skip to main content

Last Updated: 12/28/22

Our Privacy Notice is available in PDF form here.

At Vitacost, your safety and trust are important to us. For that reason, we are committed to handling your information in a way that is transparent, fair, and worthy of your trust.

In this notice, we explain how we collect, use, disclose, retain, and protect the information that we collect about you. We also let you know about your rights. Therefore, we encourage you to read this notice as well as any supplemental or different privacy notices that may be applicable when you access or interact with certain of our brands or service offerings.

We are committed to ensuring that this notice is accessible to people with disabilities. To make accessibility-related requests, please contact us at 1-800-381-0759.

  1. Who we are

    Vitacost.com, Inc., a wholly-owned subsidiary of The Kroger Co. (NYSE: KR), is an e-commerce company based in Boca Raton, Florida. At Vitacost.com, we believe in health for all, no matter who or where you are. That’s at the heart of our commitment to provide the very best natural, organic and eco-friendly products at the very best prices, with exceptional customer service.

    Headquartered in Cincinnati, Ohio, the Kroger Family of Companies is one of the largest retailers in the United States based on annual sales. We serve nearly 11 million customers a day in 35 states including the District of Columbia. We are committed, through our purpose-driven strategy, to increasing access to high-quality, affordable fresh food for everyone. In fulfilling our Purpose—To Feed the Human SpiritTM we live by our Values:

    kroger values

    Vitacost cultivates a customer first relationship and activates multiple touch points to provide the right content and the right products— all when, where and at the value our customers want. We create personalized experiences through relevant communication and meaningful rewards that make our customers’ lives easier.

    Vitacost will be responsible for the information we collect and will be hereafter referred to collectively as “Vitacost” or “we” or “our”.

  2. What does this notice cover?

    This notice covers information we collect from and about our customers and prospective customers including, for example, when they visit or make a purchase on one of our websites or mobile applications, interact with our advertisements, interact with us through social media, participate in consumer research, promotions, contests, or otherwise access or use one of our service offerings. This notice also applies to personal information we collect about individuals with whom we have a business relationship.

    Additional disclosures apply if you live in the following jurisdictions:

  3. Information we collect

    We collect information described below to save you time and money and to make your shopping experience better. We have grouped the information we collect into categories, with some of the information listed in multiple categories. Because we only collect information when needed for a particular purpose, not all this information will apply to you:

    • Personal identifiers such as name, online identifiers like user account names, state and federal government ID number (where required), signature, and unique identifiers that we use for advertising purposes.
    • Contact information such as your email, postal address, billing address, delivery or shipping address, and phone numbers.
    • Financial and payment information such as credit, debit, or other payment card numbers, bank account numbers
    • Transaction and commercial information such as your purchase and transaction histories. With respect to individuals who interact with us in a business context, we may have commercial information about our relationship with you.
    • Account information including your username and password; purchase information, savings information, address information, email and text communication preferences including your communication preferences relating to orders, marketing, and other activities; your advertising preferences.
    • Online and technical information such as your IP address and device or other persistent identifiers, browser type and version, time zone setting, device characteristics, browsing data, data related to your viewing of (and interactions with) our advertisements, website and app usage information, and other information that we collect using cookies, pixels, SDKs, and other similar technologies.
    • Usage information including information about how you use our websites, mobile applications, and other service offerings.
    • Communication preferences including your preferences in receiving marketing and purchase-based advertising.
    • Sensory data such as recording your voice when you contact our customer service centers.
    • User content including product reviews and other feedback or content you may provide to us.
    • Inferences include information derived from other information that we have collected. We create inferred and derived data elements by analyzing your shopping history in combination with other information we have collected about you to personalize product offerings, your shopping experience, marketing messages and promotional offers.
    • Location data including geolocation.

    Some of the information about you may include personal information that can be used to identify you, like name, address, and email address. In certain states, the definition of personal information may be broader and include things like IP address, mobile device ID, and unique identifiers used by cookies. When the information we collect about you is considered personal information under applicable law, we treat it as personal information.

    Personal information does not include data where your identity has been removed so that we can no longer identify you or that we aggregate so that you can no longer be identified, which we may use for any purpose.

    Children's Privacy

    Our websites are for a general audience and are not geared toward children. We do not knowingly collect personal information from children under the age of 16. If you believe your child may have disclosed personal information to us, please call 1-800-381-0759 and we will remove it.

  4. How we collect your information

    The following are examples of how we may collect your information:

    You provide it to us directly

    You may give us personal information or provide it to us directly, including:

    • Information you provide when you register for an account, add items to your cart on one of our websites or apps, place an order, post reviews or other content, purchase one of our services, or when you otherwise contact us about our website, products, or services. We may ask you for information when you enter a promotion or sweepstake offered by us, sign up for an event sponsored by us, or when you report a problem to us.
    • Records and copies of your correspondence (including emails) and voicemail messages.
    • Your responses to surveys that you complete for consumer research purposes.
    • Your search queries on our websites or in our mobile applications.

