Privacy Policy | Nume | Nume
Save an extra 20% on all products worldwide

Privacy Policy

Last Updated: March 2025

Introduction

At Nume, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website or services.

In this Privacy Policy, "Nume," "Nume Labs," "we," "us," or "our" refers to Nume OÜ, a company registered in Estonia, having its registered office at Tartu Maantee 67/1-13B, 10115 Tallinn, Estonia. Nume operates the websites numelabs.org, numelabs.io, nume.com.au, and any other domains or subdomains under the Nume brand (collectively, the "Websites"), and all associated services.

This Privacy Policy adheres to the European Union General Data Protection Regulation (GDPR) and other applicable data protection laws. We are dedicated to being transparent about the data we collect about you and how it is used.

Understanding Personal Information

Personal information refers to any information that can identify you directly or indirectly. This includes obvious identifiers like your name and email address, but also includes device identifiers, location data, online identifiers, and factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity when they can be linked back to you.

We take our responsibility to protect your personal information seriously and implement appropriate measures to ensure its security.

Information We Collect

We may collect several types of information from and about our users, including:

Personal Information

  • Identity Information: Name, date of birth, gender, and similar identifiers
  • Contact Information: Email address, phone number, billing address, and shipping address
  • Financial Information: Payment details, transaction history, and subscription information
  • Account Information: Username, password, and account preferences
  • Health Information: Medical history, current health conditions, and wellness data you choose to share
  • Genetic Information: If you opt to use our genetic-related services, we may collect and process genetic data with specific additional protections

Technical & Usage Information

  • Technical Data: IP address, browser type and version, device information, time zone setting, and operating system
  • Usage Data: Information about how you use our website, products, and services
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our communication preferences

We consider health-related and genetic data as sensitive information and apply additional safeguards to protect it.

Why We Collect Your Information

We collect your personal information to:

  • Provide and improve our services and products
  • Process transactions and deliver your orders
  • Personalize your experience on our website
  • Communicate with you about your account, orders, and our services
  • Protect the security and integrity of our website
  • Comply with legal and regulatory requirements
  • With your consent, provide personalized health and wellness recommendations

How We Collect Your Information

We use different methods to collect information from and about you, including when you:

  • Create an account or profile
  • Place an order or make a purchase
  • Sign up for our newsletter
  • Contact our customer service
  • Participate in surveys or promotions
  • Visit our website (through cookies and similar technologies)

We also collect information through:

  • Direct interactions: When you create an account, place an order, subscribe to services, participate in surveys or quizzes, or communicate with us
  • Automated technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns
  • Third parties: We may receive information about you from various third parties such as healthcare providers (with your consent), analytics providers, and payment service providers

Our website is not intended for children under 16 years of age, and we do not knowingly collect personal information from children under 16.

How We Use Your Information

We use your information for the following purposes:

  • Process and fulfill your orders
  • Manage your account and provide customer support
  • Send order confirmations and updates
  • Improve our website and services
  • Personalize your shopping experience
  • Send marketing communications (with your consent)
  • Detect and prevent fraud
  • Comply with legal obligations

We also use your information for:

  • Service Provision: To process and fulfill your orders, manage payments, and provide customer support
  • Healthcare Services: To provide personalized health and wellness services, communicate health information, and coordinate care
  • Website Optimization: To improve our website, products, services, and user experience
  • Communications: To communicate with you about your account, orders, and services
  • Marketing: To deliver relevant content and offers (with your consent) and measure the effectiveness of our marketing
  • Security & Fraud Prevention: To protect our website, products, services, and customers from fraud and other illegal activities
  • Legal Compliance: To comply with our legal obligations and enforce our terms and conditions

Legal Basis for Processing

Under the GDPR, we process your personal data based on one or more of the following legal grounds:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose
  • Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
  • Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject
  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights

For health-related and genetic data, we typically process your information based on your explicit consent or when necessary for the provision of healthcare services.

