Last Updated: 12/28/22
Our Privacy Notice is available in PDF form here.
At Vitacost, your safety and trust are important to us. For that reason, we are committed to handling your information in a way that is transparent, fair, and worthy of your trust.
In this notice, we explain how we collect, use, disclose, retain, and protect the information that we collect about you. We also let you know about your rights. Therefore, we encourage you to read this notice as well as any supplemental or different privacy notices that may be applicable when you access or interact with certain of our brands or service offerings.
We are committed to ensuring that this notice is accessible to people with disabilities. To make accessibility-related requests, please contact us at 1-800-381-0759.
Vitacost.com, Inc., a wholly-owned subsidiary of The Kroger Co. (NYSE: KR), is an e-commerce company based in Boca Raton, Florida. At Vitacost.com, we believe in health for all, no matter who or where you are. That’s at the heart of our commitment to provide the very best natural, organic and eco-friendly products at the very best prices, with exceptional customer service.
Headquartered in Cincinnati, Ohio, the Kroger Family of Companies is one of the largest retailers in the United States based on annual sales. We serve nearly 11 million customers a day in 35 states including the District of Columbia. We are committed, through our purpose-driven strategy, to increasing access to high-quality, affordable fresh food for everyone. In fulfilling our Purpose—To Feed the Human SpiritTM we live by our Values:
Vitacost cultivates a customer first relationship and activates multiple touch points to provide the right content and the right products— all when, where and at the value our customers want. We create personalized experiences through relevant communication and meaningful rewards that make our customers’ lives easier.
Vitacost will be responsible for the information we collect and will be hereafter referred to collectively as “Vitacost” or “we” or “our”.
This notice covers information we collect from and about our customers and prospective customers including, for example, when they visit or make a purchase on one of our websites or mobile applications, interact with our advertisements, interact with us through social media, participate in consumer research, promotions, contests, or otherwise access or use one of our service offerings. This notice also applies to personal information we collect about individuals with whom we have a business relationship.
Additional disclosures apply if you live in the following jurisdictions:
We collect information described below to save you time and money and to make your shopping experience better. We have grouped the information we collect into categories, with some of the information listed in multiple categories. Because we only collect information when needed for a particular purpose, not all this information will apply to you:
Some of the information about you may include personal information that can be used to identify you, like name, address, and email address. In certain states, the definition of personal information may be broader and include things like IP address, mobile device ID, and unique identifiers used by cookies. When the information we collect about you is considered personal information under applicable law, we treat it as personal information.
Personal information does not include data where your identity has been removed so that we can no longer identify you or that we aggregate so that you can no longer be identified, which we may use for any purpose.
Our websites are for a general audience and are not geared toward children. We do not knowingly collect personal information from children under the age of 16. If you believe your child may have disclosed personal information to us, please call 1-800-381-0759 and we will remove it.
The following are examples of how we may collect your information:
You provide it to us directly
You may give us personal information or provide it to us directly, including:
Information from your device
We may collect information from a device that we have associated with you or your household. For example, we may collect information automatically when you browse our websites, use our mobile apps or other online services, or view or interact with our advertisements.
We receive it from others
We may receive personal information about you from others including, for example, data analytics providers, data enrichment providers, ad networks, and consumer research providers. We may also receive information about you from commercially available sources such as data aggregators and public databases.
If you create an account with us using your Google account or other third-party account, we may receive certain information about you from Google or other third party to enable us to create your account.
Finally, from time to time, we receive information from others that has been deidentified so that it is no longer personal information under applicable law. When we receive deidentified data from others, we commit to maintaining and using that data in deidentified form without attempting to reidentify it.
In many cases, the data collected through these cookies is controlled by us, but in some cases the data collected through use of these cookies is controlled by our vendors or other third parties.
Cookies may remain on your device for an extended period. If you use your browser’s method of blocking or removing cookies, some, but not all, types of cookies may be deleted and/or blocked. If you delete or block cookies, some functionality on our websites may not work properly.
Other Tracking Technologies
In addition to cookies, we may use other types of tracking technologies in connection with our websites, mobile applications, advertisements, and other digital service offerings.
