This Privacy Policy lets you know how we collect, use, share, and protect information about you. By interacting with Walgreens Health (collectively referred to herein as “Walgreens Health” or “we”) and its service providers, including Curebase, for purposes of clinical research evaluation services (the clinical research evaluation services offered by Walgreens Health and Curebase are collectively referred to as “services”), you consent to the practices described in this Privacy Policy. Any changes in our Privacy Policy will appear on this page so that you are aware of the data we collect and how we use it. We will notify you of material changes to this Privacy Policy by posting on our websites that the Privacy Policy has been revised and by updating the effective date of the Privacy Policy.
This Privacy Policy applies to your use of the services, including the creation of a Curebase account or use of Curebase mobile application, in connection with Walgreens and Curebase's collection of information to review screening criteria to determine eligibility for participation in current and future clinical research, conducting clinical research pre-qualification activities, and contacting you about clinical research. For California and Virginia residents, there is an "Information for California Consumers" section and an "Information for Virginia Consumers" section in this Privacy Policy.
In some circumstances, Walgreens Health’s use and disclosure of your information in connection with the services will be subject to the requirements of the Health Insurance Portability and Accountability Act (commonly known as "HIPAA"). For example, when you provide information to register for or update your information within the services, that information is subject to HIPAA’s requirements. In those circumstances, the Walgreens Notice of Privacy Practices and not this Privacy Policy will apply. If you have questions about which policy applies to your information as a consumer, please do not hesitate to contact us at 877-924-4472.
Our Privacy Program
At Walgreens Health, we are committed to maintaining our customers’ privacy. We take great care to safeguard the information that we collect to maintain your privacy. We have provided this Privacy Policy to you to describe information collection and use practices at Walgreens Health. This Privacy Policy describes the choices you can make about the way your information is collected and used.
Information We Collect
We want you to understand how information you provide to us is collected and used. When you interact with or receive services from Walgreens Health, we collect certain information about you. We may collect and store information from you in the following situations:
Information you provide to us directly, including when you:
- Create a Curebase account for Walgreens Health services; and
- Correspond directly with us, such as through our websites, postal mail, customer service, or dispute resolution mechanisms.
Information we collect when you use our services, including:
Device Information
- We may collect device-specific information when you visit our website or Curebase mobile application or use our services. This includes information such as Internet Protocol (IP) address, hardware model, operating system, unique device identifiers, mobile network information, location data such as zip code, the path you take through our mobile application, and other information about your session on the mobile application. We may also associate the information we collect from your different devices, which helps us provide consistent services across your devices.
Log Information
- This includes details of how you used our websites including clicks and page information such as the address (or URL) of the website or mobile application you came from before visiting our website or mobile application, which pages you visited on our website or mobile application, which browser you used to view our website or mobile application, and any search terms entered.
- Other information from your interaction with Walgreens Health, services, and content, including device and connection information, statistics on page views, traffic to and from the websites, ad data, and other standard weblog information
Precise Location Information
- When you use the mobile application or services on your mobile phone or device and enable location services on your mobile phone or device browser, we may collect information about your physical location through satellite, cell phone tower, Wi-Fi signal, beacons, or Geolocation information ("precise location information"). If you use the mobile application, your device may share precise location information when you enable location services for the mobile application. To learn how to opt out of sharing your precise location information with Walgreens Health, go to the "Your Choices" section of this Privacy Policy.
Cookies, Web Beacons, and Similar Technologies
- "Cookies" are small data files that are sent from a website's server and are stored on your device's hard drive either for only the duration of your visit ("session cookies") or for a fixed period of time ("persistent cookies"). Cookies may store user preferences and other types of information. We use cookies to provide features and services, such as:
- Remembering your preferences and allowing you to enter your username less frequently;
- Presenting information that's targeted to your interests, including Walgreens Health content presented on another website;
- Measuring the effectiveness of our websites, services, content and advertising; and
- Providing other services and features that are available only through the use of cookies.
