Privacy Policy

Interactive Ecommerce LLC
Last updated: September 19, 2025

Interactive Ecommerce LLC will process personal data in connection with our business activities. We are committed to processing personal data in a secure and lawful manner. Our processing as data controller of personal data is based on the business we operate and the purpose of our business, which is the production and sale of dietary supplements and related products. Information about the personal data we process, the legal basis for the processing, the purpose of the processing, how long we process the personal data, etc. can be found below.

We may also process personal data in ways other than those mentioned below, but then we will inform those concerned about the personal data in ways other than through this declaration.

If you have questions or want to know more about our processing of personal data, you can contact us – see contact information below.

1. RESPONSIBLE FOR PROCESSING PERSONAL DATA

Interactive Ecommerce LLC is the data controller, i.e., determines why and how personal data should be processed, for the processing described below.

Contact information for the data controller:
Interactive Ecommerce LLC
1309 Coffeen Avenue STE 10801
Sheridan, Wyoming 82801, USA
Organization number: 30-1363412
Email: support@vitanord.com

2. PROCESSING OF PERSONAL DATA

We collect and use personal data for various purposes depending on who you are and how we come into contact with you. We mainly process personal data about our customers, who are private customers, and contact persons at suppliers and business partners, see below.

All processing of personal data shall take place in accordance with applicable data protection rules, including the Swedish Personal Data Act and the General Data Protection Regulation (GDPR).

Personal data is any information about a natural person that can identify directly or indirectly (the latter is referred to as "data subject"). Processing of personal data is any activity carried out with personal data, for example, collection, registration, organization, structuring, storage, adaptation, alteration, transfer or deletion.

Below are the processing activities we perform as data controller in our business.

2.1 Sales and contact with private customers

When you register as a customer, we ask you to provide information about your full name, address and telephone number, as well as email (optional). We need this information to manage your customer relationship, to send you your orders and for billing purposes. Our basis for processing this personal data is that such processing is necessary to fulfill our agreement with you (GDPR Article 6(1)(b)).

The personal data processed by us is obtained from you upon registration and during your ongoing customer relationship with us.

If you place a new order, we will use information about your payment history to check that you do not have outstanding overdue invoices from previous orders before we approve your new order. Our basis for processing this personal data is our legitimate interest in avoiding further outstanding payments (GDPR Article 6(1)(f)). We have assessed that our legitimate interests must outweigh the importance of privacy for those we check personal data on.

When you have an active customer relationship with us, we will also process information about your subscription (which goods we deliver to you) and information about your customer history, including which products you have purchased, when you purchased them and associated receipts. We use this information for marketing, analysis and statistical purposes. Our basis for processing this personal data is our legitimate interest in marketing and improving our products and services (GDPR Article 6(1)(f)). We have assessed that our legitimate interests must outweigh the importance of privacy for those the personal data relates to.

In some cases, we may use your contact information (including name, email address and customer history) to conduct customer surveys. The purpose of our processing of your personal data in this case is to improve ourselves. The basis for our processing of this information is our legitimate interest in further developing our products and services (GDPR Article 6(1)(f)). We have assessed that our legitimate interests must outweigh the importance of privacy for those the personal data relates to.

If you have given us your consent, we will also use your contact information and purchase history to send you newsletters and emails with marketing. You can unsubscribe at any time by following the instructions included in any communication we send to you.

We may contact you by telephone and by post, unless you have opted out of such communications in the Robinson List or given us direct notice that you do not wish to receive this type of communication. Our basis for processing your personal data is our legitimate interest in marketing our services and products (GDPR Article 6(1)(f)). We have assessed that our legitimate interests must outweigh the importance of privacy for those the personal data relates to.

Personal data related to your customer relationship/subscription, including your name and contact information, will be processed as long as we have an active customer relationship with you. After the customer relationship ends, the information will be deleted after three years.

For information related to your account with us, this will be stored and processed as long as your account is active or until you delete the account. The account will also be deleted if your account has not been active for the last 12 months.

We also process technical logs, security logs, including the IP address used to register the order for security reasons since we need to document any fraud and secure our systems. Logs for service development and statistics are also stored and processed so that we can develop the service. We therefore have a legitimate interest in securing and developing our systems and information in them, and that this legitimate interest outweighs the consideration of privacy for those the information concerns (GDPR Article 6(1)(f) and Article 32). This information is generated through our systems and may be disclosed to the police in connection with investigations of, among other things, fraud. This is information that is kept for approximately one year.

