Last Updated: March 27, 2024

This Washington Consumer Health Data Privacy Policy supplements the Kroger Family of Companies Privacy Policy and applies to “consumer health data” subject to Washington State’s My Health My Data Act (MHMDA).

Some of the products we sell and services that we provide to our customers may result in the collection of data that qualifies as “consumer health data,” as defined by the MHMDA. When we collect such data, it falls into the following categories:

• Products or services that may reveal information about your health-related conditions, treatments, diseases, diagnoses, use or purchase of prescribed medications, and other health related interventions. For example, some of our retail locations may sell prenatal vitamins, crutches, and lice treatments.
• Products or services that may reveal information about bodily functions, vital signs, symptoms, diagnoses or diagnostic testing, treatment, medication, or measurements related to the same. For example, some of our retail locations sell glucose monitors and testing strips.
• Products or services that may reveal information about your reproductive or sexual health. For example, some of our retail locations sell pregnancy tests and other products related to reproductive or sexual health.

We do not analyze customer data to make inferences about our customers’ past, present, or future physical or mental health status.

We may use the categories of consumer health data described above for the following purposes:

• provide you the products and services you purchase or request
• improve your shopping experience, to enable you to more quickly and efficiently find the products and services you want
• improve and administer our products and services
• fulfill your requests
• personalize your experience
• communicate with you
• support our business operations and functions, including fraud prevention, analytics, merchandising, security, and legal

Below are more specific examples of how we may use your information:

• To operate our businesses including our retail operations, mobile applications, and websites.
• To personalize your experience, including on our websites and apps to help you find the products and service you are looking for more quickly and efficiently.
• To communicate with you, such as providing account notifications or order status updates, providing product recall notifications, confirming your preferences.
• For research and analyses purposes, such as learning about our customers’ experience with a new product or service offering.
• To design and develop new product and service offerings.
• To conduct business analytics, for such purposes as forecasting and planning, developing statistics on engagement with our websites and applications.
• For safety and security purposes, including to:
• Detect and respond to threats, to both our in-store and online operations,
• Protect the health and safety of our customers, associates, and the public; and
• Prevent, investigate and prosecute shoplifting, fraud, and other criminal activities
• To improve how we do business, improve our products and services, and your shopping experience.
• For other internal business purposes such as:
• For quality control
• For system administration and technology management, including optimizing our websites and applications
• For recordkeeping and auditing purposes
• For risk management, investigations, reporting and other legal and compliance reasons
• Administer our relationships with our customers
• In connection with mergers, acquisitions, divestitures, or similar corporate transactions
• To fulfill our legal obligations.
• To fulfill or meet the request for which the information is provided.
• To create aggregated or deidentified information. When we create aggregated or deidentified information, we do so in a manner such that it is no longer considered personal information (as defined in MHMDA). We may use such deidentified or aggregated data to analyze general trends in our business and to provide (or make available) trends and insights to our business clients in aggregated form.
• As otherwise permitted by law or as we may notify you. We may also use consumer health data you provide to us for other purposes as disclosed at the time you provide your information or otherwise with your consent.

As described further in the “How We Collect Your Information” section of our Privacy Policy, we collect information that may be considered to be consumer health data directly from you, when you visit a store, your interactions with our websites and mobile apps, from other companies within The Kroger Family of Companies, from publicly available sources, and from other third parties.

As defined by MHMDA, we share consumer health data with the categories of third parties and the affiliates listed below. When we share consumer health data, we share it accordance with the MHDMA.

Affiliates. We may share consumer health data within the Kroger Family of Companies including with The Kroger Co. and its subsidiary 84.51 LLC, both of whom provide many services to the companies that make up the Kroger Family of Companies.

Business Partners. We may share or otherwise make your information available to business partners for a business purpose that we have approved. We require that the recipients of this data protect such data, obey use restrictions, and comply with all applicable laws.

Competent Governmental and Public Authorities. We may share consumer health data with governmental authorities if we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity or a violation of our Terms and Conditions (posted at the footer of our websites) or other contracts.

Third Parties Pursuant to Legal Process. We may share consumer health data to the extent necessary to respond to subpoenas, court orders, or other legal process; in response to a request for cooperation from law enforcement or a government agency; or to otherwise comply with our other legal and regulatory obligations.

Other Third Parties. We may share consumer health data when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, including to allow us to pursue available remedies and limit the damage we may sustain.

Notwithstanding anything else in this notice, we may share data that has been aggregated or deidentified in such a manner that it is no longer considered personal information (as defined in the MHMDA). When we share aggregated or deidentified data, we require recipients to refrain from reidentifying the data and to pass this obligation on to downstream recipients.

MHMDA provides covered individuals with certain rights to access, delete, and, to the extent applicable, withdraw consent relating to their consumer health data, subject to certain exceptions.

You may exercise the rights outlined above by either:

• Selecting the privacy right you wish to exercise by clicking on the Privacy Request Form.

• Calling us at 1-800-432-6111

We may take steps to authenticate your identity before responding to your request by asking you a series of questions about your previous interactions with us or ask you to provide other knowledge-based qualifiers.

If your request to exercise a right under the MHMDA is denied, you may appeal that decision by following the instructions that we provide when we deny your request. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

This policy is subject to change at our discretion. We will indicate changes to the policy by updating the “Last Updated” date at the beginning of the notice. We will communicate material changes to you in accordance with applicable law, which may include through a notice on a printed receipt, the website home page, or a notice to the email address specified in your account (if you have an account with us). Your continued use of our websites or our other services after any update to this notice will constitute your acceptance of our changes.

If you have any questions or concerns about this policy or the practices described herein, you may contact us via email at HTPrivacyOffice@HarrisTeeter.com or by telephone at 1-800-432-6111.