Sharing Your Information

We may share your personal information with:

  • Service Providers: Companies that perform services on our behalf, such as payment processing, shipping, and technology services
  • Healthcare Providers: With your consent, we may share your health information with healthcare professionals involved in your care
  • Business Partners: Trusted partners who help us provide and improve our services
  • Legal Authorities: When required by law, court order, or governmental regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not sell your personal information to third parties for marketing purposes.

International Transfers

As a global company with offices in Estonia, Australia, New Zealand, and the United Kingdom, we may transfer your personal information to countries outside the European Economic Area (EEA). When we do so, we ensure a similar degree of protection is afforded to your data by implementing appropriate safeguards, including:

  • Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
  • Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission
  • Using service providers that adhere to approved certification mechanisms or codes of conduct

By using our services, you consent to these transfers where they are necessary to provide you with our services or for the purposes described in this Privacy Policy.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Security Measures

We have implemented appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of sensitive data both in transit and at rest
  • Regular security assessments and penetration testing
  • Multi-factor authentication for system access
  • Access controls and strict authentication procedures
  • Regular security training for all staff
  • Confidentiality agreements with all staff and partners
  • Physical security measures at our data centers
  • Business continuity and disaster recovery plans

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content. Cookies are small text files stored on your device that help us provide and improve our services.

We use the following types of cookies:

  • Essential cookies: Necessary for the website to function properly
  • Analytical/performance cookies: Allow us to recognize and count visitors and see how they move around our website
  • Functionality cookies: Used to recognize you when you return to our website
  • Targeting cookies: Record your visit to our website, the pages you have visited, and the links you have followed

You can control cookies through your browser settings and can opt out of certain types of cookies. Please note that disabling certain cookies may impact the functionality of our website.

For detailed information about the specific cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

Links to Third-Party Websites

Our website may contain links to other websites, applications, or services that are not operated or controlled by us. If you follow a link to any third-party website, please note that these websites have their own privacy policies. We strongly advise you to review the privacy policy of every site you visit.

We do not control and are not responsible for the content, privacy practices, or policies of any third-party sites or services. Once you leave our website, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the protection of your information.

Direct Marketing

We may use your personal information to send you marketing communications about products, services, and promotions that we believe may be of interest to you. We will only send you marketing communications if:

  • You have given us your consent to do so
  • You have previously purchased goods or services from us and have not opted out of receiving marketing communications

Each marketing communication we send will include an easy way to opt out of future communications. You can opt out at any time by:

  • Clicking the "unsubscribe" link in any marketing email we send
  • Contacting us using the details provided in the "Contact Us" section
  • Updating your communication preferences in your account settings

If you opt out of receiving marketing communications, we may still send you service-related communications, such as order confirmations and important updates about your account or our services.

Withdrawing Your Consent

Where we process your personal information based on consent, you have the right to withdraw that consent at any time. You can withdraw your consent by:

  • Contacting our Data Protection Officer at the email address provided in the "Contact Us" section
  • Changing your preferences in your account settings
  • Using the "unsubscribe" link in our communications (for marketing communications)

Please note that the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Additionally, in some cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so, or if your withdrawal of consent was limited to certain processing activities.

Quality of Personal Information

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, complete, and up-to-date. However, the accuracy of your information depends largely on what you provide to us.

We encourage you to:

  • Update your personal information whenever your details change
  • Notify us if you find any errors in the information we hold about you
  • Inform us if you believe any information we hold is no longer relevant

You can request updates to your personal information by contacting us using the details provided in the "Contact Us" section or by updating your information directly through your account settings, where available.

