UNFI Privacy Policy

 

Last updated:   January 1, 2024

 

We value the privacy of our customers’ information at United Natural Foods, Inc. and its affiliates and subsidiaries (“UNFI,” “we,” “us,” and “our”) and we are always striving to make our customer experience better.  This online privacy policy (the “Privacy Policy” or “Statement”) describes our information practices and, in particular, how we collect, use and share the Personal Information that we gather through our Services, as defined below.  If you have any questions about this Privacy Policy or our information practices, please contact us through the options provided below. 

 

BY USING OUR SERVICES, YOU CONSENT TO THE INFORMATION PRACTICES AND OTHER TERMS AS DESCRIBED IN THIS PRIVACY POLICY.  YOU SHOULD READ THIS PRIVACY POLICY CAREFULLY.  WE RECOMMEND PRINTING AND KEEPING A COPY FOR YOUR FUTURE REFERENCE.  WE MAY ADD TO, DELETE OR CHANGE THE TERMS OF THIS PRIVACY POLICY FROM TIME TO TIME BY POSTING A NOTICE OF THE CHANGE OR AN AMENDED PRIVACY POLICY ON THIS WEBSITE.  YOUR CONTINUED USE OF THE SERVICES IS DEEMED TO BE ACCEPTANCE OF SUCH CHANGES.

 

·       Who We Are

·       Definitions

·       How We Collect and Use Personal Information

·       Additional Uses of Personal Information
How We Share and Disclose Personal Information

·       Independent Stores

·       Pharmacy Operations

·       Your Ad Choices

·       Children’s Privacy

·       How to Access or Update Your Information

·       How Long Your Personal Information is Kept

·       European User Rights

·       California Privacy Rights

·       Links to Other Websites

·       Updates to the Privacy Policy

·       Managing Communication Preferences

·       How to Deactivate Your Account

·       Contact

 

Who We Are

 

We are UNFI.  We own and operate the following supermarket chains: Cub Foods and Shoppers (the “Corporate Stores”).  This privacy policy applies to the Services owned and operated by UNFI and our Corporate Stores.

Definitions

 

When we use the term “Services” in this Privacy Policy, we mean the websites, including https://www.unfi.com/, mobile apps, and other digital properties that are owned and operated by UNFI and its Corporate Stores and that link to this Privacy Policy.  This term does not include the websites, mobile apps and other digital properties that are owned by the Independent Stores.

 

When we use the term “Personal Information” in this Privacy Policy, means any information that classifies as Personal Information, personal data, personally identifiable information, or similar terms under applicable data privacy and security laws and regulations.  This includes any information that we directly associate with a specific person, or that reasonably can be used to identify a specific person.  For example, this includes your name, home address, phone number, email address and any other information that we tie to these elements.  Personal Information also includes information collected about you when you are acting as an employee on behalf of your employer in the context of providing or receiving a product or service to or from UNFI.

 

Personal Information does not include data excluded or exempted from those laws and regulations.  Personal Information does not include “aggregated information,” which is information that we collect about a group or category of persons or services.  It also does not include “de-identified information,” which is information from which we or our agents have removed information that can be used to specifically identify a person. This Privacy Policy does not apply to our collection, use, or disclosure of aggregated or de-identified information.  Nothing in this Statement will constitute an admission or evidence that any particular data privacy or information security law or regulation applies to UNFI generally or in any specific context.

 

How We Collect and Use Personal Information

 

We collect Personal Information through our Services.  There are five categories of information that we collect through the Services:

 

1.      Information You Provide

 

We collect Personal Information you provide, for example when you enter the information into form fields on our Services.  For example, we may collect:

 

·       contact information, such as your name, home address, email address and phone number, which we use to administer your account and the Services, communicate with you and authenticate you as a user;

·       demographic information, including age, information about your household, product preferences and other interests and likes, which we use to better understand and analyze our customer population, support our operations including inventory and product management, to deliver relevant offers and ads, and to improve our products and services including the Services;

·       communications preferences, including marketing preferences, which we use to manage how we engage with you;

·       loyalty card information such as loyalty card number and transaction history, which we use to administer our loyalty and rewards programs and tailor our communications to you;

·       inquiries you make, including the content of your voice and text messages, which we use to respond to your inquiries;

·       online purchase information, including payment card information, purchase details and other transaction information, which we use to process purchases you make online, improve our e-commerce platform and your customer experience and contribute to our marketing efforts, for example, by analyzing information about what products are viewed, what products you put into and take out of your shopping cart, when you browse items but do not make a purchase and other interactions you have with our online product displays and descriptions; and

·       with your permission, information from your device’s applications, such as the camera to allow you to scan barcodes to add items to your shopping list or your contacts to allow you to update your information.

