show timeout overlay link

Your Session Is About to Expire

This online session is about to expire due to inactivity. Click Continue to return to page.

  • Weekly Ad
Close
Close
Close
Close
Close

Privacy Policy

Effective Date: July 18, 2022


This Privacy Policy talks about how CVS Pharmacy, Inc. and its subsidiaries and affiliates which provide services in person at our stores or through CVS.com® ("CVS," "we" or "us") may collect information about you, including through your interactions with us:


  • In our stores
  • On our websites
  • On our mobile applications

We refer to these collectively as the "Services" and our websites and mobile applications as the “Online Services.”


As you likely know, CVS Health® offers many services in addition to the Services, such as pharmacy, medical, and health plan services. If you are looking for information about how CVS Health collects and uses information for any services other than the Services, you should review the privacy policy provided for those services. To make it easier for you to find, here are some other CVS Health privacy policies:


If you have any questions or concerns about this Privacy Policy, how we collect and use your information, or questions about which policy applies to information you have provided, please do not hesitate to Contact Us, or call us toll-free at 1-888-607-4287.


We may change this Privacy Policy. The "Effective Date” at the top of this page shows when it was last revised. Any changes take effect when we post the revised Privacy Policy on the Services.


Our Online Services are designed for a general audience and are not directed to persons under the age of 16. We do not knowingly collect personal information online from any person we know to be under the age of 16.


We designed our Online Services for users from the United States and we control and operate the Online Services from the United States.


The personal information we collect

We want you to know how we collect and use your personal information. Some examples of the personal information we may collect about you include:


  • Contact information including your name, mailing address, email address, and telephone number
  • Your password, if you create an account
  • Demographic information such as your age and date of birth, sex and/or gender
  • Language preferences
  • Enrollment in programs such as e-receipt or ExtraCare®, your use of coupons or other offers
  • Transaction information such as purchase history, returns, or exchanges
  • Use of certain store services such as if you arrange to pick up your retail order outside a CVS store, or have your order delivered to your home
  • Your interactions with our websites or mobile sites, mobile apps, Wi-Fi and other online services, such as how you use our Online Services including search terms, pages you visit on CVS.com and our mobile applications
  • Information about the apps, browsers and devices you use to access our Online Services including your computer’s IP address and/or mobile device information (e.g., device model, operating system version, unique device identifiers, mobile network information)
  • Views and interactions with emails, communications, content and ads
  • Payment card information
  • Driver’s license number or other government issued identification information
  • Geo-location information and in-store location
  • Inferences about you, such as household income level and marital status
  • Your social media account information if you share it with us
  • Images you provide to us (e.g., when you upload photos) or that are viewed or recorded on an in-store security camera
  • Biometric information which may include voice recognition or records of calls to or from our customer service centers
  • Professional or employment-related information, such as whether you are a CVS Health colleague
  • Other information you provide to us.

If you choose not to provide your personal information to us in connection with the Services, we may not be able to provide you with certain products, Services or information.


Information collected from other sources

We may collect information about you from both publicly available and other third-party sources to enhance and improve the accuracy of our information about you. We may combine the information we collect from you through the Services with information we get from and about you from other online and offline sources. We may use the combined information in accordance with this Privacy Policy.


How we use your information

We use your information to provide you with the Services and products you purchase from us as well as to provide customer service to you. Additionally, we may use or disclose the personal information we collect about you for the purposes listed below.


To communicate with you. We use your personal information to respond to your requests. For instance, we may use your personal information to fulfill your order, contact you with information about your order, send you email alerts, send you newsletters, and to provide you with related customer service.


We may use your information to send marketing communications and administrative information. This may include push notifications in our apps.


We may also use your information to:


  • Manage subscription services
  • Provide order management, billing, improving reorder experiences
  • Communicate with you about your orders or accounts
  • Offer other products and services that may interest you including those that we recommend from third parties through the CVS media company, CMX

To enhance your experience. We may use your personal information to personalize your experience shopping and interacting with us. We may present products and offers tailored to your interests.


In connection with a sale or transfer of business assets. We may disclose or transfer your personal information to other parties if some or all of our business, assets or stock are sold, transferred or used as security. This includes in connection with any bankruptcy or similar proceeding.


