Privacy Statement
Last modified on March 21, 2025
Introduction
This Privacy Statement is issued by Controller ("Company", “we”, “us”, “our”), and applies to information collected and processed about individuals (“you”, “your”) who interact with our Platform, website, mobile applications, and related services (collectively, the "Services"). We are committed to protecting and respecting your privacy in compliance with applicable U.S. privacy laws, including but not limited to the Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), California Consumer Privacy Act (CCPA), and other applicable state and federal privacy laws. This Statement may be updated to reflect new privacy legislation as it comes into effect.
Our Privacy Statement explains how we collect, use, share, and protect your personal information when you use our services, visit our website, or interact with us, regardless of your location. It also describes your rights regarding your personal information under the GDPR and applicable US privacy laws, and how you can exercise them.
Identity and Contact Details of the Controller
In accordance with the Colorado Privacy Act (CPA) the Controller responsible for the processing of personal data under this Privacy Statement is Gluvafit(“Controller”). The Controller can be contacted via the following means:
Email :
[email protected]
Physical Address: 8 The GRN, Suite B , Dover, DE 19901
Phone Number: +1 833 701 7538
Data Subjects, as defined under Colorado Privacy Act (CPA), have the right to contact the Controller for any inquiries or concerns regarding the processing of their personal data.
Definitions
For the purposes of these Terms & Conditions, the following terms shall have the meanings ascribed to them below:
“Agreement” means the contract formed between the Company and the Consumer upon the Consumer’s acceptance of these Terms & Conditions by accessing or using the Platform.
“Consumer” means any individual who accesses, uses, or makes a purchase through the Company’s platform.
“Company” means https://www.getgluvafit.com, a platform for the sale of dietary supplements and related products.
“Platform” means the online environment accessible athttps://www.getgluvafit.com where the Company offers and sells Products to Consumers.
“Order” means any request by a Consumer to purchase one or more Products through the Platform.
“Personal Data” means any information relating to an identified or identifiable natural person as defined under applicable data protection laws.
“Platform” means the online environment accessible at https://www.getgluvafit.com where the Company offers and sells Products to Consumers.
“Products” means the dietary supplements and related products offered for sale on the Company’s platform.
“Services” means all functionalities and features provided by the Company through the Platform, including but not limited to browsing and purchasing Products, accessing product information, and receiving customer support.
“Terms & Conditions” means this document, which outlines the agreement between the Company and the Consumer regarding the use of the Company’s platform and the purchase of Products.
“Usage Data” means is information that is automatically generated and collected either through the use of a service or from the service’s infrastructure itself. This data provides insights into how users interact with and utilize a particular service or website.
TYPES OF PERSONAL DATA PROCESSED
We collect information You intentionally provide us with, as well as some technical information from Your mobile device or web browser.
The overview below describes the purposes for processing the Personal Data collected in accordance with this paragraph as well as the legal ground on which this processing is based.
| PURPOSE | TYPE OF DATA | LEGAL GROUND | EXPLANATION |
|---|---|---|---|
| Creating an account | Username, address, email, shipping details | Necessary for the performance of the Agreement | You need to provide a Username to create an account. You need an account to use the Services or receive the products. |
| Age verification | Date of birth
Email address |
Legal obligation Legitimate interest | Legislation in certain countries prohibits minors to use the Services or buy the products.
We have a legitimate interest to process the date of birth, since we deem our Services unsuitable for minors and try to prevent them from using the Services by requiring the date of birth. |
| Applying for verified membership | Email address | Necessary for the performance of the Agreement | As a verified member, You have access to the full Services including Services offered against a fee. We must be able to contact You. |
| Contacting You
i) Service-related notifications ii) Promotional notifications iii) Responding to questions, complaints, reports, requests |
i) email address
gender Age Username ii) email address usage data, such as Device Information: Type of device used (computer, smartphone, tablet), Operating system, Browser type and version, Unique device identifiers Network Information: IP address, Internet service provider Interaction Details: Pages visited on the website or app, Time and date of visits, Duration of page visits or app usage, Features or content accessed, Actions taken within the service (e.g., clicks, searches) Performance Data: Load times, Error logs, Crash reports, Location Information: General location (often derived from IP address) More precise location data if location services are enabled. iii) name; email address; content of the email we received |
i) Necessary for the performance of the Agreement
ii) Legitimate interest iii) Legitimate interest; |
i) and ii) We process your data as necessary to operate, improve, or promote our services, including but not limited to: providing customer service or support; marketing our products and services through email marketing, SMS marketing, and advertising (including retargeting via advertising platforms); sending notifications; performing accounting, administrative, and legal tasks; processing payments; fraud prevention; technical diagnostics; demographic analysis; product offerings and delivery; compliance verification; content improvement; customer communications; and other purposes reasonably necessary for the operation of our business and as permitted by applicable law.
