1. TABLE OF CONTENT

Annex 1 – List of Nu Skin entities responsible for processing your Personal Data.

Annex 2 - How we use your Personal Data and on which legal basis.

2. OVERVIEW

Nu Skin is committed to respecting and protecting your privacy. We act in accordance with the requirements of the various privacy and data protection laws applicable in the countries or markets where we operate.

This Privacy Notice explains how we collect, use and share Personal Data pertaining to our customers, Brand Affiliates, job applicants and office and Website visitors (collectively, “you” and “your”) and explains the rights you have regarding our use of your Personal Data. This Privacy Notice also applies to you if you publish information on the Internet (e.g. publicly available websites or blogs, Twitter, Instagram, Facebook, etc.) that we may collect data from, either directly or through third parties. Please take into account that not all sections may be equally relevant or applicable to you depending on the circumstances. For instance, if you are an office visitor, Section 10 “Your Marketing Choices” in principle does not apply to you because we typically do not send office visitors direct marketing messages.

Please ensure you read this Privacy Notice carefully before using our Website or Apps and/or providing us with your Personal Data.

3. WHO WE ARE AND HOW TO CONTACT US

Nu Skin Enterprises Inc. and its affiliates and subsidiaries (“Nu Skin”, “we”, “us” and “our”) are an international group of companies offering personal care products, nutritional supplements, devices and other goods or services through (i) the Nu Skin websites (whether local or global) (each a “Website”), (ii) Nu Skin apps and tools (the “Apps”) and (iii) a network of independent distributors (“Brand Affiliates”).

Depending on who you are, your Personal Data are processed by different entities of Nu Skin and/or for different purposes. You will find here the list of the Nu Skin entities acting as data controllers responsible for processing your Personal Data. Please contact the Privacy Team or our Data Protection Officer [DPOoffice@nuskin.com] if you have questions or concerns, want to update your Personal Data, or to exercise your rights as described below.

4. WHAT PERSONAL DATA DO WE COLLECT

Personal Data is any information that relates directly or indirectly to an identified or identifiable living individual or, where applicable, legal entity. Personal Data may include a name, an (email) address, a telephone number, an IP address, credit card information, preferences, age, gender, occupation, etc.

The Personal Data that we collect, and how we collect it, depends on how you interact with us. For instance, if you are one of our customers, we may collect different types of data compared to when you are a Brand Affiliate. We have included a generic outline of our data collection and processing activities below. However, if you wish to consult our interaction-specific data processing activities, and processing purposes, please refer to our “How we use your Personal Data” list, here. This list includes details of processing activities per data subject category.

B. PERSONAL DATA WE COLLECT FROM YOU AND WHY

We collect Personal Data directly from you as follows:

As a Customer:

When you create a Nu Skin account, we will collect, or ask you to provide your contact information, some biographical information and other relevant information, as well as your communication preferences;
When you purchase Nu Skin products or services, or return products, we will collect, or ask you to provide your contact information, billing and financial information and other relevant information;
When you register to our newsletter and/or to one of our online services, we will collect, or ask you provide your contact information and other relevant information including registration data, as well as your communication preferences; and
When you otherwise interact with Nu Skin, for instance by contacting our customer service. In this case, we will collect the Personal Data you provide to us at your own initiative and any Personal Data we need to help resolve your query. If you call our call centers, we will record the call.

As a Brand Affiliate:

When you sign up to become a Nu Skin Brand Affiliate, we will collect, or ask you to provide your financial and business information and other relevant information which may include identification information and additional biographical information;
When you purchase Nu Skin products or services, or return products, we will collect, or ask you to provide your contact information, billing and financial information and other relevant information;
When you register to our newsletter and/or to one of our online services, we will collect, or ask you provide your contact information and other relevant information including registration data, as well as your communication preferences;
When you register to attend one of our events/incentive trips, we will collect, or ask you to provide you and your guest’s contact and identification information, and other relevant information including biographical information, registration data, billing and financial information;
When you use some of our Apps as a logged in Brand Affiliate, we will also ask you to provide information relevant to the App, which may contain ethnicity and health data if such data is necessary to provide you with the functionality you request using the App;
When you report an adverse event case, we will collect, or ask you to provide your contact information, as well as information regarding the adverse event you suffered which may contain health data;
When you use our company IT systems or equipment, we may collect data related to your use of such equipment; and
When you otherwise interact with Nu Skin, for instance by reaching out to us through various communication channels. In this case, we will collect the Personal Data you provide to us at your own initiative and any Personal Data we need to help resolve a query. If you call our call centers, we will record the call.

