Effective Date: September 16, 2021
Who May Use the Services
We do not knowingly collect personal information online from any person we know to be under the age of 13 and instruct users under 13 not to send us any information to or through the online Services.
The online Services are designed for users from, and are controlled and operated by us from, the United States. By using the Services, you consent to the transfer of your information to the United States or storage of your information in the United States, which may have different data protection rules than those of your country.
The Personal Information We Collect
We want you to understand how personal information you provide to us is collected and used. Personal information is any information that we can use to identify, locate, or contact you. We may collect and store your personal information when you provide it to us or to our service providers. Some examples of personal information we collect and when we collect it include:
- when you register for accounts on our website or mobile applications
- when you participate in sweepstakes, surveys or contests that we offer or administer
- when you enroll in or participate in one of our loyalty programs or redeem coupons or offers from us
- when you indicate that you are interested in receiving information about our products or services, such as e-mail alerts, newsletters, and other notifications
- transaction information about how you interact with us such as purchase history, when you make returns or exchanges, request an e-receipt, order photos, arrange to pick up your retail order outside a CVS store, or have your order delivered to your home
- your interactions with our websites or mobile sites, mobile applications, Wi-Fi, and other online services
- how you use our sites and mobile applications, search terms, pages you visit on our mobile applications, computer and mobile device information and push notification services you request
- when you request that merchandise be sent to you or others we store billing and shipping information as a convenience to you for future purchases, and we will store information about your orders for order tracking and status retrieval purposes
- when you purchase an item from us we will collect your financial information, such as your credit or debit card information, to process the payment
- precise location information if you provide it to us (for example to show you the store nearest you) or authorize us to collect it in our stores (e.g., to help you find a product)
- general location information from your browser or device, which we use for internal purposes only
- your social media account information if you share it with us (e.g., Facebook ID)
- when you choose to transfer photos from another service provider to CVS, we receive information from that service provider
If you choose not to provide your personal information to us, we may not be able to provide you with requested products, services or information.
Use and Disclosure of Personal Information
We use your personal information to respond to your requests, such as to fulfill your order, contact you with information about your order, send you email alerts, send you newsletters, and to provide you with related customer service. We may also use your information to send marketing communications and administrative information to you, including through the use of push notifications in our apps. Manage subscription services, including order management, billing, improving reorder experiences, communicate with you about your account, and offer other products and services that may be of interest to you, including those that we recommend from third parties through CVS's media company, CMX. We may also use your photos in communications we send to you, customized product recommendations, and other marketing.
We may use your personal information to personalize your experience shopping and interacting with us, including by presenting products and offers tailored to you, and for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing our Services and new products and services, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities.
In the event that CVS or some or all of our business, assets or stock are sold or transferred (including in connection with any bankruptcy or similar proceedings) or used as security, or to the extent we engage in business negotiations with third parties, personal information may be transferred to or shared with third parties as part of any such transaction or negotiation.
To the extent permitted by applicable law, we may provide personal information to our affiliated businesses or to our business partners, who may use it to send you marketing and other communications.
We may disclose personal information to our service providers, who provide services such as website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
If we are requested by law enforcement officials or judicial authorities to provide personal information, we may do so. In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose personal information, including without court process. We may also use or disclose personal information to enforce our terms and conditions, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety or property and/or that of our affiliates, you, or others.
We may use and disclose personal information to investigate security breaches or otherwise cooperate with authorities pursuant to a legal matter.
We may use and disclose information that does not personally identify you (including the information described under "Cookies and Other Technologies," below) for any purpose, except to the extent limited by applicable law. If we are required to treat such information as personal information under applicable law, then we may use it for all the purposes for which we use and disclose personal information.
We may combine information that does not personally identify you with personal information. If we do, we will treat the combined information as personal information as long as it is combined.
For example, if you utilize a social media feature such as the Facebook "Like" button, Google Plus, Pinterest or a Twitter widget, these features may collect information about your IP address and which page you're visiting on our site, and they may set a cookie or employ other tracking technologies. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.
We may display targeted ads to you through social media platforms. These ads are sent to groups of people who share traits, such as where they live or have expressed an interest in shopping for cosmetics on our mobile site. We do not share any of your personally identifiable information, including your shopping history or health information, with social media platforms. See the policies of each social media platform for additional information about these types of ads, including how to manage your display settings for these ads.