- The Options/Settings section of most internet browsers will tell you how to manage cookies and other technologies that may be transferred to your device, including how to disable these technologies. You can disable our cookies or all cookies through your browser settings, but please note that disabling cookies may impact some of our website's features and prevent the website from operating properly.
- A "Web Beacon" is an electronic image placed in the code of a webpage, application, or email. We use web beacons to monitor the traffic patterns of users from one page to another and to improve website performance, and in our emails to understand when our email communications are opened or discarded.
How We Use Your Information
Our primary purpose in collecting information is to provide you with a safe, smooth, efficient, and customized experience. We may use your information in a variety of ways, including for the following purposes:
Product and Service Fulfillment
- We use your information to facilitate activities related to clinical research, consistent with your authorization.
Internal Operations
- We use your information to improve the effectiveness of our services, conduct research and analysis, or to perform other business activities as needed and as permitted by HIPAA, as applicable.
Prevention of Fraud and Other Harm
- We use your information to detect, prevent or investigate potential security breaches, fraudulent transactions, and monitor against theft.
Legal Compliance and As Necessary or Appropriate Under Applicable Law
- We may use your information as necessary or appropriate under applicable law, to comply with legal process, to respond to such requests from public and government authorities (including law enforcement), to enforce our terms and conditions, including investigations of potential violations, to detect, prevent or otherwise address fraud, security or technical issues, to protect our rights, privacy, safety or property, and to allow us to pursue available remedies to limit the damages that we may sustain. In matters involving claims of personal or public safety or in litigation where the data is pertinent, we may use your information without your consent or court process where permitted by HIPAA, as applicable.
How We Share Your Information:
While we do not sell, rent, or loan your personally identifiable information, we may share your information with companies, organizations, and individuals outside of Walgreens Health as described in this Privacy Policy and as permitted by HIPAA, as applicable.
Internally
- We may share your information with our parent company or affiliates, including but not limited to, Walgreen Co., Walgreens Boots Alliance Inc., Boots Retail USA Inc., Walgreens Specialty Pharmacy Holdings, LLC, and Walgreens Specialty Pharmacy, LLC DBA Alliance Rx Walgreens Prime.
When We Work With Third Parties
- We may share your information with affiliated and unaffiliated companies that perform tasks on our behalf related to our business. Such tasks include analyzing website usage data, mobile application usage data, customer service, electronic mail service, and other media services.
When Sharing is Required by Law or Helps Us Protect Our Interests
- We will disclose your information as necessary or appropriate under applicable law, to comply with legal process, to respond to such requests from public and government authorities, to enforce our terms and conditions, including investigations of potential violations, to detect, prevent or otherwise address fraud, security or technical issues, to protect our rights, privacy, safety or property, and to allow us to pursue available remedies to limit the damages that we may sustain. In matters involving claims of personal or public safety or in litigation where the data is pertinent, we may use or disclose personal information without your consent or court process.
When We Work On Business Transactions
- As we continue to develop our business, we might sell or buy stores or assets, or engage in mergers, acquisitions or sale of company assets. Personal information, including your information, may be disclosed in connection with the evaluation of and entry into such transactions, or in the course of providing transition of services to another entity as permitted by law. In such transactions, personal information generally is one of the transferred business assets. Additionally, in the event that Walgreens Health or substantially all of its assets are acquired, consumer and supplier information, including your personal information, will likely be one of the transferred assets as is permissible under law.
De-identified or Aggregate information with Third Parties
- We may share de-identified or aggregate information with third parties for lawful purposes.
With Your Consent
- At your direction or request, or when you otherwise consent, we may share your information.
Your Choices
By interacting with Walgreens Health as described herein, you consent to the practices described in this Privacy Policy. However, we want you to know that you do have certain choices with regard to how your information is collected and used.
