GDPR Policy

Additional information for individuals located within the European Economic Area (“EEA”)

The primary purpose of these additional terms is to inform applicable users of additional rights that they hold as data subjects under the European Union General Data Protection Regulation (“GDPR”). Please note that anonymized data (non-personal data), e.g. for statistical evaluations or studies, are not subject to these additional terms.  Further, any capitalized terms used below that are not specifically described in these terms have the meanings ascribed to such terms within the main body of the Policy.


EcoNugenics has determined that a data protection officer and a European Union Registered Agent are not required.


Legal Bases for Collecting Personal Information

Our legal bases for processing personal data may include:

  • Contract performance – processing personal data as necessary to transact or perform a User contract.
  • Legal obligation – where we need to use personal data to allow us to comply with our legal obligations.
  • Legitimate interests – where we use personal data to achieve a legitimate interest and our reasons for using such data outweigh any prejudice to users’ data protection rights.
  • Legal claims – where our use of personal data is necessary for us to defend, prosecute or make a legal claim.
  • Consent – where you have consented to our use of your personal data in writing or by e-mail to customercare@econugenics com

The legal bases that we rely upon to process user’s personal data are as follows:


Legal Bases

Identity and contact data, financial and business information and payment data such as information that we collect from user of our Website. This information may include your name, address, email address, billing and/or credit card information and other similar information

contract performance and enforcement of legal billing claims, legitimate interests (to ensure that we are paid and to enable us to provide products and services to our customers)


Data generated during the course of performing customer service activities and customer communications

contract performance and legitimate interests  (to enable us to maintain and develop our customer relationships)

Data required to enforce our legal, equitable and contractual rights, take measures to protect against fraud and abuse and pursuing available remedies and fulfill our regulatory obligations

legal obligations, legal claims and legitimate interests (to cooperate with law enforcement and regulatory authorities)


Profile and usage data including technical information automatically collected when visiting our Website, which may include cookies, third party tracking technologies, IP addresses, login data, device type information, geolocation data and server logs

legitimate interests (in maintaining and improving our Website and systems), consent and contract performance

Human resource data that is provided by current or prospective employees seeking employment

legitimate interests (to ensure that we can make the most appropriate recruitment, hiring and termination decisions), contract performance (to enable us to take steps, at your request, to enter into employment contracts)


Information collected from users for the purpose of sending marketing messages

legitimate interests (promoting our business) and consent


We may also collect anonymous user information to assist us in providing and maintaining superior quality service. By using the Website and obtaining products or services from us, you hereby consent to our use of such anonymized data.

Transfer of Personal Data to Non-EEA Jurisdictions

We may transfer your personal data to non-European Economic Authority (EEA)-Member States in accordance with the principles established by European Union regulators pursuant to the GDPR and applicable, related European Union rules, laws and regulations. 

We may also transfer your personal data without any specific authorization, to:

  • jurisdictions that have been deemed to be adequate by the European Commission, a list of which can be accessed here; or
  • other jurisdictions following our execution of a data processing agreement which incorporates recognized protective measures such as the Standard Contractual Clauses 2010/87/EU or other currently recognized transfer measures permitted by applicable European Union privacy laws.

Your Rights as a Data Subject

Under the GDPR, you have certain rights. These rights are as follows:

  • The right to be informed: this means we must inform you of how we intend to use your personal data, before the personal data is collected, including through the terms of this Policy.
  • The right of access: this means you have the right to request access to the data we hold about you. and to obtain further information regarding:
    • the processing purpose(s) and categories of personal Data Processed;
    • third party access to their Personal Data, including recipients in third countries;
    • the data source, if the Data Subject did not provide their Personal Data directly to the Controller; and
    • the predicted period for which the Data Subject’s Personal Data will be stored, or, if not possible, the criteria used by the Controller to determine that period.
  • You can do this by sending an email to


  • The right to rectification: this means that if you believe some of the data, we hold is incorrect, you have the right to have it corrected. You can do this by logging into your account with us, or by sending us an email with your request. When we receive this type of request from a data subject, we must verify whether the data subject’s Personal Data is up to date and accurate, and if not, must make the requested corrections


  • The right to erasure: this means you can request that the information we hold be deleted, and we will comply unless we have a legitimate reason not to, in which case you will be informed of same. You can do this by sending an email to When we process personal data while acting as a Controller, we will use all reasonable efforts to delete or destroy the Personal Data that we deem not to be held by us for a legitimate purpose.


  • The right to restrict processing: this means you can change your communication preferences or opt-out of certain communications. You can do this by sending an email to


  • The right of data portability: this means you can obtain and use the data we hold for your own purposes in a structured and machine-readable format, for data that we process based either on your consent or based on a contract that we have entered into with you and that is, in each case, processed by automated means. If you wish to request a copy of your information, contact us at


  • The right to object: this means you can file a formal objection with us regarding our use of your information with regard to third parties, or its processing where we process personal data based on a legal basis of legitimate interest and when our reasons for processing do not outweigh any prejudice to your privacy rights . To do this, please send an email to

If we receive a data subject access request while acting as a controller (the entity that controls the means and purposes of processing personal data), we may condition our response on obtaining specific information from the data subject (or person acting on his or her behalf) and confirmation of the requester’s identity to help us confirm their identity and right to access to the requested personal data (or right to exercise any of their other rights).

If we are acting solely as a processor (processing personal data based on a controller’s instructions), we will use reasonable efforts to transmit any requests to the relevant controller,  provided that, and to the extent permitted by applicable law, we will not be liable to data subjects or to any third party for any harm that arises from our failure to transmit such information or based on a controller’s failure to receive or manage the request.

How Data Subjects can lodge a complaint


Data subjects have a right to lodge a complaint with local European Union data protection supervisory authorities (i.e., place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in the data subject’s place of residence. We ask that data subjects or their representatives please attempt to resolve any issues with us before they contact a local supervisory authority and/or relevant institution.

Automated Decision-making

We do not normally engage in automated decision-making, and If any automated decision-making process that we employ involves profiling, we will notify the relevant data subject about the occurrence and outcome of the automated individual decision and give the data subject an opportunity to have an individual review performed by us in accordance with applicable law.

How to Contact Us

If you have any questions or concerns these terms, please feel free to contact us at the following email, telephone number or mailing address.


Telephone Number: 800-308-5518

Mailing Address:
EcoNugenics, Inc.
396 Tesconi Ct
Santa Rosa, California