This Privacy Policy applies to our collection, use, and disclosure of personal information of United States residents only. Canadian residents may view UNFI’s Canadian Privacy Policy by clicking here.
Last updated: May 17, 2024
We value the privacy of our customers’ information at United Natural Foods, Inc. and its affiliates and subsidiaries (“UNFI,” “we,” “us,” and “our”) and we are always striving to make our customer experience better. This online privacy policy (the “Privacy Policy” or “Statement”) describes our information practices and, in particular, how we collect, use and share the Personal Information that we gather through our Services, as defined below. If you have any questions about this Privacy Policy or our information practices, please contact us through the options provided below.
BY USING OUR SERVICES, YOU CONSENT TO THE INFORMATION PRACTICES AND OTHER TERMS AS DESCRIBED IN THIS PRIVACY POLICY. YOU SHOULD READ THIS PRIVACY POLICY CAREFULLY. WE RECOMMEND PRINTING AND KEEPING A COPY FOR YOUR FUTURE REFERENCE. WE MAY ADD TO, DELETE OR CHANGE THE TERMS OF THIS PRIVACY POLICY FROM TIME TO TIME BY POSTING A NOTICE OF THE CHANGE OR AN AMENDED PRIVACY POLICY ON THIS WEBSITE. YOUR CONTINUED USE OF THE SERVICES IS DEEMED TO BE ACCEPTANCE OF SUCH CHANGES.
We are UNFI. We own and operate the following supermarket chains: Cub Foods and Shoppers (the “Corporate Stores”). This privacy policy applies to the Services owned and operated by UNFI and our Corporate Stores.
When we use the term “Services” in this Privacy Policy, we mean the websites, including https://www.unfi.com/, mobile apps, and other digital properties that are owned and operated by UNFI and its Corporate Stores and that link to this Privacy Policy. This term does not include the websites, mobile apps and other digital properties that are owned by the Independent Stores.
When we use the term “Personal Information” in this Privacy Policy, we mean any information that classifies as Personal Information, personal data, personally identifiable information, or similar terms under applicable data privacy and security laws and regulations. This includes any information that we directly associate with a specific person, or that reasonably can be used to identify a specific person. For example, this includes your name, home address, phone number, email address and any other information that we tie to these elements. Personal Information also includes information collected about you when you are acting as an employee on behalf of your employer in the context of providing or receiving a product or service to or from UNFI.
Personal Information does not include data excluded or exempted from those laws and regulations. Personal Information does not include “aggregated information,” which is information that we collect about a group or category of persons or services. It also does not include “de-identified information,” which is information from which we or our agents have removed information that can be used to specifically identify a person. This Privacy Policy does not apply to our collection, use, or disclosure of aggregated or de-identified information. Nothing in this Statement will constitute an admission or evidence that any particular data privacy or information security law or regulation applies to UNFI generally or in any specific context.
We collect Personal Information through our Services. There are five categories of information that we collect through the Services:
1. Information You Provide
We collect Personal Information you provide, for example when you enter the information into form fields on our Services. For example, we may collect:contact information, such as your name, home address, email address and phone number, which we use to administer your account and the Services, communicate with you and authenticate you as a user;
2. Information Collected Automatically
We use various technologies to collect other types of data that do not directly reveal your identity (“Other Information”). If we associate Other Information with Personal Information, we will treat the combined information as Personal Information in accordance with this Privacy Policy.
These technologies include the following:
Logging Functionality: As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and/or clickstream data. We generally only use this data for purposes such as security, fraud detection, and protecting our rights.
Chat Information: Chat Information includes the contents of the conversation. We collect this information when you engage with the ChatBot on our Services. If you interact with the ChatBot on the Sites we will record the conversation. Please note that the ChatBot is an automated program and not a real person, and information relating to your communications may be shared with our service provider.
Cookies and Other Data Collection Technologies: We and our subsidiaries, and service providers use cookies, web beacons, and similar technologies to manage our websites and email messages and to collect and track information about you and your activities online over time and across different websites and social media channels. These technologies help us to recognize you, customize or personalize your shopping experience, store items in your online shopping list between visits, and analyze the use of our Services and solutions to make them more useful to you. These technologies also allow us to aggregate demographic and statistical data and compilations of information, which may or may not include Personal Information, and provide this information to our service providers.