Email and Mobile Communications
You may choose to stop receiving certain email and mobile communications from Walgreens Health by clicking the link to stop receiving email communications at the bottom of Walgreens Health emails and following the instructions provided in the mobile communications.
Mobile Application
- Push Notifications
You can opt-out from further allowing Walgreens to send you push notifications by adjusting the permissions in your mobile device or from the mobile application.
Our "Do Not Track" Policy
Walgreens Health respects enhanced user privacy controls. We support the development and implementation of a standard "do not track" browser feature, which signals to websites that you visit that you do not want to have your online activity tracked. Please note that at this time app.walgreens.curebase.com does not interpret or respond to "do not track" signals. However, you may set your Web browser to not accept new cookies or web beacons, be notified when you receive a new cookie, or disable cookies altogether. Please note that by disabling these features, your experience on app.walgreens.curebase.com may not be as smooth and you may not be able to take full advantage of our website's features. Please see the Help section of your browser for instructions on managing security preferences.
Minors – Consumers
If you are under 18 years old and a registered user, you can request that were move content or information that you have posted to our website or other online services. Note that fulfillment of the request may not ensure complete or comprehensive removal (e.g., if the content or information has been reposted by another user). To request removal of content or information, please contact us at [email protected].
Accessing and Updating Your Personally Identifiable Information
If you have a Curebase account, you can log in and update your information. You can as a consumer also review and update the information you have given us by contacting us at [email protected]. Our customer care staff will update your information.
Mobile Application Account Deletion
If you create an account on the mobile application, you may delete that account by visiting your Profile page in your mobile application. In circumstances where required by law, we will retain your information, including your information subject to the Walgreens Health Notice of Privacy Practices.
Information for California Consumers
If you are a California resident, we are required to provide additional information to you about how we collect, use, and disclose your information that may be considered "Personal Information" or "Sensitive Personal Information" under California Law ("CA Personal Information"), and you may have additional rights with regard to how we use and disclose your CA Personal Information. We have included this California-specific information below.
- Collection. Consistent with the "Information We Collect" section above, we collect certain categories and specific pieces of CA Personal Information about individuals who reside in California. In the 12 months prior to the date of this Privacy Policy, we collected the following types of categories of CA Personal Information, which we will continue to collect:
- Identifiers: such as name, address, telephone number, email address, age, date of birth, username and password for our websites, online identifiers, IP address;
- Characteristics of protected classifications under California or federal law: such as sex, gender, age (40 or older);
- Commercial information: such as products or services purchased, obtained, or considered, other purchasing or consuming histories or tendencies, payment information, health and medical information, health insurance information, loyalty program participation information;
- Internet or other electronic network activity information: such as computer and connection information, statistics on page views, traffic to and from the websites, ad data, and other standard weblog information;
- Geolocation information: including location data and precise location data such as physical location information through the use of our services on your mobile phone or device by, for example using satellite, cell phone tower, Wi-Fi signal, beacons, Bluetooth, and near field communication protocols, when you are in or near a Walgreens store;
- Audio, visual, or similar information: such as photographs you share, in-store security video, customer service audio recordings;
- Inferences drawn from the above categories of CA Personal Information: such as consumer preferences, characteristics, predispositions, and behavior; and
- Sensitive Personal Information such as driver's license, state identification card, or passport number, precise geolocation (within a radius of 1,850 feet), and information concerning your health.
- Sources. We may collect certain categories of CA Personal Information from you and third parties as described in the "Information We Collect" section above. The categories of sources from which we collected CA Personal Information in the 12 months prior to the date of this Privacy Policy include the following:
- In our stores (parent, subsidiary, and affiliate brands)
- On our websites and mobile applications (parent, subsidiary, affiliate, and partner brands)
- When you communicate with our Customer Care Center
- Through participation in loyalty programs
- Third-party websites and mobile applications (e.g., websites and applications that share information with us or our advertising partners regarding your online activities)
- Data Suppliers (e.g., companies that provide demographics and other information regarding consumers)
- Joint marketing or other commercial business partners
- Online advertising networks
- Delivery partners/carriers
- Social media companies
- Other service providers
- Survey providers
We will continue to collect CA Personal Information from these same sources.
