy enquiries, issues or concerns, or if you believe that we have not complied with the Privacy Laws contact us in writing:

By mail:

Privacy Officer

Vitaco Health Australia Pty

Level 3, 68 Waterloo Road

North Ryde NSW 2113

Email: privacy@vitaco.com.au

We will investigate any complaint and will respond to you as soon as is practicable after we receive your complaint. If you do not agree with the way we have handled your complaint you can refer your complaint:

In Australia to: * Office of the Australian Information Commissioner

Website: www.oaic.gov.au
Phone: 1300 363 992

In New Zealand to: * New Zealand Privacy Commissioner

Website: www.privacy.org.nz
Phone: 0800 803 909

Changes to this Privacy Policy

We may update this policy from time to time. We will let you know of significant changes to this policy by posting a notification on our websites.

Additional Information for U.S. Consumers

The following chart details which categories of personal information we collect and process about individuals in the U.S., as well as which categories of personal information we disclose to third parties for our operational business or commercial purposes, including within the preceding 12 months. The chart also details the categories of personal information that we “share” for purposes of cross‑context behavioral or targeted advertising, including within the preceding 12 months.

Categories of Personal Information	Disclosed to Which Categories of Third Parties for Operational Business or Commercial Purposes (See "WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO?" for details)	Shared With
Identifiers, such as name, contact information, and IP address	Affiliates; service providers; advertising networks; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	Advertising networks
Personal information as defined in the California customer records law, such as name, contact information, financial information, education or employment information in connection with job applications	Affiliates; service providers; advertising networks; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	Advertising networks (only contact information)
Protected Class Information, such as characteristics of protected classifications under California or federal law, such as age and health-related information voluntarily provided when seeking health or nutrition advice	Affiliates; service providers; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	None
Commercial Information, such as purchase history	Affiliates; service providers; advertising networks; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	Advertising networks
Internet or network activity information, such as browsing history, search history, and interactions with our online properties or ads	Affiliates; service providers; advertising networks; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	Advertising networks
Geolocation Data	Affiliates; service providers; advertising networks; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	Advertising networks
Audio/Video Data	Affiliates; service providers; law enforcement; public, regulatory, and government authorities; professional advisors	None
Employment Information	Affiliates; service providers; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	None
Inferences drawn from any of the personal information to create a profile, such as, an individual’s preferences or characteristics	Affiliates; service providers; advertising networks; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	Advertising networks
Sensitive Personal Information, such as financial information, health-related information voluntarily provided when seeking health or nutrition advice (residents in Washington and Nevada can see our Health Data Privacy Statement for additional information)	Affiliates; service providers; law enforcement; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity	None

We retain each category of personal information, including sensitive personal information, as described above under “HOW DO WE PROTECT YOUR PERSONAL INFORMATION?”

We do not “sell” personal information, including sensitive personal information, and we do not “share” sensitive personal information for purposes of cross-context behavioral advertising, as defined under applicable law. We have not engaged in such activities in the preceding 12 months. Without limiting the foregoing, we do not sell or knowingly “share” personal information, including sensitive personal information, of minors under 16 years of age.

We collect, use, and disclose personal information for the purposes described above under “WHAT DO WE USE YOUR PERSONAL INFORMATION FOR?”

We collect, use, and disclose sensitive personal information for purposes of performing services for our business, providing goods or performing services as requested or reasonably expected by you, ensuring safety, security, and integrity, countering wrong or unlawful actions, short-term transient use, servicing accounts, providing customer service, verifying customer information, processing payments, activities relating to quality and safety control or product improvement, and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use sensitive personal information for additional purposes.

We collect personal information from several sources as described above under “HOW DO WE COLLECT YOUR PERSONAL INFORMATION?”

Individual Rights and Requests

You may, subject to applicable law, request that we:

Disclose to you the following information:
- a. The categories of your personal information we collected and the categories of sources from which we collected your personal information;
- b. The business or commercial purpose for collecting or “sharing” your personal information;
- c. The categories of your personal information that we “shared” and the categories of third parties to whom we “shared” your personal information; and
- d. The categories of your personal information that we disclosed and the categories (and in certain jurisdictions, the identities) of third parties to whom we disclosed your personal information.
Correct inaccuracies in your personal information.
Delete your personal information.
Provide the specific pieces of your personal information, including a copy in a portable format.
Opt out of targeted advertising, including the “sharing” of your personal information for cross-context behavioral advertising.

To make a request, please write us at Privacy Officer, Vitaco Health Australia Pty, Level 3, 68 Waterloo Road, North Ryde, NSW 2113 or email us at privacy@vitaco.com.au.

You have the right to be free from unlawful discrimination for exercising your rights under applicable law.

We will verify and respond to your request consistent with applicable law, considering the type and sensitivity of the personal information subject to the request. For your protection, we may need to request information such as your name, email address, mailing address, and relationship with us to verify your identity and protect against fraudulent requests. If you make a deletion request, we may ask you to verify your request before we delete your personal information.

To request to opt out of targeted advertising click here.

Opt-out Preference Signals

We also process opt-out preference signals, such as the Global Privacy Control. These signals set your opt-out preferences only for the particular browser or device you are using and any consumer profile that we associate with that browser or device.

Sharing your Personal Information with Third Parties for Direct Marketing Purposes

If you prefer that we discontinue sharing your personal information on a going-forward basis with our affiliates for their direct marketing purposes, you may opt out of this sharing by emailing us at privacy@vitaco.com.au. If you would prefer that we discontinue sharing your personal information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by emailing us at privacy@vitaco.com.au.

Appeals

To the extent available under applicable law, if we refuse to take action on your request, you may appeal this refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us as described in the “HOW WE HANDLE ENQUIRIES AND COMPLAINTS” section above.

Authorized Agents

If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted above. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described above or confirm that you provided the agent permission to submit the request.

De-Identified Information

Where we maintain or use de-identified information, we will continue to maintain and use that information only in a de-identified form and will not attempt to re-identify the information.