Like with cookies, the data collected through these other types of tracking technologies is in many cases controlled by us. However, in some cases the data collected through these other technologies is controlled by our vendors or other third parties such as our clients.
Examples of other tracking technologies include:
Web beacons are embedded images or objects that are used on web pages or emails. Examples of why we may use web beacons include:
We may use embedded scripts that collect information about your interactions with our websites, mobile apps, and advertisements. These scripts are temporarily loaded into your web browser and are active only while you are connected to our website, mobile app, or advertisement.
We may use GPS (Global Positioning Systems) or other location identifying technologies to locate your device for notification purposes.
In-App Tracking Methods
There are a variety of tracking technologies that may be included in mobile apps, and these are not browser-based like cookies and therefore cannot be controlled by browser settings. Some use a device identifier, or other identifiers such as mobile ad IDs (MAIDs) or Identifiers for Advertisers (IDFAs) to associate user activity to a particular app and to track user activity across apps and/or devices.
Device and Activity Monitoring
We may use technologies that monitor and record your interactions with our websites and mobile apps, such as your keystrokes and click-related activity. These technologies may also collect and analyze information from your device, such your operating system, plug-ins, and system fonts.
Examples of why we may monitor include:
We use your information to:
Below are more specific examples of how we use your information:
We may share your information as follows:
Notwithstanding anything else in this notice, we may share data that has been aggregated or deidentified in such a manner that it is no longer considered personal information for any purpose. When we share aggregated or deidentified data, we require recipients to refrain from reidentifying the data and to pass this obligation on to downstream recipients.
Interest based advertising (also known as online behavioral advertising) occurs when advertisements are displayed to you based on information collected from your online interactions over time and across multiple websites that you visit, or across multiple devices or online services that you may use. Companies that engage in interest-based advertising use this information to predict your preferences and show you ads that are most likely to be of interest to you.
Some of the content, applications, and tracking technologies on our websites and mobile applications is controlled by third parties, which include ad tech companies or other online service providers that serve interest-based advertisements.
We do not control these third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way.
For example, you can block the collection and use of information related to you by online platforms and ad tech companies for the purpose of serving interest-based advertising by visiting the following websites of the self-regulatory programs of which those companies are members:
You may still see “contextual” ads even if you opt out of interest-based ads. These ads, however, are based on the context of what you are looking at on the websites and pages you visit. Even if you opt out of interest-based ads you will still receive these non-personalized, contextual ads.
Some content or links on our websites and mobile apps may be served or made available by third parties including the following:
Our websites and mobile applications may contain links to other sites, which we do not control. Those websites have their own privacy policies and terms.
We implement and maintain reasonable security procedures and practices appropriate to the nature of the information we maintain, including appropriate technical, administrative, and physical measures designed to protect information from unauthorized or illegal access, destruction, use, modification, or disclosure You also play an important role in protecting your information. It is your responsibility to select a strong password, change it regularly, not reuse or share your password, and alert us if you have any concerns about unauthorized use of your account.
We value our relationship with you, and communications are an important part of that relationship.
We understand that our customers are individuals, and communication preferences will vary by customer. That is why we offer you the ability to manage what types of communications you receive from us and the ability to manage or change your preferences. Your rights may vary depending on where you are located. We have created mechanisms to provide you with the following options:
Updating your account information
If you have an account with us, you can log in and update, modify, and delete data from within your account.
Managing your marketing and other communication preferences
You can manage your marketing and other communications preferences (text, email, push, purchase based advertising, etc.) by logging into your account on the relevant website or mobile app. Your communications preferences can be managed under the “Communication Preferences” section of your account.
Please allow a reasonable amount of time for any changes to your settings to take effect.
Alternatively, you can unsubscribe from any marketing emails or text messages that we may send you by clicking the unsubscribe option in the footer of an email or texting “STOP” in response to a text message that you receive from us.
Cookies and Tracking Technologies.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable certain cookies, please note that some parts of our websites may not function properly. If you have opted-out of sales or set other preferences, then those opt-outs or preferences may be lost if you delete your cookies.
Information about interest-based advertising and how to opt-out of it is described in the Interest-Based Advertising section of this notice.
State Privacy Rights
If you live in one of the states listed below, you may have additional rights with respect to your personal information. Please see our additional disclosures below to learn about those rights.