 

2.      Information Collected Automatically

 

We use various technologies to collect other types of data that do not directly reveal your identity (“Other Information”).  If we associate Other Information with Personal Information, we will treat the combined information as Personal Information in accordance with this Privacy Policy.

 

These technologies include the following:

 

Logging Functionality: As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and/or clickstream data.  We generally only use this data for purposes such as security, fraud detection, and protecting our rights.

 

Chat Information:  Chat Information includes the contents of the conversation.  We collect this information when you engage with the ChatBot on our Services.  If you interact with the ChatBot on the Sites we will record the conversation.  Please note that the ChatBot is an automated program and not a real person, and information relating to your communications may be shared with our service provider. 

 

Cookies and Other Data Collection Technologies: We and our subsidiaries, and service providers use cookies, web beacons, and similar technologies to manage our websites and email messages and to collect and track information about you and your activities online over time and across different websites and social media channels.  These technologies help us to recognize you, customize or personalize your shopping experience, store items in your online shopping list between visits, and analyze the use of our Services and solutions to make them more useful to you. These technologies also allow us to aggregate demographic and statistical data and compilations of information, which may or may not include Personal Information, and provide this information to our service providers.  

 

Most Internet browsers allow you to remove or manage cookie functions and adjust your privacy and security preferences.  For information on how to do this, access the “help” menu on your Internet browser, or visit https://www.aboutcookies.org/how-to-control-cookies/.  Please note, however, that disabling our cookies may result in your inability to take full advantage of all of the features of our Services.

Analytics:  We use analytics providers such as Google Analytics to help us evaluate and measure the use and performance of our Services.  We may also use the analytics providers FullStory, Criteo and Salsify.  Data about the general attributes of your device may also be collected when you use the mobile application. To opt out of the aggregation and analysis of data collected about you on our website by Google Analytics, visit https://tools.google.com/dlpage/gaoptout and download and install the Google Analytics Opt-out Browser Add-on.  For more information on the services provided to us by FullStory, visit https://www.fullstory.com/legal/privacy-policy.  To opt out of the aggregation and analysis of data collected about you on our website by FullStory, visit https://www.fullstory.com/optout/ to opt out of FullStory.  For more information on the services provided to us by Criteo, please visit https://www.criteo.com/privacy/.  For more

information on the services provided to us by Salsify, please visit https://www.salsify.com/privacy-policy.

 

Please note that we do not use any cookies, pixels, or other tracking devices that disclose to any third-party information that identifies a person has having viewed specific video materials.

 

Do Not Track (DNT):  DNT is a privacy preference that you can set in certain web browsers. When you turn on the DNT, the browser may send a signal or other message to web services requesting that they not track you.  Currently, our web servers do not recognize or respond to DNT signals.  Our websites and mobile applications may continue to collect information in the manner described in this Privacy Policy.

3.      Information We Obtain from Third Party Sources

 

We collect Personal Information from a number of third-party sources. 

 

Service Providers.  We use service providers to help us run our business.  We get Personal Information about you from these service providers from time to time.

 

Loyalty and Rewards Partners:  We use service providers to help us run our loyalty and rewards programs.  These partners have access to Personal Information about you and share this information with us in connection with administering the loyalty and rewards program. 

 

Information from Independent Stores:  As described under the section titled “Independent Stores” above, we provide website and mobile app hosting services and receive customer data from the Independent Stores.   We collect, use and share this Personal Information in ways permitted by our agreements with the Independent Stores.

 

Single Sign-On: Some of our Services allow you to register and login to our Services through a third-party platform such as Facebook.   When you login to our service through a third-party platform, you allow us to access and collect any information from your third-party platform account permitted under the settings and privacy policy of that platform.

 

Pharmacy Data: Some of our stores have an associated pharmacy.  For the data collection, use and disclosure practices of the pharmacies, please see the section titled “Pharmacy Operations” below.

 

Supplemental Information:  We may receive additional Personal Information from third-party sources that we may append to existing consumer information, such as email and address verification.  We use this supplemental information to better understand our consumers, deliver relevant offers and advertising, and improve our operations, stores, Services and our advertising and marketing campaigns. 

 

4.      Location Information  

 

We collect location information through the Services so we can offer you certain location-based services (such as delivering advertisements that are relevant to your particular location and conducting analytics to improve our stores and the Services).  The way in which we collect location information is different depending on whether you are accessing the Services through a website or a mobile application.

