At Supernormal.health, we prioritize the privacy and protection of individuals and their personal information. Respecting your privacy aligns with our core values and brand ethos. We aim to provide you with comprehensive information about how we handle your personal information, ensuring transparency and compliance with applicable laws and regulations. This privacy notice is designed to provide you with a thorough understanding of our data practices.
Throughout this privacy and cookie notice, references to "us," "we," "our," or "ourselves" pertain to Supernormal.health and the specific division of our organization that you have a relationship with. References to "you," "your," or "yourself" refer to individuals who interact with us as customers, including those who have purchased our products or services (both online and in-store), recipients of marketing materials, participants in promotions/competitions, and individuals who engage with us on social media. This notice applies to most interactions, unless another privacy notice specific to your activity already exists.
This privacy and cookie notice, in accordance with applicable data protection laws, outlines how we collect and use personal information during and after your relationship with us.
The Controller of Your Personal Information
In accordance with data protection laws, the controller of your personal information is the respective division of Supernormal.health that processes it. Usually, this will be the division with which you interact or have a relationship. As a controller, we are responsible for determining how your personal information is held and used. Our main trading entity is Supernormal AB (org. 559270-6336), incorporated in Sweden, Stockholm.
If you are located in the EU, Supernormal AB will be the controller of your personal information. If you are based outside of the EU, the controller may be another division within our group or the same entity but through data and processing entities residing outside of the EU. However, for the interactions covered by this privacy notice, Supernormal AB will generally be the controller of your personal information. While we may share personal information with different divisions of our group, any queries regarding your personal information, regardless of your location, will be handled by Supernormal AB. You can reach us at [email protected].
Ensuring the accuracy and currency of your personal information is crucial. If your personal information changes during your interactions with us, please inform us promptly.
What if you do not provide personal information?
While it is not mandatory to provide personal information, failure to do so may impact our ability to interact with you effectively. For instance, we may be unable to provide the products or services you desire. However, you are generally not obliged to provide us with your personal information.
If you have queries or concerns, reach out.
We have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection laws. If you have any questions or concerns about this privacy notice or how we handle your personal information, please contact our DPO [email protected].
Changes to this notice
We regularly review all our privacy notices and may update them at any time. The most recent version of this notice is available on our website at https://supernormal.health/privacy or by requesting a copy from [email protected]. If there are any significant changes to this privacy notice in the future, we will notify you, typically by updating the version on our website.
We are committed to transparency and compliance with data protection obligations. The personal information we hold about you must be:
Used lawfully, fairly, and transparently.
Collected for legitimate purposes, clearly explained to you, and not used in a way incompatible with those purposes.
Relevant to the purposes we have informed you about and limited to those purposes.
Accurate and kept up to date.
Retained only as long as necessary for the specified purposes.
Kept secure to protect against unauthorized access or loss.
To ensure compliance with these principles, applicable data protection laws require us to provide you with the information contained in this privacy notice. It is essential to read this document before commencing any interactions with us to fully understand how and why we process your personal information.
In the context of your relationship or interactions with us, we may collect and process a wide range of personal information about you, including but not limited to:
Personal contact details such as name, title, address (including billing and delivery addresses), email address, and telephone number(s).
Information about your date of birth, age, gender, marital status, and the names of any delivery recipients.
Details regarding products or services you have ordered from us.
Information about licensed apps, including usage data, download sources, traffic and communication data, and accessed resources.
Device data related to app or website usage, such as device type, unique identifiers (e.g., IMEI number), mobile network information, operating system, browser type, time zone settings, IP address, and usernames/account details.
Profile data, including usernames, purchase history, interests, preferences, feedback, responses, and inferences drawn from personal data to create a profile reflecting your characteristics, behavior, attitudes, and preferences.
Content data stored on your device, such as login information, videos, photographs, audio recordings, check-ins, workout data, and social media content where you tag us.
Payment details, payment card information, bank account details, financial transactions, and refunds.
Terms and conditions related to your interactions with us.
Communications exchanged between us.
Social media handles, social media posts, information about your social media followers, and any product/service endorsements by you.
Publicly available personal information shared through public platforms or social media.
Survey responses and results.
Fraud prevention-related information, including details of other transactions you have been involved in.
