Depending on whether you are a warehouse or online member, or whether you use our travel services, the data controller of the personal data we process about you will be Costco Wholesale UK Limited, Costco Online UK Limited, or Costco Travel UK Limited (“Costco”, “we” or “us”).Our head office in the UK is located at Hartspring Lane, Watford, Hertfordshire, WD25 8JS.
Please note that we provide additional or different privacy notices in connection with certain products, services or programs. In addition, personal data that you provide when you visit Costco’s warehouses or websites outside of the UK are governed by the privacy policies of the Costco entities in those other countries.
Costco’s Commitment to Personal Data and Privacy
We respect your right to privacy and comply with all applicable laws and regulations with respect to personal data protection.
Personal data is data related to an identified or identifiable individual.
- Identification data, such as your name, title, marital status, photograph (taken at Costco’s premises for your membership card), date of birth, identity document (national identification card, foreigner identification number, passport or residence permit, and/or tax identification number), and of course your Costco membership number.
- Contact data, such as your address, email address, home phone number, and mobile phone or other phone number for contact purposes.
- Transactional data, which includes information about individual purchases and returns, account notes recorded in connection with your transactions with us and other information you choose to provide to us in connection with a transaction (such as photographs if you choose to use the Costco Photo Centre).
We also receive personal data related to members and customers through indirect channels. For example, if a member adds additional household members to his or her membership account, we collect names, addresses, phone numbers and email addresses from the member about these individuals. In some cases, we also receive personal data, such as contact information, from third parties that support us with specific processes, such as records correction, fraud prevention, delivery services and the offering of special promotions or products. We combine this data with the other personal data we collect directly about you to administer your membership, provide you with products and services and ensure our records are accurate and up-to-date.
In general, we use personal data to process your requests and transactions, provide you with high-quality service, tell you about opportunities we think will be of interest and administer your membership account. The specific purposes for which we process your personal data are set out below:
- To process your membership request and/or renewal and administer your membership (the legal basis for this processing is the performance of the membership agreement between you and Costco);
- To provide products and services to you, which includes processing payments, sending notifications (via email or SMS/text message) related to your purchases, and processing exchanges and returns (the legal basis for this processing is the performance of the purchase agreement between you and Costco);
- To respond to queries or complaints from you, including if you contact our customer service team (the legal basis for this processing is your consent);
- To provide you with news, product recommendations, promotional information, coupons, offers and other marketing communications about Costco and third-party products and services via email, direct mail and phone calls. The marketing communications we send you may be tailored based on your membership account details and purchase history so we can provide you with information and offers we think will be of particular interest to you. For more information about opting out of promotional communications from us, see “A right to object to processing” in Section 11) (the legal basis for this processing is our legitimate interest in providing information about products and services that may be of interest to you, unless applicable law requires us to obtain your consent, in which case we will do so);
- To communicate with you about your experience with us and the products and services you purchase, which includes sending you information about your orders (e.g., email and SMS notifications related to status, shipping, delivery and pick-up), surveys and information about product quality issues (the legal basis for this processing is our legitimate interest in improving your shopping experience and providing relevant information about products purchased from us);
- To communicate with you about product recalls and provide other health, safety and consumer protection notices (the legal basis for this processing is compliance with our legal obligations under UK consumer protection law);
- To comply with our legal obligations, including our tax obligations, those related to the prevention of fraud and money laundering, and those required for you to benefit from rights recognised by law (the legal basis for this processing is compliance with our legal obligations under UK law related to, for instance, taxation, money-laundering and terrorism financing and consumer protection law);
- To analyse your use of our website (the legal basis for this processing is our legitimate interest in improving our website and better understanding user needs and expectations);
- For internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting (the legal basis for this processing is our legitimate interest in understanding shopping behaviour, improving our selection of products and services, and exploring ways to develop and enhance our business); and
- To detect, investigate and prevent fraudulent transactions and other illegal activities and protect against harm to the rights, property or safety of Costco and our members, customers, employees or the public, including by using video surveillance systems (the legal basis for this processing is our legitimate interest in preventing fraud and protecting and securing our premises, members, customers, employees and the public).