Most Internet browsers allow you to remove or manage cookie functions and adjust your privacy and security preferences. For information on how to do this, access the “help” menu on your Internet browser, or visit https://www.aboutcookies.org/how-to-control-cookies/. Please note, however, that disabling our cookies may result in your inability to take full advantage of all of the features of our Services.
Analytics: We use analytics providers such as Google Analytics to help us evaluate and measure the use and performance of our Services. We may also use the analytics providers FullStory, Criteo, and Salsify. Data about the general attributes of your device may also be collected when you use the mobile application. To opt out of the aggregation and analysis of data collected about you on our website by Google Analytics, visit https://tools.google.com/dlpage/gaoptout and download and install the Google Analytics Opt-out Browser Add-on. For more information on the services provided to us by FullStory, visit https://www.fullstory.com/legal/privacy-policy. To opt out of the aggregation and analysis of data collected about you on our website by FullStory, visit https://www.fullstory.com/optout/ to opt out of FullStory. For more information on the services provided to us by Criteo, please visit https://www.criteo.com/privacy/. For more
information on the services provided to us by Salsify, please visit https://www.salsify.com/privacy-policy.
Please note that we do not use any cookies, pixels, or other tracking devices that disclose to any third-party information that identifies a person has having viewed specific video materials.
We may share your personal information with business partners, analytics providers, third party advertisers and marketing co-ops who may serve you targeted advertising.
Do Not Track (DNT): DNT is a privacy preference that you can set in certain web browsers. When you turn on the DNT, the browser may send a signal or other message to web services requesting that they not track you. Currently, our web servers do not recognize or respond to DNT signals. Our websites and mobile applications may continue to collect information in the manner described in this Privacy Policy.
3. Information We Obtain from Third Party Sources
We collect Personal Information from a number of third-party sources.
Service Providers. We use service providers to help us run our business. We get Personal Information about you from these service providers from time to time.
Loyalty and Rewards Partners: We use service providers to help us run our loyalty and rewards programs. These partners have access to Personal Information about you and share this information with us in connection with administering the loyalty and rewards program.
Information from Independent Stores: As described under the section titled “Independent Stores” below, we provide website and mobile app hosting services and receive customer data from the Independent Stores. We collect, use and share this Personal Information in ways permitted by our agreements with the Independent Stores.
Single Sign-On: Some of our Services allow you to register and login to our Services through a third-party platform such as Facebook. When you login to our service through a third-party platform, you allow us to access and collect any information from your third-party platform account permitted under the settings and privacy policy of that platform.
Pharmacy Data: Some of our stores have an associated pharmacy. For the data collection, use and disclosure practices of the pharmacies, please see the section titled “Pharmacy Operations” below.
Supplemental Information: We may receive additional Personal Information from third-party sources that we may append to existing consumer information, such as email and address verification. We use this supplemental information to better understand our consumers, deliver relevant offers and advertising, and improve our operations, stores, Services and our advertising and marketing campaigns.
4. Location Information
We collect location information through the Services so we can offer you certain location-based services (such as delivering advertisements that are relevant to your particular location and conducting analytics to improve our stores and the Services). The way in which we collect location information is different depending on whether you are accessing the Services through a website or a mobile application.
If you are accessing the Services through a website, we use various technologies, including IP lookup, to detect your location so that we can automatically show you the closest store to your area, rather than some random location. Depending on browser type, your browser may inform you that the Site would like to collect your location and request your permission to do so. If you allow it, location information is then collected and may be stored locally on your device. If you decline the collection of location information, your location is not collected, and you must manually enter your location.
If you are viewing our content on a social media platform, location information may be collected by the third-party platform. We do not control the collection, use or disclosure of location information on social media platforms. To opt out of location information sharing, please set your preferences within your social profile settings or follow the instructions on the social media platform.