To provide information to our service providers. We may disclose personal information to our service providers. They provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and infrastructure, customer service, email delivery, auditing and other services.


For our internal business purposes. We may use your personal information for our internal business purposes, such as training, data analysis, audits, fraud monitoring and prevention. We may also use it for developing our Services and new product and services, to assess the effectiveness of our campaigns, and to operate and expand our business activities.


To respond to law enforcement officials or enforce our rights. We may disclose your personal information if required to do so by law enforcement officials or other government authorities.


We may use or disclose your information in matters involving claims of personal or public safety, or in litigation. This may include the use or disclosure of your personal information to allow us to pursue remedies or to limit the damages we may sustain.


We may also use or disclose your information to enforce our terms and conditions, to protect our operations or those of any of our affiliates, to prevent misuse of our Services, or to protect our rights, privacy, safety or property and/or that of our affiliates, you or others.


To maintain and enhance the safety and security of our Services. We may use and disclose personal information to detect, prevent and address issues involving our Services, including security breaches.


To combine information. We may combine information that does not personally identify you with personal information. If we do, we will treat the combined information as personal information for as long as it stays combined.


Other uses. We also may use your information in other ways for which we provide specific notice at the time of collection.


If information does not personally identify you, we may use and disclose it for any purpose except to the extent limited by applicable law.


Third-Party Services and Features

The Services may contain links to, or make available, third-party websites, services, features or other resources not run by us or on our behalf (the “Third-Party Services.”) We make these Third-Party Services available as a convenience to you and are not affiliated with, endorsing or sponsoring the Third-Party Services.


Any information you give to such third parties is not subject to the terms of this Privacy Policy. We are not responsible for the privacy or security of the information you give to Third-Party Services or how they handle your information. We also are not responsible for the information collection, use, sharing or security practices of Third-Party Services. You should review the privacy policy of any Third-Party Service to whom you give information in connection with the Services.


Our Online Services include certain social media features such as our Facebook and Twitter accounts or widgets on our Online Services. If you engage with the Services using a social media platform your friends and connections and others who use our Services may also see it, as might your social media account provider. The social media provider’s privacy policy governs the use of the information you share on or through the social media platform.


Security

We want to protect your personal information. We use reasonable physical, technical and administrative safeguards. Additionally, you should take steps to ensure your personal information is protected like using passwords that would be difficult to guess, not using the same password for multiple accounts and periodically changing your password.


Cookies and other technologies

Like many other websites and online services, we collect traffic and usage patterns. We use cookies, Web server logs and similar technologies to do this.


We use this information for various purposes:


  • To ensure that the Online Services function properly
  • To help with navigation (or how you find your way around the site)
  • To personalize your experience
  • To understand use of the Online Services
  • To diagnose problems
  • To measure the success of our marketing campaigns and targeted ads
  • To otherwise administer the Online Services

Cookies are small computer files we transfer to your computer’s hard drive. These are usually small text files. They help us personalize content for you on our pages and provide programs like e-coupons. You can set your browser to accept or reject cookies. Instructions for resetting the browser are in the Help section of most browsers.


We also use cookies to collect and receive certain information about a website user, such as the type of web browser used, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version, and/or other device characteristics including your choice of settings such as Wi-Fi, Bluetooth, and Global Positioning System ("GPS"), CPU ID and type, build, model, manufacturer, operating system version, screen size, screen resolution, mobile network status, device locale, and carrier ID. We review our web server logs and our customers’ use of our site. This helps us to gather statistics on how many people are using our site and why.


Internet providers assign your device an IP address number. We may identify and log your IP address automatically in our Web server log files when you use our Services. We may also collect the time of your visit and the pages you look at. We use IP addresses to do things like gauge usage levels of the Services, help find server problems, and administer Services.


Our Online Services use tracking technologies to collect and record your activities and movements across our websites throughout your browsing session, including page hits, mouse movements, scrolling, typing, out-of-the-box errors and events, and API calls (“Session Data”). We use this information to (1) remember your information so you do not have to re-enter it, (2) track and understand how you use and interact with the Online Services, (3) perform analytics, (4) tailor the Online Services around your preferences; (5) measure the usability of the Online Services and the effectiveness of our communications; and (6) improve our products, services, and your experience. Such tracking may also include recorded sessions, which we may play back for these purposes. We may share Session Data with our vendors (which may change over time) for these purposes.


