In light of the new European data protection rules, we have updated our Privacy Policy and Cookie Policy

Cookie Policy

We use cookies on this website to enhance your experience and improve the quality of our website. By continuing to use this website without changing your browser settings, you consent to the use of cookies as described in our Cookie Policy.

Privacy Policy Last updated 25/05/2018

This Privacy Policy explains how Costco processes personal data when you visit our warehouse stores, purchase products or services from us, use our website (located at www.costco.co.uk), contact customer service, or otherwise interact with us. We encourage you to review our Privacy Policy from time to time to make sure you understand how we process your personal data and the choices you have with respect to such processing.

Depending on whether you are a warehouse or online member, or whether you use our travel services, the data controller of the personal data we process about you will be Costco Wholesale UK Limited, Costco Online UK Limited, or Costco Travel UK Limited (“Costco”, “we” or “us”).Our head office in the UK is located at Hartspring Lane, Watford, Hertfordshire, WD25 8JS.

Please note that we provide additional or different privacy notices in connection with certain products, services or programs. In addition, personal data that you provide when you visit Costco’s warehouses or websites outside of the UK are governed by the privacy policies of the Costco entities in those other countries.

 

Costco’s Commitment to Personal Data and Privacy

We respect your right to privacy and comply with all applicable laws and regulations with respect to personal data protection.

We do not sell or rent your personal data to third parties. We only share personal data with third parties as described in this Privacy Policy. These transfers only take place if we have obtained your prior consent or in compliance with applicable legislation when such consent is not required. For further information on how we share personal data with third parties, please see Section 4.

Your ability to make informed choices about how we process personal data is important to us. This Privacy Policy describes how you can make choices about how we use or otherwise process your personal data.

 

1. WHAT IS PERSONAL DATA?

Personal data is data related to an identified or identifiable individual.

2. WHAT PERSONAL DATA IS COLLECTED BY COSTCO?

We collect personal data when you sign up for or renew your Costco membership, visit our warehouses, place an order, make purchases, returns or exchanges, sign up for certain products and services (such as rebates, the Costco credit card, the Costco Services program and other business and consumer services), access and use our website or kiosks, sign up to receive marketing and promotional materials from us, participate in a survey or promotion, enter into a contest or sweepstakes, fill out a form, communicate with us via email or phone, or otherwise interact with us. For the purposes set out in this Privacy Policy, we collect the following personal data:

  • Identification data, such as your name, title, marital status, photograph (taken at Costco’s premises for your membership card), date of birth, identity document (national identification card, foreigner identification number, passport or residence permit, and/or tax identification number), and of course your Costco membership number.
  • Contact data, such as your address, email address, home phone number, and mobile phone or other phone number for contact purposes.
  • Transactional data, which includes information about individual purchases and returns, account notes recorded in connection with your transactions with us and other information you choose to provide to us in connection with a transaction (such as photographs if you choose to use the Costco Photo Centre).
  • Electronic data, which includes the IP address used to access our website, mobile device ID, type of browser, activity on our website, and image records obtained through video surveillance systems at our warehouses. We automatically collect electronic data when you access and use our website using cookies, pixels and local storage. For more information, please see our Cookie Policy

We also receive personal data related to members and customers through indirect channels. For example, if a member adds additional household members to his or her membership account, we collect names, addresses, phone numbers and email addresses from the member about these individuals. In some cases, we also receive personal data, such as contact information, from third parties that support us with specific processes, such as records correction, fraud prevention, delivery services and the offering of special promotions or products. We combine this data with the other personal data we collect directly about you to administer your membership, provide you with products and services and ensure our records are accurate and up-to-date.

3. HOW DOES COSTCO USE PERSONAL DATA?

In general, we use personal data to process your requests and transactions, provide you with high-quality service, tell you about opportunities we think will be of interest and administer your membership account. The specific purposes for which we process your personal data are set out below:

  • To process your membership request and/or renewal and administer your membership (the legal basis for this processing is the performance of the membership agreement between you and Costco);
  • To provide products and services to you, which includes processing payments, sending notifications (via email or SMS/text message) related to your purchases, and processing exchanges and returns (the legal basis for this processing is the performance of the purchase agreement between you and Costco);
  • To respond to queries or complaints from you, including if you contact our customer service team (the legal basis for this processing is your consent);
  • To provide you with news, product recommendations, promotional information, coupons, offers and other marketing communications about Costco and third-party products and services via email, direct mail and phone calls. The marketing communications we send you may be tailored based on your membership account details and purchase history so we can provide you with information and offers we think will be of particular interest to you. For more information about opting out of promotional communications from us, see “A right to object to processing” in Section 11) (the legal basis for this processing is our legitimate interest in providing information about products and services that may be of interest to you, unless applicable law requires us to obtain your consent, in which case we will do so);
  • To communicate with you about your experience with us and the products and services you purchase, which includes sending you information about your orders (e.g., email and SMS notifications related to status, shipping, delivery and pick-up), surveys and information about product quality issues (the legal basis for this processing is our legitimate interest in improving your shopping experience and providing relevant information about products purchased from us);
  • To communicate with you about product recalls and provide other health, safety and consumer protection notices (the legal basis for this processing is compliance with our legal obligations under UK consumer protection law);
  • To comply with our legal obligations, including our tax obligations, those related to the prevention of fraud and money laundering, and those required for you to benefit from rights recognised by law (the legal basis for this processing is compliance with our legal obligations under UK law related to, for instance, taxation, money-laundering and terrorism financing and consumer protection law);
  • To analyse your use of our website (the legal basis for this processing is our legitimate interest in improving our website and better understanding user needs and expectations);
  • For internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting (the legal basis for this processing is our legitimate interest in understanding shopping behaviour, improving our selection of products and services, and exploring ways to develop and enhance our business); and
  • To detect, investigate and prevent fraudulent transactions and other illegal activities and protect against harm to the rights, property or safety of Costco and our members, customers, employees or the public, including by using video surveillance systems (the legal basis for this processing is our legitimate interest in preventing fraud and protecting and securing our premises, members, customers, employees and the public).

4. HOW DOES COSTCO SHARE PERSONAL DATA WITH THIRD PARTIES?

We do not share personal data about you with third parties except as follows:

  • Our Service Providers
  • We share personal data with companies that perform services for us (e.g. web hosting, information technology, payment processing, product fulfilment, installation, claims processing, recovery of unpaid checks, direct mail and email distribution, marketing, and the provision of data analytics, insurance, audit, accountancy, legal and advisory services). Please note that since some of these service providers are located abroad, certain disclosures imply a cross-border transfer of your personal data as described in Section 5.

  • Third-Party Suppliers
  • We share personal data with companies that we partner with to provide you with certain products and services, such as optical and hearing aid suppliers and manufacturers or distributors who ship products directly to you. If you purchase, apply for or request certain products or services provided by a third party, we will share your name, membership number and other personal data as is necessary for the third party to deliver the product or service to you. We are not responsible for any additional information you provide directly to these third parties and encourage you to become familiar with their privacy and security practices and policies before disclosing any additional personal data to them.

  • Primary Costco Account Holder
  • If you are a Costco member, each membership account has an individual primary account holder who is authorised to designate and remove add-on members and make other account management decisions. Please be aware that information about all activities occurring under the account, including transactions completed by add-on members, will be available to the primary account holder. Similarly each online subscription account has a primary subscriber; information relating to all activities occurring under the online account is available to the subscriber of record.

  • Third Party Services
  • You may purchase products and services offered by us through third parties, such as financial, travel and other business and consumer services ("Third Party Services"). If you purchase, apply for or request Third Party Services, information you provide will be shared with the third party offering the Third Party Service. See Section 8 for more details about Third Party Services.

  • Our Affiliates and Entities that Belong to Costco's Corporate Group
  • We share personal data with our corporate affiliates for the purposes described in Section 3. Since our affiliates are located abroad, please note that disclosures to certain affiliates imply a cross-border transfer of your personal data as described in Section 5.

  • Fraud Control
  • Costco works with services providers and belongs to associations that share a limited amount of personal data for fraud control purposes, such as all or part of a payment card number, an IP address or a device ID.

  • Compliance with Law
  • We also disclose personal data when we are legally authorised or required to do so to comply with applicable law or legal process (including requests from authorities and courts), to respond to claims (including inquiries by you in connection with your purchases at Costco), or to protect the rights, property or personal safety of the Costco companies, our shoppers, members, our employees or the public.

