Costco Wholesale Canada Ltd.
July 7, 2022
1. Costco’s commitment to Privacy
- why we collect personal information and personal health information;
- what we do with that information;
- what steps we take to ensure that the information is secure;
- who you should contact if you have questions or concerns about our policies or practices.
Children: We encourage parents to take an active interest in their children’s use of the Internet. We do not intend to collect information from children who are under 18 years of age. If you are under 18, please do not provide information on our Sites.
2. What is personal information?
In general terms, personal information means any information about an identifiable individual. For example, this includes your name, postal and email address, telephone number, credit card number, the photograph included on your Costco membership card, demographic information and purchasing history. A special category of personal information is “personal health information,” which we describe in Section 3 below.
Personal information does not include aggregate information, such as data about a group or category of products, services or customers, from which individual customer identities have been removed. For example, information about how you use a service may be collected and combined with information about how others use the same service, but no personal information will be included in the resulting data. Likewise, information about the products you purchase may be collected and combined with information about the products purchased by others.
We may also gather aggregate information about how Costco customers use our Sites. Aggregate information about product purchases helps us understand trends and customer needs, and assists us in product selection, product ordering and sizing, and the introduction of new products and services. It can also assist us in determining where it would be appropriate to build new warehouses by looking at the geographic location of members or to build new Site functions by looking at anonymized browsing activities.
3. What is personal health information?
Personal health information means any information relating to your physical or mental health collected or generated in the course of our providing you with the health services you request, such as optical, pharmacy and hearing aid services, and prescription profiles for fulfillment of pharmacy orders. Examples of personal health information may include your medical history, drug prescription information, eyeglass prescription information, or health insurance information, which we may require in order to provide you with pharmacy, hearing aid, optical and other health-related services. It may also include information you provide to Costco health services personnel when receiving counselling or advice, or when contacting Costco with a comment, question or complaint about our health services.
4. When we collect personal information
We only collect such personal information as is strictly necessary for the purposes outlined in Section 5. We collect personal information when you:
- apply for membership (including information about your credit history that may be collected, used, or disclosed if you choose to pay by cheque);
- apply for a Costco co-branded credit card;
- renew your membership;
- contact us with questions, inquiries, comments, complaints or requests;
- sign up for certain products or services (such as rebates, the executive membership program and other business and consumer services, collectively known as the “Costco Services”);
- use our Sites;
- participate in any of our programs;
- place orders, make purchases, return or exchange items, or seek further information about our products and services;
- place orders or make purchases, return or exchange items, or seek further information through our affiliated companies, including Costco Wholesale Corporation (Costco and its affiliates are referred to collectively as the “Costco Affiliates”);
- enter into a contest or sweepstakes or respond to one of our surveys;
- enable a function on your app or browser that uses personal information; and
- ask us to place you on a “Do Not Email” list so that we can ensure that your wishes are respected.
Please note that Costco Services may be provided by unaffiliated third parties and their affiliates, agents and subcontractors (“Service Providers”) as described in greater detail in Section 6 below. These Service Providers may collect and provide us with personal information in connection with the Costco Services, such as a list of our customers who have signed up for Costco Services and information about the use our customers make of such Costco Services (for example, frequency of use and customer feedback).
We may also take video footage on our properties or otherwise monitor those properties to protect the rights, property or safety of Costco, its customers, employees, or the public.
5. How we use personal information
As part of our business operations, we hold and use certain personal information pertaining to you in order to process your requests, provide you with Costco Services, and to understand your needs so that we can serve you better.
Specifically, we may use personal information for the following purposes:
- Notifying you of recalls or safety issues;
- Approving you as a member when you apply for membership;
- Managing the provision of goods, services and privileges to you, including monitoring your membership, processing exchanges or returns, to conduct a credit check if you choose to pay by cheque, to determine your credit status and for fraud detection and identification purposes;
- Managing invoicing, accounting and information security services related to our transactions with you;
- Monitoring your satisfaction with our programs, including the Executive Membership program, the services offered by our suppliers of Costco Services and contacting you regarding the status of such programs and services (for example, to inform you of changes to or the termination of particular Costco Services);
- Protecting against harm to the rights, property or safety of Costco, its customers, employees, or the public;
- Internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting;
- As described in our “Online privacy practices” in Section 12 below;
- Managing our “Do Not Email” lists; and
- Using personal information to create aggregate information as described above in Section 2.
