Effective Date: December 7, 2018
This Privacy Notice applies to information we collect when you use www.wholefoodsmarket.com and any other websites, mobile applications (“app(s)”), or services that post a link to this Privacy Notice (collectively, the “Service”). This Privacy Notice describes how Whole Foods Market Services, Inc., 550 Bowie Street Austin, TX 78703-4644, United States (“Whole Foods,” “Company,” “we,” or “us”) collects, uses, and shares Service-related information about you. This Privacy Notice does not apply to information or data about you collected as received outside of the Service except to the extent it is combined with information or data collected by us via the Service.
By using our Service, you agree to our Terms of Service and consent to our collection, use and disclosure practices, and other activities as described in this Privacy Notice.
We participate in and comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from the European Economic Area ("EEA") member countries. You can find out more about our commitment to the EU-U.S. Privacy Shield Framework here. Further information about this framework is set out below. California residents have certain rights set forth in "Your California Privacy Rights" below. You should read our full Privacy Notice below, but click here for a clickable table of contents with short summaries of terms.
Collection of Information
Information You Provide to Us
We collect information you provide directly to us via the Service, such as when you register, create an account profile, subscribe to our emails, mobile messages, push notifications, or social media notifications, post on our forums or blogs, participate in a sweepstakes, contest, promotion, survey, or poll, communicate with us, shop our online store, order physical or digital gift cards, request customer support, apply for a job or otherwise communicate with us through the Service.
The types of information we may collect include Personal Information/Personal Data. "Personal Information/Personal Data" is information that can be used to identify you (whether alone or in combination), such as your first and last name, email address, zip code/post code, billing address, shipping address, phone number, payment card information, user name and password, photo, and any other personally identifiable information you choose to provide. It also may include sensitive information, such as health and family information. As permitted by applicable law, unless otherwise provided in this Privacy Notice or in our statements at the point of collection, (i) non-Personal Information/ Personal Data (“non-personal information”) may be used and shared without obligation to you; and (ii) Personal Information/Personal Data may be de-identifiable or otherwise made into non-personal information. We may give you the opportunity to provide us with information about you, your family and your interests in your account profile and otherwise, which if not linked to your Personal Information/Personal Data would be non-personal information. However, to the extent we combine this with your Personal Information/Personal Data collected via the Service, we will treat that combined data as Personal Information/Personal Data under this Privacy Notice. For information on how to change or update your registration information and account profile, see the "Your Choices: Profile and Apps" section below.
Information We Collect Automatically
We, our service providers and Third Party Services (defined below) may automatically collect certain information about you when you access or use our Service. This information, which may in some cases be considered Personal Information/Personal Data under applicable law, may include demographic information; IP address; browser/device/hardware type; operating system characteristics; information about your use of our Service; and data regarding network connected hardware (e.g., computer or mobile device), such as unique device identifiers, type, model, version, MAC address, device or session ID, error related data status, capability, confirmation, functionality, performance data, and connection type. This information may also include clickstream data, which is information about the page-by-page paths you take as you browse through the Service.
The methods that we, our service providers and Third Party Services may use to automatically collect such information in connection with our Service include:
Log Information: Information about your use of our Service, such as the type of browser you use, access times, pages viewed, your IP address and the referring link through which you accessed our Service.
Small graphic images called web beacons, also known as "Internet tags" or "clear gifs," in our web pages and email messages. We may use web beacons or similar technologies for a number of purposes, including, without limitation, to count the number of visitors to our Service, to monitor how users navigate the Service, and to count how many emails that we sent were actually opened or how many particular articles or links were actually viewed.
An embedded script is programming code that is designed to collect information about your interactions with the Service. It is temporarily downloaded onto your computer from our web server or a third party with whom we work, is active only while you are connected to the Service, and is deleted or deactivated thereafter.
GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate (sometimes precisely) you, or make assumptions about your location, for purposes such as verifying your location and delivering or restricting content based on your location. If you have enabled GPS or use other location-based features on the Service, your device location may be tracked. Our store finder feature may access and use information about your device location (such as based on IP address), or your account information, to suggest appropriate store locations.
Collection and analysis of information from your device, such as, without limitation, your operating system, plug-ins, system fonts, and other data, for purposes of identification and/or tracking.
Device Recognition Technologies.
Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household)(“Cross-device Data”).
In-App Tracking Methods
There are a variety of Tracking Technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as “Ad IDs” to associate app user activity to a particular app and to track user activity across apps and/or devices.