Nevada Privacy Rights
If you live in Nevada, you can opt out of the sale of your personal information by contacting us at 1-800-381-0759. Our customer contact center personnel will take your request and keep you up to date on the progress of your request.
Privacy Notice for California Residents
Introduction and Scope
This Privacy Notice for California residents supplements the information contained in our Vitacost Privacy Notice and applies to residents of the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (as amended, and together with related regulations the “CCPA”) and any terms defined in the CCPA shall have the same meaning when used in this notice.
This notice does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals but does apply to personal information collected in the context of business-to-business (B2B) transactions.
This notice applies to “personal information” that we collect, meaning information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Personal information does not include:
CCPA Notice at Collection
We collect information to save you time and money, to deliver the products and services you request to enhance your shopping experience and support our business operations.
We may collect the personal information categories listed in the tables below. The tables also list, for each category, use purposes, and whether we currently sell the information or share it with third parties for cross-context behavioral advertising.
To opt-out of personal information sales or sharing, visit our More information about our data practices can be found in our full Privacy Notice.
|Personal information category||Purposes||Sell or share|
|Identifiers such as a name, postal address, unique personal identifier, online identifier, IP address, email, account name, or other similar identifiers||
||Sell and share|
|California Customer Records personal information, including any personal information described in subdivision (e) of Section 1798.80 of the California Civil Code such as your address, telephone number, signature or financial information||
||Sell and share|
|Protected characteristics under California or federal law such as your sex, ethnicity, veteran or military status, or age||
|Commercial information such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies||
||Sell and share|
|Biometric information||N/A: We do not collect biometric information in California.||N/A|
|Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interactions with websites, applications, or advertisements.||
||Sell and share|
|Sensory data such as recordings of customer care calls||
|Professional or employment-related information||
|Non-public education information as defined in the Family Educational Rights and Privacy Act||N/A||N/A|
|Inferences from personal information collected such as a profile about a consumer reflecting the consumer’s preferences, characteristics, and interests.||
||Sell and share|
Except as otherwise permitted or required by applicable law or regulation, we will retain your personal information for as long as reasonably necessary to fulfill the purposes for which we collected it or for other compatible purposes that we have disclosed.
Other CCPA Disclosures
The following is a description of our online and offline information practices over the previous 12 months and other disclosures required by the CCPA.
Personal information collected
The categories of personal information and sensitive personal information that we have collected about consumers in the past 12 months are the same as the as the categories described in our Notice at Collection.
Sources of personal information
Please refer to How we collect your personal information, which describes the sources of personal information.
Purpose for collecting personal information
Please see our Notice at Collection for an explanation of the reasons we collect personal information.
Information about personal information that we have sold or shared
Vitacost is committed to delivering great products, great experiences, and great values. From time to time, we may use or disclose your information in a manner that is considered a “sale” or “sharing” under California law to provide the most relevant product recommendations and deliver marketing messages and personalized offers through select companies (e.g., analytics, advertising, and technology companies). Those companies help us match your interests with brands who want to send promotions and offers that we believe save you money on products you buy frequently, and help you discover new products or services that you might like. When we work with these companies, your privacy, data integrity and security remain a priority.
The table below identifies the categories of information we have sold or shared and the categories of third parties to whom information was sold or shared during the last 12 months. We do not knowingly sell or share the personal information of consumers under the age of 16.