If you ask us to, we will also tell you about news, promotions, special offers and other information from Costco, regarding Costco, Costco Affiliates and selected partners, such as our promotional programs. You may unsubscribe from these kinds of messages at any time by visiting Costco.ca and setting your Communication Preferences.
6. When we share personal information
From time to time we engage Service Providers to perform various services. For example, a Service Provider may be asked to perform credit card processing services, manage claims, deliver certain products or services, administer a contest, deal with customer inquiries, or help us better serve you, including by notifying you of special programs regarding products or services that may be of interest to you. We also may use a Service Provider to host and administer one or more of our Sites, process and store data, and fulfill administrative, marketing or technology-related functions on our behalf, including as described in Section 12 below. In these circumstances, the personal information that the Service Provider receives is limited to only the personal information held by us that they need in order to render their service to us. The companies that are provided with the personal information are obligated to keep the information confidential and secure and prohibits them from using it for unauthorized purposes. Service Providers have policies and processes in place to ensure that the confidentiality of information in their care is properly safeguarded at all times.
We have engaged Service Providers to provide us with cloud computing services. Cloud computing is the provision of network-based services, located on remote computers, that allow individuals and businesses to use software and hardware operated by third parties. Examples of these services include online file storage, webmail and online business applications. As of the date of this policy, our main email cloud computing Service Provider processes and stores information in the United States, the European Union, Taiwan, Singapore and Chile. This may change from time to time; for a current list of storage locations, visit: https://www.google.ca/about/datacenters/inside/locations/
As of the date of this policy, our Costco Affiliates and our other Service Providers provide us with services from Canada, the United States, India, and the Philippines.
You acknowledge that if Costco Affiliates or Service Providers provide services from other countries (such as the ones named above), your personal information may be processed and stored in these countries and the governments, courts or law enforcement or regulatory agencies of these jurisdictions may be able to obtain disclosure of your personal information in accordance with their laws.
For clarity, the travel providers described in Section 13 below are not Service Providers, but will be collecting your personal information through Costco Canada Travel Inc.
Accordingly, when you book travel through us, any personal information you provide will be subject to the privacy policies and the local laws of those travel providers.
As outlined above, Costco Services (such as rebates, the Executive Membership program, and other business and consumer services) may be provided by Service Providers. When you sign up for Costco Services, we will share your name, membership status, membership number and type and such other personal information as is necessary with the Service Provider so they can confirm your eligibility for the Costco Service you requested. Service Providers who are suppliers of Costco Services can only use the personal information that we share with them to provide the Costco Services or, if you have consented, for other purposes specifically identified by the Service Provider, including to notify you of their offerings and to evaluate new and existing products, offerings or services. We are not responsible for any additional information you provide directly to these Service Providers, and we encourage you to become familiar with their privacy and security practices and policies before disclosing information to them. There may be instances when we provide information relating to our business customers to various suppliers such as tobacco companies, so they can conduct market studies and other promotional activities. In the case of tobacco products, the information we provide is the business customer’s name, address, the brand name of the tobacco products purchased and the amount of tobacco products purchased.
When you apply for a Costco co-branded credit card, we will share with our credit card partners (including the issuing institution, the payment processing network, and other organizations providing services relating to the Costco co-branded credit card) the information you provide on the application form. If the application is approved, we will share with these partners your Costco membership number(s) and start date(s), your Costco membership photograph(s) that will appear on the co-branded card, your company name and resale permit number (if applicable) and the type and status of your Costco membership. For clarity, credit card partners are not Service Providers. Accordingly, when you apply for a Costco co-branded credit card, any personal information you provide will be subject to the privacy policies and the laws that apply to those credit card partners. We encourage you to review these privacy policies carefully before applying for a co-branded credit card.