Interest Based Advertising

Like many companies, CVS participates in interest-based advertising. We may use or partner with third-party companies, including social media and third-party advertising companies tailored to your individual interests based on how you browse and shop online. Doing so helps us to measure services and display targeted ads when you access and use the Services.


These are ads about goods and services we feel may interest you based on your access to and your use of our Services and other online services. To do so, these companies may place or recognize a unique cookie on your browser. These third parties may also use pixel tags, web beacons and other storage technologies to collect or receive information about your online activities over time and across our website and elsewhere on the Internet.


We may also use analytics providers that use cookies, pixel tags, web beacons and other similar technologies. They may collect or receive data about your use of our Services and other websites or online services. These analytics services (like Adobe Analytics or Google Analytics) provide services that analyze information regarding visits to our Online Services.


To learn more about Adobe Analytics privacy practices, click https://www.adobe.com/privacy.html.


To learn more about how Google uses your data from our sites and how you can control the information collected by Google, click https://policies.google.com/technologies/partner-sites.


At any time, you may opt out of the collection and use of information for ad targeting. For more information, and to exercise your right to opt out, you may use various consumer choice tools created under self-regulation programs. For instance:


Even if you opt out of receiving targeted ads, you may still see or get other types of online ads.


Lastly, you may manage cookies in your web browser. You can set your browser to accept or reject cookies, which you can learn more about in the Help section of most browsers.


Our websites are not designed to respond to “do-not-track” signals received from browsers.


Your choices and access

You can take yourself off our email list for promotional offers at any time. Just update your Email Communications preference in your Account Profile. Start in the My Account section or follow the instructions in the email. If you opt out of getting promotional emails from us, we may still send you important administrative messages. You cannot opt out of these messages.


You may stop push notices through your mobile device settings. You may be able to allow or deny us to collect your device’s location by using the settings on your mobile device, and/or to avoid the collection of location by beacons by disabling Bluetooth on your mobile device. If you deny such collection, we and our service providers may not be able to offer you certain personalized services and content.


You can stop all further collection of information by a CVS mobile app. All you need to do is uninstall it.


If you uninstall the mobile app from your device, the CVS unique identifier associated with your install and/or device may continue to be stored. If you re-install the app on the same device, we might be able to link this identifier to your past activities.


If you are a minor, you may remove or request removal of any content or information you post on our site. To request removal of content or information you have posted to our site, please Contact Us. Removal or requests for removal of content or information that has been posted to our website does not ensure complete or comprehensive removal.


If you are a California consumer, for more information about your privacy rights, please see the section of this Privacy Policy called “Your California privacy rights.”


Contact information

If you have any questions or concerns about the way we collect and use your information, Contact Us. Or call us toll-free at 1-888-607-4287.


If you have any other questions about the content of this Privacy Policy contact the CVS Health Privacy Office at the address below.


CVS Pharmacy
Attn: Privacy Office
1 CVS Drive
Woonsocket, R.I. 02895
1-888-607-4287


Your California privacy rights


Last Updated: July 18, 2022


California Consumer Privacy Act (CCPA)


This section supplements the CVS Pharmacy Privacy Policy and applies solely to California consumers about whom we have collected personal information from any source, including through the use of our website(s), mobile applications or other online services, by buying our products or services, or by communicating with us electronically, in paper correspondence, or in person (collectively, "you"). This section does not apply to CVS personnel or job applicants.


This section uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018 and its implementing regulations (the “CCPA”).


A. What information we collect

We may collect (and may have collected during the 12-month period prior to the effective date of this section) the following categories of personal information about you:


  • Identifiers, which may include your name, mailing address, email address, telephone number, and government-issued ID numbers
  • Commercial information, which may include purchase history, returns, exchanges, and enrollment in programs (e.g., ExtraCare)
  • Biometric information, which may include voice recognition information, facial scans, and/or other similar biometric identifiers
  • Information relating to Internet activity or other electronic network activity, which may include your interactions with our websites or mobile sites, mobile apps, Wi-Fi, emails, communications, content and ads
  • Geolocation data, which may include Global Positioning System ("GPS") data or in-store location
  • Audio, electronic or visual information, which may include images you provide to us (e.g., when you upload photos) or that are viewed or recorded on an in-store security camera
  • Professional or employment-related information, such as whether you are a CVS Health colleague
  • Inferences about you, such as household income level and marital status
  • Information not listed above and related to characteristics protected under California or federal law, which may include demographic information such as your age or date of birth, gender and/or sex, language preferences
  • Other personal information not listed above and described in California Civil Code § 1798.80(e), which may include payment card information and other financial or health information and other information you provide to us