In cases where we have sold or shared personal information, we have done so for the following purposes:
|Sold or Shared During Prior 12 Months|
|Personal Information Category||Categories of third parties|
|Identifiers||Adtech partners or vendors, social networks, internet service providers, technology vendors, analytic providers, 3rd party matching agents|
|California Customer Records personal information||Adtech partners or vendors, internet service providers, technology vendors, analytic providers, 3rd party matching agents|
|Protected classification characteristics under California or federal law||Adtech partners or vendors, data brokers|
|Commercial information||Adtech partners or vendors, social networks, internet service providers, technology vendors, analytic providers, 3rd party matching agents|
|Internet or other electronic network activity information.||Adtech partners or vendors, social networks, internet service providers, technology vendors, analytic providers, 3rd party matching agents|
|Inferences from personal information collected|
Personal information that we have disclosed for a business purpose
During the prior 12 months, we have disclosed personal information for the following business purposes:
The table below describes the categories of third parties to whom information was disclosed for a business purpose during the prior 12 months:
|Disclosed During the Prior 12 Months|
|Personal Information Category||Categories of recipients|
|Identifiers||Adtech partners or vendors, internet service providers, technology/SaaS providers, analytic providers, third-party matching agents|
|California Customer Records personal information||Adtech partners or vendors, internet service providers, technology/SaaS providers, analytic providers, third-party matching agents|
|Protected classification characteristics under California or federal law||Adtech partners or vendors, internet service providers, technology/SaaS providers|
|Commercial information||Adtech partners or vendors, internet service providers, Technology/SaaS providers, analytic providers, third-party matching agents, professional service providers|
|Internet or other electronic network activity information||Adtech partners or vendors, internet service providers, technology/SaaS providers, analytic providers, third-party matching agents|
|Geolocation data||Technology vendors, delivery providers|
|Sensory data||Professional service providers, Technology/SaaS providers, Government agencies|
|Professional or employment-related information||Technology/SaaS providers|
|Inferences from personal information collected|
We do not use or disclose sensitive personal information for any purposes outside of the purposes permitted by the CCPA and its implementing regulations.
Your California Privacy Rights
The CCPA provides California consumers (residents) with specific rights regarding their personal information including:
Your Right to Know
You have the right to know what personal information we have collected about you. Once we receive your request and verify your identity (as described below), we will disclose to you:
Your Right to Delete
You have the right to request that we delete personal information that we have collected from you and retained, subject to certain exceptions. Once we receive your request and verify your identity, we will review the request to see if an exception applies that allows us to retain some or all your information. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action. If an exception applies, we will provide you information about that exception.
Your Right to Correct
You have the right to correct inaccurate personal information that we maintain about you. In some cases, we may ask that you provide additional documentation to support your request. Once we receive your request and verify your identity, we may deny your request to correct personal information if we believe that the personal information that we maintain is more likely than not accurate based upon the totality of the circumstances.
Right to opt-out of sales and sharing for cross-context-behavioral advertising
We do not sell or share personal information of consumers who we know are younger than 16 years of age that we are prohibited from selling or sharing under applicable law.
You may request that we stop selling and sharing your personal information (“opt-out”). With some exceptions, we cannot sell your personal information after we receive your opt-out request unless you later provide authorization allowing us to do so again. We must wait at least 12 months before asking you to opt back into the sale of your personal information.
Right to limit use of your sensitive personal information
We do not provide a right to limit your sensitive personal information in cases where we are permitted to use such data under the CCPA without offering you the right to limit your use.
Right to non-discrimination
You have the right not to be discriminated against for exercising any of your CCPA rights.
How to exercise your CCPA Rights
Your right to know, delete, or correct
To exercise your right to know, delete, or correct as described above, please submit a request by either:
We will only use personal information provided in a consumer request to verify the request. We will not further disclose the personal information and will retain it only as necessary for the purpose of verification and to meet our legal obligations. We cannot fulfill your request if we cannot verify your identity or authority to make the request and confirm the personal information that is the subject of the request relates to you.
Your right to opt-out of sales and sharing
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting our
Opt-Out Preference Signals
You may also opt out of the sales or sharing on our websites through an opt-out preference signal. To process your request through an opt-out preference signal, you must use a browser supporting the preference signal. If you choose to use an opt-out preference signal, we will opt you out of sales and sharing in the context of cookies and tracking technologies from the browser for which you have the opt-out preference signal enabled.
Who may submit requests?
Only you, or someone legally authorized to act on your behalf (an authorized agent), may make a request under the CCPA on another consumer’s behalf. You may also make a verifiable consumer request on behalf of your minor child.
Requests to know, correct or delete:
If you use an authorized agent to submit a request, we may require that the authorized agent provide us with proof that you gave the agent signed permission to submit the request. In addition, we may also require you to do either of the following: (1) verify your own identity directly with us; or (2) directly confirm with us that you have provided the authorized agent permission to submit the request on your behalf. These requirements of proof do not apply if the agent has a power of attorney pursuant to California Probate Code.