- Purposes. We collect CA Personal Information for the business and commercial purposes described in the "How We Use Your Information" section as described above. Specifically, we collect CA Personal Information to respond to your inquiries, fulfill your requests and improve your experience; for marketing, advertising and promotional purposes; for reporting and analytics; to improve the effectiveness of our services, conduct research and analysis, or for other internal operations purposes; to detect, prevent or investigate potential security breaches, fraudulent transactions and monitor against theft.
- Retention. We retain CA Personal Information for the business and commercial purposes described in the "How We Use Your Information" and “Purposes” sections above. Retention of your CA Personal Information may also be required to provide products and services you requested, to maintain our business relationship with you, or for us to fulfill a legal obligation. Once no longer needed for these purposes, we will not retain your CA Personal Information in our systems.
Sharing your CA Personal Information for business purposes: As described above in the "How We Share Your Information" section, we share information for business purposes. In the 12 months prior to the date of this Privacy Policy, we shared, and we may continue to share the following categories of CA Personal Information with third parties who are considered "service providers" as defined under California law since we disclose CA Personal Information to them for our business purposes.
- Identifiers: such as name, address, telephone number, email address, age, date of birth, username and password for our websites, online identifiers, IP address;
- Characteristics of protected classifications under California or Federal Law: such as sex, gender, age (40 or older);
- Commercial information: such as products or services purchased, obtained or considered, other purchasing or consuming histories or tendencies, payment information, health and medical information, health insurance information, and loyalty program participation information;
- Internet or other electronic network activity information: such as computer and connection information, statistics on page views, traffic to and from the websites, ad data, and other standard weblog information;
- Geolocation information: including location data and precise location data, such as physical location information through the use of our services on your mobile phone or device by, for example using satellite, cell phone tower, Wi-Fi signal, beacons, Bluetooth, and near field communication protocols. If you use the mobile application, your device may share location information when you enable location services. We may be able to recognize the location of a mobile device in stores through the use of Bluetooth technology;
- Audio, visual, or similar information: such as photographs you share, in-store security video, customer service audio recordings;
- Inferences drawn from the above categories of CA Personal Information: such as consumer preferences, characteristics, predispositions, and behavior; and
- Sensitive Personal Information: such as driver's license, state identification card, or passport number, precise geolocation (within a radius of 1,850 feet), and information concerning your health.
As described above, examples of business purposes include product and service fulfillment, internal operations, prevention of fraud and other harm, and legal compliance.
The categories of third-party service providers to which we may share the above-described categories include Payment Processing Companies, Data Analytics Providers, Fraud Prevention Providers, Cloud Storage Providers, IT Service Providers, Professional Service Providers, Delivery Partners, and Marketing Companies.
In addition, we may share the aforementioned categories of CA Personal Information with third parties involved in the evaluation of or entry into the sale or purchase of stores or company assets, mergers, or acquisitions. The categories of third parties to which we may share the above-described categories of CA Personal Information include potential Business Partners or Purchasers, Professional Service Providers (e.g., consultants, lawyers, accountants), and Data Analytics Providers. In the event of sale, merger, or acquisition, customer information (including CA Personal Information) generally is one of the transferred business assets, as is permissible under law.
Sale and Sharing of CA Personal Information. As described above in the "How We Share Your Information" section, we may share the following categories of CA Personal Information with third parties who are considered "third parties" as defined under California law since we disclose CA Personal Information to them which they may use for secondary purposes. Our disclosure of CA Personal Information to the third parties who use the information for secondary purposes may constitute a "sale" or "sharing" of CA Personal Information as defined under California law.
