1. Costco’s Commitment to Privacy.
Costco is committed to protecting the privacy of our customers. We have and will take measures that protect the privacy of personal information and personal health information held by us.
- why we collect personal information and personal health information;
- what we do with that information;
- what steps we take to ensure that the information is secure;
- who you should contact if you have questions or concerns about our policies or practices.
Children: We encourage parents to take an active interest in their children’s use of the Internet. We do not intend to collect information from children who are under 18 years of age. If you are under 18, please do not provide information on our Sites.
2. What is personal information?
In general terms, personal information means any information about an identifiable individual. For example, this includes your name, postal and email address, telephone number, credit card number, the photograph included on your Costco membership card, demographic information and purchasing history. A special category of personal information is “personal health information”, which we describe in Section 3 below.
Personal information does not include aggregate information, such as data about a group or category of products, services or customers, from which individual customer identities have been removed. For example, information about how you use a service may be collected and combined with information about how others use the same service, but no personal information will be included in the resulting data. Likewise, information about the products you purchase may be collected and combined with information about the products purchased by others.
We may also gather aggregate information about how Costco customers use our Sites. Aggregate information about product purchases helps us understand trends and customer needs, and assists us in product selection, product ordering and sizing and the introduction of new products and services. It can also assist us in determining where it would be appropriate to build new warehouses by looking at the geographic location of members or to build new Site functions by looking at anonymized browsing activities.
3. What is personal health information?
Personal health information means any information relating to your physical or mental health collected or generated in the course of our providing you with the health services you request, such as optical, pharmacy and hearing aid services, and prescription profiles for fulfillment of pharmacy orders. Examples of personal health information may include your medical history, drug prescription information, eyeglass prescription information, or health insurance information, which we may require in order to provide you with pharmacy, hearing aid, optical and other health-related services. It may also include information you provide to Costco health services personnel when receiving counselling or advice, or when contacting Costco with a comment, question or complaint about our health services.
4. When we collect personal information.
We only collect such personal information as is strictly necessary for the purposes outlined in Section 5. We collect personal information when you:
- apply for membership (including information about your credit history that may be collected, used, or disclosed if you choose to pay by cheque);
- apply for a Costco co-branded credit card;
- renew your membership;
- contact us with questions, inquiries, comments, complaints or requests;
- sign up for certain products and services (such as rebates, the Costco Services program and other business and consumer services, collectively the “Costco Services”);
- use our Sites;
- participate in any of our programs;
- place orders, make purchases, return or exchange items, or seek further information about our products and services;
- place orders or make purchases, return or exchange items, or seek further information through our affiliated companies, including Costco Wholesale Corporation (Costco and its affiliates are referred to collectively as the “Costco Affiliates”);
- enter into a contest or sweepstakes or respond to one of our surveys; and
- ask us to place you on a “Do Not Email” list so that we can ensure that your wishes are respected.
Please note that the Costco Services may be provided by third party suppliers. We collect from such third party suppliers a list of our customers who have signed up for Costco Services and information about the use our customers make of such Costco Services (for example, frequency of use and customer feedback).
We may also take video footage on our properties to protect the rights, property or safety of Costco, its customers, employees, or the public.
5. How we use personal information.
As part of our business operations, we hold and use certain personal information pertaining to you in order to process your requests, provide you with Costco Services, and to understand your needs so that we can serve you better.Specifically, we may use personal information for the following purposes:
- Notifying you of recalls or safety issues;
- Approving you as a member when you apply for membership;
- Managing the provision of goods, services and privileges to you, including monitoring your membership, processing exchanges or returns, to conduct a credit check if you choose to pay by cheque, to determine your credit status and for fraud detection and identification purposes;
- Managing invoicing, accounting and information security services related to our transactions with you;
- Monitoring your satisfaction with our programs, including the Executive Membership Program, the services offered by our suppliers of Costco Services and contacting you regarding the status of such programs and services (for example, to inform you of changes to or the termination of particular Costco Services);
- Protecting against harm to the rights, property or safety of Costco, its customers, employees, or the public;
- Internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting
- As described in our “Online privacy practices” in Section 12 below;
- Managing our “Do Not Email” lists; and
- Using personal information to create aggregate information as described above in Section 2.
If you ask us to, we will also tell you about news, promotions, special offers and other information from Costco, regarding Costco, Costco Affiliates and selected partners, such as our promotional programs. You may unsubscribe from these kinds of messages at any time by visiting Costco.ca and setting your Communication Preferences.
6. When we share personal information.
From time to time we engage unaffiliated third parties and their affiliates, agents and subcontractors (“Service Providers”) to perform certain technological or administrative services. For example, a Service Provider may be asked to perform credit card processing services, administer a contest or be asked to run a computer program that identifies which of our members purchased a particular product so we can notify those members of special programs regarding the same or similar products. We also may use a Service Provider to host and administer one or more of our Sites, process and store data, and fulfill similar technology-related functions on our behalf. In these circumstances, the personal information that the Service Provider receives is limited to only the personal information held by us that they need in order to render their service to us. The companies that are provided with the personal information are first required to sign an agreement that obligates them to keep the information confidential and secure and prohibits them from using it for unauthorized purposes.