B. What we do with your information

We may use (and may have used during the 12-month period prior to the effective date of this section) your personal information for the purposes described in our Privacy Policy and for the following business and commercial purposes specified in the CCPA:


  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services
  • Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
  • Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • Debugging to identify and repair errors that impair existing intended functionality
  • Undertaking internal research for technological development and demonstration
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us

C. Sources of collected information

We may collect (and during the 12-month period prior to the effective date of this section, may have collected) personal information about you from these sources:


  • Directly from you or your device, including via purchasing goods and services in our stores, your use of our websites and mobile applications, and your communications with us, including by telephone, text message, postal mail, social media, forums, message boards, chatbots, or other means
  • Our subsidiaries and affiliates
  • Our service providers, including but not limited to, marketing/customer relationship management providers, technology/website hosting providers, analytics providers, and systems administrators/security and fraud investigations providers
  • Advertising networks and social media networks
  • Government entities
  • Third parties, including companies that collect and sell publicly available information, or business partners that collect information and provide it to us according to their privacy policies and terms of service

D. Who we share information with

We do not sell your personal information to third parties in exchange for monetary consideration.


As with other companies that conduct digital marketing, we do share a limited set of data with certain third parties (such as online advertising services and social media networks). We may allow these third parties to collect your personal information such as online activity via automated technologies (such as cookies and pixels) on our websites and mobile applications in exchange for non-monetary consideration. We and these third parties may gather this data when you visit or use our websites, mobile applications and other web-based services. We may share this data including inference information, with (and make this data available to) third parties, including marketing companies as such term is used in CCPA, for online advertising purposes (e.g., to tailor digital ads about our products and services) and to provide third-party social network features and functionality on our website and mobile applications. We may also share certain information to enhance our ability to communicate with you and provide you with promotional information. To the extent these activities are considered a “sale” under the CCPA's broad definition of the term, you have the right to opt out of this disclosure of your information. You can read more about opting out in Section G, below.


We do not knowingly sell the personal information of minors under 16 years of age.


During the 12-month period prior to the effective date of this section, we may have disclosed or shared the personal information described above about you with the following categories of third parties:

  • Data analytics providers
  • Operating systems and platforms
  • Social media networks
  • Marketing companies

E. Your privacy rights

If you are a California consumer, you have the following rights under the CCPA with respect to your personal information.


  • Right to know. You have the right to ask us, twice in a 12-month period, what personal information we have collected, used, disclosed and/or sold about you, as applicable, during the past 12 months.
  • Right to delete. You have the right to ask us to delete certain personal information we have collected from you.
  • Right to opt out of sale. You have the right to opt out of the sale of your personal information by us. You will find our Notice of Right to Opt-Out here.
  • Right to non-discrimination. We may not discriminate against you if you exercise any of these privacy rights.

How to submit a request

If you are a California consumer and wish to exercise these rights, you can reach us in one of the ways shown below.


Right to Know / Right to Delete:


See Section G for instructions on how to opt-out of sale.


You may also give someone else permission to exercise these rights for you. To submit a request as an authorized agent on behalf of a consumer, write us at ConsumerPrivacy@CVSHealth.com or call us at 1-800-SHOP-CVS (1-800-746-7287). We will need proof showing you have asked someone else to make a request on your behalf, which may include a Power of Attorney form or other signed document. If we have information on your minor child, you may exercise these rights for them.


Verifying requests

Before we fulfill a request, we must verify your identity and ability to exercise these rights. There are also some exclusions and exceptions that may apply. So that we can verify your identity, if you have a CVS.com account, you will need to first sign into your account. If you do not have a CVS.com account, you will be asked to give us certain personal information via webform or on the phone, as described above. If you do not have a CVS.com account and request access to or deletion of your personal information, we may require you to provide any of the following information: ExtraCare number, full legal name, email address, and/or phone number. In addition, if you do not have a CVS.com account and you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.