We may disclose personal information without your knowledge or consent if a law, regulation, search warrant, subpoena or court order legally authorizes us or requires us to do so. We may also disclose personal information to protect the rights, property or personal safety of Costco, its customers, employees or other members of the public.
Except as set out above, we do not sell, rent, share or disclose the personal information or personal health information we hold or make our membership list available to others for a fee without your consent.
7. When we collect, how we use and when we share personal health information
In the course of providing you with pharmacy, hearing aid, optical and other health-related services and programs we introduce from time to time, we collect, use and disclose personal health information.
Costco, Costco Affiliates and their Service Providers may collect, use or disclose your personal health information in connection with:
- providing you with the health services you request;
- communicating with your health service providers;
- storing electronic health records within onsite or offsite servers;
- processing or obtaining payment for government-funded health services (for example, obtaining authorization from your insurer or provincial authorities for direct payment of pharmacy services);
- processing or obtaining payment from your health insurance provider;
- internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting;
- providing Costco with technological or administrative services as described in Section 6 above; or
We may also disclose personal health information without your knowledge or consent if a law, regulation, search warrant, subpoena or court order legally authorizes us or requires us to do so or to protect the rights, property or personal safety of Costco, its customers, employees or other members of the public. We may also be required to disclose certain personal health information in order to maintain standing with professional health bodies, including those for pharmacists, audiologists and opticians.
Personal health information may be stored by Costco or Costco Affiliates outside of Canada. As noted above, as an example, as of the date of this policy, our main cloud computing Service Provider processes and stores information in the United States, the European Union, Taiwan, Singapore and Chile. This may change from time to time: for a current list of storage locations, visit: https://www.google.ca/about/datacenters/inside/locations/. You acknowledge that if Service Providers provide services from other countries (such as the ones named above), your personal health information may be processed and stored in these countries, and the governments, courts or law enforcement or regulatory agencies in these jurisdictions may be able to obtain disclosure of your personal health information in accordance with their laws.
8. How long do we hold personal information and personal health information?
Personal information and personal health information are retained only for so long as is necessary for the purposes set out above. When no longer required, we will destroy, erase or de-personalize the personal information and personal health information. Legal requirements may necessitate our retaining some or all of the personal information and personal health information for a period of time that is longer than we might otherwise hold it. However, Costco will restrict access to such information to prevent it from being used except for the fulfillment of these legal requirements.
To ensure that the personal information and personal health information you provided is accurate, complete and up to date, we urge you to provide us with updates regarding such information and to inform us of any errors affecting the personal information and personal health information we hold. You may update, review or correct your Costco.ca online account information at any time by accessing your password-protected registration page via the “My Account” area of the Sites. To update any other information, please visit the Membership Counter in any of our warehouses with your membership card to confirm your identity.
10. Security measures
We will continue to keep in place security measures in an effort to protect personal information and personal health information held by us from unauthorized use, access, disclosure, distribution, loss or alteration. We employ physical, administrative, contractual and technological safeguards to protect personal information, and insist that our Service Providers do the same. Please be aware though that, despite these efforts, no security measures are perfect and no systems are impenetrable. Your privacy can be enhanced by taking care to use suitably strong passwords that others cannot guess, that are kept safe by you, and that are not re-used on other sites. Taking steps like avoiding dictionary words or proper names, and adding extra character and punctuation marks can also help protect you. If you believe your password has been compromised, you should change it immediately.
Access to personal information and personal health information will be restricted to authorized personnel who require the information in order to perform their duties properly. In addition, access will be limited to only that information that is strictly necessary for the performance of those duties. Please also see our “Online privacy practices” in Section 12 below.
We periodically update our policies regarding information security measures in an effort to protect the personal information and personal health information held by us in the most effective manner possible.
11. Accessing personal information and personal health information
Our customers are entitled to access the personal information and personal health information held by us concerning them. In recognition of the importance we attach to each customer’s personal information, you can only access personal information and personal health information we hold about you, but not personal information and personal health information about your spouse or others who may have been issued a membership card on your account. Under limited circumstances, we may give you access to personal information or personal health information that we hold about others, but only if required or permitted by law (for example, a parent or guardian may, in certain instances, be given access to the personal information or personal health information of a child or a person who requires a substitute decision maker).