  • Corporate Transactions
  • Personal data may be disclosed or transferred as part of, or during negotiations of, any merger or sale of company assets or acquisition to third parties involved in such transactions.

  • Consent
  • We also share personal data with third parties, other than those described above, when we have your consent to do so.

5. DOES COSTCO TRANSFER PERSONAL DATA OUTSIDE THE EEA?

Your personal data will be transferred to countries outside of the European Economic Area (“EEA”), including the UK, and, in some cases, the laws of these countries do not provide the same level of protection of your personal data as those in the UK. For example, we transfer personal data to our corporate affiliates, located in the United States, Canada, Australia, Japan, South Korea, Taiwan and Mexico, for the purposes described in this Privacy Policy. We also transfer personal data to service providers that process personal data for us in the United States, Canada and other locations (as an example, Google and Microsoft process personal data for us in various data centre locations, including those listed at http://www.google.ca/about/datacenters/inside/locations/ and https://azure.microsoft.com/en-us/global-infrastructure/regions/, respectively).

Costco ensures, with the signature of Standard Contractual Clauses adopted by the European Commission, that personal data transferred outside the EEA is maintained with at least the same level of security and protection for personal data that is required under the applicable legislation. Copies of the Standard Contractual Clauses we use to facilitate the transfer of data outside the EEA are available here and here.

6. HOW DOES COSTCO PROTECT PERSONAL DATA?

We have physical, administrative and technical security measures in place to help protect personal data from damage, loss, alteration, destruction or unauthorised access, processing or use while it is under our control. With regard to credit card data, we are required to process and maintain payment card data in accordance with the data security rules adopted by credit card companies such as Visa, MasterCard and American Express.

7. HOW LONG DOES COSTCO RETAIN PERSONAL DATA?

Costco will retain your personal data for as long as necessary to achieve the purposes for which such data was collected, unless a longer retention period is required under applicable law. For example, we need to keep records about our members’ purchase histories in order to honour our returns policy. If you want to return an item you bought from us several years ago, we need to be able to confirm when and where you bought it. For this reason, we generally keep records about our members’ accounts and purchase histories for a minimum of 10 years. In addition, when you consent to receive marketing communications from us, we retain your email address and information about your marketing preferences for the duration of your membership, unless you opt out of receiving such communications or terminate your membership.

8. THIRD PARTY SERVICES

If you purchase, apply for or request Third Party Services, information you provide will be shared with the third party offering the Third Party Service. For example, if you register for the Costco Auto Programme, we may share membership details with participating dealers to confirm your enrolment in the programme. In turn, information you provide to these third parties may in turn be shared with us along with information about your use of the particular Third Party Service. We are not responsible for any additional information you provide directly to these third parties, and we encourage you to become familiar with their privacy and security practices and policies before disclosing information to them.

If you apply for an American Express Card co-branded credit card through Costco Wholesale, Costco Wholesale will collect the application on behalf of American Express. We will share with our credit card partners (including the issuing institution, the payment processing network, and other organisations providing services relating to the Costco co-branded credit card) the information you provide on the application form. If the application is approved, we will share with these partners your Costco membership number(s) and start date(s), your Costco membership photograph(s) that will appear on the co-branded card, your company name and resale permit number (if applicable) and the type and status of your Costco membership. Our credit card partners also have privacy policies, which we encourage you to review carefully before applying for a co-branded credit card.

9. OPTICAL AND HEARING CENTRES

If you purchase eyeglasses, contact lens, hearing devices and accessories from us, we collect and retain in our files your prescription information as well as a limited amount of background health information that you give us so that we may properly provide the service and/or medical device you have requested. We have procedures in place to protect your health-related information. If you request or receive government funding for optical or hearing devices or services, we may share your health information with the relevant government agency. Costco and our service providers may collect, use or disclose your personal health information in connection with:

  • providing you with the health services you request;
  • communicating with your health service providers;
  • storing electronic health records within onsite or offsite servers;
  • processing or obtaining payment for government-funded health services (for example, obtaining authorisation from your insurer or a government agency for payment);
  • processing or obtaining payment from your health insurance provider; or
  • internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting.
  • We process your personal health information where we have your explicit consent to do so, and where necessary for the provision of healthcare or treatment to you.