To learn more about this Privacy Policy, or if you have any questions or concerns, Contact Us.


F. Notice of Financial incentives

As further described below, we may offer you special pricing or service differences in exchange for your enrollment in our ExtraCare programs, such as CVS Pharmacy & Health Rewards Program and CarePass®, which may be considered “financial incentive” programs under the CCPA.


ExtraCare Member special pricing and promotions

We offer ExtraBucks and other exclusive incentives, including special pricing on certain products and brands, for individuals who are ExtraCare members. To offer these discounts to our ExtraCare members, we collect the following categories of personal information:


  • Identifiers. We collect identifiers such as your contact information.
  • Commercial Information. We collect information such as your purchasing history.

Manufacturer funding

We may receive funding from manufacturers to offer special pricing on their products or to cover the administrative costs of sending marketing communications (e.g., direct mail, email messages) to ExtraCare members. These funding sources and amounts depend on our ability to communicate with a certain number or population of customers who are ExtraCare members. To offer these special prices, we may collect the following categories of personal information:


  • Identifiers. We collect identifiers such as your contact information.
  • Commercial Information. We collect information such as your purchasing history.
  • Inferences. We collect information such as household income and marital status.
  • Information or other electronic network activity. We collect information such as your interactions with our websites or mobile sites, mobile apps, Wi-Fi, emails, communications, content and ads.

CVS Pharmacy & Health Rewards Program

Participants in our Pharmacy & Health Rewards Program may receive additional ExtraBucks and participant-only incentives. The PHR Program rewards customers for completing certain health and pharmacy-related activities, such as filling a prescription or receiving an immunization. As part of this program, we may collect the following personal information:


  • Identifiers. We collect identifiers such as your contact information.
  • Commercial Information. We collect information such as your interactions with our Pharmacy.

CarePass

If you join our CarePass membership, we may offer additional ExtraBucks and members-only incentives by tracking additional data elements, such as:


  • Identifiers. We collect identifiers such as your contact information.
  • Commercial Information. We collect information such as your purchasing history.

For more information about the CarePass Program, please see the full Terms and Conditions available here.


For participants in the aforementioned financial incentive programs, the value of the personal information you provide is reasonably related to the value of the financial incentives provided to you. The value of personal information will vary slightly for each member depending on several factors, including but not limited to your interactions and purchases with CVS, the administrative and technical expenses associated with maintaining the ExtraCare program (e.g., IT infrastructure, customer service, marketing strategy & planning), and the extent to which you take advantage of the program’s offerings and discounts (e.g., 2% ExtraBucks rewards for purchases).


To opt-in to these financial incentives, you must enroll in ExtraCare by visiting our website here.


You have the right to withdraw from the ExtraCare program at any time. To withdraw from the program, you must submit a request to delete your personal information from ExtraCare, as set forth in Section E above.


G. Notice of right to opt-out of sale

If you wish to opt out of our sharing of the limited data that is gathered when you visit our websites and other web-based services for purposes of targeted digital advertising as described in Section D, above, you may do so in one of the ways described below.


The effectiveness of your opt-out request may be limited by our ability to associate the cookies and/or pixels that we may collect with your identity, browser, device and/or browsing session. As a result, your opt-out request will be more effective for future visits if you:


  • Use the same device that was used to exercise the opt-out request
  • Have not cleared cookies from your web browser
  • Are not using a private or "do not track" mode in your web browser
  • Provide the same personal information that you provided previously

We encourage you to re-submit opt-out requests from any other devices that you may be using to visit our websites, mobile applications and other web-based services. If you sign up and log in to your CVS.com account, we will be able to associate you more easily with your visits to our websites, mobile applications and other web-based services. This will also allow us to apply a more persistent opt-out request across devices, browsers and browsing sessions, subject to the above limitations.


CCPA reporting metrics

To learn more about the consumer requests that CVS has processed in the past calendar year, click here.


California Shine the Light Law

If you are our customer and a California resident, you may ask us to provide you with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties. To do so, write to us at ConsumerPrivacy@CVSHealth.com.


Contact Us

Phone
Mail
Close