(Former) Employees, Contractors, and Job Applicants

Information for individuals who are or were employees, individual contractors or job applicants of Covetrus.

Privacy Notice – This notice sets out the personal data we collect, for what purposes and your rights in this respect.

Effective Date: October 2025

California “Notice at Collection”

If you are a job applicant, employee, former employee, or individual contractor in California, Covetrus is required under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, “CCPA/CPRA”) to provide you with this Notice at Collection. This Notice describes the categories of personal information (“personal data”) and sensitive personal information (“sensitive personal data”) we collect about you, the purposes for which we collect and use this information, and your rights under California law. The table below summarizes this information in the format required by California regulations. Covetrus does not “sell” or “share” workforce-related personal information as those terms are defined under California law. Click here to go to the California Supplemental Notice.

1. Personal Data We Collect

We may collect the following categories of personal data from you during recruitment, onboarding, employment/contracting, and offboarding processes:

• Identifiers: name, address, phone number, email address, account details.
• Government Identification: social security number, driver’s license number, passport number, or other identifiers.
• Employment Information: job history, titles, performance evaluations, training, and disciplinary records.
• Professional/Education Information: educational background, professional licenses, resumes, references.
• Financial Information: payroll and bank account details for payment, tax withholding information, benefits enrollment.
• Protected Classification Characteristics: race/ethnicity, gender, disability status, citizenship or immigration status (when voluntarily provided or required for compliance).
• Device/Usage Data: limited IT system logs, email metadata, and device usage records for security and compliance.
• Communications: HR correspondence, emails, call recordings, or messages exchanged with Covetrus in the course of employment or recruitment.

2. Personal Data vs. Sensitive Personal Data

• Personal Data: identifiers, contact details, job-related information, financial data, communications, and device usage data.
• Sensitive Personal Data (SPI):
  • Social Security numbers, driver’s license, passport data.
  • Protected classifications (e.g., racial or ethnic origin, disability, citizenship/immigration).
  • Health information (if relevant for benefits administration).
  • Biometric identifiers (if used for authentication or facility access).

3. How We Use Your Personal Data

We process your information for the following purposes:

• Recruitment and selection of job applicants.
• Verification of identity, background, and credentials.
• Payroll, compensation, benefits, and tax administration.
• Compliance with legal obligations (e.g., immigration, labor, tax, equal employment laws).
• HR administration, including training, performance evaluation, and career development.
• Security, fraud prevention, and IT systems monitoring.
• Business management, audits, and reporting.
• Responding to legal requests and defending legal claims.

Automated Decision-Making

• In some instances, our automated systems may process your information to make decisions or create profiles. For example, we may use automated systems to:
• Analyze your purchase history to recommend products
• Determine when to send you reminders about prescription refills
• Personalize your online experience based on your browsing behavior
• You have the right to not be subject to a decision based solely on automated processing if it produces legal or similarly significant effects on you by contacting privacy@covetrus.com, except where the automated decision is necessary for a contract, authorized by law, or based on your explicit consent.

4. Who We Share the Personal Data With

We may disclose your personal data to:

• Internal recipients: HR, finance, IT, legal, and management personnel.
• Service providers/contractors: payroll processors, benefits providers, background check companies, training vendors, IT support providers.
• Regulators and authorities: as required by labor, tax, social security, or immigration laws.
• Business partners: in the context of mergers, acquisitions, or restructuring.

5. Security of Personal Data

We apply organizational, technical, and administrative measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. Access to sensitive data is restricted to authorized personnel with a legitimate need.

6. Data Retention

We retain personal data only as long as necessary:

• For employees/contractors: during employment/contract term plus a defined retention period to comply with legal, regulatory, and tax requirements.
• For job applicants: defined retention period after the recruitment process, unless hired.
• For former employees/contractors: retained as required by applicable laws (e.g., tax, labor, social security) or to resolve disputes.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data (subject to legal retention requirements).
• Restrict or object to processing.
• Receive a copy of your data in a portable format.
• Withdraw consent (if applicable).

To exercise these rights visit: Privacy Request – Covetrus.com

8. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, or legal requirements. Updated versions will be posted on Covetrus.com/legal and/or communicated directly to you.

9. Notice at Collection Table

The following chart details which categories of personal information we collect and process as well as which categories of personal information we disclose to third parties for our operational business purposes within the 12 months preceding the date this Policy was last updated. The chart also details the categories of personal information that we “sell” and/or “share” for purposes of cross-context behavioral advertising within the 12 months preceding the date this Policy was last updated. 

10. No Sale or Sharing of Personal Information

We don’t “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising, and we do not process Personal Data for “targeted advertising” purposes (as those terms are defined under state privacy laws). We also don’t process sensitive Personal Data for the purposes of inferring characteristics about you.

Exercising Your Rights. You can exercise privacy rights described in this section by submitting a request through: Privacy Request – Covetrus.com 

Verification. In order to protect your Personal Data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us. Authorized agent requests can be submitted to: Privacy Request – Covetrus.com