If you are accessing the Services through a website, we use various technologies, including IP lookup, to detect your location so that we can automatically show you the closest store to your area, rather than some random location. Depending on browser type, your browser may inform you that the Site would like to collect your location and request your permission to do so. If you allow it, location information is then collected and may be stored locally on your device. If you decline the collection of location information, your location is not collected, and you must manually enter your location.

If you are viewing our content on a social media platform, location information may be collected by the third-party platform. We do not control the collection, use or disclosure of location information on social media platforms. To opt out of location information sharing, please set your preferences within your social profile settings or follow the instructions on the social media platform.

If you are using a mobile app, you will be prompted to provide your consent for us to collect your location information. If you decline to allow us to collect your location information, you must manually type-in your preferred store or location so that we can show you the local store or send offers that are available in your area.

If you allow us to collect your location information, we collect precise location information.  Whether and to what extent we can collect this information is controlled by your operating system, but the methods of collection typically include GPS, cellular network location and other location-based services.  Depending on the operating system, we typically receive the location of your mobile device expressed as latitude and longitude, as well as date and time.  Please note that the precision of this data varies greatly and is determined by factors controlled by your device or mobile service provider.

If you elect to allow the mobile app to collect location information while the mobile app is running in the background, you will have enabled continuous location collection.  This allows us to show you offers, coupons and advertisements relevant to current location and help you find our stores nearest to you.  We also use this location information to conduct analytics and improve our operations as well as the Services themselves.  

You can turn off location collection through your device settings or by deleting our mobile app from your device.   

Additional Uses of Personal Information

In addition to the uses described above, we may use your Personal Information for the following purposes:

·       Operating our business, delivering our products and services, managing your accounts and loyalty and rewards programs, and for any other lawful, legitimate business purposes; 

·       Contacting you to respond to your requests or inquiries;

·       Processing and completing your transactions including, as applicable, order confirmation, enrollment in our loyalty or other programs, processing payments for online purchases and delivering products or services;

·       Providing you with newsletters, articles, product or service alerts, new product or service announcements, savings awards, event invitations, and other information that are tailored to your interests or purchase behavior;

·       Contacting you about programs, products, or services that we believe may be of interest to you, or sharing with you special offers from other companies;

·       Providing you with coupons, programs, promotional information, offers, and other information that are personally tailored to your interests and purchase behavior;

·       Conducting market research, surveys, and similar inquiries to help us understand trends and customer needs across product categories or customer groups;

·       Administering our loyalty and rewards programs including allowing you to create and maintain customer profiles, analyzing your interactions with us, presenting customized offers, and improving our products, services, programs, and other offerings;

·       Evaluating your shopping experience or existing products and services, or to create new items;

·       Alerting you about a product safety announcement or recall or correction of an offer, promotion, or advertisement;

·       Administering sweepstakes and promotions or contacting you regarding a contest prize;

·       Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Information, our website or data systems; or to meet legal obligations;

·       Enforcing our Terms of Use and other agreements; and

·       Sending you text messages or push notifications when you sign up for one of our messaging programs.  These messages may be sent by automated means.  You may opt out of a text message program by following the instructions in the “Managing Communication Preferences section below.

 

We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on third-party platforms. We may do this by providing a hashed version of your Personal Information to the third party for matching purposes.

 

How We Share and Disclose Personal Information

             

We share your Personal Information with third parties only in the ways described in this Privacy Policy.    

 

Service Providers:  We share your Personal Information with third party service providers who complete transactions or perform services on our behalf or for your benefit, such as for administering the loyalty and rewards programs, payment processing, marketing, analytics, or to verify customer data, such as mailing addresses.   Third-party service providers include analytics providers.

Affiliates:  We may share your information with affiliated legal entities within the UNFI family of companies for purposes and uses that are consistent with this Privacy Policy.  For example, we may have a separate legal entity that controls the stores in one particular region versus another, and UNFI may be the legal entity operating the website or mobile app, and UNFI would share Personal Information of customers of stores in a particular region with the legal entity that controls the stores in that region. 

Third-Party Mobile App Providers: With your knowledge and consent, the Services may gather and transfer your information, including location information, from and to other applications, functions and tools within your mobile device.

Legal Process, Safety and Terms Enforcement:  We may disclose your Personal Information to legal or government regulatory authorities in response to their requests for such information or to assist in investigations. We may also disclose your Personal Information to third parties in connection with claims, disputes or litigation, when otherwise required by law, or if we determine its disclosure is necessary to protect the health and safety of you or us, or to enforce our legal rights or contractual commitments that you have made. 