We are also required by law to retain this information in connection with accounting and tax handling, as per Swedish accounting law and VAT law (GDPR Article 6(1)(c)). We also receive this information from you, and it may be transferred to authorities we are required to transfer them to. We normally process such information for six years to comply with legislation.

Card numbers and information are stored by a third party who is then the data controller for this information. Who this is depends on which payment solution you choose, and the agreement you have with the payment intermediary, such as your bank or credit card company. See also privacy policy from payment service providers.

The processing is based on our interest in handling the relationship with customers, securing and developing the service, protecting our rights, etc., according to GDPR Article 6(1)(f). We assess that we have a legitimate interest in processing this type of information, and that our interest outweighs the individual's privacy.

Technical logs and security logging on websites and in connection with services will also be processed for security reasons, for service development, and statistics. Processing of such information is done on the basis of our obligation to comply with data protection regulations to secure personal data, see GDPR Article 6(1)(c), cf. among others Article 32, and our obligation to secure your personal data according to the agreement with you, see above.

2.2 Communication and contact

We process personal data about those who contact us to respond to and document the communication and to contact others. This applies to all forms of communication, physical and digital, written and oral.

In such cases, we process name, telephone number, email address and any personal data that may follow from the inquiry, including history/logs about the inquiry.

The processing of information is based on the fact that we have a necessary legitimate interest in processing personal data related to the above (see GDPR Article 6(1)(f)). We have therefore assessed that our legitimate interest in having contact with the outside world is part of our business and in documenting the business we conduct, as well as responding to those who contact us and registering such contact. We have assessed that this is necessary for us to handle inquiries we receive, and that the data subjects' privacy does not take precedence over these interests.

It is voluntary to give us personal data, but it will be necessary to give us the information for us to be able to respond to inquiries.

We process the information until we expect that there will be no further follow-up of the contact, normally for one year.

2.3 Email

We use email as a communication solution that contains personal data. The processing is based on the fact that we have a necessary legitimate interest in processing personal data through email (see GDPR Article 6(1)(f)) to have a work tool and communication solution, and that the data subjects' privacy does not take precedence over these interests. What is processed of personal data in emails depends on the purpose of the email and what is included in it. Emails are deleted when they are no longer necessary, and we have measures to ensure regular deletion of email. Our security solutions also have access to email, but then only in machine processing.

2.4 Information and marketing

If you request information or sign up for newsletters, we will send out information about our products and services, services from business partners, newsletters and other information and marketing. We will then process your email address and any information you provide to us in this context.

We process the personal data to inform you about services and products that may be of interest to you, and process the personal data based on your consent (GDPR Article 6(1)(a)). You can withdraw your consent at any time by using any unsubscribe options in communications you receive, or to opt out of direct marketing and/or profiling according to GDPR Article 21(2), by contacting us.

We only process personal data that enables us to make the mailing, which is email address, and name to make the communication more personal and ensure that the mailing reaches the right person. The email address and information you have provided are not used for anything other than sending out the newsletter.

The processing takes place until you have either received the requested information or have withdrawn your consent. After that, your personal data is deleted.

2.5 Existing and potential customers, suppliers and business partners etc.

We process personal data about contact persons at existing and potential suppliers and other business partners for sales and marketing activities, to manage our relationship with suppliers and others, prepare, implement and document services as well as evaluate the use of services. In these cases, we will process name, contact information, company name and information related to contact with the company where the person works.

The processing of personal data is based on the fact that we have a necessary legitimate interest (GDPR Article 6(1)(f)) to manage the relationship with our customers, business partners and suppliers, and that our interest outweighs the individual's privacy.

We store and disclose information also where we have a legal obligation to do so, for example according to accounting and tax legislation.

Information is stored and processed as long as it is necessary, for example to document circumstances around services.

In many cases, it will be necessary for us to receive personal data to enter into agreements with customers and suppliers, among other things to document that an agreement has been entered into. If we do not receive the information we need, we will not be able to enter into agreements.

