Skip to main content

California business-to-business privacy policy

Last revised: July 1, 2023

This California privacy policy for business-to-business contacts (“B2B Privacy Policy”) is provided pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (the “CCPA”), and solely applies to residents of California that have a business-to-business (“B2B”) relationship (e.g., prescribers, providers, suppliers, clients) with CVS Pharmacy®, Inc. and its subsidiaries and affiliates (“our,” “us,” or “we”).

This B2B Privacy Policy does not apply to the personal information we collect from our CVS store customers, contractors, job applicants, employees, or general visitors to CVS.com, which are subject to different notices. For more information about our data practices related to our stores, websites, and mobile applications, please visit https://www.cvs.com/help/privacy_policy.jsp.


Categories of personal information we collect Category of third parties to whom we disclosed personal information Category of third parties to whom we “Sold” or “Shared” personal information
Identifiers (e.g., name, email address, phone number, national provider identifier (NPI))
  • Government entities, regulators and law enforcement
  • Subsidiaries and affiliates
  • Advertising networks
  • Data aggregators and analytics providers
Commercial information (e.g., prescribing data)
  • Government entities, regulators and law enforcement
  • Subsidiaries and affiliates
  • Advertising networks
  • Data aggregators and analytics providers
Information relating to Internet activity or other electronic network activity (e.g., browsing data)
  • Regulators, government entities, and law enforcement
  • Subsidiaries and affiliates
  • Advertising networks
  • Data aggregators and analytics providers
Account log-in information (e.g., username, password) N/A N/A

We may use your personal information to communicate with you, for our internal business purposes, to protect our legal rights and prevent misuse, and other permissible uses.

As further described in the chart above, we may disclose your information to our vendors, subsidiaries and affiliates, third-party ad networks, and government or public authorities. We disclose personal information to support our business and provide services, for advertising and data analytics, and as otherwise permitted or required.

The source of the personal information we collect is directly from you, from our subsidiaries and affiliates, or from publicly available and other third-party sources.

We use reasonable physical, technical and administrative safeguards to protect your personal information, including retaining your personal information only as long as necessary and in alignment with our data retention schedules. Personal information may be retained to comply with applicable law, adhere to contractual requirements, in anticipation of litigation or a legal matter, or as otherwise necessary and proportionate to provide you with a product or service.

Your privacy rights

If you are a California resident and we collect, use, or disclose personal information as part of your B2B relationship with us, you may have the following rights under the CCPA with respect to your personal information.

  • Right to know/access. With respect to the personal information we have collected about you, you have the right to request from us (up to twice per year and subject to certain exemptions): (i) categories of personal information about you we have collected; (ii) the sources from which we have collected that personal information; (iii) our business or commercial purposes for collecting, selling, or disclosing that personal information; (iv) the categories of third parties to whom we have disclosed that personal information; and (v) a copy of the specific pieces of your personal information we have collected.
  • Right to delete. Subject to certain conditions and exceptions, you may have the right to ask us to delete certain personal information we have collected from you.
  • Right to correction. You may have the right to ask us to correct inaccuracies in the personal information we have collected.
  • Right to opt out of sale/sharing. You may have the right to opt out of the sale of your personal information by us. We do not have actual knowledge that we sell or share the personal information of consumers under sixteen (16) years of age.
  • Right to limit the use and disclosure of sensitive personal information. We do not collect or use sensitive personal information about you.
  • Right to non-discrimination. We will not discriminate against you if you exercise any of these privacy rights.

How to submit a request

If you are a California B2B consumer and wish to exercise these rights, you or your authorized agent can reach us by email at ConsumerPrivacy@CVSHealth.com. You may give someone else permission to exercise these rights for you. We will need proof showing you have asked someone else to make a request on your behalf, which may include a Power of Attorney form or other signed document.

Before we fulfill a deletion, access, or correction request, we must verify your identity and ability to exercise some of these rights. In order to do this, we may require you to provide your name, contact information and the nature of your relationship with us.

Contact us

If you have any other questions about the content of this B2B Privacy Policy, contact our privacy office at the address below.

CVS Pharmacy
Attn: Privacy Office
1 CVS Drive
Woonsocket, R.I. 02895
1-888-607-4287