Prescription Drug Plan Information
If you are a member of a prescription drug plan ("Plan") managed by CVS Caremark and have filled prescriptions with CVS in the past, you may use cvs.com to access your Plan information instead of having to log in separately through www.caremark.com. Plan information is maintained separately by CVS Caremark on behalf of Plans for their Plan members.
In addition, we are not responsible for the information collection, use, disclosure, or security policies and practices of other organizations, such as Apple, Google, Microsoft, RIM, or any other app developer, app provider, operating system provider, wireless service provider, or device manufacturer.
Information from Other Sources
We may collect data about you from publicly available sources to personalize your experience. We may also obtain data provided by third parties. For example, we may obtain information from companies to improve the accuracy of the information we have about you (e.g., adding your zip code to your address information). This improves our ability to contact you and increases the relevance of our offers and communications to you.
We seek to use reasonable physical, technical, and administrative safeguards to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account with us has been compromised), please immediately contact us in accordance with the "Contact Information" section below.
You are responsible for maintaining the confidentiality of your Services access information and password and for restricting access to your device, and you agree to accept responsibility for all activities that occur under your password.
Telephone, Text and Fax Policy
By providing your residential or wireless phone and/or fax number(s) to CVS, you expressly consent to receive marketing and non-marketing autodialed and/or prerecorded calls, text messages and faxes (including fax advertisements) from or on behalf of CVS at the number(s) provided. Your consent to receive calls or texts on your wireless device is not a condition of any purchase. Consent may be revoked at any time by calling the toll-free number at 1-800-SHOPCVS or faxing your opt-out request to 1-401-652-0893. You may also send an opt-out request via email to email@example.com with the phone and/or fax number you wish to opt-out. Your wireless carrier's standard message and data rates may apply.
Text Messaging Terms and Conditions
CVS Pharmacy, Inc., or one or more of its affiliates (CVS) offers access to pharmacy and healthcare service messages via recurring SMS (Short Message Service) and MMS (Multimedia Message Service) text alerts. Enrollment in text alerts requires a patient to provide his or her own mobile phone number with an area code within the 50 United States or the District of Columbia. By enrolling to receive CVS text alerts, you agree to these terms and conditions, which become effective upon your enrollment. You may be asked to verify your mobile phone number before the service will start. This requires responding to a text alert sent to your mobile phone confirming your enrollment in this Service.
You acknowledge that text alerts will be sent to the mobile phone number you provide to CVS. Such alerts may include limited personal information about your prescriptions, and whoever has access to the mobile phone or carrier account will also be able to see this information. Once you enroll, the frequency of text alerts we send to you will vary. You will typically receive text alerts when we have information for you about your prescriptions or other healthcare information. CVS Pharmacy does not impose a separate charge for text alerts; however, your mobile carrier's message and data rates may apply depending on the terms and conditions of your mobile phone contract. You are solely responsible for all message and data charges that you incur. Please contact your mobile service provider about such charges. The following carriers are supported: AT&T, Sprint, Boost, Verizon Wireless, U.S. Cellular®, T-Mobile®, Cincinnati Bell, Alltel, Virgin Mobile USA, Cellular South, Unicel, Centennial and nTelos. You may opt out of CVS text alerts at any time. To stop receiving text alerts, text STOP to CVSTXT (287898) or CVSRXS (287797) or TXTCVS (898287). Texting STOP to CVSTXT (287898) or CVSRXS (287797) or TXTCVS (898287) will opt you out of any and all future CVS text messages. After you submit a request to unsubscribe, you will receive one final text alert from CVS confirming that you will no longer receive text alerts. No additional text alerts will be sent unless you re-activate your enrollment. For questions about text alerts, text the word Help to CVSTXT (287898), CVSRXS (287797), TXTCVS (898287), or contact CVS at 1-877-833-9620. You also can change your text alert preferences on CVS.com if you have an account with prescription management. Sign in and go to your pharmacy main page. Click on the On/Off button in the Pharmacy Messages section to change your preferences.