    Information from your device

    We may collect information from a device that we have associated with you or your household. For example, we may collect information automatically when you browse our websites, use our mobile apps or other online services, or view or interact with our advertisements.

    We receive it from others

    We may receive personal information about you from others including, for example, data analytics providers, data enrichment providers, ad networks, and consumer research providers. We may also receive information about you from commercially available sources such as data aggregators and public databases.

    If you create an account with us using your Google account or other third-party account, we may receive certain information about you from Google or other third party to enable us to create your account.

    Finally, from time to time, we receive information from others that has been deidentified so that it is no longer personal information under applicable law. When we receive deidentified data from others, we commit to maintaining and using that data in deidentified form without attempting to reidentify it.

  5. Cookies and other similar technologies

    Cookies

    A cookie is a small data file that is stored by your browser on your device. We use cookies to deliver a better experience by, for example, remembering your preferences and opt-outs.

    Other examples of why we use cookies include:

    • To learn about how you interact with our websites
    • To detect and prevent fraud
    • To conduct analytics activities
    • To improve our websites and services
    • To facilitate Interest Based Advertising

    In many cases, the data collected through these cookies is controlled by us, but in some cases the data collected through use of these cookies is controlled by our vendors or other third parties.

    Cookies may remain on your device for an extended period. If you use your browser’s method of blocking or removing cookies, some, but not all, types of cookies may be deleted and/or blocked. If you delete or block cookies, some functionality on our websites may not work properly.

    Other Tracking Technologies

    In addition to cookies, we may use other types of tracking technologies in connection with our websites, mobile applications, advertisements, and other digital service offerings.

    Like with cookies, the data collected through these other types of tracking technologies is in many cases controlled by us. However, in some cases the data collected through these other technologies is controlled by our vendors or other third parties such as our clients.

    Examples of other tracking technologies include:

    Web Beacons

    Web beacons are embedded images or objects that are used on web pages or emails. Examples of why we may use web beacons include:

    • For business analytics purposes, such as understanding the number of people who visit a webpage or view specific content within a webpage
    • To improve our websites and services
    • To detect and prevent fraud
    • To verify system and server integrity

    Embedded Scripts

    We may use embedded scripts that collect information about your interactions with our websites, mobile apps, and advertisements. These scripts are temporarily loaded into your web browser and are active only while you are connected to our website, mobile app, or advertisement.

    Location-identifying Technologies

    We may use GPS (Global Positioning Systems) or other location identifying technologies to locate your device for notification purposes.

    In-App Tracking Methods

    There are a variety of tracking technologies that may be included in mobile apps, and these are not browser-based like cookies and therefore cannot be controlled by browser settings. Some use a device identifier, or other identifiers such as mobile ad IDs (MAIDs) or Identifiers for Advertisers (IDFAs) to associate user activity to a particular app and to track user activity across apps and/or devices.

    Device and Activity Monitoring

    We may use technologies that monitor and record your interactions with our websites and mobile apps, such as your keystrokes and click-related activity. These technologies may also collect and analyze information from your device, such your operating system, plug-ins, and system fonts.

    Examples of why we may monitor include:

    • To troubleshoot
    • To understand and improve our websites, mobile apps, and services
    • To customize your experience
    • To respond to your inquiries and requests
    • To detect and prevent fraud
    • To detect security incidents and other malicious activity
    • To verify system and server integrity

    Third-Party Analytics

    We may use Google Analytics, Adobe Analytics, or other analytics providers to obtain analytics information about our websites and applications. These analytics providers may use cookies and other tracking technologies that help us analyze how you use or interact with our websites, services, advertisements, and mobile applications.

    More information about Google Analytics can be found in the Google Analytics Terms of Use and the Google Analytics Privacy Policy. You may exercise choices regarding the use of cookies from Google Analytics by downloading the Google Analytics Opt-out Browser Add-on which is available here.

  6. How we use your information

    We use your information to:

    • provide you the products and services you purchase or request
    • improve your shopping experience
    • improve our products and services
    • fulfill your requests
    • personalize our product offerings, services, and marketing to you, and
    • support our business operations and functions, including fraud prevention, marketing, merchandising, security, and legal.