In the 12 months prior to the date of this Privacy Policy, we shared for secondary purposes (which may constitute a "sale" or "sharing" of CA Personal Information under California law), and may continue to share, the following categories of CA Personal Information:
- Identifiers: such as online identifiers, IP address;
- Commercial information: such as products or services purchased, obtained or considered, other purchasing or consuming histories or tendencies;
- Internet or other electronic network activity information: such as computer and connection information, statistics on page views, traffic to and from the websites, ad data, and other standard weblog information;
- Geolocation information: including location data and precise location data, such as physical location information through the use of our services on your mobile phone or device by, for example using satellite, cell phone tower, Wi-Fi signal, beacons, Bluetooth, and near field communication protocols. If you use the mobile application, your device may share location information when you enable location services. We may be able to recognize the location of a mobile device in stores through the use of Bluetooth technology;
- Inferences drawn from CA Personal Information: such as consumer preferences, characteristics, predispositions, and behavior; and
- Sensitive Personal Information: such as information concerning your health, which may include certain health-related retail product purchases.
The categories of third parties to which we may sell or share (as defined by California law) the above-described categories of CA Personal Information include online Advertising Networks, Marketing Companies, Financial Services Partners, and Social Media Companies.
Opting Out of the Sale and Sharing of CA Personal Information. You may stop our disclosure of your CA Personal Information to these entities for their use for secondary purposes by opting out of the sale or sharing of your CA Personal Information. You can do so by submitting an opt-out request through this link here or by contacting us at 800-925-4733.
- Opt-out Preference Signal. As described on our Data Preferences page, under the "Sale and Sharing" tab, you may opt out of the sale and sharing of your CA Personal Information at a browser level. Browser level opt-outs are based on your unique browser and device. In addition to manually opting out at a browser level through this link here, we also have processes in place to recognize opt-out preference signals you set on your browser or device and honor those signals when you visit our website as a request to opt out of the sale and sharing of your CA Personal Information. To enable an opt-out preference signal, you must use a platform or internet browser with technology to set and communicate your preferred privacy setting.
- Notice of Financial Incentive. We may provide price discounts, coupons, services, and other perks for members of our loyalty programs such as myWalgreens. Through these offerings, consumers may provide us with any or all of the categories of CA Personal Information set out above in the "Collection" section depending on how they choose to interact with us when and after they opt-in to our programs. There is no obligation to opt-in and consumers may opt-out at any time. The details of each program are contained in the program offering. We offer these programs, among other things, to enhance our relationship with you so you can enjoy more of our products/services at a lower price. We invest heavily in our marketing and brands, in part, so we can provide programs to our customers. Consumer data is more valuable to our business when it is combined with a sufficient amount of other consumer data and after it is enhanced by our efforts described in this Privacy Policy. The value to our business of any individual consumer's data is dependent on a number of factors, including, for example, whether and to what extent you take advantage of any offerings, whether and to what extent you opt out of any offerings, and whether we are able to enhance the data through our efforts described in this Privacy Policy. We do not calculate the value of consumer data in our accounting statements. We make this good faith estimate for California residents. To the extent we create overall value from our programs to our business that could be directly or reasonably related to the value of customer data, the method for calculating the value would include: (1) costs related to maintaining the program including but not limited to IT infrastructure, delivery of offers, and skilled marketing teams with the appropriate knowledge to enhance customer data; (2) whether the sales generated by the program exceeds the cost to us of offering the program including value of discounts to customer; and (3) value of the insights we are able to create based upon aggregate data.
- Deidentified Patient Information. We may also disclose information that does not identify an individual and cannot reasonably be used to identify an individual which is derived from CA Personal Information, as well as deidentified protected health information that has been modified to remove individually identifiable information in accordance with HIPAA's expert determination (also known as "statistician's method") or safe harbor deidentification standards.