Information we automatically collect about you, such as how you interact with our Service, may be combined with your Personal Information/Personal Data. To the extent we associate any such automatically-collected information with Personal Information/Personal Data about you collected via the Service, we will treat the combined information as Personal Information/Personal Data under this Privacy Notice.
We, our service providers and other third parties may associate Tracking Technologies with your device when you visit the Service that permits tracking of your online activities across time and different services, and associate different devices you use, for purposes including to send you product promotions that are aligned with your purchase trends and/or interests identified through automatically-collected information. See the "Advertising & Analytics Services and Online Tracking" and "Analytics, Advertising, Online Tracking and Your Choices" sections below for more information on use of Tracking Technologies and your choices regarding that. We are giving you notice of the Tracking Technologies and your choices regarding them so that your consent to encountering them is meaningfully informed.
Information We Collect From Other Sources
We may also obtain information about you (such as email, address, demographic information and Cross-device Data) from other sources and combine that with information we collect about you. To the extent we receive information about you from a third party source and we combine the information we receive from these third party sources with your Personal Information/Personal Data we collect via the Service, we will treat that combined information as Personal Information/Personal Data under this Privacy Notice. We are not responsible for the accuracy of the information provided by third parties or how such third parties collect, use and share such information.
Advertising & Analytics Services and Online Tracking
This means that some information about your browsing of the Service and certain third party locations and services may be shared with these companies for the purpose of delivering content, offers and ads to you on the Service and certain third party locations and services, and Whole Foods may receive from some of these companies information about third party locations and services that you have visited and other information about you, including Cross-device Data. This information may be used for marketing purposes and the practice is sometimes termed “interest-based advertising” or "retargeting" to indicate that information from one retailer is used to suggest to you relevant products offered by another retailer. We may also work with third parties to serve ads to you as part of a customized campaign on other websites or platforms. We may also use this data to provide you with more relevant content and offers on our Service and in our communications to you.
These and other third parties may also collect information about your online activities over time and across different websites when you use our Service.
The descriptions of our data practices in this Privacy Notice does not cover any third party activities or third parties’ use of information that such third parties themselves may have collected from you (e.g., type of browser, operating system, domain name, day and time of visit, page(s) visited, Cross-device Data, etc.) or the methods used by the third-parties to collect that information (e.g., cookies, web beacons and clear gifs). Some third parties, however, may offer you choices regarding their Tracking Technologies. One way to potentially identify cookies on our Service is to add the free Ghostery plug-in to your browser (www.ghostery.com), which according to Ghostery will display for you traditional, browser based cookies associated with the web sites (but not mobile apps) you visited and privacy and opt-out policies and options of the parties operating those cookies. We are not responsible for the completeness or accuracy of this tool or third party choice notices or mechanisms. For specific information on some of the choice options offered by third party analytics, data and advertising providers, see the "Analytics, Advertising, Online Tracking and Your Choices" section below.Note that your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, Whole Foods currently does not alter its practices when it receives a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may wish to visit http://www.allaboutdnt.com.
Use of Information
We may use your Personal Information/Personal Data for various purposes, including to:
Facilitate and improve your online experience;
Process your registration with our Service, including verifying that your email address(es) are active and valid;
Manage your online account(s), including purchases, orders, payments, returns, exchanges, and forum and blog posts;
Respond to your comments, questions and requests and provide customer service;
Send you technical notices, updates, security alerts and support and administrative messages;
Communicate with you about products, services, offers, promotions, coupons, newsletters, rewards and events and provide news and information we think will be of interest to you (for information about how to manage or opt out of these communications, please see the "Your Choices" section below).
Improve our Service or other Whole Foods websites, mobile applications, marketing efforts, products and services;
Personalize your online experience and provide advertisements, content or features that match your profile and interests;
Monitor and analyze trends, usage and activities;
Process and deliver contest, promotion and sweepstakes entries and rewards;
Process and track your redemption of digital coupons and associate those redemptions with your account;
Link or combine with information we get from others to help understand your needs and provide you with better service;
Contact you regarding your use of our Service and, in our discretion, changes to our policies;
Provide you with notices related to our Service and other Whole Foods websites, products and services;
Conduct research and analysis, including focus groups and surveys, on our Service and other Whole Foods websites, products and services;
Prevent fraudulent transactions and monitor against threats;
Carry out any other purpose to the extent not prohibited by applicable law and not inconsistent with our statements disclosed elsewhere in this Privacy Notice or at the time you provide your Personal Information/Personal Data; and
With your consent or at your direction.