We have engaged Service Providers to provide us with cloud computing services. Cloud computing is the provision of network-based services, located on remote computers, that allow individuals and businesses to use software and hardware operated by third parties. Examples of these services include online file storage, webmail and online business applications. Service Providers have policies and processes in place to ensure that the confidentiality of information in their care is properly safeguarded at all times. As of the date of this policy, our cloud computing Service Provider processes and stores information in the United States, the European Union, Taiwan, Singapore and Chile. This may change from time to time: for a current list of storage locations, click here.
You acknowledge that if Service Providers provide services from other countries (such as the ones named above), your personal information may be processed and stored in these countries and the governments, courts or law enforcement or regulatory agencies of these jurisdictions may be able to obtain disclosure of your personal information through a lawful order.
As outlined above, Costco Services (such as rebates, the Executive Membership Program, and other business and consumer services) may be provided by Service Providers. When you sign up for Costco Services, we will share your name, membership status, membership number and type and such other personal information as is necessary with the Service Provider so they can confirm your eligibility for the Costco Service you requested. Service Providers who are suppliers of Costco Services can only use the personal information that we share with them to provide the Costco Services or, if you have consented, to notify you of their offerings and to evaluate new and existing products, offerings or services. We are not responsible for any additional information you provide directly to these Service Providers, and we encourage you to become familiar with their privacy and security practices and policies before disclosing information to them. There may be instances when we provide information relating to our business customers to various suppliers such as tobacco companies, so they can conduct market studies and other promotional activities. In the case of tobacco products, the information we provide is the business customer’s name, address, the brand name of the tobacco products purchased and the amount of tobacco products purchased.
When you apply for a Costco co-branded credit card, we will share with our credit card partners (including the issuing institution, the payment processing network, and other organizations providing services relating to the Costco co-branded credit card) the information you provide on the application form. If the application is approved, we will share with these partners your Costco membership number(s) and start date(s), your Costco membership photograph(s) that will appear on the co-branded card, your company name and resale permit number (if applicable) and the type and status of your Costco membership. Our credit card partners also have privacy policies, which we encourage you to review carefully before applying for a co-branded credit card.
We may disclose personal information without your knowledge or consent if a law, regulation, search warrant, subpoena or court order legally authorizes us or requires us to do so. We may also disclose personal information to protect the rights, property or personal safety of Costco, its customers, employees or other members of the public.
Except as set out above, we do not sell, rent, share or disclose the personal information or personal health information we hold or make our membership list available to others for a fee without your consent.
7. When we collect, how we use and when we share personal health information.
In the course of providing you with pharmacy, hearing aid, optical and other health-related services and programs we introduce from time to time, we collect, use and disclose personal health informationCostco, Costco Affiliates and their Service Providers may collect, use or disclose your personal health information in connection with:
- providing you with the health services you request;
- communicating with your health service providers;
- processing or obtaining payment for government-funded health services (for example, obtaining authorization from your insurer or provincial authorities for direct payment of pharmacy services);
- processing or obtaining payment from your health insurance provider;
- internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting;
- providing Costco with technological or administrative services as described in Section 6 above; or
We may also disclose personal health information without your knowledge or consent if a law, regulation, search warrant, subpoena or court order legally authorizes us or requires us to do so or to protect the rights, property or personal safety of Costco, its customers, employees or other members of the public. We may also be required to disclose certain personal health information in order to maintain standing with professional health bodies, including those for pharmacists, audiologists and opticians.
Personal health information may be stored by Costco or Costco Affiliates outside of Canada. As noted above, as an example, as of the date of this policy, our cloud computing Service Provider processes and stores information in the United States, the European Union, Taiwan, Singapore and Chile. This may change from time to time: for a current list of storage locations, click here. You acknowledge that if Service Providers provide services from other countries (such as the ones named above), your personal health information may be processed and stored in these countries, and the governments, courts or law enforcement or regulatory agencies in these jurisdictions may be able to obtain disclosure of your personal health information through a lawful order.
8. How long do we hold personal information and personal health information?
Personal information and personal health information is retained only for so long as is necessary for the purposes set out above. When no longer required, we will destroy, erase or de-personalize the personal information and personal health information. Legal requirements may necessitate our retaining some or all of the personal information and personal health information we hold for a period of time that is longer than we might otherwise hold it. However, Costco will restrict access to such information to prevent it from being used except for the fulfillment of these legal requirements.
To ensure that the personal information and personal health information you provided is accurate, complete and up-to-date, we urge you to provide us with updates regarding such information and to inform us of any errors affecting the personal information and personal health information we hold. You may update, review or correct your Costco.ca online account information at any time by accessing your password-protected registration page via the “My Account” area of the Sites. To update any other information, please visit the Membership Counter in any of our warehouses with your membership card to confirm your identity.
10. Security measures.
We will continue to keep in place security measures in an effort to protect personal information and personal health information held by us from unauthorized use, access, disclosure, distribution, loss or alteration. We employ physical, administrative, contractual and technological safeguards to protect personal information, and insist that our Service Providers do the same. Access to personal information and personal health information will be restricted to authorized personnel who require the information in order to perform their duties properly. In addition, access will be limited to only that information that is strictly necessary for the performance of those duties. Please also see our “Online privacy practices” in Section 12 below.