Limiting Use and Disclosure of Sensitive Personal Information. We may collect certain categories of CA Personal Information from you and third parties as described in the "Collection" section above that may be considered "Sensitive Personal Information" under California law. Our use of your Sensitive Personal Information is generally limited to performing services or providing goods you requested. You may limit our use and disclosure of your Sensitive Personal Information for purposes not subject to an exception pursuant to law by submitting a request to limit through this link here or by contacting us at 800-925-4733.
Business-to-Business Consumers
This "Information for California Consumers" section, including the "California Consumer Rights" sub-section below, also applies to CA Personal Information collected from individuals acting as an employee, owner, director, officer, or contractor of another company, partnership, sole proprietorship, nonprofit, or government entity, in the context of conducting business with us.
California Consumer Rights. As a California resident, you have the right to request and access, including in a portable, machine-readable format, any or all of the following types of information regarding the CA Personal Information we have collected about you from January 1, 2022, to the date of receipt of your request:
- Specific pieces of CA Personal Information we have collected about you;
- Categories of CA Personal Information we have collected about you;
- Categories of sources from which such CA Personal Information was collected;
- Categories of CA Personal Information we sold or disclosed for a business purpose about you; and
- The business or commercial purpose for collecting or selling your CA Personal Information.
You also have the right to request correction or deletion of your CA Personal Information and to opt out of the sale or sharing and automated processing ("profiling") of your CA Personal Information. In addition, you have the right to limit the use and disclosure of your Sensitive Personal Information and appeal our refusal to act on your request.
Exercising California Consumer Rights. You or your authorized agent may submit a request to exercise your California Consumer Rights by using one of the following specifically designated methods:
- Self-service on our digital properties by logging on to your account and using the Customer Preference Center
- Responding to Requests. For requests for access, correction, deletion, or appeal, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
For requests to opt out of the sale or sharing or to opt out of automated processing ("profiling") of your CA Personal Information or request to limit the use and disclosure of your Sensitive Personal Information, we will comply within 15 business days after receipt of your request.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why. - Requests By Authorized Agents. You may designate an agent to submit requests on your behalf. The agent must be a natural person or a business entity that is registered with the California Secretary of State.
If you would like to designate an agent to act on your behalf, you and the agent will be required to provide us with proof of the agent’s identity and proof that you gave the agent signed permission to submit a request on your behalf. Additionally, you will be required to verify your identity by providing us with certain CA Personal Information as described above or provide us with written confirmation that you have authorized the agent to act on your behalf.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney. - Requests for Household Information. There may be some types of CA Personal Information that can be associated with a household (a group of people living together in a single dwelling). Requests for access, correction, or deletion of household CA Personal Information must be made by each member of the household. We will verify the identity of each member of the household using the verification criteria explained below and will also verify that each household member is currently a member of the household.
- Verification of Requests. After you submit a request to exercise a California Consumer Right as described above (other than a request to stop the sale or sharing of your CA Personal Information or to limit the use and disclosure of your Sensitive Personal Information), you will enter into a two-part verification process.
For part one, you must verify your identity by correctly answering demographic questions powered through Lexis Nexis®, and/or confirming control over the phone number and/or email or postal address you provide in the request form.
If you successfully complete the Lexis Nexis® identity verification and/or the phone and/or email or postal address verification, you will proceed to part two of the process in which we will attempt to match the data provided in the request form to the data we maintain. Depending on the type of request submitted, if you are matched to a high degree of certainty your request will be processed as follows:
(a) Access request: Your access report will include the specific pieces of CA Personal Information not otherwise subject to an exception pursuant to law that we match to you. If requested, your access report will also be provided in a portable, machine-readable format.
(b) Deletion request: All data matched to you and not otherwise subject to an exception pursuant to law will be deleted.
(c) Correction request: If we determine the contested data to be inaccurate based on the totality of the circumstances, unless otherwise subject to an exception pursuant to law, your data will be corrected.
(d) Profiling Opt-Out request: Your CA Personal Information will be opted out of automated processing, such as prescreened credit card offers, unless otherwise subject to an exception pursuant to law.