As a Job Applicant:
When you apply for a job with us, we will ask you for information relevant to your application such as your name, contact details, employment history and educational background. We may ask you to apply via our recruitment system where a specific privacy notice is available;
When you otherwise interact with Nu Skin, for instance by reaching out to us through various communication channels. In this case, we will collect the Personal Data you provide to us at your own initiative and any Personal Data we need to help resolve a query. If you call our call centers, we will record the call.

As an Office Visitor:

When you visit one of our buildings, we may collect information that we need in order to identify you and complete necessary security checks, such as your name and the name of your company. We may also collect CCTV footage that allows for your identification.

As a Website Visitor:

When you visit our Website or use our Apps, we automatically collect, store and use technical information about your equipment and interaction with our Website and Apps (“General Information”). This General Information is sent from your computer or personal device to us using a variety of cookies and other technical means. Some web browsers may transmit “do-not-track” signals to websites with which the browser communicates. Our websites do not currently respond to these “do-not-track” signals.

Click here for more information about our use of cookies and how to disable them.

It is not mandatory for you to provide your Personal Data to us. However, we may not be able to carry out the purposes described above if you choose not to provide us with your personal data.

D. PERSONAL DATA WE COLLECT FROM THIRD PARTIES

Most of the Personal Data that we collect about you will be information that you provide to us directly. In some circumstances we may also receive Personal Data about you from:

Brand Affiliates;
Individuals who provide us with your Personal Data (e.g. your family members);
Regulatory bodies;
Other companies providing services to us (e.g. social listening companies).

Some of these third party sources may include publicly available sources of information. In particular, we may receive Personal Data from social networks when you engage with our content, reference our Site or Service, or grant us permission to access information from the social networks.

In addition, we could collect, either directly or through third party service providers, information that is publicly available on the Internet (e.g. from websites, blogs, social media).

A. SHARING PERSONAL DATA

We may disclose your Personal Data to:

other Nu Skin entities, including directors, employees, agents, and representatives thereof for operational, management, administrative, supervisory or evaluative or educational purposes. You may consult the list of Nu Skin entities that may receive your data here and a list of data processing purposes and categories here and in Sections 4 and 5 above;
lawyers, auditors, financial advisors, and other third party service providers in connection with their services to Nu Skin.
suppliers and service providers including but not limited to shipping and delivery services providers, telecommunication services providers, payment services providers, event organizers, travel agencies and insurance companies;
a third party in the event that Nu Skin sells all or part of its assets to such third party or merges with or is acquired by the third party;
any applicable regulatory, statutory, governmental or other relevant authorities, agencies or bodies and industry regulators, and any other person to whom Nu Skin is compelled, required or permitted to do so by law, rules or regulations, legal process or litigation;
any person pursuant to any order of a court of competent jurisdiction or comparable legal process.

In addition, if you are a Brand Affiliate or a customer, we may transfer your Personal Data to your upline Brand Affiliates and/or sponsor when we determine it necessary to ensure proper upline support or for Brand Affiliate educational purposes.

In such circumstances, we will take reasonable steps to ensure that any third party recipients have implemented reasonable security mechanisms to protect your Personal Data.

We do not disclose your personal information to third parties for the third parties’ own direct marketing purposes. In addition, we do not and will not sell Personal Information to third parties; and in the past 12 months, we have not sold your Personal Information to any other entity.

EEA") to the United States and other non-EEA jurisdictions, we implement standard contractual clauses approved by the European Commission, and other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the General Data Protection Regulation. Please contact the Privacy Team, if you have any questions with respect to the safeguards we have put in place to protect your Personal Data when we transfer this (including how to obtain a copy of or consult these safeguards).

Nu Skin International Inc. (Nu Skin) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov]

Nu Skin is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Nu Skin complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Nu Skin is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

7. HOW WE PROTECT YOUR PERSONAL DATA

We protect your Personal Data and implement reasonable security including physical (e.g. secured filing cabinets), technical and organizational security measures appropriate to protect your Personal Data against unauthorized or unlawful processing and against any accidental loss, destruction, or damage.

In particular, we operates data networks protected by industry standard firewall and password protection systems. We also uses transport layer security (TLS) to protect the transmission of your Personal Data. Access to this information will be provided only to authorized individuals for legitimate business purpose.

In addition, access to your Personal Data is restricted to staff and service providers on a need-to-know basis.

While we endeavor to always protect our systems, sites, operations and information against unauthorized access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.

Please contact the Privacy Team if you have any questions about how we protect your Personal Data.

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA

We hold on to your Personal Data for as long as necessary to achieve the processing purposes listed above under “Personal Data we collect from you and why”. This means, for instance, that we no longer store your Personal Data when our (contractual) relationship with you comes to an end, unless further storage is permitted or required under applicable law.

9. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA

You have certain rights regarding how we use and keep your Personal Data. These are:

Rectification. You have the right to require that any incomplete or inaccurate Personal Data that we process about you is amended;
Deletion. You have the right to request that we delete Personal Data that we process about you, subject to certain exceptions, for instance, where we need to keep your Personal Data to comply with a legal obligation;
Withdrawing Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing that was based on your consent prior to withdrawal. This includes cases where you wish to opt out from marketing messages that you receive from us;
Access. Subject to certain exceptions, you have the right to access and request a copy of the Personal Data we are processing about you, which we will provide to you in electronic form and/or in writing, or verbally where allowed by applicable laws. Where permissible under applicable laws, we may charge you a reasonable fee for this access request;

In addition, if you are in the EEA or in Thailand you have the following rights:

Restriction. You have the right to request that we restrict our processing of your Personal Data under specific conditions (also applicable if you are in Macau);
Portability. You have the right to request that we transmit the Personal Data we hold in respect of you to you or to another data controller under specific conditions;
Objection. Where the legal justification for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.

Where we process your Personal Data for direct marketing purposes, you have the right to object at any time to such processing, including for profiling purposes to the extent that it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your Personal Data for such purposes.

You can exercise the above rights, where applicable by contacting the Privacy Team or by using our online tool in the markets where such tool is available. California residents can also call the following toll-free number: 800-487-1000. We will respond to any of your requests to exercise these above data subject rights within the period prescribed by applicable laws. At our discretion, we may require you to prove your identity before providing the requested information. This is to ensure that your Personal Data is disclosed only to you. We may not be able to appropriately handle your request if you decide not to provide us with the Personal Data that we need to handle your request. If you are not satisfied with the way we handled your request, or for violations of applicable data protection laws, you may lodge a complaint or file a claim with a competent Supervisory Authority (for example, with the Supervisory Authority in your country or market of residence).

We are committed to providing you control over your Personal Data. If you exercise any of these rights explained in this section of the Privacy Notice, we will not disadvantage you. You will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services

10. YOUR MARKETING CHOICES

You can control whether to receive direct marketing from us (e.g., which we may send through electronic means, such as promotional emails). In certain markets, you will need to provide us with your consent before receiving marketing. For instance, we may ask you to tick a box indicating to “receive promotional emails” when you sign up as a new customer or Brand Affiliate. In all markets, you can choose not to receive such communications at any time. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, please follow the unsubscribe link in the relevant communication or contact the Privacy Team.

11. CHANGES TO THE PRIVACY NOTICE

We may update this Privacy Notice from time to time. We will notify you of any significant changes by posting those changes here or by notifying you through other appropriate communication channels we generally use with you. Any changes to this Privacy Notice will be considered effective immediately after the changes are posted on this Website unless otherwise indicated.

The Privacy Notice was last revised on March 20, 2020.

ANNEX 1 – LIST OF NU SKIN ENTITIES RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA

The table below lists the relevant Nu Skin legal entities responsible for the processing of Personal Data relating to you as a Customer, Brand Affiliate, Job Candidate or Office Visitor, per country/market (as detailed in our Global Privacy Notice under “Personal Data we collect from you and why”).

Please note that when fields include a “/”, this means that we do not collect or otherwise process personal data for that data subject category in a given country/market.

Where a field includes more than one data controller, this means that we have more than one Nu Skin entity in that country/market and the controller responsible will be the entity that you have a relationship with (e.g. because you visited or applied with that specific Nu Skin office).

To find out which Nu Skin entity is the data controller responsible for your Personal Data, you need to determine:

1) In which category of data subject you fall:

- Customers (customers include the recipients of the newsletter or other marketing communications)

- Brand Affiliates (ie. registered distributors)

- Job Candidates

- Office Visitors

2) Your country or market:

o If you are a Customer, look for the country/market in which you have registered your Nu Skin online account or make your purchases.

o If you are a Brand Affiliate, look for the country/market in which you have registered your Nu Skin Brand Affiliate account.

o If you are a Job Candidate, look for the country/market in which the Nu Skin office to which you apply for a job is located.

o If you are an Office Visitor, look for the country/market in which the Nu Skin office which you are visiting is located.

If you do not fall in one of the categories mentioned above, for instance because you do not have any, or no longer have a relationship with us, then Nu Skin International Inc. will be responsible for your Personal Data.

The last page of this Annex 1 contains the contact details of all entities listed herein. Please contact the Privacy Team if you have questions or concerns about this.