Business Transfers: Your Personal Information may be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets, and could be transferred to a third party as one of the business assets in such a transaction.

Bankruptcy:  In the event of insolvency, bankruptcy or receivership, your Personal Information may be disclosed or sold as part of the reorganization or liquidation process.

Independent Stores

 

We have franchise and wholesale relationships with a network of independent retailers that independently own and operate their grocery stores (“Independent Stores”), but who may license the use of a brand name that we own or use our wholesale distribution network.  This Privacy Policy does not apply to these Independent Stores or to the websites, mobile apps or other digital properties that are owned or operated by those Independent Stores.   Please see the privacy policy posted on those digital properties to understand the Independent Store’s information practices. 

 

This Privacy Policy does not apply to the information practices of the Independent Stores.

 

Pharmacy Operations

 

Some of our stores have pharmacies in them.  These pharmacies are not covered by this Privacy Policy.  Rather, they have separately posted notices of privacy practices that describe how the pharmacies collect, use and disclose your protected health information.

 

If your local store has a pharmacy, our mobile app includes a feature in which you can elect to submit a request to refill your prescription at the pharmacy.  If you choose to use this feature, you will need to provide the last four digits of your phone number, the store where your prescription is being refilled and the prescription number.  We will use this information solely for refilling your prescription.  We will disclose information submitted to the relevant pharmacy for the purpose of providing you the services you request.

 

Your Ad Choices

We support the self-regulatory principles of the Digital Advertising Alliance (“DAA”).   We work with a variety of advertisers, advertising networks, advertising servers, and analytics companies (“Ad Partners”) that use different technologies to collect data about your use of the Services (such as pages visited, ads viewed or clicked on) in order to deliver relevant advertising.

These technologies may include the placement on our Services of cookies or web beacons, and other data collection technologies by these Ad Partners to track how our Services are being used, to track where users go and what they do after their leave our Services, and to link various devices you may use, and to serve you more relevant ads.  These advertisements may appear on our Services or other websites, mobile apps or platforms that you visit.

For more information about how Ad Partners use the information collected by the technologies on our Services and about your options not to accept cookies placed by some of these companies on our Services, please visit the DAA’s opt-out page www.aboutads.info/choices/. You may also opt out of additional third-party advertising networks by going to the Network Advertising Initiative’s website http://www.networkadvertising.org and following the directions.  Google provides certain choices related to their services. For more information, please visit https://adssettings.google.com/.

The opt-outs described above are device- and browser-specific and may not work on all devices.  If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising.  Rather, the ads you see will just not be based on your interests.  In addition, when you opt out using one of these methods, our Ad Partners will continue to collect information for any other purpose permitted by the DAA’s rules.   You can opt out of future information collection from our Services by ceasing use of the Service or in the case of an application, uninstalling the application.

Please note that this Privacy Policy does not cover the practices of our Ad Partners.  UNFI does not have control over these third-party technologies, or the information contained in them.

Children’s Privacy

Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit Personal Information online from children under the age of 13.  We encourage parents or guardians to participate in and monitor their children’s online activity.  If a child under 13 has provided Personal Information to us, we encourage the child’s parent or guardian to contact us (see the “Contact” section below) to request that we remove the information from our systems.  If you are under the age of 13, do not provide us with any Personal Information either directly, on any website bulletin boards, or by other means.

How To Access or Update Your Information

 

You may review your Personal Information that is readily accessible through our Services or contact us to request that it be updated by contacting our Customer Interaction Center (see the “Contact” section below).

 

How Long Your Personal Information Is Kept

 

We will retain your Personal Information for as long as your account is active or as reasonably useful for commercial purposes. We will retain and use your Personal Information as necessary to comply with our legal obligations or data retention policies, resolve disputes and enforce our agreements.

European User Rights

 

This section of our Privacy Policy is applicable to persons located in the European Union (“EU”), an European Economic Area member state (EEA”), United Kingdom (UK”), or Switzerland as well as to persons whose Personal Information is processed in or transferred from the EU, EEA, UK, or Switzerland.  You are entitled under the EU General Data Protection Regulation and UK General Data Protection Regulation (collectively, the “GDPR”), to the information in this section of our Privacy Policy.

 

Your Rights.  You are entitled by law to access, correct, amend, or delete Personal Information about you that we hold.  A summary listing these rights appears below.  Please note that these rights are not absolute and certain exemptions may apply to specific requests that you may submit to us.

 

To exercise these rights, please contact us using the information below in the “Contact” section.  For your protection, we may need to verify your identity before responding to your request.  In the event that we refuse a request, we will provide you a reason as to why.