If you are using a mobile app, you will be prompted to provide your consent for us to collect your location information. If you decline to allow us to collect your location information, you must manually type-in your preferred store or location so that we can show you the local store or send offers that are available in your area.
If you allow us to collect your location information, we collect precise location information. Whether and to what extent we can collect this information is controlled by your operating system, but the methods of collection typically include GPS, cellular network location and other location-based services. Depending on the operating system, we typically receive the location of your mobile device expressed as latitude and longitude, as well as date and time. Please note that the precision of this data varies greatly and is determined by factors controlled by your device or mobile service provider.
If you elect to allow the mobile app to collect location information while the mobile app is running in the background, you will have enabled continuous location collection. This allows us to show you offers, coupons and advertisements relevant to current location and help you find our stores nearest to you. We also use this location information to conduct analytics and improve our operations as well as the Services themselves.
You can turn off location collection through your device settings or by deleting our mobile app from your device.
In addition to the uses described above, we may use your Personal Information for the following purposes:
We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on third-party platforms. We may do this by providing a hashed version of your Personal Information to the third party for matching purposes.
We share your Personal Information with third parties only in the ways described in this Privacy Policy.
Service Providers: We share your Personal Information with third-party service providers who complete transactions or perform services on our behalf or for your benefit, such as for administering the loyalty and rewards programs, payment processing, marketing, analytics, or to verify customer data, such as mailing addresses. Third-party service providers include analytics providers.
Affiliates: We may share your information with affiliated legal entities within the UNFI family of companies for purposes and uses that are consistent with this Privacy Policy. For example, we may have a separate legal entity that controls the stores in one particular region versus another, and UNFI may be the legal entity operating the website or mobile app, and UNFI would share Personal Information of customers of stores in a particular region with the legal entity that controls the stores in that region.
Third-Party Mobile App Providers: With your knowledge and consent, the Services may gather and transfer your information, including location information, from and to other applications, functions and tools within your mobile device.
Legal Process, Safety and Terms Enforcement: We may disclose your Personal Information to legal or government regulatory authorities in response to their requests for such information or to assist in investigations. We may also disclose your Personal Information to third parties in connection with claims, disputes or litigation, when otherwise required by law, or if we determine its disclosure is necessary to protect the health and safety of you or us, or to enforce our legal rights or contractual commitments that you have made.
Business Transfers: Your Personal Information may be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets, and could be transferred to a third party as one of the business assets in such a transaction.
Bankruptcy: In the event of insolvency, bankruptcy or receivership, your Personal Information may be disclosed or sold as part of the reorganization or liquidation process.
We have franchise and wholesale relationships with a network of independent retailers that independently own and operate their grocery stores (“Independent Stores”), but who may license the use of a brand name that we own or use our wholesale distribution network. This Privacy Policy does not apply to these Independent Stores or to the websites, mobile apps or other digital properties that are owned or operated by those Independent Stores. Please see the privacy policy posted on those digital properties to understand the Independent Store’s information practices.
This Privacy Policy does not apply to the information practices of the Independent Stores.
Some of our stores have pharmacies in them. These pharmacies are not covered by this Privacy Policy. Rather, they have separately posted notices of privacy practices that describe how the pharmacies collect, use and disclose your protected health information.
If your local store has a pharmacy, our mobile app includes a feature in which you can elect to submit a request to refill your prescription at the pharmacy. If you choose to use this feature, you will need to provide the last four digits of your phone number, the store where your prescription is being refilled and the prescription number. We will use this information solely for refilling your prescription. We will disclose information submitted to the relevant pharmacy for the purpose of providing you the services you request.
We support the self-regulatory principles of the Digital Advertising Alliance (“DAA”). We work with a variety of advertisers, advertising networks, advertising servers, and analytics companies (“Ad Partners”) that use different technologies to collect data about your use of the Services (such as pages visited, ads viewed or clicked on) in order to deliver relevant advertising.
These technologies may include the placement on our Services of cookies or web beacons, and other data collection technologies by these Ad Partners to track how our Services are being used, to track where users go and what they do after their leave our Services, and to link various devices you may use, and to serve you more relevant ads. These advertisements may appear on our Services or other websites, mobile apps or platforms that you visit.
