Privacy Policy
Effective Date: March 7, 2021
This Privacy Policy describes how CVS Pharmacy, Inc. and its subsidiaries and affiliates (“CVS,” “we” or “us”) may collect information about you through your interactions with us on our websites and mobile applications (collectively, the “Services”). By using the Services, you agree to the terms of this Privacy Policy. If you have any questions or concerns about this Privacy Policy, or about the way your information is collected and used, and you are an Aetna member, please contact us by using the toll-free Member Services number on your ID card. If you are not an Aetna member, please contact us at (855) 208-4858.
We may change this Privacy Policy. The “Effective Date” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.
Who May Use the Services
We do not knowingly collect personal information online from any person we know to be under the age of 13 and instruct users under 13 not to send us any information to or through the online Services without their parents’ consent.
The online Services are designed for users from, and are controlled and operated by us from, the United States. By using the Services, you consent to the transfer of your information to the United States or storage of your information in the United States, which may have different data protection rules than those of your country.
The Personal Information We Collect
We want you to understand how personal information you provide to us is collected and used. Personal information is any information that we can use to identify, locate, or contact you. We may collect and store your personal information when you provide it to us or to our service providers. Some examples of personal information we collect and when we collect it include:
- Registration: We collect your personal information when you register on the Services.
- Contact Information: We collect personal information from users of the Services who are interested in receiving information about our products or services, email alerts, newsletters, and other notifications.
- Surveys: From time to time, we request information from you via surveys. Participation in these surveys is voluntary. We request that you not provide personal health information in your survey responses. You may contact us regarding any survey as set forth under “Contact Information,” below.
- Information from Your Health Plan or Employer: We receive certain personal information about you from your health plan or employer so that we can provide our core services to you. If you have questions about the information your health plan or employer may have shared with us, please contact your health plan or your employer’s human resources department.
- Device Information: We may automatically collect certain personal device information such as device locale, cellular carrier, device manufacturer and device model for purposes of diagnosing problems and to ensure services function properly. We may also use personal device information to authenticate you for purposes of security and to help prevent fraud and data loss.
- Eligibility: We may use your personal information to confirm eligibility for the Services
If you choose not to provide your personal information to us, we may not be able to provide you with requested products, services or information.
If you submit any personal information relating to other people in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
We may combine the information collected from you through the Services with information we receive from and about you from other online and offline sources, such as in our stores, and use the combined information in accordance with this Privacy Policy. Our goal is to offer you content, advertisements, products, and services that are most likely to appeal to you.
Use and Disclosure of Personal Information
We use your personal information to respond to your requests, such as, send you email alerts, send you newsletters, and to provide you with related customer service. We may also use your information to send marketing communications and administrative information to you, including through the use of push notifications in our apps.
We may use and disclose your personal information to provide and coordinate the treatment and services you receive.
We may disclose your personal information to other third parties, such as pharmacies, doctors, hospitals, and other health care providers to assist them in providing care to you or for your care coordination. In some instances, uses and disclosures of your personal information for these purposes may be made through a Health Information Exchange or similar shared medical record or system.
We may use your personal information to personalize your experience on the Website and when interacting with us, including by presenting products and offers tailored to you, and for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing our Services and new products and services, determining the effectiveness of our educational, awareness or promotional campaigns, and operating and expanding our business activities.
In the event that CVS or some or all of our business, assets or stock are sold or transferred (including in connection with any bankruptcy or similar proceedings) or used as security, or to the extent we engage in business negotiations with third parties, personal information may be transferred to or shared with third parties as part of any such transaction or negotiation.
To the extent permitted by applicable law, we may provide personal information to our affiliated businesses or to our business partners, who may use it to send you marketing and other communications.
We may disclose personal information to our service providers, who provide services such as website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
If we are requested by law enforcement officials or judicial authorities to provide personal information, we may do so. In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose personal information, including without court process. We may also use or disclose personal information to enforce our terms and conditions, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety or property and/or that of our affiliates, you, or others.