 

Asking Us to Access Your Personal Information.  You have the right to obtain from us confirmation as to whether or not we are processing Personal Information about you, and if so, the right to be provided with the information contained in this Policy.  You also have the right to ask us for copies of your Personal Information.  When making a request, please provide an accurate description of the Personal Information to which you want access. Where requests are repetitive or manifestly unfounded or excessive, we may charge a reasonable fee based on administrative cost.

 

Asking Us to Rectify Your Personal Information.  You have the right to ask us to rectify Personal Information you think is inaccurate.  You also have the right to ask us to complete information you think is incomplete.

 

Asking Us to Delete Your Personal Information.  You have the right to ask us to erase your Personal Information if:

 

·       We no longer need it for the purposes for which it was collected;

·       We have been using it with no valid legal basis;

·       We are obligated to erase it to comply with a legal obligation to which we are subject;

·       We need your consent to use the information and you withdraw consent; or

·       You object to us processing your Personal Information where our legal basis for doing so is our legitimate interests and there are no overriding legitimate grounds for the processing.

 

However, these rights are not absolute.  Even if you make a request for deletion, we may need to retain certain information for legal or administrative purposes, such as record keeping, maintenance of opt-out requirements, defending or making legal claims, or detecting fraudulent activities.  We will retain information in accordance with the “How Long Is Your Personal Information Kept” section above.

 

If you do exercise a valid right to have your Personal Information deleted, please keep in mind that deletion by third parties to whom the information has been provided might not be immediate and that the deleted information may persist in backup copies for a reasonable period (but will not be available to others).

 

Asking Us to Restrict Our Use of Your Personal Information.  You have the right to ask us to place a restriction on our use of your Personal Information if one of the following applies to you:

 

·       You contest the accuracy of the information that we hold about you, while we verify its accuracy;

·       We have used your information unlawfully, but you request us to restrict its use instead of erasing it;

·       We no longer need the information for the purpose for which we collected it, but you need it to deal with a legal claim; or

·       You have objected to us using your information, while we check whether our legitimate grounds override your right to object.

 

The Right to Transfer Your Personal Information to Another Service Provider.  You have the right to ask that we transfer the Personal Information you gave us from one organization to another, or give it to you (i.e., data portability).  This applies to Personal Information we are processing to service a contract with you and to Personal Information we are processing based on your consent.

 

The Right to Withdraw Consent.  If we obtain your written consent to collect and process your Personal Information, you can subsequently withdraw such consent as to any further processing of such information.

 

The Right to Lodge a Complaint with a Supervisory Authority.  If you believe your rights under the GDPR have been violated, the GDPR gives you the right to file a complaint with your supervisory authority. A list of supervisory authorities is available here:  EEA and EU Data Protection Authorities (DPAs); Swiss Federal Data Protection and Information Commissioner (FDPIC); and UK Information Commissioners Office (ICO).

 

Rights Related to Automated Decision-Making.  To the extent that we engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you, you have the right not to be subject to such decision-making.

 

Right to Object to Processing.  You have the right to object to the processing of your Personal Information that is based on legitimate interests or your consent (rather than when the reason for using it is to perform an obligation due to a contract with us).

 

If you make such an objection, we will cease to process the Personal Information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or we can demonstrate the processing is for the establishment, exercise, or defense of legal claims.  You can object to the processing of your Personal Information by contacting us using the information in the “Contact” section below. 

 

Legal Basis for Processing Your Personal Information.   We collect your Personal Information to provide our products and services to you; otherwise, we may not be able to process the transactions you request.  We will only process your Personal Information when we have a lawful basis for doing so.  If you are in a country in the EU, EEA, UK, or Switzerland, you are entitled to an explanation of the legal basis we rely on to process your Personal Information.  The legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it, which is discussed below.

 

·       Consent.  We may process your Personal Information based on your consent such as when you purchase a service or ask us to send you certain kinds of marketing communications.  You have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal. 

 

o   Children’s Consent. We do not knowingly process data of EU, EEA, UK, or Switzerland residents under the age of 16 without reasonably verified parental consent.

 

·       Our Legitimate Interests.  We may process your Personal Information if doing so is necessary for our legitimate interests relating to our business purposes arising from your relationship with us, and your rights as an individual do not override those legitimate interests.  For example, our legitimate interests include but are not limited to when we process your Personal Information to carry out fraud prevention activities and activities to increase network and information security, identify usage trends, determine the effectiveness of promotional campaigns, expand our business activities and improve our services and the content and functionality of our Services. Our legitimate interests also include providing you with the products and services you request, view, engage with, or purchase and communicating with you regarding your account or transactions with us.