For more information about how Ad Partners use the information collected by the technologies on our Services and about your options not to accept cookies placed by some of these companies on our Services, please visit the DAA’s opt-out page www.aboutads.info/choices/. You may also opt out of additional third-party advertising networks by going to the Network Advertising Initiative’s website http://www.networkadvertising.org and following the directions. Google provides certain choices related to their services. For more information, please visit https://adssettings.google.com/.
The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests. In addition, when you opt-out using one of these methods, our Ad Partners will continue to collect information for any other purpose permitted by the DAA’s rules. You can opt-out of future information collection from our Services by ceasing use of the Service or in the case of an application, uninstalling the application.
Please note that this Privacy Policy does not cover the practices of our Ad Partners. UNFI does not have control over these third-party technologies, or the information contained in them.
Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit Personal Information online from children under the age of 13. We encourage parents or guardians to participate in and monitor their children’s online activity. If a child under 13 has provided Personal Information to us, we encourage the child’s parent or guardian to contact us (see the “Contact” section below) to request that we remove the information from our systems. If you are under the age of 13, do not provide us with any Personal Information either directly, on any website bulletin boards, or by other means.
You may review your Personal Information that is readily accessible through our Services or contact us to request that it be updated by contacting our Customer Interaction Center (see the “Contact” section below).
We will retain your Personal Information for as long as your account is active or as reasonably useful for commercial purposes. We will retain and use your Personal Information as necessary to comply with our legal obligations or data retention policies, resolve disputes and enforce our agreements.
This section of our Privacy Policy is applicable to persons located in the European Union (“EU”), an European Economic Area member state (“EEA”), United Kingdom (“UK”), or Switzerland as well as to persons whose Personal Information is processed in or transferred from the EU, EEA, UK, or Switzerland. You are entitled under the EU General Data Protection Regulation and UK General Data Protection Regulation (collectively, the “GDPR”), to the information in this section of our Privacy Policy.
Your Rights. You are entitled by law to access, correct, amend, or delete Personal Information about you that we hold. A summary listing these rights appears below. Please note that these rights are not absolute and certain exemptions may apply to specific requests that you may submit to us.
To exercise these rights, please contact us using the information below in the “Contact” section. For your protection, we may need to verify your identity before responding to your request. In the event that we refuse a request, we will provide you a reason as to why.
Asking Us to Access Your Personal Information. You have the right to obtain from us confirmation as to whether or not we are processing Personal Information about you, and if so, the right to be provided with the information contained in this Policy. You also have the right to ask us for copies of your Personal Information. When making a request, please provide an accurate description of the Personal Information to which you want access. Where requests are repetitive or manifestly unfounded or excessive, we may charge a reasonable fee based on administrative cost.
Asking Us to Rectify Your Personal Information. You have the right to ask us to rectify Personal Information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Asking Us to Delete Your Personal Information. You have the right to ask us to erase your Personal Information if:
However, these rights are not absolute. Even if you make a request for deletion, we may need to retain certain information for legal or administrative purposes, such as record keeping, maintenance of opt-out requirements, defending or making legal claims, or detecting fraudulent activities. We will retain information in accordance with the “How Long Is Your Personal Information Kept” section above.
If you do exercise a valid right to have your Personal Information deleted, please keep in mind that deletion by third parties to whom the information has been provided might not be immediate and that the deleted information may persist in backup copies for a reasonable period (but will not be available to others).
Asking Us to Restrict Our Use of Your Personal Information. You have the right to ask us to place a restriction on our use of your Personal Information if one of the following applies to you:
The Right to Transfer Your Personal Information to Another Service Provider. You have the right to ask that we transfer the Personal Information you gave us from one organization to another, or give it to you (i.e., data portability). This applies to Personal Information we are processing to service a contract with you and to Personal Information we are processing based on your consent.
The Right to Withdraw Consent. If we obtain your written consent to collect and process your Personal Information, you can subsequently withdraw such consent as to any further processing of such information.