The CVS text alert programs are offered on an "as is" basis and: (1) may not be available in all areas at all times; and (2) may not continue to work in the event of product, software, coverage or other service changes made by your wireless carrier. CVS may change or discontinue any of its text alert programs without notice or liability to you. CVS and its related companies and each of their respective officers, directors and employees are not responsible and shall not be liable for any losses or injuries of any kind resulting, directly or indirectly, from any CVS text alert program or from technical failures or delays of any kind. CVS reserves the right to cease delivery of text alerts to any person at anytime in its sole discretion.
Cookies and Other Technologies
Cookies are small computer files we transfer to your computer's hard drive. These small text files help us personalize content on our pages and provide programs like e-coupons. Your browser software can be set to reject or accept cookies. Instructions for resetting the browser are available in the Help section of most browsers.
Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels of the Services, helping diagnose server problems, and administering the Services.
We may use Adobe Flash Local Stored Objects ("LSOs") and other technologies to, among other things, collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
We may use third-party advertising companies to display advertisements regarding goods and services that may be of interest to you when you access and use the Services, based on information relating to your access to and use of the Services and other online services. To do so, these companies may place or recognize a unique cookie on your browser (including through the use of pixel tags). If you would like more information about this practice and to learn about your choices in connection with it, please visit http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/.
We do not respond to browser do-not-track signals.
We and our service providers may collect the physical location of your device by, for example, using satellite, cell phone tower, WiFi signals, beacons, Bluetooth, and near field communication protocols, when you are in or near a CVS store. We may use your device's physical location to provide you with personalized location-based services and content, including for marketing purposes. We may also use such information to understand traffic patterns in, near, and across our store locations. We may share aggregated statistics derived from the location and other information we collect with advertisers and other third parties. You may be permitted to allow or deny such collection of your device's location, such as through the settings on your mobile device and/or, to avoid the collection of location by beacons, by disabling Bluetooth. If you choose to deny such collection, we and our service providers may not be able to provide you with certain personalized services and content.
For example, precise geo-location can be used to identify your device's latitude and longitude or your device's location capabilities (e.g., GPS or Wi-Fi) to help you find nearby CVS stores. Or, in-store location through the use of your phone's blue tooth signal, LED light chip technologies or other technologies will permit CVS to provide additional services to you.
We use cameras in and around our stores for security purposes and for operational purposes such as observing traffic patterns and consumer engagement. Cameras in stores may use electronic device tracking for fraud, theft prevention, and/or security.
Fraudulent Sites, Spam & Phishing
Please be aware that there may be fraudulent websites that illegally use CVS logos, and other aspects of the CVS brand. CVS is in no way associated with any fraudulent websites. These sites may circulate their presence on the internet via spam email, or through fraudulent phishing practices.
These sites have not been authorized by CVS to use our name and we work aggressively to identify their source and have them shut down. If you are in receipt of this type of spam email, to help protect your privacy you should avoid replying to it or forwarding it to other people.
In addition to our official websites, CVS works with a number of third parties that host websites and micro-sites that provide information and services to our customers. If you are concerned that a website or an email may be fraudulent, please contact us by phone at 888-607-4287 with your concerns.
Your Choices and Access
You can take yourself off our email list for promotional offers at any time by updating your Email Communications Settings in the My Account section of the website, or by following the instructions in those emails. If you opt out of receiving promotional emails from us, we may still send you important administrative messages, from which you cannot opt out.
You may stop the receipt of push notifications through your mobile device settings.
You can request the removal or modification of the personal information you have provided to us by sending an email to the appropriate area under "Contact Us". For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your personal information before implementing your request. We will try to accommodate your request as soon as reasonably practicable.
You can stop all further collection of information by a CVS mobile application by uninstalling the CVS mobile application. You may use the standard uninstall process available as part of your mobile device or via the mobile application marketplace or network.
Note: If you uninstall the mobile application from your device, the CVS unique identifier associated with your install and/or device might continue to be stored. If you re-install the application on the same device, CVS might be able to re-associate this identifier to your previous transactions and activities.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
If you are a minor, you may remove or request removal of any content or information you post on our site. To request removal of content or information you have posted to our site, please Contact Us. Removal or requests for removal of content or information that has been posted to our website does not ensure complete or comprehensive removal.
By establishing a CVS.com account, you agree that it is your responsibility to:
- Authorize, monitor, and control access to and use of your CVS.com account, User ID and password.
