This Policy addresses these topics:
How do we collect personal information?
We collect personal information that you provide directly to us (in store, online or through other communication channels) as well as information your devices provide to us automatically, as described below. Where permitted by applicable law, we may also collect personal information from third parties (such as advertising partners) or publicly available sources as described below.
What information do we collect and how do we use it?
1. Information You Provide
When you visit or use our Services, including when you purchase merchandise or gift cards, you may provide us with and we will collect certain personal information, such as your name, birthday, address, phone number, email address, personal preferences, payment card number, online and in store purchase and ordering information, demographic information, responses to survey questions, questions and inquiries, and any other information you choose to provide. We may also collect information that you provide through our Services about people you know, such as your gift recipient’s contact information, to process your gift orders.
We also assign a customer identifier to you, which is associated with your email address, and/or payment card (represented by a token value) and purchase data (such as the items purchased, price, payment method, time and location of purchase). We may use this information for our own analysis to better understand our customers and improve our products and services, and for the purpose of tailoring offers to you based on your past purchases and inferred tastes and preferences. We continue to collect and associate purchase information for these same purposes over time, as you shop with us. If you have signed up for our promotional communications, your customer identifier may be contained in an email or postal offer that you provide for offer redemption.
We collect this information at various places in connection with our Services, such as when you check out with your online or in-store order; communicate with our chatbot; subscribe to receive tailored email offers and SMS text messaging offers; participate in surveys; enter contests or sweepstakes; or interact with special-event or program offers. If you return or exchange merchandise, we may collect contact information, such as name and address, for identity verification and loss prevention purposes. We may also collect information that you provide on our Services about people you know. For example, we collect your gift recipient's contact information to process your gift orders.
2. Information Your Devices Provide Automatically
When you interact with our Services, we obtain certain information by automated means, including the following:
a. Location Information
We may obtain information about your location when you access or use our Services: for example, via your browser information and other similar device, software, or browser attributes (like IP address), or our store locator page. For more details, please see "What choices do you have over how your information is used?" below.
b. Navigational Information
When you access our Services, your computer, phone, or other device may provide navigational information, such as browser type and version, service-provider identification, IP address, the site or online service from which you came, and the site or online service to which you navigate.
c. Device Information
We also may obtain information about the computer or mobile device you use to access our Services, such as the hardware model, operating system and version, identification numbers assigned to your mobile device, such as the ID for Advertising (IDFA) on Apple devices, and the Advertising ID on Android devices, mobile network information, and website or app usage behaviour.
d. Cookies, Clear Gifs, Analytics, Device Identifiers, and Similar Technologies
To better understand how you interact with our Services, we may collect information using cookies, clear gifs (also known as web beacons, web bugs, or pixels), and similar technologies.
A cookie is a small amount of data that is stored by your browser on your device. It's used to do things like see how you navigate our Services and what you click on; remember you and your online purchases when you return; and recognize you and honour a special deal for you when you redeem one of our offers from a third party’s site. This helps us improve and deliver our Services, provide better customer service, tailor and improve your online experience, and tailor offers to you based on your unique tastes and a combination of your online and offline (e.g., in-store) interactions and purchase history.
A clear gif is a nearly invisible pixel-sized graphic image on a web page, web-based document or email message. It helps us do things like view the URL of the page on which the clear gif appears and the time the site, document, or email in question is viewed; and recognize you and honour a special deal for you when you navigate from a third party’s site to redeem one of our offers that may have appeared there. Clear gifs in emails help us confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized or better online experience.
In addition to cookies and clear gifs, we may also use device identifiers, web storage, third-party provided analytics services, such as session replay services, and other similar technologies and services, to collect information about your interactions with our content and Services. Session replay services consists of an analytics application that allows us to capture and analyze your interaction with our Services to better identify and repair any technical errors and optimize our Services. Such technologies and third-party-provided services may observe or record your activities when using our Services, including movements, scrolling, visit duration, clicks, information typed, and other interactions.
To facilitate our Services, we use third-party service providers to assist us in providing you with communications and interactive experiences. When you interact or communicate with us, you are also interacting and communicating with or through our third-party service providers and their technologies (session replay, for example). These technologies, illustrated above, may be used to help us understand which of our interactive experiences online users like most; and to diagnose, troubleshoot, optimize, debug, rectify, and fix our Services. Cookies, clear gifs, session replay services, and similar technologies also allow us to associate your online navigational information and purchases and interactions (both online and offline) with personal information you provide (such as name, address, phone number, survey responses, and email address). We associate this information to deliver products and services to you; improve our business; transact business; and market our products and services through a variety of media like email, mobile advertising, and direct mail. See "What information do we share with, or disclose to, third parties and our sister brands?" for further information on how we share personal information.
For information about your options with respect to cookies, see "What choices do you have over how your information is used?" below.