The Right to Lodge a Complaint with a Supervisory Authority. If you believe your rights under the GDPR have been violated, the GDPR gives you the right to file a complaint with your supervisory authority. A list of supervisory authorities is available here: EEA and EU Data Protection Authorities (DPAs); Swiss Federal Data Protection and Information Commissioner (FDPIC); and UK Information Commissioner’s Office (ICO).
Rights Related to Automated Decision-Making. To the extent that we engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you, you have the right not to be subject to such decision-making.
Right to Object to Processing. You have the right to object to the processing of your Personal Information that is based on legitimate interests or your consent (rather than when the reason for using it is to perform an obligation due to a contract with us).
If you make such an objection, we will cease to process the Personal Information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or we can demonstrate the processing is for the establishment, exercise, or defense of legal claims. You can object to the processing of your Personal Information by contacting us using the information in the “Contact” section below.
Legal Basis for Processing Your Personal Information. We collect your Personal Information to provide our products and services to you; otherwise, we may not be able to process the transactions you request. We will only process your Personal Information when we have a lawful basis for doing so. If you are in a country in the EU, EEA, UK, or Switzerland, you are entitled to an explanation of the legal basis we rely on to process your Personal Information. The legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it, which is discussed below.
o Children’s Consent. We do not knowingly process data of EU, EEA, UK, or Switzerland residents under the age of 16 without reasonably verified parental consent.
Depending on the situation, we may be the controller or the processor for Personal Information collected from residents of the EU, EEA, UK or Switzerland. If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Information for any specific processing activity, please contact us using the “Contact” section below.
Cross-Border Transfers of Personal Information. Our Services are operated in the United States. Personal Information about you provide while in the EU, an EEA member state, the UK, or Switzerland may be transferred to the United States. The United States does not have an adequacy decision or adequacy regulation. The GDPR permits such transfers when necessary for the performance of a contract between you and us, if we obtain your explicit consent to such transfer, or if it is in our legitimate interest to transfer the Personal Information. The laws in the United States may not be as protective as the GDPR or the laws of other jurisdictions where you may be located. If we transfer Personal Information from the EU, EEA, UK, or Switzerland, or another country with cross-border transfer obligations, we will provide an appropriate safeguard, such as using standard contractual clauses.
To obtain a copy of the safeguard(s), please contact us using the information provided in the “Contact” section below.
If you are a California resident, you have certain rights with respect to the collection, use, transfer, and processing of your Personal Information, as defined by the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act (“CRPA”) and implementing regulations. We reserve the right to limit these rights where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others. Please note that terms in this California Privacy Rights section are used in accordance with the definitions provided to them in the CPRA, which may differ from how those terms are used throughout the rest of the Privacy Policy (for example, the word “share”).
To exercise any of the rights below, please contact us via the contact information below. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information.
What Information Do We Collect?
The below examples are illustrative examples from the CCPA and do not reflect the specific pieces of information we collect.
The following chart shows which categories of Personal Information we have collected in the previous 12 months.
Category1 | Examples | Collected | Retention Period |
---|---|---|---|
A. Identifiers |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law. |
B. Personal Information |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law. |
C. Protected Classification Characteristics Under California or Federal Law |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law. |
D. Commercial Information |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law. |
E. Biometric Information |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
No |
N/A |
F. Internet or Other Similar Network Activity |
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law. |
G. Geolocation Data |
Physical location or movements. |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law. |
H. Sensory Data |
Audio, electronic, visual, thermal, olfactory, or similar information. |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law. |
I. Professional or Employment-Related Information |
Current or past job history or performance evaluations. |
No |
N/A |
J. Non-Public Education Information |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
No |
N/A |
K. Inferences Drawn of the Consumer |
Inferences drawn from Personal Information identified above to create a profile about a consumer reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law |
L. Sensitive Personal Information |
Personal Information that reveals (a) Social Security, driver’s license, state identification card, or passport number; (b) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credential allowing access to an account; (c) precise geolocation; (d) racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; or (f) genetic data. Biometric information processed for the purpose of uniquely identifying a consumer, Personal Information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation. Some Sensitive Personal Information included in this category may overlap with other categories. |
Yes |
As long as you are a customer of or do business with UNFI and at a minimum of up to 7 years after last interaction with UNFI or as long as required by law. |
[1] Categories of Personal Information are as defined in Cal. Civ. Code. § 1798.140(v) (effective Jan. 1, 2023).