    Below are more specific examples of how we use your information:

    • To provide you with products and services you purchase or request including, for example, to securely process your payments, fulfill your orders or requests, verify your age for restricted purchases, and provide customer service.
    • To provide product recall notifications.
    • To operate our businesses including our retail operations, mobile applications and websites.
    • To conduct marketing, personalization, and advertising, which may include personalized offers, coupons, and advertisements. We may also use purchased-based advertising to show you advertisements and offers that are more relevant to you on other websites, mobile apps, and digital channels.
    • For Interest-Based Advertising purposes
    • To communicate with you, such as providing account notifications or order status updates, providing product recall notifications, confirming your preferences, engaging with you on social media, or providing you information about relevant programs, contests, sweepstakes or other promotions or offerings.
    • For research purposes, such as learning about our customers’ experience with a new store design, product, or service offering.
    • To design and develop new product and service offerings
    • To conduct business analytics, for such purposes as forecasting and planning, developing statistics on engagement with our websites and applications, and measuring how well marketing and promotional activities perform.
    • For safety and security purposes, including to:
      • Detect and respond to threats to our online operations,
      • Protect the health and safety of our customers, associates, and the public; and
      • Prevent, investigate and prosecute shoplifting, fraud, and other criminal activities
    • To improve how we do business, improve our products and services, and your shopping experience.
    • For other internal business purposes such as:
      • To authenticate users of our websites and applications
      • For quality control and training
      • For system administration and technology management, including optimizing our websites and applications
      • For recordkeeping and auditing purposes
      • For risk management, investigations, reporting and other legal and compliance reasons
      • Identifying prospective customers, business clients, suppliers, and other vendors.
      • Administer our relationships with our customers, business clients, suppliers, and other vendors.
      • In connection with mergers, acquisitions, divestitures, or similar corporate transactions.
    • To fulfill our legal obligations.
    • To fulfill or meet the request for which the information is provided
    • To fulfill other notified purposes that we describe to you at the time we collect your information
  7. How we share your information

    We may share your information as follows:

    • The Kroger Family of Companies: We may share your information with the Kroger Family of Companies that may use your personal information as described in this notice.
    • Service Providers: We may share your information with vendors, service providers, and our affiliated companies that we engage to provide services to us on our behalf, such as support for the internal operations of our websites and mobile applications (including payment processors and third parties we use to process orders on our behalf), electronic mail, mobile messages, product and service delivery, conducting analysis to improve our products, services, websites, research, digital marketing, fulfilling orders you place, managing payments and answering your questions. Service providers only use the information they receive from us for the purposes we hired them for. We don’t allow them to retain, use, disclose or otherwise handle the personal information for their own purposes.
    • Ad Tech Companies and other Providers: We may share limited personal information (such as a unique identification number and online and technical information) with ad tech companies and other online providers of services. When we share your information in this context, we follow applicable legal requirements, which may require that we provide opt-out rights or other individual rights.
    • Business Partners and Other Third Parties. Where we have the legal right, we may share or otherwise make your information available to business partners or other third-parties for a business purpose that we have approved. When we disclose information in this context, we make sure that we comply with applicable legal requirements, which may include providing opt-out or other rights with respect to the shared data. We require that the recipients of this data protect such data, obey use restrictions, and comply with all applicable laws.
    • Co-Branded Offerings. Sometimes we may offer you a co-branded product, service, or other promotion in cooperation with another business, such as our co-branded credit card. When we disclose your information to our co-branding partner in this context, we prohibit them from using the provided information for purposes outside of the co-branded offering. If you choose to take advantage of a co-branded offer, the information that you provide directly to our co-branding partner will be subject to their privacy notice and practices.
    • Legal Requirements and Government Authorities. We may share your personal information where we believe the disclosure is required by law, or otherwise necessary to comply with the law, regulatory requirements, requests from public authorities, or to enforce our agreements or policies, to protect the rights and property of our customers, the company, our partners or the public (including for fraud prevention purposes and to prevent, investigate and prosecute criminal activities).
    • Security and Safety Disclosures. Where permitted by applicable law, we may disclose your personal information to our affiliates and other persons and entities for the purpose of protecting the rights, safety, security, and property of our customers, associates, and the public. We may also disclose this information to protect and enforce our rights (including for fraud prevention purposes and to prevent, investigate and prosecute criminal activities) and to assist others to do the same.
    • Corporate Transaction. We may disclose personal information, as part of any actual or contemplated merger, sale, transfer of assets, acquisition, bankruptcy, or similar event, including related to due diligence conducted prior to such event, where permitted by law.
    • With Notice or Consent. We may also disclose information about you, including personal information to other third parties, where we have provided specific notice to you or asked for your consent, as required by law.

    Notwithstanding anything else in this notice, we may share data that has been aggregated or deidentified in such a manner that it is no longer considered personal information for any purpose. When we share aggregated or deidentified data, we require recipients to refrain from reidentifying the data and to pass this obligation on to downstream recipients.

  8. Interest-based Advertising

    Interest based advertising (also known as online behavioral advertising) occurs when advertisements are displayed to you based on information collected from your online interactions over time and across multiple websites that you visit, or across multiple devices or online services that you may use. Companies that engage in interest-based advertising use this information to predict your preferences and show you ads that are most likely to be of interest to you.