In our sole discretion, we may also use aggregated and other non-personal information as permitted by applicable laws.
Sharing of Information
Our agents, vendors, consultants and other service providers (“service providers”) may have access to, or receive from us, your Personal Information/Personal Data, and other information about you, to carry out work on our behalf; however, we do not authorize our service providers to use your Personal Information/Personal Data for any purpose other than to provide this assistance.
In addition, we may share Personal Information/Personal Data about you as follows:
With our business partners, affiliates and other third parties for purposes of sending their own marketing unless you are a California customer and you opt out of this type of sharing as set forth in "Your California Privacy Rights" below;
To the maximum extent permitted by applicable law, in response to i) subpoenas or other legal process or if in our good faith opinion such disclosure is required or permitted by law; or (ii) at the request of governmental authorities conducting an investigation;
To defend the Terms of Service or other policies applicable to our Service;
To protect the rights, property, life, health, security and safety of us or any third party;
To the maximum extent permitted by applicable law, we may also use IP addresses, mobile device identifiers or any other information we collect to identify users, and may do so in cooperation with copyright owners, Internet service providers, wireless service providers or law enforcement agencies in our discretion. As permitted by applicable law, such disclosures may be carried out without notice to you;
With our affiliates for their business purposes;
Your redemption of digital coupons with our suppliers;
In connection with, or during negotiations of, any proposed or actual merger, purchase, sale (including a liquidation, realization, foreclosure or repossession), lease, amalgamation or any other type of acquisition of all or any portion of Whole Foods assets, financing, disposal, conveyance or transfer of all or a portion of our business to another company;
To Third Party Services that interact with our Service, in connection with such interactions;
For other purposes to the extent not prohibited by applicable law and not inconsistent with our statements disclosed elsewhere in this Privacy Notice, or at the time you provide your Personal Information/Personal Data; and
With your consent or at your direction.
In our sole discretion, we may also share aggregated and other non-personal information as permitted by applicable law.
Information You Disclose Publicly or to Others
The Service may permit you to submit ideas, photographs, user profiles, writings, music, video, audio recordings, computer graphics, pictures, data, questions, comments, suggestions or other content, including Personal Information/Personal Data (collectively, “User Content”), such as on blogs and forums, and in association with your account and user profile. We or others may store, display, reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. Others may have access to this User Content and may have the ability to share it with third parties. Please think carefully before deciding what information you share, including Personal Information/Personal Data, in connection with your User Content. Please note that Whole Foods does not control who will have access to the information that you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on the Service or what others do with information you share with them on the Service. We are not responsible for the accuracy, use or misuse of any User Content that you disclose or receive from third parties through the Service. We are not responsible for User Content you submit to Third Party Services via our Service. California minors have certain rights regarding User Content explained in the "Children" section below.
Sweepstakes, Contests, Surveys, Polls, and Promotions
We may offer sweepstakes, contests, surveys, polls, and other promotions (each, a “Promotion”) that may require registration or for you to submit Personal Information/Personal Data. These Promotions are strictly voluntary. If you choose to enter a Promotion, your Personal Information/Personal Data may be disclosed to third parties in connection with the administration of such Promotion, such as in connection with winner selection, prize fulfillment, and as required by law, such as on a winners list. By entering a Promotion, you are agreeing to the official rules that govern that Promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials. Whole Foods may offer opportunities to enter a contest or sweepstakes or other feature that we offer jointly with a third party. As a result of your participation in such feature, your information may be shared with the third party that is jointly offering the feature, which will be disclosed at the time your information is collected.
Third Party Services
The Service may contain hyperlinks to other websites or locations, including the career, gift card and online shopping sections of our Service, and plug-ins (e.g. Social Features discussed in the next section), third party Tracking Technologies and other third party applications and content made available on or via our Service, that are operated by third parties ("Third Party Service(s)"). We make no representations and accept no responsibility or liability regarding the policies or business practices of such Third Party Services and encourage you to familiarize yourself with their privacy policies before accessing them or otherwise providing them with your Personal Information/Personal Data. In some cases we and Third Party Services may each post terms and policies on a Third Party Service, in which case our terms and policies govern us and the Third Party Service operator’s terms and policies govern them.
