Individuals Interacting with Customer Support

Information for individuals who interact with our customer support.

Privacy Notice – This notice sets out the personal data we collect, for what purposes and your rights in this respect.

Effective Date: October 2025

California “Notice at Collection”

If you are an individual in California who contacts customer support, Covetrus is required under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, “CCPA/CPRA”) to provide you with this Notice at Collection. This Notice describes the categories of personal information (“personal data”) and sensitive personal information (“sensitive personal data”) we collect about you, the purposes for which we collect and use this information, and your rights under California law. The table below summarizes this information in the format required by California regulations. Click here to go to the California Supplemental Notice.

1. Personal Data We Collect

When you contact Covetrus customer support, we may collect the following types of personal data:

• Identifiers: your name, contact details (email, phone number, address), and account identifiers.
• Commercial Information: details related to your orders, prescriptions, products purchased, or service requests.
• Communications Data: contents of your messages, call recordings, emails, and chat transcripts exchanged with support representatives.
• Audio/Visual Data: voice recordings from calls or video interactions (where applicable).
• Internet/Device Data: metadata such as IP address, time/date of communication, and technical logs.
• Sensitive Personal Data (SPI) (in limited circumstances):
  • Payment or financial data if shared to resolve billing or refund issues.
  • Contents of communications (if Covetrus is not the intended recipient, e.g., misdirected emails).
  • Biometric data such as voiceprint recognition, if used for identity verification during support calls.

2. Personal Data vs. Sensitive Personal Data

• Personal Data includes identifiers, communications, commercial details, and device data collected as part of your interaction with customer support.
• Sensitive Personal Data includes:
  • Financial account or payment card data (if discussed or verified during support and tied to an individual).
  • Audio recordings or biometric identifiers (e.g., voiceprint, if used for authentication).
  • Contents of unintended or misdirected communications.

3. How We Use Your Personal Data

We process customer support data to:

• Respond to inquiries, resolve issues, and provide product or service assistance.
• Verify your identity and protect your account.
• Process orders, refunds, and account updates.
• Record and monitor interactions for quality assurance, training, and compliance.
• Detect and prevent fraud, security breaches, or unauthorized access.
• Maintain business records and comply with legal obligations.
• Improve our services, communication experience, and internal systems.

Automated Decision-Making

• In some instances, our automated systems may process your information to make decisions or create profiles. For example, we may use automated systems to:
• Analyze your purchase history to recommend products
• Determine when to send you reminders about prescription refills
• Personalize your online experience based on your browsing behavior
• You have the right to not be subject to a decision based solely on automated processing if it produces legal or similarly significant effects on you by contacting privacy@covetrus.com, except where the automated decision is necessary for a contract, authorized by law, or based on your explicit consent.

4. Who We Share the Personal Data With

We may share your data with:

• Internal departments: customer service, technical support, account management, finance, and legal teams.
• Service providers: call center operators, CRM vendors, IT support, cloud hosting, and analytics providers.
• Affiliates and subsidiaries: within the Covetrus group for service delivery.
• Regulators and authorities: when required by law or to respond to lawful requests.

5. Security of Personal Data

Covetrus implements administrative, technical, and physical safeguards designed to protect personal data collected during support interactions against loss, unauthorized access, misuse, or disclosure.

6. Data Retention

We retain customer support data for as long as necessary to:

• Respond to and resolve your inquiry or case.
• Maintain accurate service and transaction records.
• Comply with applicable legal, tax, and regulatory obligations.
• Support quality assurance, training, and dispute resolution.

Recordings and chat transcripts are retained only for limited periods, consistent with operational and compliance requirements.

7. Your Rights

Depending on your location, you may have rights to:

• Access, correct, or update your personal data.
• Request deletion of personal data (subject to retention requirements).
• Restrict or object to processing.
• Opt out of marketing communications.
• Receive a copy of your personal data in portable format.

To exercise these rights, contact: Privacy Request – Covetrus.com

8. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our support operations, technologies, or legal obligations. Updated versions will be posted on our website or made available when you contact support.

9. Notice at Collection

The following chart details which categories of personal information we collect and process as well as which categories of personal information we disclose to third parties for our operational business purposes within the 12 months preceding the date this Policy was last updated. The chart also details the categories of personal information that we “sell” and/or “share” for purposes of cross-context behavioral advertising within the 12 months preceding the date this Policy was last updated. 

10. No Sale or Sharing of Personal Information

We don’t “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising purposes (as those terms are defined under state privacy laws). We also don’t process sensitive Personal Data for the purposes of inferring characteristics about you.

Exercising Your Rights. You can exercise privacy rights described in this section by submitting a request through: Privacy Request – Covetrus.com 

Verification. In order to protect your Personal Data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us. Authorized agent requests can be submitted to: Privacy Request – Covetrus.com