    Some of the content, applications, and tracking technologies on our websites and mobile applications is controlled by third parties, which include ad tech companies or other online service providers that serve interest-based advertisements.

    We do not control these third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way.

    For example, you can block the collection and use of information related to you by online platforms and ad tech companies for the purpose of serving interest-based advertising by visiting the following websites of the self-regulatory programs of which those companies are members:

    • The NAI’s opt-out page is available here.
    • The DAA’s opt-out page is available here.

    You may still see “contextual” ads even if you opt out of interest-based ads. These ads, however, are based on the context of what you are looking at on the websites and pages you visit. Even if you opt out of interest-based ads you will still receive these non-personalized, contextual ads.

  9. Third-party content and links

    Some content or links on our websites and mobile apps may be served or made available by third parties including the following:

    User Content

    Our websites mobile applications may allow you to upload your own content to be displayed to the public. Any information you submit becomes public information, and we do not control how others may use the content you submit. We are not responsible for uses made by others that may violate our privacy policy, the law, or your intellectual property rights.

    Third-party links

    Our websites and mobile applications may contain links to other sites, which we do not control. Those websites have their own privacy policies and terms.

  10. How We Protect Your Personal Information

    We implement and maintain reasonable security procedures and practices appropriate to the nature of the information we maintain, including appropriate technical, administrative, and physical measures designed to protect information from unauthorized or illegal access, destruction, use, modification, or disclosure You also play an important role in protecting your information. It is your responsibility to select a strong password, change it regularly, not reuse or share your password, and alert us if you have any concerns about unauthorized use of your account.

  11. Your rights and choices

    We value our relationship with you, and communications are an important part of that relationship.

    We understand that our customers are individuals, and communication preferences will vary by customer. That is why we offer you the ability to manage what types of communications you receive from us and the ability to manage or change your preferences. Your rights may vary depending on where you are located. We have created mechanisms to provide you with the following options:

    Updating your account information

    If you have an account with us, you can log in and update, modify, and delete data from within your account.

    Managing your marketing and other communication preferences

    You can manage your marketing and other communications preferences (text, email, push, purchase based advertising, etc.) by logging into your account on the relevant website or mobile app. Your communications preferences can be managed under the “Communication Preferences” section of your account.

    Please allow a reasonable amount of time for any changes to your settings to take effect.

    Alternatively, you can unsubscribe from any marketing emails or text messages that we may send you by clicking the unsubscribe option in the footer of an email or texting “STOP” in response to a text message that you receive from us.

    Cookies and Tracking Technologies.

    You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable certain cookies, please note that some parts of our websites may not function properly. If you have opted-out of sales or set other preferences, then those opt-outs or preferences may be lost if you delete your cookies.

    Interest-Based Advertising

    Information about interest-based advertising and how to opt-out of it is described in the Interest-Based Advertising section of this notice.

    State Privacy Rights

    If you live in one of the states listed below, you may have additional rights with respect to your personal information. Please see our additional disclosures below to learn about those rights.

  12. Contacting Our Privacy Office

    Our customer contact centers are ready to take your questions and comments about this policy or our privacy practices. You can reach us by telephone at 1-800-381-0759 or via email at KrogerPrivacyOffice@Kroger.com.

  13. State Specific Disclosures

    Nevada Privacy Rights

    If you live in Nevada, you can opt out of the sale of your personal information by contacting us at 1-800-381-0759. Our customer contact center personnel will take your request and keep you up to date on the progress of your request.

    Privacy Notice for California Residents

    1. Introduction and Scope

      This Privacy Notice for California residents supplements the information contained in our Vitacost Privacy Notice and applies to residents of the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (as amended, and together with related regulations the “CCPA”) and any terms defined in the CCPA shall have the same meaning when used in this notice.

      This notice does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals but does apply to personal information collected in the context of business-to-business (B2B) transactions.

      This notice applies to “personal information” that we collect, meaning information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Personal information does not include:

      • Publicly available information from government records.
      • Deidentified or aggregated consumer information
      • Information excluded from the CCPA's scope, like health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
      • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
    2. CCPA Notice at Collection

      We collect information to save you time and money, to deliver the products and services you request to enhance your shopping experience and support our business operations.

      We may collect the personal information categories listed in the tables below. The tables also list, for each category, use purposes, and whether we currently sell the information or share it with third parties for cross-context behavioral advertising.

      To opt-out of personal information sales or sharing, visit our More information about our data practices can be found in our full Privacy Notice.