Applications to enter or attend competitions, promotions, or events, attendance records, and related personal information.
Usage of IT systems available at our premises by visitors, such as visitor internet facilities.
IP address information for tracking website usage.
Identification information, including driving license/passport details and background checks.
Other Personal Information: Any other personal information you provide to us that is relevant to our interactions.
In certain cases, we may also collect and process more sensitive special category personal information, such as:
Health information: information about your health, including medical conditions, health records, and details you provide regarding illness, injury, or disability.
The above data is never processed or stored at Supernormal.health but through 3p-processors that are CE-certified and allowed to store sensitive information under the special category of health data.
If you provide us with personal information about other individuals, such as friends or gift recipients, please ensure they are aware of what personal information we hold about them, how we collect, use, and may share that information. Kindly share this privacy notice with them. They also have the same rights outlined in this privacy notice concerning their personal information that we collect.
If you have any questions or concerns regarding the personal information we collect, please contact us at [email protected].
Supernormal collects your personal information from various sources and through different means, as outlined below:
Directly from you: Most of your personal information is collected directly from you. This includes information you provide during interactions with us, such as through contact forms, account registration on our website or app, order placements, correspondence, applications, entries to competitions/promotions, event attendance, subscriptions, memberships, or any other interactions with us. It also includes information you provide when visiting our premises or other personal information shared with us.
Individuals known to you: We may receive your personal information from individuals known to you who have provided it to us for the purpose of sending our products as a gift.
Websites, internet, and social media: We may collect personal information from websites, the internet, social media platforms, or other online sources, including publicly available information.
Website, apps, and information Systems: We collect personal information through our website, apps, information technology systems, and communications systems.
Third parties appointed by you: Personal information may be obtained from third parties appointed by you, such as financial or legal advisors.
Third parties appointed by us: We may receive personal information from third parties appointed by us, such as legal advisors, identity or background check providers, fraud prevention organizations, data cleansing service providers, or market/data research and analysis service providers.
Government and Regulatory Bodies: Personal information may be obtained from government or government-related bodies, regulators, police, law enforcement authorities, or security services.
To process your personal information, we rely on legal bases as permitted by applicable laws. These legal bases allow us to use your personal information lawfully. The main legal bases for processing your personal information are as follows:
Contractual necessity: We process your personal information when it is necessary to perform a contract we have with you or to take steps at your request before entering into a contract.
Legal obligation: We process your personal information to comply with our legal obligations, such as consumer protection laws or data protection laws.
Legitimate interests: We process your personal information based on our legitimate interests or the legitimate interests of a third party, provided that your interests and fundamental rights do not override those interests. Our legitimate interests include managing our relationship with you, marketing our products and services, ensuring network and information security, preventing fraud, conducting research and analysis, and general business administration.
Consent: In certain situations, we rely on your consent to process your personal information, particularly for direct marketing purposes.
For special category personal information, such as health-related data, we require additional legal bases to process such information. These legal bases may include:
Explicit consent: We process sensitive personal information with your explicit consent.
Employment and social security law: Processing health-related information may be necessary to comply with our obligations and exercise our rights in the field of employment law, social security law, or social protection law.
Vital interests: We process sensitive personal information when it is necessary to protect your vital interests or those of another individual.
Public information: If you have already made your sensitive personal information public, we may process such information.
Legal claims: We may process sensitive personal information when establishing, exercising, or defending legal claims.
Public interest: In some cases, processing sensitive personal information may be necessary for reasons of substantial public interest.
Yes it is.
Yes it is.
Yes it is.
At Supernormal.health, we place the utmost importance on respecting and protecting your personal information. As part of our commitment to maintaining a trusted relationship with you, we outline below the various ways in which we may need to utilise your personal data, along with the primary legal bases for processing. While the list encompasses the main uses, it should be noted that specific instances may arise, which are either linked to or covered by the purposes outlined herein.
Processing to fulfill our relationship:
We will process your personal information to effectively manage our relationship with you. This includes activities directly or indirectly related to the establishment or execution of a contract, while also aligning with our legitimate interests. In certain limited cases, we may rely on your consent.