You can access your personal information and personal health information by showing your membership card at the Membership Counter in each warehouse to confirm your identity and completing a written request for such information on a form we provide. We will generally respond to your request for information within thirty (30) days, unless, for reasons beyond our control, a longer response time is necessary, in which case you will be advised accordingly. While our response will generally be provided at no cost, you will be informed in advance of any charges that apply in connection with the information request. Charges may relate to the transcription, reproduction or transmission of personal information or personal health information held by us.
In very limited circumstances, we may not be able to supply personal information and personal health information for reasons of a legal nature, including privileged communications between professional and client or a pending judicial proceeding. In each case, we will provide written reasons outlining why your request for access has not been granted.
12. Online privacy practices
Collection: We may collect personal information and personal health information online when you visit our Sites as described in Sections 4 and 7.
The cookies we use fall into one of the following categories:
|Category||Why we use these cookies|
|Strictly Necessary||These are cookies that are required for the operation of our Sites. They include, for example, cookies that enable you to log into secure areas of a Site or to purchase goods online. Strictly necessary cookies cannot be switched off in our systems, but you can disable them by changing your browser settings. Disabling these cookies will affect how the Sites function and may prevent you from using certain features on the Sites.|
|Functional||These cookies allow the user to access the Sites with certain general features which are predefined according to a number of criteria in the user’s terminal (e.g., language, type of browser, regional settings). These are used to recognize a user when you return to a Site. These cookies enable us to personalize content for a user and remember preferences. Blocking these cookies may impact your experience and some features on the Sites. Your choice is specific to the device, website, and browser you are using, and is deleted when you clear your browser’s cookies.|
|Analytics and Performance||These cookies allow us to better understand how our users interact with our Sites. They allow us to recognize and count the number of visitors and to see how visitors move around a website when they are using it. These cookies help us improve the way our Sites work, for example, by ensuring that users are finding what they are looking for easily. We can use these cookies to learn more about which features are the most popular with our users and where we may need to make improvements. Your choice to allow or block these cookies is specific to the device, website, and browser you are using, and is deleted when you clear your browser’s cookies.|
|Targeting||These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements or content on other sites. If you do not allow these cookies, you will still see advertisements, but you may receive less relevant advertising or content and some features of our Sites may be impacted.|
When you first access our Sites from your computer, tablet or mobile device, a banner will be displayed informing you of your choices and how to consent to Costco’s use of Functional cookies, Analytics and Performance cookies and Targeting cookies. If you choose not to accept these cookies, some of the features of our Sites may not function properly.
You may withdraw your consent for these non-essential cookies, or change the preferences you have set, at any time by selecting the appropriate settings on the Cookies Preferences page. A link to this page is also available at the foot of each page on our Sites at all times.
Please remember that if you opt in to non-essential cookies and then decide to opt out, you may still see ads, although less tailored for you, as you browse the internet. Further, if you set your browser or device to delete or reject cookies, this could affect certain features or services of our Sites. If you set your browser or device to delete or reject all cookies, your settings and preferences, including your choices regarding cookies, may be lost or stop functioning. In this instance, you may need to recreate those choices on the individual websites and applications with which you engage.
With your permission, we also use location information taken from your mobile device’s GPS or Bluetooth signals, which allows you to use functions such as locating your nearest warehouse, enabling your digital membership card as you enter the warehouse or approach a check-out. We receive this information when you enable location services that we offer, such as warehouse location or in-warehouse notifications.
Use: We use personal information and personal health information collected online as described in Sections 5 and 7 above. In addition, we use personal information and personal health information:
- to facilitate and monitor certain features of the Sites that you choose to interact with;
- to respond to your questions and concerns and to understand your needs and preferences;
- to fulfill your online orders for products and services and to facilitate product deliveries, pickups and returns;
- to detect, prevent, or otherwise address fraud, security or technical issues; or
- to protect against harm to the rights, property or safety of Costco, its users or the public as required or permitted by law.