      Personal information category Purposes Sell or share
      Identifiers such as a name, postal address, unique personal identifier, online identifier, IP address, email, account name, or other similar identifiers
      • For Interest-Based Advertising purposes including cross-context advertising
      • To communicate with you
      • For research purposes
      • To design and develop new product and service offerings
      • To conduct business analytics
      • For safety and security purposes
      • To improve
      • For other internal business purposes
      • To fulfill our legal obligations.
      • To fulfill or meet the request
      • To fulfill other notified purposes
      • To provide you with products and services
      • To provide product recall notifications
      • To operate our businesses
      • To conduct marketing, personalization, and advertising
      Sell and share
      California Customer Records personal information, including any personal information described in subdivision (e) of Section 1798.80 of the California Civil Code such as your address, telephone number, signature or financial information
      • To provide you with products and services
      • To provide product recall notifications.
      • To operate our businesses
      • To conduct marketing, personalization, and advertising
      • For Interest-Based Advertising purposes including cross-context advertising
      • To communicate with you
      • For research purposes
      • To design and develop new product and service offerings
      • To conduct business analytics
      • For safety and security purposes
      • To improve
      • For other internal business purposes
      • To fulfill our legal obligations.
      • To fulfill or meet the request
      • To fulfill other notified purposes
      Sell and share
      Protected characteristics under California or federal law such as your sex, ethnicity, veteran or military status, or age
      • To provide you with products and services
      • To operate our businesses
      • To conduct marketing, personalization, and advertising
      • For Interest-Based Advertising purposes including cross-context advertising
      • To communicate with you
      • For research purposes
      • To design and develop new product and service offerings
      • To conduct business analytics
      • For safety and security purposes
      • To improve
      • For other internal business purposes
      • To fulfill our legal obligations.
      • To fulfill or meet the request
      • To fulfill other notified purposes
      No
      Commercial information such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
      • To provide you with products and services
      • To provide product recall notifications.
      • To operate our businesses
      • To conduct marketing, personalization, and advertising
      • For Interest-Based Advertising purposes including cross-context advertising
      • To communicate with you
      • For research purposes
      • To design and develop new product and service offerings
      • To conduct business analytics
      • For safety and security purposes
      • To improve
      • For other internal business purposes
      • To fulfill our legal obligations.
      • To fulfill or meet the request
      • To fulfill other notified purposes
      Sell and share
      Biometric information N/A: We do not collect biometric information in California. N/A
      Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interactions with websites, applications, or advertisements.
      • To provide you with products and services
      • To operate our businesses
      • To conduct marketing, personalization, and advertising
      • For Interest-Based Advertising purposes including cross-context advertising
      • To communicate with you
      • For research purposes
      • To design and develop new product and service offerings
      • To conduct business analytics
      • For safety and security purposes
      • To improve
      • For other internal business purposes
      • To fulfill our legal obligations.
      • To fulfill or meet the request
      • To fulfill other notified purposes
      Sell and share
      Geolocation data
      • To provide you with products and services
      • To operate our businesses
      • To conduct marketing, personalization, and advertising
      • For Interest-Based Advertising purposes including cross-context advertising
      • To communicate with you
      • To design and develop new product and service offerings
      • To conduct business analytics
      • For safety and security purposes
      • To improve
      • For other internal business purposes
      • To fulfill our legal obligations
      • To fulfill or meet the request
      • To fulfill other notified purposes
      No
      Sensory data such as recordings of customer care calls
      • To operate our businesses
      • To conduct business analytics
      • For safety and security purposes
      • To improve
      • For other internal business purposes
      • To fulfill our legal obligations.
      • To fulfill or meet the request
      • To fulfill other notified purposes
      No
      Professional or employment-related information
      • For research purposes
      No
      Non-public education information as defined in the Family Educational Rights and Privacy Act N/A N/A
      Inferences from personal information collected such as a profile about a consumer reflecting the consumer’s preferences, characteristics, and interests.
      • To provide you with products and services
      • To operate our businesses
      • To conduct marketing, personalization, and advertising
      • For Interest-Based Advertising purposes including cross-context advertising
      • To communicate with you
      • For research purposes
      • To design and develop new product and service offerings
      • To conduct business analytics
      • For safety and security purposes
      • To improve
      • For other internal business purposes
      • To fulfill our legal obligations.
      • To fulfill or meet the request
      • To fulfill other notified purposes
      Sell and share

      Retention

      Except as otherwise permitted or required by applicable law or regulation, we will retain your personal information for as long as reasonably necessary to fulfill the purposes for which we collected it or for other compatible purposes that we have disclosed.

    3. Other CCPA Disclosures

      The following is a description of our online and offline information practices over the previous 12 months and other disclosures required by the CCPA.

      1. Personal information collected

        The categories of personal information and sensitive personal information that we have collected about consumers in the past 12 months are the same as the as the categories described in our Notice at Collection.

      2. Sources of personal information

        Please refer to How we collect your personal information, which describes the sources of personal information.

      3. Purpose for collecting personal information

        Please see our Notice at Collection for an explanation of the reasons we collect personal information.