Your Rights

Under the GDPR and other applicable data protection laws, you have certain rights regarding your personal information:

  • Right to Access: You can request a copy of the personal information we hold about you
  • Right to Rectification: You can request that we correct any inaccurate or incomplete information
  • Right to Erasure: In certain circumstances, you can ask us to delete your personal information
  • Right to Restrict Processing: You can ask us to temporarily or permanently stop processing your personal information
  • Right to Data Portability: You can request a copy of your personal information in a structured, commonly used, and machine-readable format
  • Right to Object: You can object to the processing of your personal information in certain circumstances
  • Right to Withdraw Consent: Where we rely on your consent to process your personal information, you can withdraw this consent at any time

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within one month, although in certain circumstances, we may need to extend this period.

Please note that we may need to verify your identity before processing your request. In some cases, we may have legal grounds to refuse your request, but we will explain our reasons if this happens.

When We May Refuse Access Requests

While we strive to provide you with access to your personal information, there are certain situations where we may be unable to grant access or may need to limit the information provided. We may refuse access when:

  • Providing access would have an unreasonable impact on the privacy of other individuals
  • The request is frivolous or vexatious
  • The information relates to existing or anticipated legal proceedings between us and would not be accessible through legal discovery processes
  • Providing access would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations
  • Providing access would be unlawful or would likely prejudice enforcement-related activities
  • Denying access is required or authorized by law

If we refuse your request for access, we will provide you with written reasons for the refusal and information about how you can complain about the refusal.

De-identified Information

We may use de-identified or anonymized information (where all personal identifiers have been removed) for various purposes, including:

  • Statistical analysis and research
  • Service evaluation and improvement
  • Training and development
  • Publication in scientific literature (only with aggregated data)

When we use de-identified information, we take reasonable measures to ensure that the information cannot be re-identified. If de-identified information is combined with personal information, we will treat the combined information as personal information in accordance with this Privacy Policy.

Data Breach Procedures

We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Our procedures include:

  • Identifying and containing the breach
  • Assessing the risk and impact of the breach
  • Notifying relevant authorities within 72 hours when required
  • Communicating with affected individuals when there is a high risk to their rights and freedoms
  • Implementing measures to prevent future breaches

If we determine that a breach poses a high risk to your rights and freedoms, we will notify you without undue delay, providing information about the breach and our response. Our notification will include:

  • A description of the nature of the breach
  • The name and contact details of our data protection officer or other contact point
  • A description of the likely consequences of the breach
  • A description of the measures taken or proposed to address the breach

Genetic Data Protection

For users who choose to use our genetic-related services, we implement additional protections for genetic data in accordance with GDPR Article 9 and other applicable regulations:

  • We collect genetic data only with your explicit consent
  • We store genetic data with enhanced security measures, including advanced encryption
  • Access to genetic data is strictly limited to authorized personnel
  • We process genetic data only for the specific purposes disclosed to you
  • You maintain the right to withdraw consent for genetic data processing at any time
  • You can request the deletion of your genetic data, subject to any legal obligations

We recognize the highly sensitive nature of genetic information and apply the strictest standards to protect this data.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to this Privacy Policy constitutes your acceptance of the changes.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@numelabs.org

Postal Address:
Nume OÜ
Tartu Maantee 67/1-13B
10115 Tallinn
Estonia

If you are located in the European Union and have concerns about our processing of your personal data that we are unable to resolve, you have the right to lodge a complaint with the data protection authority in your country.

Data Processing Agreements

For our business clients, partners, and service providers who process personal data on behalf of Nume or whose data is processed by Nume, we offer Data Processing Agreements (DPAs) in compliance with Article 28 of the GDPR.

A DPA is a legally binding document that stipulates the rights and obligations of each party regarding the protection of personal data. Our standard DPA includes provisions on:

  • The scope and purpose of data processing
  • Confidentiality obligations
  • Security measures
  • Sub-processor management
  • Data subject rights
  • Breach notification procedures
  • Audit rights
  • Data transfer mechanisms
  • Data return or deletion

If you are a business client or partner of Nume and require a DPA, please contact our Data Protection Officer at privacy@numelabs.org.

Related Policies