·       To Perform a Contract.  We may process your Personal Information to administer and fulfill contractual obligations to you.  We will also collect and process your Personal Information as necessary for the performance of a contract to which you are a party.

·       To Enable Us to Comply with a Legal Obligation.  We may process your Personal Information to comply with legal obligations to which we are subject.  This may include any requirement to produce audited accounts, any legal obligation to share information with law enforcement agencies, public or governmental authorities, and to comply with legal process.

·       Necessary for the Exercise or Defense of Legal Claims.  If you bring a claim against us or we bring a claim against you, we may process your Personal Information in relation to that claim.

 

Depending on the situation, we may be the controller or the processor for Personal Information collected from residents of the EU, EEA, UK or Switzerland.  If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Information for any specific processing activity, please contact us using the “Contact” section below.

 

Cross-Border Transfers of Personal Information.  Our Services are operated in the United States.  Personal Information about you provide while in the EU, an EEA member state, the UK, or Switzerland may be transferred to the United States.  The United States does not have an adequacy decision or adequacy regulation.  The GDPR permits such transfers when necessary for the performance of a contract between you and us, if we obtain your explicit consent to such transfer, or if it is in our legitimate interest to transfer the Personal Information.  The laws in the United States may not be as protective as the GDPR or the laws of other jurisdictions where you may be located.  If we transfer Personal Information from the EU, EEA, UK, or Switzerland, or another country with cross-border transfer obligations, we will provide an appropriate safeguard, such as using standard contractual clauses.

 

To obtain a copy of the safeguard(s), please contact us using the information provided in the “Contact” section below.

 

California Privacy Rights

 

If you are a California resident, you have certain rights with respect to the collection, use, transfer, and processing of your Personal Information, as defined by the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act (“CRPA”) and implementing regulations.  We reserve the right to limit these rights where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others.  Please note that terms in this California Privacy Rights section are used in accordance with the definitions provided to them in the CPRA, which may differ from how those terms are used throughout the rest of the Privacy Policy (for example, the word “share”).

 

To exercise any of the rights below, please contact us via the contact information below.  Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information.

 

What Information Do We Collect?

 

The below examples are illustrative examples from the CCPA and do not reflect the specific pieces of information we collect. 

 

The following chart shows which categories of Personal Information we have collected in the previous 12 months.

 

Category[1]

 

Examples

 

Collected

 

Retention Period

A. Identifiers

 

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

 

Yes

As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

B. Personal Information

 

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

 

Some Personal Information included in this category may overlap with other categories.

 

Yes

As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

C. Protected Classification Characteristics Under California or Federal Law

 

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

 

 Yes

As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

D. Commercial Information

 

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

 

Yes

As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

E. Biometric Information

 

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

 

No

N/A

F. Internet or Other Similar Network Activity

 

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

 

Yes

As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

G. Geolocation Data

 

Physical location or movements.

 

Yes

As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

H. Sensory Data

 

Audio, electronic, visual, thermal, olfactory, or similar information. 

 

Yes

 As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

I. Professional or Employment-Related Information

 

Current or past job history or performance evaluations.

 

No

N/A

J. Non-Public Education Information

 

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

 

No

N/A

K. Inferences Drawn of the Consumer

 

Inferences drawn from Personal Information identified above to create a profile about a consumer reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

Yes

As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

L. Sensitive Personal Information

Personal Information that reveals (a) Social Security, driver’s license, state identification card, or passport number; (b) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credential allowing access to an account; (c) precise geolocation; (d) racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; or (f) genetic data. 

 

Biometric information processed for the purpose of uniquely identifying a consumer, Personal Information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.

 

Some Sensitive Personal Information included in this category may overlap with other categories.

 

 

Yes

As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law.

 

The above does not relate to information collected in connection with an individual’s employment by or seeking employment from UNFI.  If you are employed by or seeking employment from UNFI, please see the Associate and Contractor Privacy Policy for information regarding your Personal Information.

Sources From Which Personal Information Is Collected

We collect identifiers, Personal Information, protected classifications, sensory data, and sensitive Personal Information, directly from you.  We collect commercial information by keeping a log of your transactions.  We collect internet and other electronic network activity, geolocation, and inferences based on your interactions with our website and mobile apps. 

When acting as a service provider, UNFI receives or has access to Personal Information collected by the business.  UNFI uses that Personal Information solely to provide the services to the business. 