(e) Appeal request: Your appeal request will be reviewed, and you will receive a communication with the outcome of the appeal, including any additional rights you may have.
If you fail Lexis Nexis® identity verification, but successfully complete phone and/or email or postal address verification you proceed to part two of the process in which we will attempt to match the data provided in the request form to the data we maintain. Depending on the type of request submitted, if you are matched to a reasonable degree of certainty your request will be processed as follows:
(a) Access request: Your access report will include the categories of CA Personal Information we match to you unless otherwise subject to an exception pursuant to law.
(b) Deletion request: Certain limited data we associate to you will be deleted.
(c) Correction: Your correction request cannot be processed if you fail Lexis Nexis® identity verification.
(d) Profiling Opt-Out request: Your CA Personal Information will be opted out of automated processing, such as prescreened credit card offers, unless otherwise subject to an exception pursuant to law.
(e) Appeal request: We will review your appeal request and, after considering the totality of the circumstances, will respond accordingly.
If you fail Lexis Nexis® identity verification as well as phone and/or email and postal address verification, your request will be cancelled and you will be notified.
Nondiscrimination. Should you wish to request the exercise of your rights as detailed above with regard to your CA Personal Information, we will not discriminate against you. To the extent you provide CA Personal Information in connection with programs such as my Walgreens, additional information about the terms applicable to those programs, including our use of CA Personal Information in exchange for the applicable financial incentives, can be found in the terms and conditions for those programs and in the Notice of Financial Incentive section above.
No Sale of Minors' Personal Information. Additionally, California law requires California residents under the age of 16 to opt-in to the sale or sharing of CA Personal Information. We have protections in place to prevent the sale and sharing of, and do not intend to and have no actual knowledge that we "sell" or "share" the CA Personal Information of California residents under the age of 16. As a result, certain programs and services may be unavailable to California residents under the age of 16.
Metrics. California law requires recording of metrics regarding requests for Access, Correction, Deletion, Opting out of Sale/Sharing, and Limiting the use of Sensitive Personal Information submitted by California residents pursuant to the California Privacy Rights Act. The metrics below reflect the time period from January 1, 2021, to December 31, 2021, which does not include requests for Correction and Limiting the use of Sensitive Personal Information.
- Access Requests
- Request Received: 406
- Completed: 109
- Expired/Rejected: 297
- Median Days to Fulfill: 31
- Deletion Requests
- Requests Received: 664
- Completed: 276
- Expired/Rejected: 388
- Median Days to Fulfill: 24
- Opt-out Requests
- Requests Received: 56,930
- Completed: 55,728
- Expired/Rejected: 1,202
- Median Days to Fulfill: 0
Information for Virginia Consumers
If you are a Virginia resident, we are required to provide additional information to you about how we collect, use, and disclose your information that may be considered "Personal Data " under Virginia Law ("VA Personal Data"), and you may have additional rights with regard to how we use and disclose your VA Personal Data. In addition, certain information about you may be considered "Sensitive Data" under Virginia Law, and, unless the processing falls under a legal exception, we cannot process Sensitive Data without obtaining your consent. We have included this Virginia-specific information below.
- Processing. Consistent with the "Information We Collect" section above, we process certain categories and specific pieces of VA Personal Data about individuals who reside in Virginia. In the 12 months prior to the date of this Privacy Policy, we collected the following types of categories of VA Personal Data, which we will continue to collect:
- Identifiers: such as name, address, telephone number, email address, age, date of birth, username and password for our websites, online identifiers, IP address;
- Commercial information: such as products or services purchased, obtained or considered, other purchasing or consuming histories or tendencies, payment information, health and medical information, health insurance information, loyalty program participation information;
- Internet or other electronic network activity information: such as computer and connection information, statistics on page views, traffic to and from the websites, ad data, and other standard weblog information;
- Geolocation information: including location data and precise location data such as physical location information through the use of our services on your mobile phone or device by, for example using satellite, cell phone tower, Wi-Fi signal, beacons, Bluetooth, and near field communication protocols, when you are in or near a Walgreens store;
- Audio, visual, or similar information: such as photographs you share, in-store security video, customer service audio recordings
- Inferences drawn from the above categories of VA Personal Data: such as consumer preferences, characteristics, predispositions, and behavior; and
- Sensitive Data such as precise geolocation (within a radius of 1,750 feet).