      4. Information about personal information that we have sold or shared

        Vitacost is committed to delivering great products, great experiences, and great values. From time to time, we may use or disclose your information in a manner that is considered a “sale” or “sharing” under California law to provide the most relevant product recommendations and deliver marketing messages and personalized offers through select companies (e.g., analytics, advertising, and technology companies). Those companies help us match your interests with brands who want to send promotions and offers that we believe save you money on products you buy frequently, and help you discover new products or services that you might like. When we work with these companies, your privacy, data integrity and security remain a priority.

        The table below identifies the categories of information we have sold or shared and the categories of third parties to whom information was sold or shared during the last 12 months. We do not knowingly sell or share the personal information of consumers under the age of 16.

        In cases where we have sold or shared personal information, we have done so for the following purposes:

        • To operate our business
        • To conduct marketing, personalization, and advertising
        • For Interest-Based Advertising including cross-context advertising purposes
        • To conduct business analytics
        Sold or Shared During Prior 12 Months
        Personal Information Category Categories of third parties
        Identifiers Adtech partners or vendors, social networks, internet service providers, technology vendors, analytic providers, 3rd party matching agents
        California Customer Records personal information Adtech partners or vendors, internet service providers, technology vendors, analytic providers, 3rd party matching agents
        Protected classification characteristics under California or federal law Adtech partners or vendors, data brokers
        Commercial information Adtech partners or vendors, social networks, internet service providers, technology vendors, analytic providers, 3rd party matching agents
        Internet or other electronic network activity information. Adtech partners or vendors, social networks, internet service providers, technology vendors, analytic providers, 3rd party matching agents
        Geolocation data N/A
        Inferences from personal information collected Adtech partners or vendors, social networks, internet service providers, technology vendors, analytic providers, 3rd party matching agents
      5. Personal information that we have disclosed for a business purpose

        During the prior 12 months, we have disclosed personal information for the following business purposes:

        • To provide you with products and services
        • To provide product recall notifications.
        • To operate our businesses
        • To conduct marketing, personalization, and advertising
        • For Interest-Based Advertising purposes including cross-context advertising
        • To communicate with you
        • For research purposes
        • To design and develop new product and service offerings
        • To conduct business analytics
        • For safety and security purposes
        • To improve
        • For other internal business purposes
        • To fulfill our legal obligations.
        • To fulfill or meet the request

        The table below describes the categories of third parties to whom information was disclosed for a business purpose during the prior 12 months:

        Disclosed During the Prior 12 Months
        Personal Information Category Categories of recipients
        Identifiers Adtech partners or vendors, internet service providers, technology/SaaS providers, analytic providers, third-party matching agents
        California Customer Records personal information Adtech partners or vendors, internet service providers, technology/SaaS providers, analytic providers, third-party matching agents
        Protected classification characteristics under California or federal law Adtech partners or vendors, internet service providers, technology/SaaS providers
        Commercial information Adtech partners or vendors, internet service providers, Technology/SaaS providers, analytic providers, third-party matching agents, professional service providers
        Internet or other electronic network activity information Adtech partners or vendors, internet service providers, technology/SaaS providers, analytic providers, third-party matching agents
        Geolocation data Technology vendors, delivery providers
        Sensory data Professional service providers, Technology/SaaS providers, Government agencies
        Professional or employment-related information Technology/SaaS providers
        Inferences from personal information collected Adtech partners or vendors, internet service providers, technology/SaaS providers, analytic providers, third-party matching agents

        We do not use or disclose sensitive personal information for any purposes outside of the purposes permitted by the CCPA and its implementing regulations.

    4. Your California Privacy Rights

      The CCPA provides California consumers (residents) with specific rights regarding their personal information including:

      • The right to know about personal information we know about you and how it is used and shared
      • The right to delete personal information (with some exceptions)
      • The right to correct inaccurate personal information
      • The right to opt-out of the sale and sharing for cross-context advertising using your personal information
      • In some cases, the right to limit the use or disclosure of sensitive personal information. We do not use or disclose any sensitive personal information except in some cases, where we are permitted to use such data under the CCPA without offering you the right to limit use.
      • The right to non-discrimination for exercising your CCPA rights
      1. Your Right to Know

        You have the right to know what personal information we have collected about you. Once we receive your request and verify your identity (as described below), we will disclose to you:

        • The categories of personal information
        • The categories of sources from which the personal information has been collected
        • The business or commercial purpose for collecting or selling personal information
        • The categories of third parties with whom we disclose your personal information.
        • The specific pieces of personal information we have collected about you
        • If we sold your personal information or shared your personal information for cross-context behavioral advertising, the categories of personal information we have sold or shared.
      2. Your Right to Delete

        You have the right to request that we delete personal information that we have collected from you and retained, subject to certain exceptions. Once we receive your request and verify your identity, we will review the request to see if an exception applies that allows us to retain some or all your information. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

        • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
        • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
        • Debug products to identify and repair errors that impair existing intended functionality.
        • Exercise free speech or to ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
        • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
        • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
        • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
        • Comply with a legal obligation.
        • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

        We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action. If an exception applies, we will provide you information about that exception.