The above does not relate to information collected in connection with an individual’s employment by or seeking employment from UNFI. If you are employed by or seeking employment from UNFI, please see the Associate and Contractor Privacy Policy for information regarding your Personal Information.
Sources From Which Personal Information Is Collected
We collect identifiers, Personal Information, protected classifications, sensory data, and sensitive Personal Information, directly from you. We collect commercial information by keeping a log of your transactions. We collect internet and other electronic network activity, geolocation, and inferences based on your interactions with our website and mobile apps.
When acting as a service provider, UNFI receives or has access to Personal Information collected by the business. UNFI uses that Personal Information solely to provide the services to the business.
Business or Commercial Purposes for Which Personal Information Is Collected
Your Personal Information is used for the following purposes:
When acting as a service provider, UNFI uses the Personal Information it receives or has access to solely to provide the services to the business.
Third Parties With Whom Personal Information Is Disclosed, Shared, or Sold
In the preceding 12 months, we have disclosed the following Personal Information about consumers for business purposes:
We do not disclose to third parties any Personal Information in exchange for money. However, we understand that California has taken the position that the use of certain cookies or other analytical tools may constitute both a “share” and “sale” as those terms are defined in the CCPA/CPRA. In the preceding 12 months, we have shared and sold the Personal Information about consumers:
We have shared Personal Information in categories A (identifiers), B (personal), C (protected class), D (commercial), and G (geolocation) to third parties for the purpose of receiving analytical information or marketing.
We do not have actual knowledge that we sell or share the Personal Information of consumers under 16 years of age.
Individual Rights
Right to Know About Personal Information Collected, Disclosed, or Sold (if Applicable)
You have the right to request that UNFI disclose the Personal Information it collects, uses, and discloses about you to third parties. There are two types of Rights to Know requests that you can make:
1. Right to Know (Abbreviated Request): If you make a Right to Know (Abbreviated Request), you will receive the following information about you:
a. Categories of Personal Information collected;
b. Categories of sources from which Personal Information is collected;
c. Business purpose for collecting or selling; and
d. Categories of third parties with whom sold, if applicable.
2. Right to Know (Specific Pieces of Information Request): If you make a Right to Know (Specific Pieces of Information Request), you will receive the following information about you:
a. Specific pieces of Personal Information collected about you.
This information will be provided to you free of charge, unless UNFI determines that your request is manifestly unfounded or excessive. You may request this information twice in a 12-month period.
There are certain exceptions to a consumer’s Right to Know. UNFI will state in its response if an exception applies.
Right of Deletion
You have the right to request that UNFI and our service providers delete any Personal Information about yourself which UNFI has collected from you upon receipt of a verifiable request. This right is subject to certain exceptions. UNFI will state in its response if an exception applies.
Right to Opt-Out of the Sale of Personal Information (if Applicable)
You have the right to opt-out of the sale of their Personal Information by a business subject to certain laws and regulations.
For more information, please visit our Do Not Sell or Share My Personal Information page.
Right to Non-Discrimination
You have the right not to receive discriminatory treatment for exercising the privacy rights conferred by California law. UNFI will not discriminate against you because you exercised any of your privacy rights, including, but not limited to, by: denying goods or services to you; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level of quality of goods or services to you; or suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Right of Correction
If we maintain inaccurate Personal Information about you, then you have the right to request that we correct the inaccurate Personal Information upon receipt of a verifiable request. Taking into account the nature of the Personal Information and purposes of processing the Personal Information, you have the right to request that we correct inaccurate Personal Information about you, if applicable.