We periodically update our policies regarding information security measures in an effort to protect the personal information and personal health information held by us in the most effective manner possible.
11. Accessing personal information and personal health information.
Our customers are entitled to access the personal information and personal health information held by us concerning them. In recognition of the importance we attach to each customer’s personal information, you can only access personal information and personal health information we hold about you, but not personal information and personal health information about your spouse or others who may have been issued a membership card on your account. Under limited circumstances, we may give you access to personal information or personal health information that we hold about others, but only if required or permitted by law (for example, a parent or guardian may, in certain instances, be given access to the personal information or personal health information of a child or a person who requires a substitute decision maker).
You can access your personal information and personal health information by showing your membership card at the Membership Counter in each warehouse to confirm your identity and completing a written request for such information on a form we provide. We will generally respond to your request for information within thirty (30) days, unless, for reasons beyond our control, a longer response time is necessary, in which case you will be advised accordingly. While our response will generally be provided at no cost, you will be informed in advance of any charges that apply in connection with the information request. Charges may relate to the transcription, reproduction or transmission of personal information or personal health information held by us.
In very limited circumstances, we may not be able to supply personal information and personal health information for reasons of a legal nature, including privileged communications between professional and client or a pending judicial proceeding. In each case, we will provide written reasons outlining why your request for access has not been granted.
12. Online privacy practices.
Collection: We may collect personal information and personal health information online when you visit our Sites as described in Sections 4 and 7 above.
Cookies help us to customize our home page for you and to better display pages according to your browser type. While cookies are optional for browsing Costco.ca, they are required for registering, logging on, purchasing or adding items to your cart. If you wish to purchase items or set up an account on Costco.ca, you will need to accept a Costco.ca cookie. (In order to control the ability of website providers to place cookies on your computer, you should consult your browser’s “Options” and “Help” pages to learn how to adjust your settings to suit your privacy preferences.)
Use: We use personal information and personal health information collected online as described in Sections 5 and 7 above. In addition, we use personal information and personal health information:
- to facilitate and monitor certain features of the Sites that you choose to interact with, such as online forums, feeds and chatrooms;
- to respond to your questions and concerns and to understand your needs and preferences;
- to conduct surveys and other research;
- to provide you with customized Site content and advertising;
- to fulfill your online orders for products and services and to facilitate product deliveries, pickups and returns;
- to detect, prevent, or otherwise address fraud, security or technical issues; or
- to protect against harm to the rights, property or safety of Costco, its users or the public as required or permitted by law.
Sharing: We share personal information and personal health information collected online as described in Sections 6 and 7 above. In addition, we may provide Service Providers with certain information that is necessary to fulfill an order you have placed with us. For example, if you request shipment for a purchase, we may provide your address to the shipping carrier and customs service provider, and if you pay by credit or debit card, your card number and sales transaction information are passed to the card processor and/or issuer (including their service providers such as fraud verification services). We also may use Service Providers to host and administer the Sites, process and store data, and fulfill other technology-related functions on our behalf. However, we only give or permit access to vendors, suppliers and other Service Providers involved in Site administration and the commerce distribution chain the limited information needed to perform their duties and provide you with the products and services you order. We are not responsible for any additional information you provide directly to these parties.
Protection: Personal information and personal health information we collect on our Sites is stored electronically, and may be combined with other off-line information. Personal information and personal health information entered on our Sites is encrypted using a security protocol called SSL (Secure Sockets Layer). SSL encrypts information entered on our site before it is sent over the Internet. SSL also allows you to view securely your online account and registration information. Account information is accessible online only through the use of a password. To protect the confidentiality of personal information and personal health information, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of our Sites by any person using your password. You are advised that, unlike communication within our Sites, we have no control over the privacy of your email communications with us while in transit. We recommend that you do not include confidential, proprietary, personal or personal health information in emails, including credit card numbers, passwords, prescriptions and other similar information. Also, if other people have access to your email account, they may be able to access your password and obtain personal information about you (such as your credit card information), or change information about your user profile. You should not use an email account operated by your employer because many employers have the legal right to access such email accounts. Please advise us immediately by email at firstname.lastname@example.org or by dialing 1-888-426-7826 if you believe your password has been misused.
13. Complaint process.
If you previously consented to the sharing of the personal information you provided or are a Business Member and you do not want us to disclose information about your tobacco purchases, you can change your mind by:
- Contacting us at any Membership Counter at any Canadian Costco warehouse location;
- Calling our Member Service representatives at 1-800-463-3783;
- Emailing Customer Service at email@example.com with ATTENTION: PRIVACY OFFICER in the subject line;
- Writing us at: Member Service, 415 West Hunt Club Road, Ottawa, Ontario K2E 1C5 Attention: Privacy Officer
If you wish to unsubscribe from electronic messages providing news, promotions, special offers and other information from Costco, regarding Costco, Costco Affiliates and selected partners, such as our promotional programs, you may do so at any time by visiting Costco.ca and setting your Communication Preferences.