    We may also disclose personal health information without your knowledge or consent if a law, regulation, search warrant, subpoena or court order legally authorises us or requires us to do so or to protect the rights, property or personal safety of Costco, its customers, employees or other members of the public. We may also be required to disclose certain personal health information in order to maintain standing with professional health bodies, including those for pharmacists, audiologists and opticians.

10. COSTCO TRAVEL UK

Costco Travel, UK Limited acts as an agent to help our members book travel in the UK and throughout the world. (Costco Travel UK currently provides car hire, but may at some time also offer cruises, hotels and other travel-related goods or services.) Since, in this instance, we are acting as an agent connecting our members to various travel providers, personal data you provide to us will be transferred to the travel providers and their agents, and will be subject to their privacy policies and their local laws. Your personal data may be accessible in the UK or in foreign jurisdictions to law enforcement and national security authorities. We are not responsible for the privacy and security practices or policies of these travel providers or their agents, and we encourage you to learn about their privacy and security practices and policies before booking travel through us.

The personal data requested by travel providers may include, among other things, financial information, travel document details, trip details, nationality, gender, date of birth, credit card information, disability information, travel preferences, loyalty program details, and emergency contact details. This personal data is required for purposes including booking your trip, contacting you in association with your trip, providing mandatory information to government authorities, personalising your travel experiences, and for other purposes identified by the travel providers in their privacy policies. We may retain some or all of this information in order to provide services to you in association with your bookings. The information held by us will be subject to our Privacy Policy.

When you make a reservation for someone else through us, we will ask you for their personal data. You should ensure that you have the consent of other individuals before providing us with their personal data. By providing us with that information, we consider that you have these other individuals’ consent and authorisation to provide us with their personal data and to make bookings on their behalf in accordance with our travel providers’ privacy policies.

If another person who has your full name and booking reference numbers contacts us and seeks information on your booking or wishes to make changes to it, we will disclose that information and allow that other person to make changes to your booking, as we will assume that you have given that person the consent to do so. Likewise, if your bookings are made through or by third parties, such as employers, family members or others, we will consider those people to be authorised by you to provide your personal data in accordance with this Section, unless or until you tell us otherwise.

11. WHAT PERSONAL DATA RIGHTS DO YOU HAVE?

Subject to certain limitations and exceptions, you have a number of legal rights in relation to the processing of your personal data, including:

  • A right to obtain information: You have the right to request information about how we process your personal data.
  • A right of access: You have the right to request access to, or a copy of, the personal data we process about you.
  • A right of rectification: You have the right to request that we correct or supplement inaccurate or incomplete personal data we process about you.
  • A right of erasure: You have the right to request that we delete personal data about you.
  • A right to restriction of processing: You have the right to request that we restrict processing of your personal data, so that we can store such data but not further process it.
  • A right to data portability: You have the right to request that we provide the personal data which you provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another controller without hindrance from Costco.
  • A right to object to processing: You have the right to request that we stop processing personal data about you (for example, when your personal data is processed for direct marketing purposes, you have the right to object to the processing of such data at any time by writing to gdprrequests@costco.co.uk or clicking on the “unsubscribe” link available at the bottom of the messages received).
  • A right to revoke your consent: When our processing is based on your consent, you have the right to revoke such consent at any time.
  • The right to file a complaint: You have the right to file a complaint regarding our data protection practices with a supervisory authority. You can do so by contacting the Information Commissioner’s Office (www.ico.org.uk).

To exercise these rights, please email us at gdprrequests@costco.co.uk or click here

12. USE OF THE WEBSITE BY CHILDREN

We encourage parents to take an active interest in their children's use of the Internet. We do not intend to collect data from children or, in general, from individuals who are under 18 years of age. If you are under 18, you must not provide personal data through our website.

13. CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and if we make material changes, we will provide you with additional notice. We encourage you to review this Privacy Policy frequently to make sure you understand how your personal data will be processed and the choices available to you.

14. QUESTIONS OR CONCERNS

If you have any questions or concerns about this Privacy Policy or would like to contact us for any reason, including the possibility of submitting a claim, you can write to gdprrequests@costco.co.uk or you can contact our Data Protection Officer by writing to privacy@costco.com. Alternatively, if you would prefer to submit your questions by post, please write to us at:

Costco Wholesale UK Ltd
UK Home Office (Privacy Department)
213 Hartspring Lane
Watford, Herts., WD25 8JS