Right to Limit Use and Disclosure of Sensitive Personal Information
To the extent UNFI collects any Sensitive Personal Information, it only does so for the purposes specified in Section 7027 of the California Consumer Privacy Act Regulations.
Submitting Requests
You can submit your request by clicking here UNFI Data Subject Access Request, and filling out the request form or by calling us at1-800-360-7316.
Verifying Requests
UNFI provides California consumers with a portal UNFI Data Subject Access Request and a telephone number 1-800-360-7316 to submit requests. UNFI must verify that the person requesting information or deletion is the California consumer about whom the request relates in order to process the request. To verify a California consumer’s identity, we may request up to three pieces of Personal Information about you when you make a request to compare against our records. We may also request that you sign a declaration under the penalty of perjury from the consumer whose Personal Information is the subject of the request.
Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in your request to verify your identity and will delete any information you provide after processing the request. UNFI reserves the right to take additional steps as necessary to verify the identity of California consumers where we have reason to believe a request is fraudulent.
Authorized Agents
You may choose a person registered with the California Secretary of State that you authorize to act on your behalf to submit your requests (“Authorized Agent”). If you choose to use an Authorized Agent, UNFI requires that you provide the Authorized Agent with written permission to allow them to submit your request and that you verify your identity directly with UNFI. Failure to do so may result in UNFI denying your request.
Contact for More Information
If you have any questions or concerns regarding your California Privacy Rights under this Privacy Policy, you may contact us in the following ways:
Mailing Address:
Attn: Customer Experience Team
71 Stow Drive
Chesterfield, NH 03443
Email Address: privacypolicy@unfi.com
Phone Number: 1- 800-360-7316
Last Updated: January 1, 2023
For your information and convenience, our Services contain links to websites operated by third parties. Our website may also include features like buttons and widgets hosted by other companies (for example, the Twitter “Tweet” button). These features may collect your IP address, which page you are visiting on our Services, and may set a cookie to enable the feature to function properly.
We use Google Maps with our Find a Store feature. By using our Find a Store feature, you are bound by Google Maps/Google Earth Additional Terms of Service https://maps.google.com/help/terms_maps/, including Google’s Privacy Policy https://policies.google.com/privacy.
This Privacy Policy does not apply to, and we are not responsible for, the practices of third parties that collect your Personal Information. We encourage you to review the privacy policies of those third parties to learn about their information practices.
This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your Personal Information, we will notify you by prominently posting notice of the changes on the Services and updating the effective date above. Your continued use of the services is deemed to be acceptance of such changes.
If you do not wish to permit changes in our use of your Personal Information, you must notify us prior to the effective date of the changes that you wish to deactivate your account with us. Continued use of our Services, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
If you have provided us with your contact information, we may send you email messages, direct mail offers, push notifications or other communications regarding products or services depending on the method of communication selected. You may ask us not to do so when you access our websites or mobile applications or change your preferences by updating any accounts you have with us. At any time, you may elect to discontinue receiving commercial messages from us by submitting an opt-out request to the contact information below or by following the unsubscribe instructions in the form of the communication you received, as described below.
Printed Materials: To opt out of receiving printed marketing materials at your postal address, such as advertisements, flyers or postcards, please write to us at the address below. Please be sure to include your name and mailing address exactly as they appear on the printed marketing materials you received.
Emails: To opt out of receiving marketing communications via email, please send an unsubscribe request to the email address below or click on the unsubscribe link at the bottom of the email that was sent to you and follow the directions on the resulting web page. Please note that you may continue to receive certain transactional or account-related electronic messages from us.
Text Messages: If you have consented to receive text messages, you may opt-out of receiving them by using the method provided in the text message or by contacting us at the address below.
Push Notifications: To opt out of receiving push notifications, please set your preferences within your device setting menu.
You may deactivate your account at any time for any reason by calling or emailing us as indicated in the “Contact” section below.
If you have any questions or comments about this privacy policy or other privacy related matters, you may contact us in the following ways:
Mailing Address:
Attn: Customer Experience Team
71 Stow Drive
Chesterfield, NH 03443
Email Address: privacypolicy@unfi.com
Phone Number: 1-800-360-7316