      3. Your Right to Correct

        You have the right to correct inaccurate personal information that we maintain about you. In some cases, we may ask that you provide additional documentation to support your request. Once we receive your request and verify your identity, we may deny your request to correct personal information if we believe that the personal information that we maintain is more likely than not accurate based upon the totality of the circumstances.

      4. Right to opt-out of sales and sharing for cross-context-behavioral advertising

        We do not sell or share personal information of consumers who we know are younger than 16 years of age that we are prohibited from selling or sharing under applicable law.

        Some of our websites use cookies or other tracking technologies that share data that may be used for cross-context behavioral advertising purposes or otherwise share data in a way that is likely to be considered a “sale” under CCPA. Apart from our websites, we may disclose or otherwise make available your data to others in a manner that is considered a sale under the CCPA.

        You may request that we stop selling and sharing your personal information (“opt-out”). With some exceptions, we cannot sell your personal information after we receive your opt-out request unless you later provide authorization allowing us to do so again. We must wait at least 12 months before asking you to opt back into the sale of your personal information.

      5. Right to limit use of your sensitive personal information

        We do not provide a right to limit your sensitive personal information in cases where we are permitted to use such data under the CCPA without offering you the right to limit your use.

      6. Right to non-discrimination

        You have the right not to be discriminated against for exercising any of your CCPA rights.

    5. How to exercise your CCPA Rights

      1. Your right to know, delete, or correct

        To exercise your right to know, delete, or correct as described above, please submit a request by either:

        We will only use personal information provided in a consumer request to verify the request. We will not further disclose the personal information and will retain it only as necessary for the purpose of verification and to meet our legal obligations. We cannot fulfill your request if we cannot verify your identity or authority to make the request and confirm the personal information that is the subject of the request relates to you.

      2. Your right to opt-out of sales and sharing

        To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting our

        Opt-Out Preference Signals

        You may also opt out of the sales or sharing on our websites through an opt-out preference signal. To process your request through an opt-out preference signal, you must use a browser supporting the preference signal. If you choose to use an opt-out preference signal, we will opt you out of sales and sharing in the context of cookies and tracking technologies from the browser for which you have the opt-out preference signal enabled.

    6. Who may submit requests?

      Only you, or someone legally authorized to act on your behalf (an authorized agent), may make a request under the CCPA on another consumer’s behalf. You may also make a verifiable consumer request on behalf of your minor child.

      Requests to know, correct or delete:

      If you use an authorized agent to submit a request, we may require that the authorized agent provide us with proof that you gave the agent signed permission to submit the request. In addition, we may also require you to do either of the following: (1) verify your own identity directly with us; or (2) directly confirm with us that you have provided the authorized agent permission to submit the request on your behalf. These requirements of proof do not apply if the agent has a power of attorney pursuant to California Probate Code.

      We may deny a request from an authorized agent if the agent cannot meet the above requirements. Further, before responding to a request from an authorized agent, we will still require the authorized agent provide us with enough information so that we can verify your identity.

      Requests to opt-out and limit sharing

      You may also use an authorized agent to exercise opt-out rights and to limit the use of sensitive personal information. In each case the agent must provide us with documentation demonstrating that you have provided signed permission to the agent to exercise these rights with us on your behalf. We may deny the request if we do not receive such proof.

    7. How often can you submit requests?

      With limited exceptions, you may only make a verifiable consumer request to know, delete, or correct your personal information twice within a 12-month period.

    8. How do we verify requests?

      Before fulfilling your request, we take steps to verify you are who you say you are or that you have authority to act upon someone else's behalf. One way we verify you is through your account. If you do not provide your account number, we may request additional information that we need to verify you and, if you are submitting a request on behalf of someone else, to verify that you are permitted to act on that person's behalf.

      When we contact you to request verification information, please respond and provide the information that we have requested. Depending on the nature of the request you make, we may require you to verify your identity to either a "reasonable degree of certainty" or "high degree of certainty". This means that we need to match two or three pieces of information that we hold about you with information that you provide to us. This data could include, but is not limited to, email address, mailing address, phone number.

      In some cases, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request or that you are authorized to make the request on behalf of someone else.

      In addition to providing the information we need to verify you or your authority, you must provide us with enough information so that we can understand, evaluate, and respond to your request. We cannot respond to your request or provide you with personal information if we cannot confirm the personal information relates to you.

      We will only use personal information provided in the request to verify the requestor's identity or authority to make it.