It is voluntary for contact persons whether they want to give us personal data. If we obtain personal data from others, it will mainly concern contact information (including name, address, telephone number and email address), position, function and employer as well as any competence and references where relevant. The source of such information will be the contact person's employer, for example from the employer's website. In some cases, we obtain references from others to assess the suitability of suppliers and business partners.

We store the information until the relationship with the customer, supplier or business partner ends or until the contact person ceases to be a contact person, with the exceptions mentioned above.

2.6 Recruitment

When recruiting for new positions with us, we will process personal data in connection with CVs, applications, certificates, notes from interviews, results from reference checks, etc.

We may use job search services to manage submitted applications, and this is then our data processor. If you register with the job search service with your own profile, the service will be the data controller, and reference is made to its privacy policy for information about processing of personal data in the service. Processing of personal data is based on consent that you have given in the job search service (GDPR Article 6(1)(a)), if such is obtained, or the bases that follow below.

The basis for processing personal data in recruitment is that the processing is necessary to implement measures before an employment agreement with the job applicant is possibly entered into (GDPR Article 6(1)(b)).

If investigations are made by us beyond contacting persons who are specified as references, investigating by searching for history, etc., then personal data is processed on the basis of our necessary legitimate interest to ensure that the right candidate for the position (GDPR Article 6(1)(f)). For the latter, we have assessed that our legitimate interest in recruiting new employees outweighs the individual's privacy. We encourage you not to include special categories of personal data, such as health, religion, political views, trade union membership, etc. in your application.

In case we process special personal data, we will process this on the basis of your consent (GDPR Article 9(2)(a)). Consent can be withdrawn at any time, and that you withdraw your consent will not affect the lawfulness of the processing of personal data that took place before the consent was withdrawn.

Personal data is deleted as soon as the recruitment is completed, if you have not consented to longer storage.

2.7 Social media

We have contact with stakeholders and others through social media. Among other things, we have established a Facebook page, where we are responsible for the processing of personal data in this connection together with Facebook. Through the Facebook page, personal data will be processed if you post posts on the page, comment on posts or "like"/follow the page. Our purpose for processing personal data through Facebook is to have contact with you who want to communicate with us or interact on our Facebook page in other ways, see also about communication under point 2.2 above.

In this context, your name and connection to other information that you have posted on Facebook related to your name/account on Facebook is processed. In addition, everything you share through posts and comments on our Facebook page is processed, as well as the fact that you have "liked"/followed our website. What you share on the Facebook page is up to you, and is voluntary.

We ask you not to share personal data in posts or comments on the website, and especially not to share personal data about others, e.g. by "tagging" or mentioning people.

We process personal data in social media, such as Facebook, on the basis that we believe we have a necessary legitimate interest in communicating with the outside world through the social medium and will then process personal data in this context (GDPR Article 6(1)(f)). We have assessed that this is necessary for us to communicate with the outside world and handle inquiries we receive, and that the data subjects' privacy does not take precedence over these interests.

The information will be processed as long as posts/comments are available on the social medium, and you can delete this yourself at any time.

2.8 Use of websites

On our websites and in our services, cookies are used, among other things, to collect information to provide a better customer experience on websites and services, as well as to offer functionality in the services. We also use the information to give visitors recommendations and service customizations that are as relevant as possible for you. This will be given both based on visitors' behavior, e.g. based on services that have been used, links that have been clicked on, or information that has been read, and based on the behavior of other users with similar usage patterns. In addition, cookies are used to provide customized marketing on our websites, in advertising networks and on social media. As far as practically possible, we try to do this with anonymous information, without us knowing that the information is specifically linked to the individual visitor.

A cookie is a text file or data that when visiting or interacting with a website is placed in your browser's memory or a number/digit series that can identify your browser or device that uses the websites (referred to as cookies below for simplicity).

You have the option to prevent us from placing cookies in your browser. Many browsers or devices are set to accept cookies automatically, but you can choose to change the settings so that the cookies are not accepted. The disadvantage of disabling cookies in your browser is that the websites will not function optimally. The reason is that the purpose of most of the cookies we use is to ensure functionality on the services.

We also use tools other than cookies to obtain information about your IP address, what type of browser you use, operating system, date and time for visits to websites and services. We use this information to analyze trends so that we can make the website and services more user-friendly.