- Promptly inform us of any need to deactivate a password or an account by calling Customer Care at (888) 607-4287.
Your California Privacy Rights
California Consumer Privacy Act (CCPA)
This section applies to any California residents about whom we have collected personal information from any source, including through your use of our Website(s), by buying our products or services, or by communicating with us electronically, in paper correspondence, or in person (collectively, "you").
For purposes of this section, "personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer/resident or household. Personal information does not include publicly available information or information that has been de-identified.
A. What Information We Collect
We may collect the following categories of personal information about you:
- Identifiers, which may include real name and alias; postal address; unique personal identifier; online identifiers as detailed below; Internet Protocol ("IP") address; email address; telephone number; account number, name, and password; driver's license number, state or other government-issued identification card number; MAC address; and/or other similar identifiers;
- Commercial information, which may include purchasing and transaction history online and in stores, or consumer histories or tendencies;
- Biometric information, which may include voice recognition information; facial scans; and/or other similar biometric identifiers;
- Information relating to Internet activity or other electronic network activity, which may include cookie identifiers, clear gifs (a.k.a. web beacons/web bugs), browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version, and/or other device characteristics including your choice of settings such as Wi-Fi, Bluetooth, and Global Positioning System ("GPS"), CPU ID and type, build, model, manufacturer, operating system version, screen size, screen resolution, mobile network status, device locale, and carrier ID;
- Geolocation data, which may include Global Positioning System ("GPS") data; locational information based upon your IP address; cell network data; and/or other similar locational data; and which may be collected from various devices including your mobile device(s) or vehicle(s);
- Audio, electronic, or visual information, which may include records of calls to or from our customer service centers; and/or video surveillance information;
- Professional or employment-related information, such as whether you are a CVS Health colleague;
- Inferences about you, such as household income level and demographic information; credit card types you may have; homeowner / renter status; interest in certain types of merchandise; coupon interaction data; transaction return history;
- Information not listed above and related to characteristics protected under California or federal law; which may include gender; race and ethnicity; language; religion; country of origin; marital status; military service / veteran status; and/or date of birth;
- Other personal information not listed above and described in California Civil Code § 1798.80(e), which may include signature; physical characteristics or description; and/or bank account number credit card number, debit card number, and other financial or health information).
B. What We Do With Your Information
We may collect or use personal information from you for the following purposes:
- Internal analytics
- Assessing third party vendors / service providers
- Audit, compliance, policy, procedures, or regulation
- Billing, payment, and fulfillment
- Customer claims and fraud investigation and prevention
- Customer communications
- Customer relationship management
- General business administration
- Marketing products and services
- Financial reporting and accounting
- Website optimization and maintenance
- Systems and data security
C. Sources of Collected Information
We may collect personal information from the following categories of sources:
- Our customers, and prospective customers, including via purchasing goods and services in our stores, our Websites, mobile applications, telephone, text message, postal mail, social media, forums, message boards, chatbots, or other means;
- Our parent, subsidiaries and affiliates;
- Our service providers, which includes affiliates, marketing / customer relationship management providers, social media, technology / website hosting providers, analytics providers, and systems administrators / security and fraud investigations providers;
- Third parties: Companies that collect publicly available information or business partners that collect information and provide to us pursuant to their privacy policies and terms of service.
D. Who We Share Information With
We do not sell personal information or otherwise provide personal information to third parties, other than service providers receiving information to perform services for us on our behalf.
As with other companies that conduct digital marketing, we do share a limited set of data that is gathered when you visit our Websites and other web-based services, such as cookies and pixels, with third parties in order to allow you to see tailored digital advertisements about our products and services. We may also share certain information to enhance our ability to communicate with you and provide you with promotional information. To the extent this activity is interpreted as included in California law's broad definition of "data sale," we have provided you with opt-out rights as to that activity as further described in Section G below.
We may share your personal information with the following categories of third parties:
- Advertising and marketing companies
- Social media companies
- Technology companies
We do not knowingly sell the personal information of minors under 16 years of age.
E. Your Privacy Rights
If you are a California resident, subject to applicable law, you have the following rights under California law with respect to your personal information.
- Right to Know. You have the right to request what personal information we collect, use, disclose, and/or sell, as applicable.
- Right to Delete. You have the right to request the deletion of your personal information that is collected or maintained by us.