We may use and disclose personal information to investigate security breaches or otherwise cooperate with authorities pursuant to a legal matter.
We may use and disclose information that does not personally identify you (including the information described under "Cookies and Other Technologies," below) for any purpose, except to the extent limited by applicable law. If we are required to treat such information as personal information under applicable law, then we may use it for all the purposes for which we use and disclose personal information.
We may combine information that does not personally identify you with personal information. If we do, we will treat the combined information as personal information as long as it is combined.
Links
The Services may contain links to, or otherwise make available, third-party websites, services, or other resources not operated by us or on our behalf.
Any information you provide to such third parties is not subject to the terms of this Privacy Policy, and we are not responsible for the privacy or security of the information you provide to them or their handling of your information. We recommend that you review the privacy policy of any third party to whom you provide personal information online.
In addition, we are not responsible for the information collection, use, disclosure, or security policies and practices of other organizations, such as Apple, Google, Microsoft, RIM, or any other app developer, app provider, operating system provider, wireless service provider, or device manufacturer.
Information from Other Sources
We may collect data about you from publicly available sources to personalize your experience. We may also obtain data provided by third parties. We may also obtain data provided by third parties. For example, we may obtain information from companies to improve the accuracy of the information we have about you (e.g., adding your zip code to your address information). This improves our ability to contact you and increases the relevance of our offers and communications to you.
Security
We seek to use reasonable physical, technical, and administrative safeguards to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account with us has been compromised), please immediately contact us in accordance with the "Contact Information" section below.
You are responsible for maintaining the confidentiality of your Services access information and password and for restricting access to your device, and you agree to accept responsibility for all activities that occur under your password.
Telephone, Text and Fax Policy
By providing your residential or wireless phone and/or fax number(s) to CVS you expressly consent to receive marketing and non-marketing autodialed and/or prerecorded calls, text messages and faxes (including fax advertisements) from or on behalf of CVS at the number(s) provided. Your consent to receive calls or texts on your wireless device is not a condition of any purchase. Consent may be revoked at any time by calling the toll-free number at 1-800-SHOPCVS or faxing your opt-out request to 1-401-652-0893. You may also send an opt-out request via email to do_not_call@cvshealth.com with the phone and/or fax number you wish to opt-out. Your wireless carrier’s standard message and data rates may apply.
Text Messaging Terms and Conditions
CVS Pharmacy, Inc., or one or more of its affiliates (CVS) offers access to pharmacy and healthcare service messages via recurring SMS (Short Message Service) and MMS (Multimedia Message Service) text alerts. Enrollment in text alerts requires a patient to provide his or her own mobile phone number with an area code within the 50 United States or the District of Columbia. By enrolling to receive CVS text alerts, you agree to these terms and conditions, which become effective upon your enrollment. You may be asked to verify your mobile phone number before the service will start. This requires responding to a text alert sent to your mobile phone confirming your enrollment in this Service.
You acknowledge that text alerts will be sent to the mobile phone number you provide to CVS. Such alerts may include limited personal information about your prescriptions, and whoever has access to the mobile phone or carrier account will also be able to see this information. Once you enroll, the frequency of text alerts we send to you will vary. You will typically receive text alerts when we have information for you about your prescriptions or other healthcare information. CVS Pharmacy does not impose a separate charge for text alerts; however, your mobile carrier's message and data rates may apply depending on the terms and conditions of your mobile phone contract. You are solely responsible for all message and data charges that you incur. Please contact your mobile service provider about such charges. The following carriers are supported: AT&T, Sprint, Boost, Verizon Wireless, U.S. Cellular®, T-Mobile®, Cincinnati Bell, Alltel, Virgin Mobile USA, Cellular South, Unicel, Centennial and nTelos.