We may deny a request from an authorized agent if the agent cannot meet the above requirements. Further, before responding to a request from an authorized agent, we will still require the authorized agent provide us with enough information so that we can verify your identity.
Requests to opt-out and limit sharing
You may also use an authorized agent to exercise opt-out rights and to limit the use of sensitive personal information. In each case the agent must provide us with documentation demonstrating that you have provided signed permission to the agent to exercise these rights with us on your behalf. We may deny the request if we do not receive such proof.
How often can you submit requests?
With limited exceptions, you may only make a verifiable consumer request to know, delete, or correct your personal information twice within a 12-month period.
How do we verify requests?
Before fulfilling your request, we take steps to verify you are who you say you are or that you have authority to act upon someone else's behalf. One way we verify you is through your account. If you do not provide your account number, we may request additional information that we need to verify you and, if you are submitting a request on behalf of someone else, to verify that you are permitted to act on that person's behalf.
When we contact you to request verification information, please respond and provide the information that we have requested. Depending on the nature of the request you make, we may require you to verify your identity to either a "reasonable degree of certainty" or "high degree of certainty". This means that we need to match two or three pieces of information that we hold about you with information that you provide to us. This data could include, but is not limited to, email address, mailing address, phone number.
In some cases, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request or that you are authorized to make the request on behalf of someone else.
In addition to providing the information we need to verify you or your authority, you must provide us with enough information so that we can understand, evaluate, and respond to your request. We cannot respond to your request or provide you with personal information if we cannot confirm the personal information relates to you.
We will only use personal information provided in the request to verify the requestor's identity or authority to make it.
CCPA Metrics Report
We have prepared a report on the status of CCPA privacy requests for the previous year. This report details the number of requests to know, requests to delete, requests to opt out of sale and sharing, requests to correct and requests to limit the use of sensitive personal information that we received, complied with, and denied as well as the mean number of days within which we responded to each privacy request. To view the CCPA metrics report, click here.
Other California Disclosures
Shine the Light
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosures of personal information to third parties for their direct marketing purpose. To make such a request, you can email us at KrogerPrivacyOffice@Kroger.com with “Shine the Light” in the subject line or body of the email request. You can also make the request by mail by writing us at:
The Kroger Co.
1014 Vine Street
Cincinnati, Ohio 45202
Attention: Privacy Officer
Do Not Track
We do not respond to “Do Not Track” (DNT) signals. However, we do honor opt-out preference signals (global privacy control) as described above.
Virginia Privacy Disclosures
The disclosures in this section are made pursuant to the Virginia Consumer Data Protection Act (VCPDA) and supplement our general privacy notice. References to “personal information” in our general privacy notice describe our practices with respect to “personal data,” as defined under the VCPDA.
We use your personal data in such a way that is likely considered a “sale” under the VCPDA. Further, we process personal data for targeted advertising purposes. You have the right to opt out of both practices. Information on how to exercise your opt-out rights as well as other rights you have under the VCPDA is below.
If you are a Virginia resident, subject to certain conditions and restrictions set out in the VCPDA and other applicable laws, you have the following rights with regard to your personal data:
You may exercise your privacy rights under the VCDPA, by either:
We will only use personal data provided in a request to verify the request. We will not further disclose the personal data and will retain it only as necessary for the purpose of verification and to meet our legal obligations. We cannot fulfill your request if we cannot verify your identity or authority to make the request and confirm the personal data that is subject of the request relates to you.
Vitacost.com is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US Privacy Shield or the Swiss-US Privacy Shield, Vitacost.com is potentially liable.
Any information you provide us is controlled and processed by Vitacost.com, Inc., 4700 Exchange Court Suite 200, Boca Raton, FL 33431, USA.
Pursuant to the EU-US Privacy Shield and the US-Swiss Privacy Shield, Vitacost.com acknowledges that EU and Swiss individuals have the right to access the personal information that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should contact us directly using one of the following methods:
We will provide an individual opt-out choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, you may submit a written request to CustomerSupport@vitacost.com
Note that we may be required to share personal data of EU and Swiss individuals in response to lawful requests by public authorities including to meet national security and law enforcement requirements.
We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
|Please enter a valid zip code|