iii) We must use Your email address and the content of the email You sent, in order to reply to Your questions, remarks, complaints or filed reports; |
| Improving the Services/Chatbot
by analyzing data |
i) Personal Data used to create aggregated User statistics
ii) Personal Data, used for analysis. |
i) Legitimate interest
ii) Legitimate interest |
i) See Cookie Policy
ii) See Cookie Policy |
| Protecting our rights and interests | It cannot be determined in advance which personal data will be processed for this purpose. A number of possible situations are listed below.
i) Personal Data necessary to defend ourselves against claims or to substantiate claims of our own. ii) Personal Data that must be provided to a third party in the context of a legal opinion or advice and/or an audit. iii) Personal Data that must be provided in relation to a merger and/or acquisition |
i), ii) and iii) Legitimate interest | i) We have a legitimate interest to process Your Personal Data if necessary to protect our rights and interest (with regard to the Services) and defend ourselves against claims from You, other Consumers or third parties.
We furthermore have a legitimate interest to transfer Personal Data to a third party: (i) for legal advice, including but not limited to litigation, compliance, and regulatory matters; (ii) in relation to internal or external audits; or (iii) as reasonably necessary to protect our legal rights and interests. We also have a legitimate interest to transfer Personal Data to a third party, if this is necessary in relation to a merger or acquisition. |
Recipients of Personal Data
In accordance with this Privacy Statement, the Controller may share the Data Subject’s personal data with the following categories of recipients:
Service providers and subcontractors who perform services on behalf of the Controller pursuant to written agreements containing appropriate data protection safeguards, including but not limited to payment processing, data analysis, email delivery, hosting services, customer service, marketing assistance, and supplement manufacturing and fulfillment services.
Partners and affiliates of the Controller for the purposes of providing products, services, or offers that may be of interest to the Data Subject, subject to the Data Subject’s consent where required by applicable law.
Regulatory authorities, law enforcement agencies, and other governmental bodies when required by law or in response to a valid request related to a criminal investigation or alleged illegal activity.
Third parties in connection with a merger, sale of company assets, financing, or acquisition of all or a portion of the Controller’s business by another company, where the Data Subject’s personal data may be among the assets transferred.
The Controller ensures that all recipients of personal data are bound by confidentiality obligations and applicable data protection laws to protect the Data Subject’s personal data, including through appropriate contractual provisions, technical safeguards, and regular compliance monitoring. The Controller maintains the right to audit such recipients' compliance with these obligations.
Data Retention Period
In compliance with the Colorado Privacy Act (CPA), the California Consumer Privacy Act (CCPA), FDA regulations, and other applicable laws, the Controller will retain the personal data of the Data Subject only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory requirements including those related to dietary supplements, or as otherwise permitted by applicable law. The retention period may vary depending on the nature of the data and the purposes for which it is processed. Specific retention periods are determined based on the following criteria:
The necessity to retain the personal data for the fulfilment of the contractual and pre-contractual obligations between the Controller and the Data Subject.
The need to comply with legal obligations and regulatory requirements, including but not limited to tax and commercial laws.
The importance of retaining the data for the establishment, exercise, or defence of legal claims.
Any consent provided by the Data Subject for a longer retention period.
Upon the expiration of the retention period, the personal data will be securely deleted or anonymized, so it can no longer be associated with the Data Subject. The Controller will also take appropriate measures to ensure that any third parties acting on its behalf adhere to similar data retention practices.
Data Subject’s Rights
In compliance with the Colorado Privacy Act (CPA) and the California Consumer Privacy Act (CCPA), the Data Subject is granted the following rights concerning their personal data processed by the Controller:
Right to Access: The Data Subject has the right to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
Right to Rectification: The Data Subject has the right to obtain the rectification of inaccurate personal data concerning them. Considering the purposes of the processing, the Data Subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to Deletion: The Data Subject has the right to request the deletion of personal data concerning them without undue delay under certain conditions, as specified in the Colorado Privacy Act (CPA). This includes situations where the personal data is no longer necessary for the purposes for which it was collected, where consent is withdrawn, or where there are no overriding legitimate grounds for the processing. This right may be subject to certain exceptions under applicable U.S. state and federal laws.
Right to Restriction of Processing: The Data Subject has the right to obtain restriction of processing under certain conditions, such as when the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data; if the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; if the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise, or defence of legal claims; if the Data Subject has objected to processing pursuant to Article 21(1) Colorado Privacy Act (CPA) pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
Right to Data Portability: Under the Colorado Privacy Act (CPA), the Data Subject has the right to obtain their personal data in a portable and readily usable format that allows them to transmit the data to another entity without hindrance, where technically feasible. This right applies to personal data that the Data Subject has provided to the Controller and where the processing is carried out by automated means.