The CVS text alert programs are offered on an “as is” basis and: (1) may not be available in all areas at all times; and (2) may not continue to work in the event of product, software, coverage or other service changes made by your wireless carrier. CVS may change or discontinue any of its text alert programs without notice or liability to you. CVS and its related companies and each of their respective officers, directors and employees are not responsible and shall not be liable for any losses or injuries of any kind resulting, directly or indirectly, from any CVS text alert program or from technical failures or delays of any kind. CVS reserves the right to cease delivery of text alerts to any person at any time in its sole discretion.
Cookies and Other Technologies
Like many other websites and online services, we collect information about Services traffic and usage patterns through the use of cookies, Web server logs, and other, similar technologies. We use this information for various purposes, such as to ensure that the Services function properly, to facilitate navigation, to personalize your experience, to understand use of the Services, to diagnose problems, to measure the success of our marketing campaigns, and to otherwise administer the Services.
Cookies are small computer files we transfer to your computer's hard drive. These small text files help us personalize content on our pages and provide programs like e-coupons. Your browser software can be set to reject or accept cookies. Instructions for resetting the browser are available in the Help section of most browsers.
Our use of cookies also allows us to collect and retain certain information about a website user, such as the type of Web browser used by our customer. Reviewing our Web server logs and our customers' use of our site helps us to, among other purposes, statistically monitor how many people are using our site and for what purpose.
Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels of the Services, helping diagnose server problems, and administering the Services.
We may use Adobe Flash Local Stored Objects ("LSOs") and other technologies to, among other things, collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
Tracking/Third-Party Advertisers
We do not respond to browser do-not-track signals.
We may use analytics providers that use cookies, pixel tags and other, similar technologies to collect information about your use of the Services and your use of other websites or online services.
Fraudulent Sites, Spam & Phishing
Please be aware that there may be fraudulent websites that illegally use CVS logos, and other aspects of the CVS brand. CVS is in no way associated with any fraudulent websites. These sites may circulate their presence on the internet via spam email, or through fraudulent phishing practices.
These sites have not been authorized by CVS to use our name and we work aggressively to identify their source and have them shut down. If you are in receipt of this type of spam email, to help protect your privacy you should avoid replying to it or forwarding it to other people.
In addition to our official websites, CVS works with a number of third parties that host websites and micro-sites that provide information and services to our customers. If you are concerned that a website or an email may be fraudulent, and you are an Aetna member, please contact us by using the toll-free Member Services number on your ID card. If you are not an Aetna member, please contact us at (855) 208-4858.
Your Choices and Access
You can request the removal or modification of the personal information you have provided to us by sending an email to the appropriate area under "Contact Information". For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your personal information before implementing your request. We will try to accommodate your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
Deidentified Patient Information
In addition to personal information, we may sell or disclose patient and/or member information that has been deidentified as permitted by law. To the extent we sell or share such deidentified patient and/or member information, we do so pursuant to one of the deidentification methodologies described in Section 164.514(b)(1) or (b)(2) of Title 45 of the Code of Federal Regulations, commonly known as the HIPAA expert determination method and the HIPAA safe harbor method, respectively.
California Shine the Light Law
If you are our customer and a California resident, you may request that we provide you with certain information about the entities with which we have shared our customers' personal information for direct marketing purposes during the preceding calendar year. To do so, please write to us at privacy.officer@cvshealth.com.
Your Responsibility
By establishing a CVS Health Tracker account, you agree that it is your responsibility to:
- Authorize, monitor, and control access to and use of your CVS Health Tracker account, User ID and password.
- Promptly inform us of any need to deactivate a password or an account by using the toll-free Member Services number on your Aetna ID card. If you are not an Aetna member, please contact us at (855) 208-4858.
Contact Information
If you have any questions or concerns about this statement, or about the way your information is collected and used, please contact us at privacy.officer@cvshealth.com or call us using the toll-free Member Services number on your Aetna ID card. If you are not an Aetna member, please contact us at (855) 208-4858.
If you have any questions about the content of this Privacy Policy, please contact the CVS Health Privacy Office at the following address:
CVS Health
Attn: Privacy Office
1 CVS Drive
Woonsocket, R.I. 02895