Which cookies are used can be seen in the box that appears on the websites the first time you visit them, or by clicking on the circle at the bottom left of the pages, where you can also change your preferences for cookies.

Necessary and functional cookies, as well as cookies for statistics, are processed on the basis of our necessary legitimate interest (GDPR Article 6(1)(f)) to adapt the website to our users and that this interest outweighs the individual's privacy. However, we safeguard the privacy of visitors to the website by only using the information for statistics. In this statistics, it is not possible to identify individuals. The information will be stored as long as it is necessary for the purposes mentioned above.

Personal data collected for analysis and marketing will be processed on the basis of your consent (GDPR Article 6(1)(a)). The information will be processed until you withdraw your consent, which can be done by using the icon on the websites. See more about consent given on the websites.

3. PROCESSING BASED ON CONSENT

If we process personal data on the basis of your consent, see above, you can withdraw consent at any time without it affecting the lawfulness of processing based on consent before the consent is withdrawn. Contact us if you want to withdraw consent. Note that if you withdraw consent, it may be that we can still process all or part of the information if there is another basis for the processing.

4. RETENTION AND STORAGE (DELETION) OF PERSONAL DATA

We retain personal data as long as it is necessary for the purpose for which the personal data was collected, and delete the information in accordance with requirements in the regulations. How long we retain personal data varies depending on how the information was obtained and the purpose for which it was obtained.

When we delete the information is included above where the individual processing activities are described, or the storage period is based on the following criteria:

• Whether we have a legal or contractual need to retain the information, as claims may be made against us
• Whether the information is necessary for our business
• Where the processing basis is consent, when consent is withdrawn

When we no longer have an ongoing legitimate need to process your personal data, it is deleted or anonymized as quickly as possible in accordance with applicable law.

Instead of deleting personal data, it may in some cases be relevant to anonymize the personal data. By anonymization is meant that all identifying or potentially identifying characteristics are removed from datasets that are preserved.

This means, for example, that personal data that we process on the basis of your consent is deleted if you withdraw your consent. Personal data we process to fulfill an agreement with you is deleted when the agreement is fulfilled and all obligations that follow from the contractual relationship are fulfilled, such as legal obligations related to accounting, follow-up of the customer relationship related to complaints, etc. Personal data we process as a result of legal obligation will be deleted as soon as we have no obligation to retain the information.

5. TRANSFER OR DISCLOSURE OF PERSONAL DATA TO OTHERS

We do not pass on personal data to others in cases other than those mentioned in this declaration and unless there is a lawful basis for this. Examples of such basis will typically be an agreement with or consent from the data subject or a legal obligation that requires us to provide the information. The latter applies to public activities such as tax collection (if necessary), accountant/auditor, as well as others that we need in our business such as bank connection.

We use data processors to collect, store or otherwise process personal data on our behalf. In such cases, we have entered into agreements to safeguard your rights and security for your personal data in all stages of the processing.

If it is required by law or there is suspicion that a crime has been committed in connection with the use of our services, personal data we have stored about you may be disclosed to public authorities, such as the police during investigation.

If personal data may be subject to transfer to another organization in connection with merger, financing, reorganization or dissolution transaction of all or part of us, we will only do this if the parties involved have entered into an agreement where the collection, use and sharing of personal data is limited to the purposes that concern the transaction, including a provision on whether the transaction should proceed or not, and personal data shall only be used by the parties involved to implement and complete the transaction. If another company buys us or our business or assets, this company will have access to personal data collected by us, and will assume the rights and obligations regarding your personal data as described in this privacy policy.

6. TRANSFER OF PERSONAL DATA TO RECIPIENTS IN COUNTRIES OUTSIDE THE EEA

It is a goal for us that all processing of personal data should be carried out within the EEA, but it may be that we use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA (third countries) will take place in countries approved by the EU Commission or in accordance with valid legal basis for the transfer of personal data according to GDPR Chapter V. If transfer does not take place to countries approved by the EU Commission, transfer will only take place according to the guarantees set out in GDPR Article 46(2). Which basis has been used for transfer can be informed if you contact us.

7. SECURITY FOR THE PROCESSING

We prioritize security of personal data highly in our business and will implement all required technical and organizational measures to secure your personal data.

We handle information so that it is correct, available and handled according to the degree of sensitivity of the information. We also use a number of security technologies and information security procedures to protect personal data from unauthorized access, use or disclosure. Risk assessments are carried out for processing of personal data.

