Last Updated: August 30, 2018

DeCA is committed to protecting your privacy. This Privacy Policy (“Privacy Policy”) explains how we collect, use, share and protect your personal information.

This Privacy Policy governs the collection and use of your personal information by DeCA on the web site, Commissary CLICK2GO, any other web site hosted by DeCA and any application, product or service made available by DeCA on behalf of itself or its customers, including its grocery retailer and consumer packaged goods clients (collectively, the “Services”). If you do not agree with any provision of this Privacy Policy, you should immediately discontinue use of the Services.

When you use the Services you may also be subject to the privacy policies of our customers or third party service providers with respect to their use and collection of your personal information.

Information we collect

We collect (i) information provided by you when you register on MyCommissary such as your name, email address, date of birth, last 4 digits of social security number (see Privacy Act Statement below), mailing address and telephone number; (ii) information we obtain from your use of our Services such as server log information (e.g., your queries, phone number and internet protocol address), device-specific information (e.g., your hardware model, operating system version, unique device identifiers and mobile network information including phone number), and physical location information collected from GPS location data and mobile wireless access points; (iii) information we collect during your grocery shopping sessions such as shopping list contents and ecommerce purchases; (iv) information provided by you when you participate in any promotions or contests offered by us or one of our affiliates; (v) information provided by you when offering feedback or completing profile forms; and (vi)  loyalty card purchase information provided to us by our retailer clients.

Privacy Act Statement

AUTHORITY: 5 U.S.C. § 552a, The Privacy Act of 1974; 10 U.S.C. §2481, Defense Commissary and Exchange Systems; Existence and Purpose; 10 U.S.C. §2484, Commissary Stores: Merchandise That May Be Sold; Uniform Surcharges and Pricing; 10 U.S.C. §2485, Commissary Stores: Operation; 10 U.S.C Chapter 54, Commissary and Exchange Benefits; Department of Defense Directive 5105.55, Defense Commissary Agency (DeCA); Department of Defense Instruction 1330.17, Armed Services Commissary Operations; Department of Defense 7000.14- R, Department of Defense Financial Management Regulations (FMR). DEERS System of Records Notice (SORN) DMDC-02-DoD, with the stated purpose of providing a database for determining the eligibility to DoD entitlements and privileges.

PURPOSE: To determine if an individual is authorized to shop at the commissary; to purchase commissary retail products using Commissary CLICK2GO®; to choose between store pick-up or delivery by a contracted service provider, and to pay for purchases electronically either at the time of ordering or at the time of pick up.

ROUTINE USES: Patrons will provide all PII, to include name, billing address, delivery address, email address, phone number, and EDIPI number via prompts from the online ordering website. This PII will be saved on a secured commercial cloud hosted by DeCA’s Enterprise Business Solution (EBS) contractor. The EDIPI number will be used to validated shopping privileges through the Defense Manpower Data Center database. Name, billing address, and payment information will be processed through Delivery address, phone number and email address will be provided to the delivery contractors.


EFFECTS OF NOT PROVIDING INFORMATION: Patron will not be able to purchase products on Commissary CLICK2GO®.

How we use information we collect

We will use your information to provide, maintain and improve our Services, to develop new Services and to protect DeCA and its users.  We also use your information to personalize our Services for you such as delivering more relevant search results and targeted ads.  We will also use your contact details to communicate with you on occasion, and we may use your information to send you offers and news. We may combine personal information from one Service with information, including personal information, from other DeCA Services.  For example, when you download our mobile applications, DeCA obtains your consent to use information for pinpointing technology such as GPS and cell tower information.  DeCA may use and store this information, in combination with other location-based information such as your IP address, billing postal code provided by your carrier or registration location, to provide enhanced location based services, serve location-targeted advertising, search results or other content. In addition, we may share your personally identifiable information with third party vendors that support our Services (e.g., email services or customer support tool provider) or our retailer partners’ services.

Information we Share

Legal Disclaimer

We reserve the right to disclose your personally identifiable information as required by law and when we believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud or security incidents, situations involving potential threats to the physical safety of any person, violations of these Terms of Use, or as otherwise required by law.

Other web sites

Our web site may contain links to other web sites which are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided within the Services, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

Notice regarding children’s privacy (Users under the Age of 13)

In response to concerns about protecting children’s privacy online, Congress enacted the Children’s Online Privacy Protection Act of 1998 (“COPPA”), which sets forth rules and procedures governing the ways in which websites may collect, use and disclose any personal information for children under the age of 13.  In accordance with COPPA regulations, we do not (1) request or knowingly collect personally identifiable information online or offline contact information from users under 13 years of age; or (2) knowingly use or share personal information from users under 13 years of age with third parties.

It is possible that by fraud or deception we may receive information given to us or pertaining to children under 13.  If we are notified of this, as soon as we verify the information, we will immediately delete the information from our servers.

Questions regarding children’s privacy should be directed to us at the contact information provided below.


We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.  No method of transmission over the Internet, or method of electronic storage, is 100% secure, however.  Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.


We may update our Privacy Policy from time to time. When we make these updates, we will change the “last updated” date listed at the top of this Policy.  If we make material changes to this policy, we will provide a prominent notice here and/or for certain Services, email notification of changes to this Privacy Policy.

Contacting us

For any questions or concerns you may have regarding this Privacy Policy and our information and data collection and use practices, please contact us at:
Defense Commissary Agency
ATTN: Privacy Officer
1300 E Avenue
Fort Lee, Virginia 23801-1800


Requests should contain: individual’s name and address, telephone, email address, SSN, DoD ID Number, and DoD ID Bar Code value.


Defense Commissary Agency Cookie Acknowledgement

Our website uses both persistent and session cookies:

    • Persistent cookies are used to allow the website to recognize users when they return to the site and to remember certain information about their preferences. These cookies are cookies which stay on your computer permanently, until you “manually” delete them.
    • Session cookies are used in order to allow customers to carry information across pages of the website, without having to re-enter such information. These cookies delete themselves automatically when you leave a website and go to another. Or when you shut down your browser.

A cookie is a small file and holds a certain amount of data, which our website can send to your browser. It may then be stored on your computer’s hard drive and can be accessed by our web server. This cookie data can then be retrieved and can allow us to customize our web pages and services accordingly. It is important to clarify that cookies do not collect any personal data stored on your hard drive or computer. To find out more about cookies, visit The Defense Commissary Agency’s MyCommissary website uses cookies to simplify the logging on process for registered users, and to help ensure the security and authenticity of registered users using your user name. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file. You may disable cookies by following directions provided at: If you choose not to accept these cookies, you will not be able to use the Defense Commissary Agency MyCommissary functionality.