Individuals representing Business Customers, Suppliers or Partners

Information for individuals who represent our business customers, suppliers or partners.

Privacy Notice – This notice sets out the personal data we collect, for what purposes and your rights in this respect.

Effective Date: October 2025

California “Notice at Collection”

If you are a business customer, supplier, or partner in California, Covetrus is required under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, “CCPA/CPRA”) to provide you with this Notice at Collection. This Notice describes the categories of personal information (“personal data”) and sensitive personal information (“sensitive personal data”) we collect about you, the purposes for which we collect and use this information, and your rights under California law. The table below summarizes this information in the format required by California regulations. Click here to go to the California Supplemental Notice.

1. Personal Data We Collect

We may collect the following information about you in your role as a representative of a customer, supplier, or partner:

• Identifiers: name, professional email address, phone number, job title, and business mailing address.
• Commercial Information: orders and purchase history linked to your account, service interactions, and contract-related activities.
• Financial Information: payment-related details, tax identification (if tied to you individually, e.g., sole proprietors or independent practitioners).
• Professional/Employment Information: organizational role, professional licenses, and credentials.
• Internet/Device/Usage Data: IP address, browsing activity, and interactions with Covetrus platforms when you log in.
• Communications Data: emails, call records, meeting notes, and chat transcripts with Covetrus account or support teams.
• Inferences: preferences or profile characteristics derived from your purchase or interaction history.

2. Personal Data vs. Sensitive Personal Data

• Personal Data: identifiers, commercial data, professional credentials, usage data, and communications.
• Sensitive Personal Data (SPI) may include:
  • Payment card or account numbers (if tied to you as an individual).
  • Precise geolocation data (if you access Covetrus apps with location-based features).
  • Contents of communications (emails or messages misdirected to Covetrus).

3. How We Use Your Personal Data

We use this data to:

• Establish, manage, and maintain our business relationships.
• Fulfill and deliver orders and services.
• Provide account management and customer service.
• Process payments and maintain financial and tax records.
• Verify professional qualifications or licenses.
• Ensure security of our systems and services.
• Comply with legal, tax, and regulatory obligations.
• Carry out marketing and promotional communications, where permitted.

Automated Decision-Making

• In some instances, our automated systems may process your information to make decisions or create profiles. For example, we may use automated systems to:
• Analyze your purchase history to recommend products
• Determine when to send you reminders about prescription refills
• Personalize your online experience based on your browsing behavior
• You have the right to not be subject to a decision based solely on automated processing if it produces legal or similarly significant effects on you by contacting privacy@covetrus.com, except where the automated decision is necessary for a contract, authorized by law, or based on your explicit consent.

4. Who We Share the Personal Data With

We may share your personal data with:

• Internal teams: account managers, finance, sales, support, and legal.
• Service providers: IT hosting, analytics providers, payment processors, delivery vendors.
• Regulators and authorities: when legally required.
• Affiliates and subsidiaries: within the Covetrus group for operational purposes.
• Business partners: when required to facilitate joint services or collaborations.

5. Security of Personal Data

We apply technical, organizational, and administrative measures to protect personal data from unauthorized access, loss, misuse, or disclosure.

6. Data Retention

We retain your personal data for the duration of the business relationship and for a reasonable period afterward to:

• Comply with applicable legal, tax, and regulatory obligations.
• Resolve disputes and enforce contractual agreements.
• Maintain business records consistent with industry practices.

7. Your Rights

Depending on your location, you may have rights to:

• Access, correct, or update your personal data.
• Request deletion of personal data (subject to retention requirements).
• Restrict or object to processing.
• Opt out of marketing communications.
• Receive a copy of your personal data in portable format.

To exercise these rights, contact: Privacy Request – Covetrus.com

8. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technologies, or legal obligations. Updates will be communicated through business portals or directly to affected representatives.

9. Notice at Collection Table

The following chart details which categories of personal information we collect and process as well as which categories of personal information we disclose to third parties for our operational business purposes within the 12 months preceding the date this Policy was last updated. The chart also details the categories of personal information that we “sell” and/or “share” for purposes of cross-context behavioral advertising within the 12 months preceding the date this Policy was last updated. 

10. No Sale or Sharing of Personal Information

We don’t “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising purposes (as those terms are defined under state privacy laws). We also don’t process sensitive Personal Data for the purposes of inferring characteristics about you.

Exercising Your Rights. You can exercise privacy rights described in this section by submitting a request through: Privacy Request – Covetrus.com 

Verification. In order to protect your Personal Data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us. Authorized agent requests can be submitted to: Privacy Request – Covetrus.com