Business or Commercial Purposes for Which Personal Information Is Collected

Your Personal Information is used for the following purposes:

·                Respond to your requests for Services;

·                Provide you with customer support and respond to your communications;

·                Send you transactional or administrative communications, as well as certain service-related announcements;

·                Promote diversity, equity and inclusion initiatives;

·                Personalize your experience on our website or mobile apps;

·                Send you information relating to other programs, services, or products that we believe may be of interest to you; and

·                Run website analytics to evaluate performance.

 

When acting as a service provider, UNFI uses the Personal Information it receives or has access to solely to provide the services to the business.

 

Third Parties With Whom Personal Information Is Disclosed, Shared, or Sold

In the preceding 12 months, we have disclosed the following Personal Information about consumers for business purposes:

·                We share Personal Information in categories A (identifiers), B (personal), C (protected class), D (commercial), F (internet), G (geolocation), and K (inferences) with service providers.

·                We disclose content posted on our social media platforms (e.g., if a consumer “comments” on a story) with other consumers.  Such posts may include Personal Information categorized as identifiers and personal, but the content depends on the individual post.

·                We allow certain companies to use Personal Information categorized as internet, geolocation, and inferences to enhance online experiences and customize advertising.  For more information, please see the “Information Collected Automatically” and “Your Ad Choices” sections.

·                We disclose your Personal Information categorized as identifiers, personal, protected, commercial, internet, geolocation, and inferences with third-party service providers who complete transactions or perform services on our behalf or for your benefit, such as for payment processing, marketing, analytics or to verify customer data, such as mailing addresses.

·                We disclose your Personal Information in all categories as part of a corporate business transactions, such as a merger, acquisition, joint venture, or financing or sale of company assets, and information is transferred to a third-party as one of the business assets in such a transaction.

·                We allow certain companies to use Personal Information in categories F (internet), G (geolocation) and K (inferences) to enhance online experiences and customize advertising.

·                We disclose Personal Information in category A (identifiers) with vendors and business partners so that they can provide services to you or market products, information, campaigns, or services to you.

We do not disclose to third parties any Personal Information in exchange for money.  However, we understand that California has taken the position that the use of certain cookies or other analytical tools may constitute both a “share” and “sale” as those terms are defined in the CCPA/CPRA.  In the preceding 12 months, we have shared and sold the Personal Information about consumers:

We have shared Personal Information in categories A (identifiers), B (personal), C (protected class), D (commercial), and G (geolocation) to third parties for the purpose of receiving analytical information or marketing.

We do not have actual knowledge that we sell or share the Personal Information of consumers under 16 years of age.

Individual Rights

Right to Know About Personal Information Collected, Disclosed, or Sold (if Applicable)

You have the right to request that UNFI disclose the Personal Information it collects, uses, and discloses about you to third parties.  There are two types of Rights to Know requests that you can make:

1.                  Right to Know (Abbreviated Request):  If you make a Right to Know (Abbreviated Request), you will receive the following information about you:

a.                   Categories of Personal Information collected;

b.                  Categories of sources from which Personal Information is collected;

c.                   Business purpose for collecting or selling; and

d.                  Categories of third parties with whom sold, if applicable.

 

2.                  Right to Know (Specific Pieces of Information Request):  If you make a Right to Know (Specific Pieces of Information Request), you will receive the following information about you:

a.                      Specific pieces of Personal Information collected about you.

This information will be provided to you free of charge, unless UNFI determines that your request is manifestly unfounded or excessive.  You may request this information twice in a 12-month period.

There are certain exceptions to a consumer’s Right to Know.  UNFI will state in its response if an exception applies.

 

 

 

Right of Deletion

You have the right to request that UNFI and our service providers delete any Personal Information about yourself which UNFI has collected from you upon receipt of a verifiable request.  This right is subject to certain exceptions.  UNFI will state in its response if an exception applies.

Right to Opt-Out of the Sale of Personal Information (if Applicable)

You have the right to opt-out of the sale of their Personal Information by a business subject to certain laws and regulations. 

For more information, please visit our  Do Not Sell or Share My Personal Information page.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising the privacy rights conferred by California law.  UNFI will not discriminate against you because you exercised any of your privacy rights, including, but not limited to, by: denying goods or services to you; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level of quality of goods or services to you; or suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Right of Correction

If we maintain inaccurate Personal Information about you, then you have the right to request that we correct the inaccurate Personal Information upon receipt of a verifiable request.  Taking into account the nature of the Personal Information and purposes of processing the Personal Information, you have the right to request that we correct inaccurate Personal Information about you, if applicable. 