Right to Opt-Out: Under the Colorado Privacy Act (CPA), the Data Subject has the right to opt out of the processing of their personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning the Data Subject. The Controller will honor such opt-out requests unless otherwise permitted by applicable law.
Right to Opt Out of Automated Decision-Making: Under the Colorado Privacy Act (CPA), consumers have the right to opt out of automated processing, including profiling, that produces legal or similarly significant effects. This includes the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
Right to Withdraw Consent: Under Colorado law, where the processing of personal data is based on consent, you have the right to withdraw that consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to File a Complaint: Colorado residents have the right to file a complaint with the Colorado Attorney General's office if they believe their privacy rights under the Colorado Privacy Act have been violated. Residents or states may file complaints with their respective state's Attorney General office or appropriate regulatory authority.
Right to Withdraw Consent
In accordance with the Colorado Privacy Act (CPA), the Data Subject has the right to withdraw their consent at any time where the Controller relies on their consent to process personal data. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The Data Subject is informed that the withdrawal of consent may affect the ability of the Controller to provide certain services for which the processing of personal data is necessary.
Automated Decision Making and Profiling
In accordance with the Colorado Privacy Act (CPA), the Controller informs the Data Subject that it may engage in automated decision-making processes, including profiling for purposes of product recommendations and marketing, that would have a legal or similarly significant effect on the Data Subject. The Controller is committed to ensuring transparency and fairness in all its data processing activities. For customers in the United States, the Controller will comply with all applicable state and federal laws relating to data privacy and protection.
When the Controller utilizes automated decision-making processes for product recommendations, marketing, or other business purposes, it will provide the Data Subject with clear information about such processing and its potential effects. The Data Subject acknowledges that such processing may include automated analysis of preferences, purchase history, and interactions to provide personalized product recommendations and marketing communications. Prior to implementing such processes, the Controller will also seek explicit consent from the Data Subject, in compliance with the Colorado Privacy Act and other applicable U.S. privacy laws.
Data Security Measures
In compliance with the Colorado Privacy Act (CPA), the Controller commits to implementing and maintaining comprehensive data security measures to protect the personal data of the Data Subject against unauthorized or unlawful processing and against accidental loss, destruction, or damage. Such measures include, but are not limited to:
Ensuring that personal data is encrypted during transmission and storage.
Implementing access control measures to ensure that only authorized personnel have access to personal data.
Maintaining up-to-date cybersecurity protocols to protect against hacking, viruses, and other malicious software attacks.
Conducting regular security assessments and audits to ensure the effectiveness of the data security measures.
Providing training to employees and contractors on data protection and privacy to ensure compliance with the Colorado Privacy Act and other applicable U.S. privacy laws.
The Controller shall notify the Data Subject of a confirmed data breach without unreasonable delay, but no later than 30 days after determination that a breach has occurred that requires notification under applicable law that is likely to result in a risk to the rights and freedoms of the Data Subject, unless a shorter timeframe is required by applicable law. Such notification will be made in accordance with the Colorado Privacy Act and other applicable U.S. laws and regulations.
Changes to the Privacy Statement
In the event of any amendments to this Privacy Statement, the Controller will provide the Data Subject with a revised version. The revised Privacy Statement will be made available on the Controller’s website and, where applicable, communicated to the Data Subject via email or other direct communication methods. The date of the latest update will be clearly indicated within the document.
The Data Subject is advised to regularly review the Privacy Statement for any changes. Continued use of the Controller’s services after any changes to the Privacy Statement have been made will constitute acceptance of those changes by the Data Subject, except where explicit consent is required by law. The Controller reserves the right to require explicit consent to material changes as a condition of continued service use.
Complaints Procedure
Data Subjects with complaints regarding the processing of their personal data by the Controller must first contact the Controller at [email protected] within 30 days of the incident to seek resolution. If the Data Subject feels that their complaint has not been adequately resolved, they have the right to lodge a complaint with the Colorado Attorney General's Office under the Colorado Privacy Act (CPA), or with other applicable state or federal regulatory authorities, including but not limited to the Federal Trade Commission (FTC) for US residents, or their local Data Protection Authority for international customers. The Data Subject can contact the Domestic Data Protection Authority directly through their official website or by other means provided by the Authority.
Dispute resolution
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact us via
[email protected] or file a complaint with the Colorado Attorney General's Office.
Contacts
If you have any questions about this Policy, you can contact us:
by email:
[email protected]
Platinum Group Solutions LLC, 8 The GRN Suite B Dover DE 19901
by phone: +1 833 701 7538 (available Monday through Friday, 9:00 AM to 5:00 PM Mountain Time)
Join Happy Customers