We have entered into data processing agreements with all our suppliers who process personal data, where they assume the same degree of security as we have for our processing of personal data.

We limit access to personal data to the personnel or third parties who are to process the information on our behalf. These parties are subject to confidentiality obligations.

Routines have been established for handling breaches of information security and routines (personal data breaches), and we will, if there is a breach that entails a risk to the privacy of those the personal data concerns, send a deviation report to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY) as quickly as possible and no later than 72 hours after the breach was discovered. If the breach entails a high probability for the privacy of those the breach concerns, we will also notify them.

8. YOUR RIGHTS WHEN WE PROCESS PERSONAL DATA ABOUT YOU

Below are your rights for the processing of personal data. To exercise your rights, you must contact us, see contact information above, or in another way if it follows below.

We will respond to your inquiry to us as soon as possible, and no later than within one month. If it takes longer than one month, you will be notified.

We will ask you to confirm your identity or provide additional information before we let you exercise your rights with us. We do this to be sure that we only give access to your personal data to you - and not someone who pretends to be you.

8.1 Information

You have the right to receive information about the personal data we process about you. Through this declaration, we inform you about our processing of personal data. You can also contact us if you want more information.

If we have disclosed information to others, we have an obligation to inform the recipient about requests for correction and deletion of personal data, see point 8.3 below, or limitations of processing, see point 8.5 below, if such information is impossible or involves a disproportionately large effort. We have an obligation to inform you about such disclosure if you ask for it.

8.2 Access

You have the right to demand access to personal data that is processed about you. Contact us if you want access. If you have registered an account, some information you have provided can be managed on your side, if the information has not been deleted, see above.

If you demand it, you will also receive a copy of the personal data we process about you. We may ask you to specify which information you want a copy of, to make the delivery easier for us. When delivering a copy of your personal data, we may require that you identify yourself, so that we ensure that we do not disclose personal data to unauthorized persons. Information about you will be transmitted in digital form unless you ask to have it transferred in another way.

8.3 Correction and deletion

You can also ask us to correct incorrect information we have about you or ask us to delete personal data. We will as far as possible accommodate a request to delete personal data, but we cannot do this if we still need the information.

8.4 Processing based on consent

If we process personal data on the basis of your consent, you can withdraw consent at any time. The easiest way to do this is to use the method that was informed about when you gave consent or contact us.

8.5 Right to limit or object to processing

You can demand that our processing of your personal data be limited in certain cases, if the conditions for this are met. If processing is limited, personal data will only be stored. See more in GDPR Article 21.

Where our processing is based on legitimate interests, you have the right to object to the processing of your personal data. If you object, we shall stop the relevant processing, unless there are compelling legitimate reasons to continue the processing.

You can also opt out of processing of personal data concerning you for marketing, including profiling to the extent this is linked to direct marketing, see GDPR Article 22(2).

8.6 The right to data portability

For information that you have given to us and is necessary to implement an agreement with us, and which is processed automatically (i.e., not manually by us), you can ask to have personal data about you disclosed or transferred to another supplier in a structured, commonly used and machine-readable format (data portability).

8.7 Automated processing, including profiling

There will be no automated processing, including profiling, based on your personal data that has legal effects or significantly affects those the personal data concerns. See GDPR Article 22(1) and (4).

8.8 Right to be notified

If a personal data breach occurs, i.e., a breach of security for personal data that will result in a high risk to your privacy, we will notify you without undue delay.

9. COMPLAINTS

We use the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY) as the lead supervisory authority for cross-border processing according to GDPR Article 56.

If you experience that our processing of personal data is not in accordance with what we have described here or that we otherwise violate data protection legislation, you can complain to the Swedish Authority for Privacy Protection. However, we ask you to first contact us, so that we can correct any incorrect processing as quickly as possible.

You can find information about your rights and how to contact the Swedish Authority for Privacy Protection on their website: www.imy.se.

10. CHANGES

If there should be changes in our processing of personal data or changes in the regulations on processing of personal data, this may result in changes to the information you have been given here. If there are changes that concern you directly and that are important for your privacy, we may contact you if we have your contact information. Otherwise, you will at any time find an updated version of this privacy policy on our websites.