Order handling and delivery:
Your personal information will be processed to handle any orders placed by you or an individual associated with you, ensuring accurate picking, packing, dispatching, shipping, and tracking of the order for a safe delivery. This processing aligns with our legitimate interests, as well as the entry into or performance of a contract with you. Limited cases may require your consent.
Provision of requested services:
To cater to your specific service requests, we will process your personal information. This processing aligns with our legitimate interests, as well as the entry into or performance of a contract with you, either directly or indirectly. Limited cases may require your consent.
Medical evaluation and prescription of medicine :
We will process your personal information in the case of medical evaluations and potential prescription of medicine. This processing aligns with our legitimate interests, to provide the best care and services available.
Direct marketing communications:
We will process your personal information to send you direct marketing materials regarding our products or services, as per your request. This processing aligns with our legitimate interests, as well as the entry into or performance of a contract with you, either directly or indirectly. For marketing through electronic channels like email or SMS/MMS, we require your consent.
Profile development and tailored marketing:
Your personal information will be processed to build a customer or potential customer profile, allowing us to send or display content, advertisements, or marketing materials that are most likely to pique your interest. This processing aligns with our legitimate interests, as well as the entry into or performance of a contract with you, either directly or indirectly. For marketing through electronic channels like email or SMS/MMS, we require your consent.
Relationship monitoring and management:
To ensure effective communication and decision-making pertaining to our relationship, we may need to monitor and manage our interaction with you. This processing aligns with our legitimate interests, as well as the entry into or performance of a contract with you, either directly or indirectly.
Events, promotions, and campaigns:
We may process your personal information to organize, conduct, and oversee events, promotions, campaigns, and visits to our premises, as well as to manage your participation. This may involve the entry into or performance of a contract with you, either directly or indirectly, and may be driven by our legitimate interests. In some instances, we may rely on your consent, such as when you provide us with a photograph for use.
Social media and online relationship management:
To maintain our social media or online relationship with you, we may process your personal information. This aligns with our legitimate interests, and in certain cases, we may rely on your consent, such as when you provide us with videos, photographs, or content for use.
Staff training and brand compliance:
Your personal information may be processed to aid in the training of our staff, ensuring the delivery of the high standards expected in relation to our brand. This processing aligns with our legitimate interests.
Background checks and legal compliance:
In certain cases, we may need to conduct background, identity, fraud prevention, or other checks concerning you, to determine whether to establish or enforce a relationship with you. This processing aligns with our legitimate interests, and in some instances, we may have a legal
To change your marketing preferences and opt out of receiving marketing communications from Supernormal.health, you have several options:
Inform our customer support team through our chat or at [email protected] that you wish to change your marketing preferences.
Utilize the simple "unsubscribe" link in emails or other electronic marketing materials sent to you.
Contact us via email at [email protected] or by post at Riddargatan 4, 114 35, Stockholm, Sweden.
Please note that the measures listed above do not apply to non-marketing communications such as order updates/tracking or advertising that may appear on our website, other websites, or our apps.
We will only use your personal information for the purposes for which it was collected, unless we reasonably determine that we need to use it for another compatible reason. In the event we require your personal information for an unrelated purpose, we will update this privacy notice on our website and notify you accordingly. We encourage you to regularly check for any updates.
Please note that we may process your personal information without your knowledge or consent when required or permitted by law. We rarely rely on your consent for processing your personal information.
Supernormal.health does not currently engage in automated decision-making processes that produce legal effects or significantly impact you without human intervention.
We may analyze your online browsing and purchasing activity, as well as your responses to marketing communications. This analysis, combined with demographic data, enables us to deliver relevant advertisements and draw your attention to customized products, services, events, and offers. To achieve this, we utilize software and other automated processing technologies, enhancing our ability to provide a personalized experience.
Please note that we may review the personal information available on external social media platforms, such as Twitter, Instagram, YouTube, and Facebook.
Our goal is to keep you informed about products and services that are of interest to you as an individual. To achieve this, we employ profiling and segmentation techniques, which involve identifying customer preferences, demographics, interests, purchase behavior, online browsing activity, and engagement with previous communications. This enables us to deliver more relevant advertisements and provide a tailored experience.
