Privacy Policy

Nutrition Depot Asia Co., Ltd. ("Nutrition Depot", "we", "us", or "our") is Asia Pacific's leading sports nutrition distributor, operating across 8 markets with wholesale and retail operations serving over 3 billion people. Our principal operations are based in Thailand with regional offices and retail presence across Southeast Asia.

We act as the data controller for all personal information collected through this website and through our business operations. For any questions about this policy or how your data is handled, please refer to the Contact section at the end of this page.

This policy applies to:

• Visitors to our websites and digital platforms
• Retail customers purchasing products at our stores or online
• Wholesale partners, distributors, and B2B clients
• Brand partners and suppliers we work with
• Job applicants and potential business contacts

We collect information that you provide directly to us, information generated when you use our services, and data we receive from trusted third parties. The types of information we may collect include:

We process your personal information only where we have a lawful basis to do so — including to fulfil a contract with you, to comply with legal obligations, or where we have a legitimate business interest that does not override your rights.

• Order fulfilment & customer service: Processing purchases, deliveries, returns, and responding to your enquiries.
• Account management: Creating and managing your customer or partner account, including authentication and access control.
• B2B partnership management: Onboarding wholesale partners, managing credit accounts, processing trade orders, and reporting.
• Marketing communications: Sending product updates, promotions, and relevant content — only where you have opted in or where we have a legitimate interest.
• Website improvement: Analysing how visitors use our site to improve functionality, content, and user experience.
• Legal & compliance: Complying with import/export regulations, tax obligations, anti-money laundering requirements, and other applicable laws across our operating jurisdictions.
• Fraud prevention & security: Detecting, investigating, and preventing fraudulent transactions and other illegal activity.
• Business analytics: Understanding sales trends, market performance, and consumer preferences to grow our business responsibly.

We do not sell your personal information to third parties. We may share it only in the circumstances described below, and only to the extent necessary:

• Brand partners & suppliers: When acting as a distributor, we may share relevant order or contact details with brand principals to facilitate fulfilment, warranty, or brand-activation programs — always under confidentiality obligations.
• Logistics & fulfilment providers: Courier companies and warehouse operators receive only the information required to deliver your order (name, address, contact number).
• Payment processors: Transactions are processed by PCI-DSS-compliant payment gateways. We do not store, transmit, or process full card data ourselves.
• Technology service providers: Cloud hosting, CRM, email platforms, and analytics tools that operate under data processing agreements and are prohibited from using your data for their own purposes.
• Professional advisers: Lawyers, accountants, and auditors under strict confidentiality obligations.
• Regulatory authorities: Tax agencies, customs authorities, and law enforcement when required by applicable law in our operating markets.
• Business transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred to the acquiring entity, with notice provided to you.

Our website uses cookies and similar tracking technologies to give you a better experience, analyse traffic, and support our marketing activities. You can control cookie use through your browser settings or our consent manager.

To manage your cookie preferences, update your browser settings or contact us. Note that disabling optional cookies will not affect your ability to browse or purchase from our site.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, tax, and regulatory requirements.

• Customer accounts & purchase records: Retained for a minimum of 7 years after the last transaction to satisfy commercial and tax obligations in our operating markets.
• Marketing preferences: Retained until you withdraw consent or opt out, after which we will suppress — not delete — your details to honour your preference.
• Enquiry and support records: Retained for 3 years from closure to assist with follow-up enquiries and dispute resolution.
• Analytics data: Aggregated and anonymised data may be retained indefinitely; personally identifiable components are deleted or anonymised after 26 months.
• B2B contracts and trade documents: Retained for 10 years in compliance with commercial law requirements across our jurisdictions.

When personal data is no longer needed, we securely delete or anonymise it in accordance with industry best practices.

Depending on your location, you may have specific rights under applicable data protection laws such as Thailand's PDPA, Singapore's PDPA, Indonesia's PDP Law, or the GDPR for EU/EEA residents. We honour these rights regardless of your jurisdiction:

To exercise any of these rights, please contact our Privacy Team using the details in Section 11. We will respond within 30 days. We may need to verify your identity before processing your request and may charge a reasonable fee for manifestly unfounded or excessive requests.

As a pan-Asian business, your personal data may be transferred to, and processed in, countries outside your home country — including Thailand, Singapore, Hong Kong, Malaysia, Indonesia, Vietnam, the Philippines, and Taiwan, as well as to servers hosted by global cloud providers.

When transferring personal data across borders, we ensure adequate protection is in place by:

• Relying only on service providers in countries deemed to have adequate data protection laws
• Using standard contractual clauses or equivalent mechanisms where required
• Applying our internal data governance policies consistently across all markets
• Obtaining your explicit consent where required by local law

We take the security of your personal information seriously and implement a comprehensive set of technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration.

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Access controls: Personal data is accessible only to employees and contractors who require it for their role, under strict need-to-know principles.
• Payment security: We use PCI-DSS-compliant payment gateways. Nutrition Depot does not store, process, or transmit raw card payment data.
• Regular security assessments: We conduct periodic vulnerability assessments and penetration testing of our digital infrastructure.
• Incident response: We have procedures in place to detect, investigate, and notify you of any personal data breach in accordance with applicable law.

While we take all reasonable precautions, no method of internet transmission or electronic storage is 100% secure. We encourage you to keep your account credentials confidential and notify us immediately if you suspect any unauthorised access to your account.

Our products and services are intended for adults aged 18 and over. We do not knowingly collect personal information from individuals under 18 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will delete the information promptly.

In jurisdictions where the age of consent for data processing is higher than 18, we apply that higher threshold accordingly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify registered users via email where the changes are significant
• Display a prominent notice on our website for a reasonable period

Your continued use of our services after any update constitutes your acceptance of the revised policy. We encourage you to review this page periodically to stay informed about how we protect your information.