Sharing: We share personal information and personal health information collected online as described in Sections 6 and 7 above. In addition, we may provide Service Providers and product manufacturers and vendors with certain information that is necessary to fulfill an order you have placed with us. For example, if you request shipment for a purchase, we may provide your address to the shipping carrier and customs Service Provider, and if you pay by credit or debit card, your card number and sales transaction information are passed to the card processor and/or issuer (including their service providers such as fraud verification services). We also may use Service Providers to host and administer the Sites, process and store data, and fulfill other technology-related functions on our behalf. However, we only give or permit access to vendors, suppliers and other Service Providers involved in Site administration and the commerce distribution chain the limited information needed to perform their duties and provide you with the products and services you order. We are not responsible for any additional information you provide directly to these parties.
Protection: Personal information and personal health information we collect on our Sites is stored electronically, and may be combined with other off-line information. Personal information and personal health information entered on our Sites is encrypted using a security protocol called SSL (Secure Sockets Layer). SSL encrypts information entered on our site before it is sent over the Internet. SSL also allows you to view securely your online account and registration information. Account information is accessible online only through the use of a password. To protect the confidentiality of personal information and personal health information, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of our Sites by any person using your password. You are advised that, unlike communication within our Sites, we have no control over the privacy of your email communications with us while in transit. We recommend that you do not include confidential, proprietary, personal or personal health information in emails, including credit card numbers, passwords, prescriptions and other similar information. Also, if other people have access to your email account, they may be able to access your password and obtain personal information about you (such as your credit card information), or change information about your user profile. You should not use an email account operated by your employer because many employers have the legal right to access such email accounts. Please advise us immediately by email at email@example.com or by dialing 1-888-426-7826 if you believe your password has been misused.
13. Costco Canada Travel
Costco Canada Travel Inc. acts as an agent to help our members book flights, cruises, hotels, rental cars and other travel-related goods or services in Canada and throughout the world. Since, in this instance, we are acting as an agent connecting our members to various travel providers, any personal information you provide to us will be transferred to the travel providers and their agents, and will be subject to their privacy policies and their local laws. Your information may be accessible in Canada or in foreign jurisdictions to governments, courts or law enforcement or regulatory agencies in accordance with applicable laws. We are not responsible for the privacy and security practices or policies of these travel providers or their agents, and we encourage you to learn about their privacy and security practices and policies before booking travel through us.
When you make a reservation for someone else through us, we will ask you for their personal information. You should ensure that you have the consent of other individuals before providing us with their information. By providing us with that information, we consider that you have these other individuals’ consent and authorization to provide us with their personal information and to make bookings on their behalf in accordance with our travel providers’ privacy policies.
If another person who has your full name and booking reference numbers contacts us and seeks information on your booking or wishes to make changes to it, we will disclose that information and allow that other person to make changes to your booking, as we will assume that you have given that person the consent to do so. Likewise, if your bookings are made through or by third parties, such as employers, family members or others, we will consider those people to be authorized by you to provide your personal information in accordance with this Section, unless or until you tell us otherwise.
14. Complaint process
If you wish to obtain a copy of Personal Information held by us concerning you, please refer to Section 11, above.
If you previously consented to the sharing of the personal information you provided or are a Business Member and you do not want us to disclose information about your tobacco purchases, you can change your mind by:
- 1. Contacting us at any Membership Counter at any Canadian Costco warehouse location;
- 2. Calling our Member Service representatives at 1-800-463-3783;
- 3. Emailing Customer Service at firstname.lastname@example.org with Attention: Privacy Officer in the subject line;
- 4. Writing us at: Member Service, 415 West Hunt Club Road, Ottawa, Ontario K2E 1C5 Attention: Privacy Officer.
If you wish to unsubscribe from electronic messages providing news, promotions, special offers and other information from Costco, regarding Costco, Costco Affiliates and selected partners, such as our promotional programs, you may do so at any time by visiting Costco.ca and setting your Communication Preferences.