Til að skoða þessa síðu á íslensku / to view this page in Icelandic
smelltu hér / click here
Last updated 25 May 2018
Please note that we provide additional or different privacy notices in connection with certain products, services or programs. In addition, personal data that you provide when you visit Costco's warehouses or websites outside of Iceland are governed by the privacy policies of the Costco entities in those other countries.
Costco's Commitment to Personal Data and Privacy
We respect your right to privacy. We maintain and use your Personal Data in accordance with applicable laws on data protection.
A. What is Personal Data?
"Personal Data" is any information relating to an identified or identifiable natural person ('data subject'). Personal Data can be a name, contact information, telephone number, e-mail address, debit/credit card number, the photograph included on your Costco membership card, Internet (IP) address and information about an individual's purchases. Personal Data also includes medical information collected through our pharmacies and optical centers (see Section I).
Personal Data does not include "aggregate" information. Aggregate information is data we collect about a group or category of products, services or customers, from which individual customers cannot be identified. In other words, information about how you use a service may be collected and combined with information about how others use the same service, but no Personal Data will be included in the resulting data. Likewise, information about the products you purchase may be collected and combined with information about the products purchased by others. Aggregate data helps us understand trends and customer needs so that we can better consider new products and services, and tailor existing products and services to customer desires.
B. What Personal Data is collected by Costco?
We collect the following personal data of our members:
- ID no. ("kennitala").
- Membership number.
- Email address.
- Phone number.
- Purchase history.
We collect this Personal Data, such as when you:
- Sign up for or renew your Costco membership
- Use our website (www.costco.is) or agree to receive news about specials or other promotions;
- Place an order or purchase products or services, at our warehouse store, or return or exchange items;
- Contact us for any reason including questions, inquiries, comments, complaints or requests; such as by replying to enquiries by mail, by telephone through customer service or in person at our warehouse;
In order to obtain a membership card so you can shop in our warehouse, we will need to take a photograph of you and retain it in the warehouse.
We may also take video footage through video surveillance systems at our warehouse to protect the rights, property or safety of Costco, our customers, our employees, or the public.
We also receive information from third parties who help us correct our records, prevent fraud, and provide services or special promotions or products. We may combine any of this information with the other Personal Data we maintain about you, including for the purposes of better tailoring any promotional or marketing materials which we send you.
C. How does Costco use Personal Data?
The Personal Data we collect is generally used to process your requests or transactions, validate your membership, provide you with high-quality service, tell you about opportunities we think will be of interest and administer your account, including distribution of our own surveys and publications. The specific purposes for which we process your personal data are set out below:
- Process and administer your membership request or renewal and manage and administer your membership (the legal basis for this processing is the performance of the membership agreement between you and Costco);
- To provide products and services to you, which includes processing payments, sending notifications (via email or SMS/text message) related to your purchases, recording purchase history and processing exchanges and returns (the legal basis for this processing is the performance of the purchase agreement between you and Costco);
- To respond to queries or complaints from you, including if you contact our customer service team (the legal basis for this processing is your consent);
- Alert you about product recalls or safety issues and respond to your questions about products or deliveries (the legal basis for this processing is compliance with our legal obligations under Icelandic consumer protection law);
- Manage our internal operations, including for planning, resource allocation, policy development, quality improvement, monitoring, audit, investigations, evaluations and reporting (the legal basis for this processing is our legitimate interest in understanding shopping behavior, improving our selection of products and services, and exploring ways to develop and enhance our business);
- To detect, investigate and prevent fraudulent transactions and other illegal activities and protect against harm to the rights, property or safety of Costco and our members, customers, employees or the public, including by using video surveillance systems (the legal basis for this processing is our legitimate interest in preventing fraud and protecting and securing our premises, members, customers, employees and the public);
- To comply with our legal obligations, including our tax obligations, those related to the prevention of fraud and money laundering, and those required for you to benefit from rights recognized by law (the legal basis for this processing is compliance with our legal obligations under Icelandic law related to, for instance, taxation, money-laundering and terrorism financing and consumer protection law);
- To analyze your use of our website (the legal basis for this processing is our legitimate interest in improving our website and better understanding user needs and expectations);
- • If you consent to receive mail, email or SMS/text message, to provide you with promotional information about Costco and third-party products and services, such as advertising, marketing, surveys, coupons, offers and product recommendations ("Promotional Information"). The marketing communication we send you may be tailored based on your membership account details and purchase history so we can provide you with information and offers we think will be of particular interests to you. You may contact us at any time to decline Promotional Information, see Section G (the legal basis for this processing is our legitmate interest in providing information about products and services that may be of interest to you, unless applicable law requires us to obtain your consent, in which case we will do so).
D. How does Costco share Personal Data with third parties?
We share information in the following circumstances:
- Our affiliates and entities that belong to the Costco group.
- Service Providers and Contractors
- Third-Party Services
- Primary Costco Account Holder
Consent. We also share personal data with third parties, other than those described above, when we have your consent to do so.
In addition, we may disclose Personal Data in the good faith belief that we are lawfully authorised to do so, or that doing so is reasonably necessary to protect you, to comply with legal process or authorities, to respond to any claims, or to protect the rights, property or personal safety of the Costco companies, our shoppers, our members, our employees and the public. This includes disclosure of information to control or investigate fraud. Personal Data may be disclosed or transferred as part of, or during negotiations of, any merger or sale of company assets or acquisition.