Right to Limit Use and Disclosure of Sensitive Personal Information

To the extent UNFI collects any Sensitive Personal Information, it only does so for the purposes specified in Section 7027 of the California Consumer Privacy Act Regulations.

Submitting Requests

You can submit your request by clicking here UNFI Data Subject Access Request, and filling out the request form or by calling us at1-800-360-7316.

 

Verifying Requests

UNFI provides California consumers with a portal UNFI Data Subject Access Request and a telephone number 1-800-360-7316 to submit requests.  UNFI must verify that the person requesting information or deletion is the California consumer about whom the request relates in order to process the request.  To verify a California consumer’s identity, we may request up to three pieces of Personal Information about you when you make a request to compare against our records.  We may also request that you sign a declaration under the penalty of perjury from the consumer whose Personal Information is the subject of the request. 

Making a verifiable consumer request does not require you to create an account with us.  We will only use Personal Information provided in your request to verify your identity and will delete any information you provide after processing the request.  UNFI reserves the right to take additional steps as necessary to verify the identity of California consumers where we have reason to believe a request is fraudulent.

Authorized Agents

You may choose a person registered with the California Secretary of State that you authorize to act on your behalf to submit your requests (“Authorized Agent”).  If you choose to use an Authorized Agent, UNFI requires that you provide the Authorized Agent with written permission to allow them to submit your request and that you verify your identity directly with UNFI.  Failure to do so may result in UNFI denying your request.

Contact for More Information

If you have any questions or concerns regarding your California Privacy Rights under this Privacy Policy, you may contact us in the following ways:

Mailing Address:

Attn: Customer Experience Team

71 Stow Drive

Chesterfield, NH 03443

 

Email Address: [email protected]

 

Phone Number: 1- 800-360-7316

 

Last Updated:   January 1, 2023

 

 

Links to Other Websites

 

For your information and convenience, our Services contain links to websites operated by third parties. Our website may also include features like buttons and widgets hosted by other companies (for example, the Twitter “Tweet” button). These features may collect your IP address, which page you are visiting on our Services, and may set a cookie to enable the feature to function properly.

 

We use Google Maps with our Find a Store feature.  By using our Find a Store feature, you are bound by Google Maps/Google Earth Additional Terms of Service https://maps.google.com/help/terms_maps/, including Google’s Privacy Policy https://policies.google.com/privacy.

 

This Privacy Policy does not apply to, and we are not responsible for, the practices of third parties that collect your Personal Information. We encourage you to review the privacy policies of those third parties to learn about their information practices.

 

Updates to the Privacy Policy

 

This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your Personal Information, we will notify you by prominently posting notice of the changes on the Services and updating the effective date above.  Your continued use of the services is deemed to be acceptance of such changes.

 

If you do not wish to permit changes in our use of your Personal Information, you must notify us prior to the effective date of the changes that you wish to deactivate your account with us.  Continued use of our Services, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

 

Managing Communication Preferences

If you have provided us with your contact information, we may send you email messages, direct mail offers, push notifications or other communications regarding products or services depending on the method of communication selected.   You may ask us not to do so when you access our websites or mobile applications or change your preferences by updating any accounts you have with us. At any time, you may elect to discontinue receiving commercial messages from us by submitting an opt-out request to the contact information below or by following the unsubscribe instructions in the form of the communication you received, as described below.

Printed Materials: To opt out of receiving printed marketing materials at your postal address, such as advertisements, flyers or postcards, please write to us at the address below. Please be sure to include your name and mailing address exactly as they appear on the printed marketing materials you received.

Emails: To opt out of receiving marketing communications via email, please send an unsubscribe request to the email address below or click on the unsubscribe link at the bottom of the email that was sent to you and follow the directions on the resulting web page. Please note that you may continue to receive certain transactional or account-related electronic messages from us.

Text Messages: If you have consented to receive text messages, you may opt out of receiving them by using the method provided in the text message or by contacting us at the address below.

Push Notifications: To opt out of receiving push notifications, please set your preferences within your device setting menu.

How to Deactivate Your Account

 

You may deactivate your account at any time for any reason by calling or emailing us as indicated in the Contact Us section below.

 

Contact

 

If you have any questions or comments about this privacy policy or other privacy-related matters, you may contact us in the following ways:

 

Mailing Address:

Attn: Customer Experience Team

71 Stow Drive

Chesterfield, NH 03443

 

Email Address: [email protected]

 

Phone Number:  1-800-360-7316



[1] Categories of Personal Information are as defined in Cal. Civ. Code. § 1798.140(v) (effective Jan. 1, 2023).