Last updated May 1, 2022
DATA PROTECTION OFFICER
Children Under the Age of 16
Our website is not intended for children under 16 years of age. No one under age 16 may provide any personal information to the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at:
PERSONAL DATA WE COLLECT
Personal Data, or Personally Identifiable Information or “PII” means any information relating to or which can be reasonably connected to an identified or identifiable natural person. We collect Personal Data from users of the Services (“Customers”), our website, marketing efforts, in-person events and trade shows and other means.
HOW DO WE USE YOUR PERSONAL DATA?
Norstella will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Passwords and Logins (Unique Identifier)
Passwords and usernames are used for user authentication.
Direct Marketing and Opt-Out
We use User Personal Data to communicate with you regarding the provision of the Services, but also to let you know about additional features and services we provide that may be of interest to you. If you do not wish to receive marketing communications, you may opt out at any time.
You may also sign up for blog updates from our Web site. In both of these cases, we will use your name and email address to send these materials to you. You may choose to stop receiving these contacting us at:
Mail: 1040 Stony Hill Road, Yardley PA 19067
Norstella will not otherwise transmit, disclose or share your personal data to non-Norstella persons or businesses for their independent use unless: 1. You specifically authorize it; 2. The information is given to comply with the law, such as a search warrant, court order or subpoena, to enforce an agreement with have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; 3. The information is given to our agents, vendors, affiliates or service providers who perform functions on our behalf; 4. To address emergencies or acts of God; 5. To address disputes, claims, or to persons who are your agents or representatives purporting to have legal authority to act on your behalf. We may also collect aggregated data about our customers and Site visitors and transmit the results of such aggregated (but de-identified) information to our partners, vendors, service providers, advertisers, and third parties for purposes of marketing and promotions.
Processing your payment
Norstella does not store your payment information. Customer payment information is sent directly to our third-party processor, Shopify.
Norstella does not store credit card information separately from Shopify. However, information about you is given to us from Shopify to confirm that your bill has been paid so that we may account our receivables.
Law Enforcement and Internal Operations
Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary
Third-Party Data Processors or Service Providers
We engage Service Providers or “Data Processors” to perform services on our behalf to help us provide services to you. Additionally, we engage third-party Data Processors to assist us in processing of credit cards, marketing, IT infrastructure, cloud computing, SaaS, data enhancement and other services to enhance your experience with our subscription services as well as our website and business in general.
These Service Providers will only use your Personal Data to the extent necessary to perform their functions and are subject to contractual obligations to maintain the security and confidentiality of all information they receive from us.
In addition, Norstella may share data with trusted partners as data processors to help us perform statistical analysis, send you email or postal mail, provide customer support, or to deliver our services to you. All such third parties are prohibited from using your personal information except to perform data processing according to Norstella’s instructions in order to provide our services to you, our customer.
SECURITY OF YOUR PERSONAL INFORMATION
How is my data protected?
Norstella uses SOC 2 Type II to secure personal information from unauthorized access, use or disclosure. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. When sensitive information (such as log-in credentials) is submitted, it is protected through the use of encryption. We restrict access to your personal data to those employees who require that information to provide Norstella’s services to you. Furthermore, our employees are trained regarding the importance of confidentiality and maintaining the privacy and security of your information.
Reasonable administrative, technical, and physical security measures taken, include but are not limited to:
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the security of any information we store, process, or transmit.
Data Storage and retention
Your personal data is stored on Norstella’s servers as well as the servers of Norstella’s cloud and SaaS based systems, located in the United States. For more specific information on where and how long your personal data is stored, please contact Norstella’s data protection officer at email@example.com.
Right to Review or Change Your Data
If your personal information changes, you may correct, update, amend, remove, or ask to have it removed by making the change on your user account settings page or by contacting us by phone or email at the contact information available on our Web site.
We will retain your information for as long as your account is active, as needed to provide you the Services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Right to Withdraw Consent
You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data.
If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings.
Right to Remove
You can request that we delete your Personal Data by emailing a request to
If we are legally required to comply with such a request, we will confirm your identity and delete your personal data in such time frame as required by law.
We may be required by law or to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Services. We may de-identify and anonymize some data for purposes of retaining it.
Right to Redress
If you are located in the European Economic Area (EEA) or United Kingdom and you believe we have violated any data protection laws, please contact us immediately at firstname.lastname@example.org We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this policy within forty-five (45) days of receiving a complaint.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). Should an individual be unable to resolve a complaint with us, they may contact the FTC at the following address:
Federal Trade Commission
Attn: Consumer Response Center 600 Pennsylvania Avenue NW, Washington, DC 20580 or www.ftc.gov
European Economic Area and United Kingdom data subjects may also have the right to file complaints with the Data Protection Authorities located in the jurisdiction they are located in.
THIRD PARTY LINKS
Our Site includes links to other Web sites whose privacy practices may differ from Norstella’s practices. If you submit personal information to any of those sites, your information is governed by their privacy policies. Norstella is not responsible for the privacy statements or other content on Web sites outside of the Norstella web site.
This policy may be amended from time to time, consistent with applicable data protection and privacy laws and principles including, but not limited to the requirements of English law, and/or the EU General Data Protection Directive. We will notify you of changes to this policy either through email, posting on our website, via our Services, or other means. We will notify Customers if we make changes that materially affect the way we handle Personal Data that we previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
Norstella as a “Business” and a “Service Provider”
California law makes a distinction between organizations that process Personal Data for their own purposes (known as “businesses”) and organizations that process Personal Data on behalf of other organizations (known as “service providers”). Depending on the circumstances, Norstella may act as either a business or service provider with respect to your Personal Data. If you have a question or a complaint about how your Personal Data is handled, these should always be directed to the relevant business since they are the ones with primary responsibility for your Personal Data.
For example, if you visit our site and contact us through an online web form, Norstella will be a business with respect to the Personal Data that you provide about yourself. We will also be a business as to the Personal Data that we have obtained from you as a customer of our products and services. We use this information to provide you with requested services and products.
Summary of Information We Collect
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
We or our service providers may collect the below categories of information for the following business or commercial purposes (as those terms are defined in applicable law):
We may also use the above categories of Personal Data for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.
If you are a California resident, you may have certain rights. California law may permit you to request that we:
You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you. If you ask us to delete it, you may no longer be able to access or use the Services.
If you would like to exercise any of your California consumer rights, please submit a request to email@example.com. You can also contact us toll-free at 888-200-9288. You will be required to verify your identify before we fulfill your request. To do so, you will need to provide us with certain account information, such as the full name and email address you used to create your account and your account user id. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization for the agent to act on your behalf. You will still need to verify your identity directly with us.
YOUR CALIFORNIA PRIVACY RIGHTS UNDER THE SHINE THE LIGHT LAW
California residents who have an established business relationship with Norstella may make a written request to Norstella about whether Norstella has disclosed any Personal Information to any third-parties for the third-parties’ direct marketing purposes during the prior calendar year. To make such a request, please send an email, call or write us:
NOTICE FOR NEVADA RESIDENTS
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
We do not engage in such activity; however, if you are a Nevada resident who has purchased services from us, you may submit a request to opt out of any potential future sales under Nevada law by email to: firstname.lastname@example.org. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
If you believe that Norstella has not adhered to this Statement or have questions, please contact us at:
We’re looking for agile, growth-oriented team players who are passionate about client success and helping patients get access to the care they need.Work with us
Have questions about Norstella or its brands? Or do you want to know more about how to solve your market access challenges?We want to hear from you