We do not share personal data about you with third parties except as follows:
- Our Service Providers
- Third-Party Suppliers
- Primary Costco Account Holder
- Third Party Services
- Our Affiliates and Entities that Belong to Costco's Corporate Group
- Fraud Control
- Compliance with Law
- Corporate Transactions
We share personal data with companies that perform services for us (e.g. web hosting, information technology, payment processing, product fulfilment, installation, claims processing, recovery of unpaid checks, direct mail and email distribution, marketing, and the provision of data analytics, insurance, audit, accountancy, legal and advisory services). Please note that since some of these service providers are located abroad, certain disclosures imply a cross-border transfer of your personal data as described in Section 5.
We share personal data with companies that we partner with to provide you with certain products and services, such as optical and hearing aid suppliers and manufacturers or distributors who ship products directly to you. If you purchase, apply for or request certain products or services provided by a third party, we will share your name, membership number and other personal data as is necessary for the third party to deliver the product or service to you. We are not responsible for any additional information you provide directly to these third parties and encourage you to become familiar with their privacy and security practices and policies before disclosing any additional personal data to them.
If you are a Costco member, each membership account has an individual primary account holder who is authorised to designate and remove add-on members and make other account management decisions. Please be aware that information about all activities occurring under the account, including transactions completed by add-on members, will be available to the primary account holder. Similarly each online subscription account has a primary subscriber; information relating to all activities occurring under the online account is available to the subscriber of record.
You may purchase products and services offered by us through third parties, such as financial, travel and other business and consumer services ("Third Party Services"). If you purchase, apply for or request Third Party Services, information you provide will be shared with the third party offering the Third Party Service. See Section 8 for more details about Third Party Services.
We share personal data with our corporate affiliates for the purposes described in Section 3. Since our affiliates are located abroad, please note that disclosures to certain affiliates imply a cross-border transfer of your personal data as described in Section 5.
Costco works with services providers and belongs to associations that share a limited amount of personal data for fraud control purposes, such as all or part of a payment card number, an IP address or a device ID.
We also disclose personal data when we are legally authorised or required to do so to comply with applicable law or legal process (including requests from authorities and courts), to respond to claims (including inquiries by you in connection with your purchases at Costco), or to protect the rights, property or personal safety of the Costco companies, our shoppers, members, our employees or the public.
Personal data may be disclosed or transferred as part of, or during negotiations of, any merger or sale of company assets or acquisition to third parties involved in such transactions.
We also share personal data with third parties, other than those described above, when we have your consent to do so.
Costco ensures, with the signature of Standard Contractual Clauses adopted by the European Commission, that personal data transferred outside the EEA is maintained with at least the same level of security and protection for personal data that is required under the applicable legislation. Copies of the Standard Contractual Clauses we use to facilitate the transfer of data outside the EEA are available here and here.
We have physical, administrative and technical security measures in place to help protect personal data from damage, loss, alteration, destruction or unauthorised access, processing or use while it is under our control. With regard to credit card data, we are required to process and maintain payment card data in accordance with the data security rules adopted by credit card companies such as Visa, MasterCard and American Express.
Costco will retain your personal data for as long as necessary to achieve the purposes for which such data was collected, unless a longer retention period is required under applicable law. For example, we need to keep records about our members’ purchase histories in order to honour our returns policy. If you want to return an item you bought from us several years ago, we need to be able to confirm when and where you bought it. For this reason, we generally keep records about our members’ accounts and purchase histories for a minimum of 10 years. In addition, when you consent to receive marketing communications from us, we retain your email address and information about your marketing preferences for the duration of your membership, unless you opt out of receiving such communications or terminate your membership.
If you purchase, apply for or request Third Party Services, information you provide will be shared with the third party offering the Third Party Service. For example, if you register for the Costco Auto Programme, we may share membership details with participating dealers to confirm your enrolment in the programme. In turn, information you provide to these third parties may in turn be shared with us along with information about your use of the particular Third Party Service. We are not responsible for any additional information you provide directly to these third parties, and we encourage you to become familiar with their privacy and security practices and policies before disclosing information to them.