      CCPA Metrics Report

      We have prepared a report on the status of CCPA privacy requests for the previous year. This report details the number of requests to know, requests to delete, requests to opt out of sale and sharing, requests to correct and requests to limit the use of sensitive personal information that we received, complied with, and denied as well as the mean number of days within which we responded to each privacy request. To view the CCPA metrics report, click here.

      Other California Disclosures

      1. Shine the Light

        California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosures of personal information to third parties for their direct marketing purpose. To make such a request, you can email us at KrogerPrivacyOffice@Kroger.com with “Shine the Light” in the subject line or body of the email request. You can also make the request by mail by writing us at:

        The Kroger Co.
        1014 Vine Street
        Cincinnati, Ohio 45202
        Attention: Privacy Officer

      2. Do Not Track

        We do not respond to “Do Not Track” (DNT) signals. However, we do honor opt-out preference signals (global privacy control) as described above.

    Virginia Privacy Disclosures

    The disclosures in this section are made pursuant to the Virginia Consumer Data Protection Act (VCPDA) and supplement our general privacy notice. References to “personal information” in our general privacy notice describe our practices with respect to “personal data,” as defined under the VCPDA.

    We use your personal data in such a way that is likely considered a “sale” under the VCPDA. Further, we process personal data for targeted advertising purposes. You have the right to opt out of both practices. Information on how to exercise your opt-out rights as well as other rights you have under the VCPDA is below.

    If you are a Virginia resident, subject to certain conditions and restrictions set out in the VCPDA and other applicable laws, you have the following rights with regard to your personal data:

    1. Right to access. You have the right to request access to and obtain a copy of any personal data that we may hold about you.
    2. Right to correct. You have the right to request that we correct inaccuracies in your personal data.
    3. Right to delete. You have the right to request that we delete personal data that we have collected from or obtained about you.
    4. Right to opt out of the sale of personal data. You may request that we stop sharing data in a way that is likely to be considered a “sale”.
    5. Right to opt out of targeted advertising. You may request that we stop disclosures of your personal data for targeted advertising.
    6. Right to opt out of profiling. You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not profile in a manner that would result in legal or similarly significant effects and as such do not offer this right.
    7. Right to appeal. If you are unsatisfied with our actions related to exercising one of your privacy rights above, you may appeal our decision.
    8. Right to non-discrimination. If you choose to exercise any of the privacy rights described above, we will not deny our products or services to you, charge you different prices or provide a different level or quality of products or services to you unless those differences are related to the value of your personal data.

    You may exercise your privacy rights under the VCDPA, by either:

    • Submitting a request on-line:
      • For Opt out of sale or targeted advertising by going to our
      • For all other privacy requests by going to our privacy center request form.
    • Calling us at 1-800-381-0759

    We will only use personal data provided in a request to verify the request. We will not further disclose the personal data and will retain it only as necessary for the purpose of verification and to meet our legal obligations. We cannot fulfill your request if we cannot verify your identity or authority to make the request and confirm the personal data that is subject of the request relates to you.

  14. EU and Swiss CUSTOMER PRIVACY (GDPR)

    Vitacost.com is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

    In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US Privacy Shield or the Swiss-US Privacy Shield, Vitacost.com is potentially liable.

    Any information you provide us is controlled and processed by Vitacost.com, Inc., 4700 Exchange Court Suite 200, Boca Raton, FL 33431, USA.

    We comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland to the United States, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

    Pursuant to the EU-US Privacy Shield and the US-Swiss Privacy Shield, Vitacost.com acknowledges that EU and Swiss individuals have the right to access the personal information that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should contact us directly using one of the following methods:

    • Send an e-mail to CustomerSupport@vitacost.com
    • Call our Customer Care line at 1-800-381-0759
    • Write us at Vitacost.com, Attention: Customer Support
      4700 Exchange Court Suite 200, Boca Raton, FL 33431, USA

    We will provide an individual opt-out choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, you may submit a written request to CustomerSupport@vitacost.com

    Note that we may be required to share personal data of EU and Swiss individuals in response to lawful requests by public authorities including to meet national security and law enforcement requirements.

    In compliance with the EU-US Privacy Shield Principles and Swiss-US Privacy Shield Principles, Vitacost.com commits to resolve complaints about your privacy and our collection or use of your information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us using one of the following methods:

    • Send an e-mail to CustomerSupport@vitacost.com
    • Call our Customer Care line at 1-800-381-0759
    • Write us at Vitacost.com, Attention: Customer Support
      4700 Exchange Court Suite 200, Boca Raton, FL 33431, USA

    We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

    Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Sign Up & Save

Get exclusive offers, free shipping events, expert health tips & more by signing up for our promotional emails.

  • Instant Online Service
  • 1-800-381-0759

    Monday-Friday 8am-9pm EST

    Saturday: 9:30am-6pm EST

    Sunday: Closed

Please enter a valid zip code
FLDC6
0