- Deidentified Information. We may also maintain and use information that does not identify an individual and cannot reasonably be used to identify an individual which is derived from VA Personal Data. We will not attempt to reidentify deidentified VA Personal Data unless permitted by law.
- Purposes. We collect VA Personal Data for the business and commercial purposes described in the "How We Use Your Information" section as described above. Specifically, we collect VA Personal Data to respond to your inquiries, fulfill your requests, and improve your experience; for marketing, advertising and promotional purposes; for reporting and analytics; to improve the effectiveness of our services, conduct research and analysis, or for other internal operations purposes; to detect, prevent or investigate potential security breaches, fraudulent transactions and monitor against theft.
Sale and Targeted Advertising. As described above in the "How We Share Your Information" section, we may share the following categories of VA Personal Data with third parties who are considered "third parties" as defined under Virginia law. In the 12 months prior to the date of this Privacy Policy, we shared your VA Personal Data with third parties for purposes of "targeted advertising," which may constitute a "sale" of VA Personal Data under Virginia law, and may continue to share the following categories of VA Personal Data for "targeted advertising":
- Identifiers: such as online identifiers, IP address;
- Commercial information: such as products or services purchased, obtained, or considered, other purchasing or consuming histories or tendencies;
- Internet or other electronic network activity information: such as computer and connection information, statistics on page views, traffic to and from the websites, ad data, and other standard weblog information; and
- Inferences drawn from VA Personal Data: such as consumer preferences, characteristics, predispositions, and behavior.
The categories of third parties to which we may share the above-described categories of VA Personal Data include online Advertising Networks, Marketing Companies, Financial Services Partners and Social Media Companies.
Opting Out of Sale and Targeted Advertising. You may stop our disclosure of your VA Personal Data to these entities for purposes of targeted advertising by opting out of the sale of your VA Personal Data. You can do so by submitting an opt-out request through this link here or by contacting us at 800-925-4733.
Virginia Consumer Rights. As a Virginia resident, you have the right to ask us for and access, including in a portable, readily usable format, any or all of the following types of information regarding the VA Personal Data we have collected about you:
- Specific pieces of VA Personal Data we have collected about you;
- Categories of VA Personal Data we have collected about you;
- Categories of sources from which such VA Personal Data was collected;
- Categories of VA Personal Data we sold or disclosed for a business purpose about you; and
- The business or commercial purpose for collecting or selling your VA Personal Data.
You also have the right to request correction or deletion of your VA Personal Data and to opt out of the use of your VA Personal Data for purposes of targeted advertising, sale, and automated processing ("profiling"). In addition, you have the right to appeal our refusal to act on your request.
- Exercising Virginia Consumer Rights. You or your authorized agent may submit a request to exercise your Virginia Consumer Rights by using one of the following specifically designated methods:
- Self-service on our digital properties by logging on to your account and using the Customer Preference Center
- Responding to Requests. For requests for access, correction, deletion, or appeal, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
For requests to opt out of the use of your VA Personal Data for purposes of targeted advertising, sale, and automated processing ("profiling"), we will comply within 15 business days after receipt of your request.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
How To Contact Us:
If you have questions about our Privacy Policy, contact us by:
Phone: (877) 924-4472
E-mail: [email protected]
Regular mail:
Walgreens Health Privacy Office
Attn: Privacy Officer
200 Wilmot Rd, MS 9000
Deerfield, IL 60015
Effective Date: February 1, 2023