Except to the extent we combine information we receive from Third-Party Services with Personal Information/Personal Data we ourselves have collected via the Service, data obtained by us from a third party, even in association with the Service, is not subject to our limitations regarding Personal Information/Personal Data under this Privacy Notice, however such data remains subject to any restrictions imposed on us by the third party, if any. Otherwise, the information collected, stored, and shared by third parties remains subject to their privacy policies and practices, including whether they continue to share information with us, the types of information shared, and your choices on what is visible to others on Third Party Services. You should read the privacy notice of each Third Party Service as these Third Party Services may use their own cookies, web beacons and other Tracking Technology to independently collect information about you. In addition, these Third Party Services may solicit Personal Information/Personal Data from you.
Certain functionality in connection with the Service is specifically designed to permit social and other interactions that you initiate between the Service and Third Party Services, including third party social networks (“Social Features”). Examples of Social Features include enabling you to transmit content to the Service from your account on a Third Party Service; to “like” or “share” our Service content to Third Party Services; to log-in to the Service using your username and password for a Third Party Service; and to otherwise connect our Service to a Third Party Service.
If you choose to use Social Features, information you post or provide access to, including User Content, may be publicly displayed on our Service or by the provider of the Social Feature that you use. Similarly, if you post information on a third party platform, site, application or service that references our Service (e.g., by using a hashtag associated with Whole Foods in a tweet or status update), your post may be published also on our Service, which will be treated as User Content. Also, both Whole Foods and the third party may have access to certain information about you and your use of our Service and the Third Party Service. In addition, we may receive information about you if other users of a Third Party Service give us access to their profiles and you are one of their “connections,” or information about you is otherwise accessible through your “connections’” web pages, profile pages, or similar pages on the Third Party Service.
If you are a United States resident, you may use a referral feature to inform a friend about our services. Whole Foods may use any email address provided when using this referral feature to send an email on your behalf to such designated recipients about the particular promotion, product, or service in which you indicated your "friend" may have an interest. By using such a referral feature, you represent that you and your friend are United States residents and that you have permission to provide your friend’s email address and to send them a message.
You can opt out of receiving promotional email communications from us at any time by following the instructions provided in those communications, by logging into your account and adjusting your Email Subscription Preferences or by emailing us at firstname.lastname@example.org. You may also remove yourself from our promotional email list by clicking on the unsubscribe link presented in all promotional emails, including newsletters, we send to our customers. Please note that even if you opt out of receiving promotional communications, we may continue to send you non-promotional emails, such as those about our on-going business relations. Our mobile applications may send you notifications that may include alerts, sounds, and icon badges. These push notifications or in-app messages may include both operational messages and promotional messages regarding products, services and offers that may be of interest to you. These can be configured in the app’s Settings. As with emails, even if you opt out of receiving promotional communications, we may continue to send you non-promotional push notifications, such as those about your use of the app or our on-going business relations.
Profile and Apps
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. The Service may allow you to review, correct or update Personal Information/Personal Data, and to change your communications and interest preferences you have provided through the Service’s registration or in your account profile, which changes may be limited to those databases. If you would like to otherwise, review, correct or update Personal Information/Personal Data you have provided us through the Service, contact us at email@example.com. We will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable (but we may retain prior information as business records).Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons. Also, if you have made any public postings on the Service such as in forums or blogs, these communications cannot generally be removed, except California minors should see the "Children" section below.
Analytics, Advertising, Online Tracking and Your Choices
You can learn more about the practices of third parties that associate cookies with our Service, and the choices they offer, by reviewing their privacy policies. See the "Advertising & Analytics Services and Online Tracking" section above for how to identify cookies and information on their operators and the choices they may offer. For instance, you can learn more about the privacy practices of, and choices offered by, One Spot and AdNexus, which provide us data for, and assist us in, content and ad customization at: https://www.onespot.com/privacy-policy/; and https://www.appnexus.com/en/company/platform-privacy-policy#choices.
In addition, certain advertising networks and exchanges may participate in the Digital Advertising Alliance ("DAA") AdChoices Program and may display an Advertising Option Icon for interest-based ads. You can learn more about the DAA AdChoices Program at http://www.youradchoices.com/ and its opt-out program for mobile apps at http://www.aboutads.info/appchoices. In addition, certain advertising networks and exchanges may participate in the Network Advertising Initiative (“NAI”). The NAI has developed a tool that allows consumers to opt out of targeted advertising delivered by NAI members' ad networks. To learn more about opting out of targeted advertising or to use the tool, click here: http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of targeted advertising, you will continue to receive other types of ads. Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI/DAA browser-based opt-out may not, or may no longer, be effective. Whole Foods supports the ad industry’s 2009 Self-regulatory Principles for Online Behavioral Advertising (https://www.iab.com/wp-content/uploads/2015/06/OBA_OneSheet_Final.pdf) and expects that ad networks we directly engage to serve you interest-based advertising will do so as well, though Whole Foods cannot guarantee their compliance. We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
Users Outside the United States
We are based in the United States and the information we collect is governed by U.S. law. If you are accessing the Service from outside of the United States, please be aware that information collected through the Service will be transferred to, and processed, and used in the United States. The data protection laws in the United States may be different from those of the country in which you are located. Your use of the Service or providing us with any information therefore constitutes your consent to the transfer to, and processing, usage, sharing and storage of your information, including Personal Information/Personal Data, in the United States as set forth in this Privacy Notice. We will take reasonable care to ensure that your data is treated fairly and lawfully.