- Right to Opt-Out of Sales. You have the right to opt-out of the sale of your personal information by us. You may access our Notice of Right to Opt-Out by clicking here.
- Right to Non-Discrimination. We may not discriminate against you because you have exercised any of the privacy rights described above. This right may be subject to the offers described in our Notice of Financial Incentives, which you may access by clicking here.
You may also authorize someone to exercise the above rights on your behalf. Documentation will need to be provided that reflects that you have requested an authorized agent to make a request on your behalf. This may include a Power of Attorney document or other signed document. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child.
We must be able to reasonably verify your identity and authority to exercise these rights before fulfilling a request. There are also various exclusions and exceptions that apply to these rights under applicable laws. So that we can verify your identity when you make a request, you will need to sign into your CVS.com account or provide certain personal information via webform or over the phone.
If you are a California resident and wish to seek to exercise these rights, please reach us in one of the following ways:
Right to Know / Right to Delete:
- Interactive webform (ExtraCare) or
- Password-protected web portal: Sign in here
- 1-800-SHOP-CVS (1-800-746-7287)
See Section G for instructions on how to Opt-Out of Sale.
F. Financial Incentives
In connection with the ExtraCare program, we may offer the following financial incentives and/or price or service differences in exchange for our use of your personal information:
- Member Special Pricing: We offer ExtraBucks and other exclusive incentives for purchasing certain volumes and dollar amounts of products. To offer these discounts, we must track your personal information, such as purchase history and other demographic data. The value we place on the personal information in connection with these incentives is calculated by determining the approximate additional spending per customer, per year compared to individuals who are not enrolled in ExtraCare.
- Member Special Promotions: We offer additional special pricing for products and brands. Customers must provide their contact information (at minimum, email or direct mail) or download our mobile app to find out about these specials. Additionally, we receive manufacturer funding for special pricing and the administrative costs of marketing (direct mail, email messages); these funding sources depend upon CVS Pharmacy's ability to communicate to ExtraCare members. The value we place on the personal information in connection with these promotions is calculated by determining the approximate additional spending per ExtraCare member, compared to individuals for which we do not have contact information and supporting manufacturer funding.
To be eligible for these benefits, you must be enrolled in ExtraCare. Sign-up for ExtraCare.
G. Notice of Right to Opt-Out of Sales
If you wish to opt-out of our sharing of the limited data that is gathered when you visit our Websites and other web-based services for purposes of targeted digital advertising, you may do so in one of the following ways:
- Filling out this interactive webform
- Contacting us at 1-800-SHOP-CVS (1-800-746-7287)
Please note that the effectiveness of your opt-out request may be limited by our ability to associate the cookies and/or pixels that we may collect from your web session with your identity, browser, device, and/or browsing session. As a result, your opt-out request will be more effective for future visits to the Websites if you:
- Utilize the same device that was used to exercise the opt-out request;
- Have not cleared cookies from your web browser; and
- Are not using a private or "do not track" mode in your web browser;
- Provide the same personal information that you provided previously
We encourage you to re-submit opt-out requests from any other devices that you may be utilizing to visit our Websites. If you sign up and are logged in to your CVS.com account, we will be able to more easily associate you with your Website visits and apply a more persistent opt-out request across devices, browsers, and browsing sessions, subject to the above limitations.
Deidentified Patient Information
In addition to personal information, we may sell or disclose patient and/or member information that has been deidentified as permitted by law. To the extent we sell or share such deidentified patient and/or member information, we do so pursuant to one of the deidentification methodologies described in Section 164.514(b)(1) or (b)(2) of Title 45 of the Code of Federal Regulations, commonly known as the HIPAA expert determination method and the HIPAA safe harbor method, respectively.
CCPA Reporting Metrics
For more information on the consumer requests that CVS has processed in the previous calendar year click here
California Shine the Light Law
- If you are our customer and a California resident, you may request that we provide you with certain information about the entities with which we have shared our customers' personal information for the entities own direct marketing purposes during the preceding calendar year. To do so, please write to us at firstname.lastname@example.org.
If you have any questions or concerns about this statement, or about the way your information is collected and used, please Contact Us or call us toll-free at (888) 607-4287.
Attn: Privacy Office
1 CVS Drive
Woonsocket, R.I. 02895