Internally, your personal information may be shared with our staff members, including those in customer support, order fulfillment, loyalty and retention, customer relationship management, media, insights, events, campaign, technical, and legal teams. Access to your personal information is granted solely to staff members who require it for the performance of their roles.
We may share your personal information with third parties when necessary and based on a lawful basis. The following entities are among the third parties we may share your personal information with:
Third parties approved by you.
Service or product providers to our business, including information technology services suppliers, logistics and warehousing providers, delivery and shipping providers, fraud prevention organizations, marketing and public relations service providers, market research and analysis providers, and data cleansing providers.
Third parties processing personal information on our behalf and in accordance with our instructions.
Other companies within our group, especially if you have a relationship with that specific part of our group.
Purchasers, investors, funders, and their advisors in the event of a sale, restructuring, or similar transactions involving our business, assets, or shares.
Our legal and professional advisors, including auditors or legal advisors appointed by you.
Social media and online platforms relevant to our relationship with you.
Governmental bodies, HMRC, regulators, police, law enforcement agencies, security services, courts/tribunals.
Except as described above, we do not disclose personal information to any other parties unless required or permitted by law. In certain cases, we may provide third parties with aggregate statistical and analytics information about our users, ensuring that no individual can be identified from such data.
At times, it may be necessary to share your personal information the European Economic Area (EEA), or your information may be collected from outside the UK and the EEA. These transfers are subject to special rules under applicable data protection laws.
The same standards apply to any transfer of personal information to another part of our group of companies located outside the UK and the EEA. We assess the laws, practices, and security measures in place to ensure compliance with data protection laws or utilize standard data protection/contractual clauses. This means that similar protections regarding your personal information can be expected.
In limited circumstances, our directors and key staff members may access personal information from outside the EEA while outside these regions. The same security measures and legal protections apply as if accessing the information from our premises.
For more information on how we protect your personal information during international transfers, please contact our Data Protection Officer (DPO) at [email protected].
We prioritize the safety and security of your personal information. To safeguard against loss, misuse, and alteration, we have implemented multiple security measures, including:
Appropriate encryption of personal information.
Regular cybersecurity assessments of all service providers handling personal information.
Preparedness and planning to respond to cybersecurity attacks and data security incidents.
Regular system penetration testing.
Security controls protecting our information technology systems and premises against unauthorized access and external attacks.
Regular backups of data, allowing for error correction and protection against accidental deletion or modification.
Internal policies establishing information security rules for our staff.
Ongoing staff training on the appropriate use and processing of personal information.
As an individual whose personal information we collect and process, you have certain rights. These rights include:
Withdrawal of Consent: You have the right to withdraw any consent you have given us, although this is only applicable when we rely on your consent as a lawful basis for processing your personal information. Once we receive your withdrawal notification, we will cease processing your personal information for the specific purpose or purposes for which you originally provided consent, unless another lawful basis exists.
Information Request: You have the right to request details about how your personal information is being used. This right is linked to the right of access.
Access to Personal Information: You have the right to request access to and obtain details of the personal information we hold about you. This enables you to receive a copy of your personal information and verify its lawful processing.
Correction of Personal Information: You have the right to request the correction of any incomplete or inaccurate personal information we hold about you.
Erasure of Personal Information: You have the right to request the deletion or cessation of processing of your personal information, for example, when we no longer have a valid reason to process it. You also have the right to request the deletion or removal of your personal information when you have exercised your right to object to processing. Please note that the right to erasure does not apply in all circumstances.
Objection to Processing: You have the right to object to the processing of your personal information when we rely on legitimate interests (ours or that of a third party) and your particular situation gives rise to reasons to object.
Objection to Direct Marketing: You have the absolute right to object to the processing of your personal information for direct marketing purposes. This includes being contacted about products or services that may be of interest to you.
Restriction of Processing: You have the right to request the restriction of processing of your personal information, enabling you to halt its processing for a specific period, especially in cases of inaccurate data or when a dispute arises regarding the balance between your interests and our legitimate grounds for processing.
Data Portability: In certain circumstances, you have the right to request the transfer of your personal information to another party.
Objection to Automated Decision-Making: You have the right to object to certain automated decision-making processes that use your personal information.