We contract with others to perform services on our behalf. For example, we retain companies to process debit and credit card payments, manage our customer care centre, distribute emails, process rebates or analyse and correct or update our data.
We have also engaged service providers to provide us with cloud computing services. Cloud computing is the provision of network-based services, located on remote computers, that allow individuals and businesses to use software and hardware operated by third parties. Examples of these services include online file storage, webmail and online business applications. Service providers have policies and processes in place to ensure that the confidentiality of information in their care is properly safeguarded at all times. As of the date of this policy, our cloud computing service providers process and store information in the European Economic Area ("EEA") and other jurisdictions (please see Section E (Cross-Border Transfers) for more information).
If any of these service providers need access to your Personal Data, we require them to use it only to perform the services for us. We also require that they maintain the confidentiality of the information and/or return the information to us when they no longer need it.
If you purchase, apply for or request Third Party Services, information you provide will be shared with the third party offering the Third Party Service. For example, if you register for the Costco Auto Programme, we may share membership details with participating dealers to confirm your enrolment in the programme. In turn, information you provide to these third parties may in turn be shared with us along with information about your use of the particular Third Party Service. We are not responsible for any additional information you provide directly to these third parties, and we encourage you to become familiar with their privacy and security practices and policies before disclosing information to them.
Each membership account has an individual primary account holder who is authorised to designate and remove add-on members and make other account management decisions. Please be aware that information about all activities occurring under the account, including transactions completed by add-on members, will be available to the primary account holder.
E. Cross-Border Transfers
Costco ensures, with the signature of Standard Contractual Clauses adopted by the European Commission, that personal data transferred outside the EEA is maintained with at least the same level of security and protection for personal data that is required under the applicable legislation. Copies of the Standard Contractual Clauses we use to facilitate the transfer of data outside the EEA are available here and here.
F. How does Costco protect Personal Data?
We have physical, administrative and technical security measures in place to help protect Personal Data from damage, loss, alteration, destruction or unauthorized access, processing or use, while it is under our control. With regard to credit card data, we are required to process and maintain payment card data in accordance with the data security rules adopted by credit card companies such as Visa, MasterCard and American Express.
G. How long does Costco retain Personal Data?
Costco will retain your personal data for as long as necessary to achieve the purposes for which such data was collected, unless a longer retention period is required under applicable law. For example, we need to keep records about our members' purchase histories in order to honor our returns policy. If you want to return an item you bought from us several years ago, we need to be able to confirm when and where you bought it. For this reason, we generally keep records about our members' accounts and purchase histories for a minimum of 10 years. In addition, when you consent to receive marketing communications from us, we retain your email address and information about your marketing preferences for the duration of your membership, unless you opt out of receiving such communications or terminate your membership.
H. What Personal Data Rights do you have?
Subject to certain limitations and exceptions, you have a number of legal rights in relation to the processing of your personal data, including:
- A right to obtain information: You have the right to request information about how we process your personal data.
- A right of access: You have the right to request access to, or a copy of, the personal data we process about you.
- A right of rectification: You have the right to request that we correct or supplement inaccurate or incomplete personal data we process about you.
- A right of erasure: You have the right to request that we delete personal data about you.
- A right to restriction of processing: You have the right to request that we restrict processing of your personal data, so that we can store such data but not further process it.
- A right to data portability: You have the right to request that we provide the personal data which you provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another controller without hindrance from Costco.
- A right to object to processing: You have the right to request that we stop processing personal data about you (for example, when your personal data is processed for direct marketing purposes, you have the right to object to the processing of such data at any time by writing to email@example.com or clicking on the "unsubscribe" link available at the bottom of the messages received).
- A right to revoke your consent: When our processing is based on your consent, you have the right to revoke such consent at any time.
- The right to file a complaint: You have the right to file a complaint regarding our data protection practices with a supervisory authority. You can do so by contacting Persónuvernd (www.personuvernd.is).
I. Pharmacy and Optical Centres
If you purchase prescription medications, eyeglasses, or contact lenses from us, we collect and retain in our files your prescription information. We have appropriate technical and operational measures in place to protect your health-related information. Health-related information is also not subject to any cross-border transfers.
If you request or receive government funding for optical devices or services, we may share your health information with the relevant government agency. Costco and our service providers may collect, use or disclose your personal health information in connection with:
providing you with the health services you request;
storing electronic health records within onsite servers;
processing or obtaining payment for government-funded health services (for example, obtaining authorisation from your insurer or a government agency for payment);
internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation and reporting.
We process your personal health information where necessary for the provision of healthcare or treatment to you.
We may also disclose personal health information without your knowledge or consent if a law, regulation, search warrant, subpoena or court order legally authorises us or requires us to do so or to protect the rights, property or personal safety of Costco, its customers, employees or other members of the public. We may also be required to disclose certain personal health information in order to maintain standing with professional health bodies, including those for pharmacists, and opticians.
J. Online Specifics
- Links to Other Sites
- Accessing Costco on Your Mobile Device
Before we collect or send the location of your mobile device, we will ask for your consent. Your general consent to your mobile service provider to allow (or disallow) location-based services does not automatically apply to us.
In general, you do not need to provide any Personal Data to connect with us via your mobile device.
K. Use of costco.is Website by Minors
We encourage parents to take an active interest in their children's use of the Internet. We do not intend to collect information from minors. If you are under 18, you should not provide information on the costco.is website.
L. Questions or Concerns