If you apply for an American Express Card co-branded credit card through Costco Wholesale, Costco Wholesale will collect the application on behalf of American Express. We will share with our credit card partners (including the issuing institution, the payment processing network, and other organisations providing services relating to the Costco co-branded credit card) the information you provide on the application form. If the application is approved, we will share with these partners your Costco membership number(s) and start date(s), your Costco membership photograph(s) that will appear on the co-branded card, your company name and resale permit number (if applicable) and the type and status of your Costco membership. Our credit card partners also have privacy policies, which we encourage you to review carefully before applying for a co-branded credit card.
If you purchase eyeglasses, contact lens, hearing devices and accessories from us, we collect and retain in our files your prescription information as well as a limited amount of background health information that you give us so that we may properly provide the service and/or medical device you have requested. We have procedures in place to protect your health-related information. If you request or receive government funding for optical or hearing devices or services, we may share your health information with the relevant government agency. Costco and our service providers may collect, use or disclose your personal health information in connection with:
- providing you with the health services you request;
- communicating with your health service providers;
- storing electronic health records within onsite or offsite servers;
- processing or obtaining payment for government-funded health services (for example, obtaining authorisation from your insurer or a government agency for payment);
- processing or obtaining payment from your health insurance provider; or
- internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting.
We process your personal health information where we have your explicit consent to do so, and where necessary for the provision of healthcare or treatment to you.
We may also disclose personal health information without your knowledge or consent if a law, regulation, search warrant, subpoena or court order legally authorises us or requires us to do so or to protect the rights, property or personal safety of Costco, its customers, employees or other members of the public. We may also be required to disclose certain personal health information in order to maintain standing with professional health bodies, including those for pharmacists, audiologists and opticians.
Costco Travel, UK Limited acts as an agent to help our members book travel in the UK and throughout the world. (Costco Travel UK currently provides car hire, but may at some time also offer cruises, hotels and other travel-related goods or services.) Since, in this instance, we are acting as an agent connecting our members to various travel providers, personal data you provide to us will be transferred to the travel providers and their agents, and will be subject to their privacy policies and their local laws. Your personal data may be accessible in the UK or in foreign jurisdictions to law enforcement and national security authorities. We are not responsible for the privacy and security practices or policies of these travel providers or their agents, and we encourage you to learn about their privacy and security practices and policies before booking travel through us.
When you make a reservation for someone else through us, we will ask you for their personal data. You should ensure that you have the consent of other individuals before providing us with their personal data. By providing us with that information, we consider that you have these other individuals’ consent and authorisation to provide us with their personal data and to make bookings on their behalf in accordance with our travel providers’ privacy policies.
If another person who has your full name and booking reference numbers contacts us and seeks information on your booking or wishes to make changes to it, we will disclose that information and allow that other person to make changes to your booking, as we will assume that you have given that person the consent to do so. Likewise, if your bookings are made through or by third parties, such as employers, family members or others, we will consider those people to be authorised by you to provide your personal data in accordance with this Section, unless or until you tell us otherwise.
Subject to certain limitations and exceptions, you have a number of legal rights in relation to the processing of your personal data, including:
- A right to obtain information: You have the right to request information about how we process your personal data.
- A right of access: You have the right to request access to, or a copy of, the personal data we process about you.
- A right of rectification: You have the right to request that we correct or supplement inaccurate or incomplete personal data we process about you.
- A right of erasure: You have the right to request that we delete personal data about you.
- A right to restriction of processing: You have the right to request that we restrict processing of your personal data, so that we can store such data but not further process it.
- A right to data portability: You have the right to request that we provide the personal data which you provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another controller without hindrance from Costco.
- A right to object to processing: You have the right to request that we stop processing personal data about you (for example, when your personal data is processed for direct marketing purposes, you have the right to object to the processing of such data at any time by writing to email@example.com or clicking on the “unsubscribe” link available at the bottom of the messages received).
- A right to revoke your consent: When our processing is based on your consent, you have the right to revoke such consent at any time.
- The right to file a complaint: You have the right to file a complaint regarding our data protection practices with a supervisory authority. You can do so by contacting the Information Commissioner’s Office (www.ico.org.uk).
We encourage parents to take an active interest in their children's use of the Internet. We do not intend to collect data from children or, in general, from individuals who are under 18 years of age. If you are under 18, you must not provide personal data through our website.
Costco Wholesale UK Ltd
UK Home Office (Privacy Department)
213 Hartspring Lane
Watford, Herts., WD25 8JS