Participation in Privacy Shield — Additional information
As mentioned above, we participate in and comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from the European Economic Area (“EEA”) member countries.
The independent dispute resolution body that will investigate any unresolved complaints is the U.K. regulator, the Information Commissioner’s Office, whose website is https://ico.org.uk/. You can find out more about the Privacy Shield program and any businesses approved to participate in Privacy Shield here:
Our Service is intended for a general audience and not directed to children under 13 years of age. However, some portions of our Service may be intended as appropriate for all ages, or in other words a mixed audience of users under 13 years of age and users 13 and over, or for users under 13 years of age (e.g., a separate ‘Kids” section). For further information on how we treat Children’s Personal Information/Personal Data in connection with any mixed-use portions of our Service (if any), please see our Children’s Privacy Notice, which will be deemed incorporated herein for purposes of that part of our Service.
We do not intend to collect Personal Information/Personal Data as defined by the U.S. Children’s Online Privacy Protection Act (“COPPA”) (“Children’s Personal Information/Personal Data”) in a manner that is not permitted by COPPA, and for any children’s or mixed-use portions of our Service (if any) we will comply with COPPA. If you are a parent or guardian and believe we have collected Children’s Personal Information/Personal Data in a manner not permitted by COPPA, please contact us at firstname.lastname@example.org and we will remove such data to the extent required by COPPA.
Any California residents under the age of eighteen (18) who have registered to use the Service, and who have posted content or information on the Service, can request that such information be removed from the Service by contacting us at email@example.com or by sending a letter to Whole Foods Market Services, Inc., 550 Bowie Street, Austin, TX 78703-4644, United States (Attention: Legal Counsel) stating that they personally posted such content or information and detailing where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished the post and archived copies of it may be stored by search engines and others that we do not control. Parents may want to consider commercially available parental control protections to limit what minors can access online and/or monitor their minor children’s online activities. Examples include: www.netnanny.com; www.webwatcher.com and www.sentrypc.com. We do not endorse these or other services and are not responsible for them.
Your California Privacy Rights
California law permits customers in California to request certain details about how their information is shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business must either provide this information or permit California customers to opt in to, or opt out of, this type of sharing.
We may from time to time elect to share certain information about you collected by us on the Service with third parties or affiliates for those third parties’ or affiliates’ own direct marketing purposes. If you are a California resident, you may opt out of such future sharing of your personal information (as defined by the California Shine the Light Act) and/or request information about our compliance with this law by contacting us at firstname.lastname@example.org or by sending a letter to Whole Foods Market Services, Inc., 550 Bowie Street, Austin, TX 78703-4644, United States (Attention: Legal Counsel). Any such request must include "California Privacy Rights Request" in the first line of the request and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address. California minors have additional privacy rights set forth in the "Children" section above.
We take reasonable steps to have physical, electronic and procedural safeguards in place to help protect your Personal Information/Personal Data. This may include, in appropriate circumstances, use of Secure Socket Layer (SSL) encryption. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Information/Personal Data, we cannot guarantee or warrant the security of any information collected through our Service.
Changes to This Privacy Notice
We may change this Privacy Notice from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Notice, and in some cases, we may provide you with additional notice (such as adding a statement to the homepages of our Service or sending you an email notification). Any changes will be effective immediately upon posting of the revised Privacy Notice and your continued use of the Service indicates your consent to the Privacy Notice then posted. If you do not agree, discontinue use of the Service and uninstall Service downloads and apps. We will not treat your Personal Information/Personal Data collected under a prior Privacy Notice in a materially different manner without your consent. We encourage you to review the Privacy Notice whenever you interact with us to stay informed about our information practices and the ways you can help protect your privacy. To the extent any provision of this Privacy Notice is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.