Please note that some of these rights may have specific requirements and exemptions, and may not always apply to personal information recorded and stored by us. It is important to understand that while certain rights may have conditions or exemptions, other rights, such as the right to withdraw consent or object to processing for direct marketing, are absolute rights.
To exercise any of these rights, please contact our Data Protection Officer (DPO) at [email protected].
We may need to verify your identity and request specific information to ensure that your personal information is not disclosed or processed by unauthorized individuals.
While this privacy notice provides a general overview of your legal rights regarding personal information, this is a complex area of law. For more detailed information about your rights, you can visit the European Data Protection Supervisor (EDPS) website at https://edps.europa.eu/_en.
Cookies are small data files that are stored on your computer or devices when you access our websites. They serve various purposes, including remembering your preferences, facilitating your online shopping experience, and collecting information about your browsing and purchasing behavior. However, it's important to note that cookies do not contain personally identifiable information such as your name, address, telephone number, or payment details. If you wish to learn more about how cookies work, we recommend visiting www.allaboutcookies.org for detailed information.
When you access our websites, certain cookies collect information about your browsing and purchasing behavior. This information includes pages viewed, products purchased, and your journey around the website. Rest assured, all data collected by cookies is anonymous and never includes individual details that can personally identify you. While some cookies may contain our customer reference number unique to you, they do not include sensitive personal information.
The cookies stored on your computer or devices when accessing our websites are designed by Supernormal or on our behalf. They are essential for enabling you to make purchases and ensuring the effective operation of our websites.
Functional Purposes: Cookies are essential for the effective operation of our websites, including online transactions, site navigation, and preferences.
Browsing and Shopping Behavior: Cookies enable us to collect information about your browsing and shopping behavior. This valuable data helps us improve your shopping experience, monitor performance, and personalize our offerings.
Contractual Obligations: Cookies assist us in meeting our contractual obligations by allowing us to make payments to third parties when a product is purchased by someone who visited our website from those parties' sites.
Supernormal.health collaborates with partners who serve advertisements or present online offers on our behalf. These marketing partners utilize session and persistent cookies to deliver adverts tailored to your interests, measure the effectiveness of advertising campaigns, and ensure an anonymous data collection process. Rest assured, third-party cookies never contain your personal information such as name, address, telephone number, email address, or payment details.
During your visit to our site, two types of cookies may be used:
Session Cookies: These cookies are deleted after each visit to our site. They enable seamless browsing and are essential for adding items to your basket and completing the checkout process. Disallowing session cookies may prevent you from placing an order on our site.
Persistent Cookies: Persistent cookies remember you for a set period, allowing us to display wishlists and previously viewed products when you revisit our site, as well as recognizing whether you are logged into your account.
Most web browsers offer options to turn off or disallow cookies. The process of disabling cookies may vary depending on the web browser you are using. Here are some general instructions:
For Google Chrome:
Choose "Settings" and click on "Advanced."
Under "Privacy and Security," click "Content Settings."
Click on "Cookies."
Choose "Preferences" and select "Privacy."
Click on "Block all cookies."
For Mozilla Firefox:
Click on the menu icon, then select "Options."
Click on the "Privacy & Security" icon.
Find the "Cookies" menu and select the relevant options.
For Microsoft Internet Explorer:
Choose the "Tools" menu, then select "Internet Options."
Click on the "Privacy" tab.
Select "Advanced" and choose the appropriate settings.
Please note that disabling cookies may affect the functionality of our website as well as other websites and services. If you only wish to disable third-party cookies, it will not prevent you from making purchases on our site. However, if you disable the cookies we have used through your web browser, you may be unable to make a transactional purchase on our website.
You can also delete cookies using your web browser. However, unless you disallow them, they will be re-applied the next time you visit a website.
We recommend referring to the specific instructions for your web browser and operating system for more accurate guidance on disabling and deleting cookies.
At Supernormal.health, we respect your choices regarding cookies and value your privacy. By managing your cookie preferences, you can ensure a browsing experience that aligns with your needs and preferences.
Note: The instructions provided above are general guidelines and may vary depending on your specific web browser and operating system version. For the most accurate instructions, we recommend consulting the help section or support resources of your chosen web browser.
Feel free to reach out to our Data Protection Officer via [email protected]