3. Information Derived Through or Provided by Others
Affiliated entities, sister brands, vendors, social media networks, and advertising networks may provide us with, or supplement, information about you (with your consent where required by applicable law). We may use this information for a variety of operational or marketing purposes, such as to correct shipping information, market to you, deliver more relevant offers through customer insights, improve our business, and transact business.
4. Third-Party Analytics and Personalization Services
We may use third-party analytics services to analyze site metrics and performance, analyze our visitors' preferences, address technical issues, optimize our Services for better user experiences, and serve personalized content to you through the use some or all of the technologies described above, such as cookies, clear gifs, session replay software, and other similar technologies. For information about your options with respect to cookies, see "What choices do you have over how your information is used?" below.
One third-party analytics service that we use is Google Analytics. To learn more about Google Analytics and how to opt out, please visit "How Google uses data when you use our partners' sites or apps" located at www.google.com/policies/privacy/partners/ or support.google.com/analytics/answer/181881?hl=en.
5. Video Surveillance
We use video surveillance in our stores to record images for purposes related to ensuring and maintaining store security and public safety; addressing loss and fraud; and analyzing and improving store performance.
6. Job-Applicant Information
7. How We Use the Information We Obtain
We also use the personal information we obtain through the Services to:
a. process your orders and returns;
b. deliver our Services;
c. facilitate payment and transactions;
d. create and manage your online account;
e. personalize your online experience with content and offers that are tailored to your interests;
f. with your consent, send you or serve tailored information (including through email, direct mail, push notification, text messages, and digital advertising) about our products, services, and events that may be of interest to you based on your purchases and interactions (both online and in-store) and inferred tastes and preferences;
g. administer your participation in surveys and contests;
h. provide customer service and respond to your inquiries and requests;
i. enable you to post your content, such as comments, images or videos on our Services;
j. facilitate networks of online social activity centered around our products and services;
k. enable you to interact with third-party content, whether by linking to third-party sites, viewing their content within our online environment, or by viewing our content within their online environment;
l. better understand our customers and improve our products and Services, the manner in which offers are made on our Services, and the interactions and experience visitors have with our Services;
m. develop, market, and sell products;
n. manage and develop our business and operations and administer accounts;
o. diagnose, troubleshoot, optimize, debug, rectify, and fix our Services;
p. facilitate information security, and fraud monitoring and prevention;
q. protect us, our sales associates and others from error, negligence, fraud, theft, illegal activities, and harm;
r. create aggregated, pseudonymized or anonymized information for statistical purposes;
s. evaluate employment applications that are submitted to us;
t. respond to emergencies;
u. audit compliance with policies; and
v. comply with applicable laws.
How is technology used to serve our advertisements on other online services and what choices do you have?
With your consent, we and third parties collect information about your online activities to provide you with advertising on and off our sites about products and services tailored to your interests. We contract with third-party advertising companies, which collect and provide us with information about your use and interactions with the Services over time and across third-party websites and online services, for use in delivering tailored online display and banner advertising to you on other websites and online services. To serve this advertising, these third-party companies place, use, or rely on the technologies described above, including cookies, clear gifs, analytics, device identifiers and similar technologies to obtain information about customer interactions with us through our Services and interactions with other online services. These companies use the information they collect to serve you ads that are targeted to your interests.
You can specify or change your preferences over the use of some of these technologies by opening Cookie Preferences to view or change your preferences to address future cookie placement. To learn more about interest-based advertising including how to opt out of interest-based advertising from companies participating in industry self-regulatory opt-out tools, click the following: NAI Opt Out or DAAC Opt Out. Please note that if you opt out of interest-based advertising, you will still see ads from us, but the ads may be less relevant to you and your specific interests and tracking technologies may still collect data for other purposes, including analytics.
Your preferences only apply to the web browser you use so you must specify them for each web browser on each device you use. This means, depending on where you live, once you opt out of targeted advertising, for instance, if you later delete your browser’s saved cookies, you will need to opt out again.
If you consent to receive promotional communications from us, we may share your email address and basic personal and purchase details with social networking sites and other third-party platforms for the purposes of serving tailored advertisements to you or others. We may convert your email address or other information into a unique value and provide it to the third-party platform so that they can match the information with their data about a user on their platform. To opt-out or withdraw your consent to the sharing of your information for such purposes, please click on the opt-out form under “Social Sharing” in "What choices do you have over how your information is used?". Our Services do not respond to “Do Not Track” signals.
How do our services interact with third-party services and content?
We link to third-party sites and services, or otherwise display third-party content through our Services, for your convenience and information. These third-party sites and services may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked third-party sites and services are not owned or controlled by us, we are not responsible for these third parties’ information practices.
Here are examples of the types of third-party content and services available through or via our Services:
1. Interactive Maps
We may facilitate easy access to the online maps of content providers like Google to help you get quick location, driving, and contact information for our stores.
2. Sweepstakes, Contests, and Survey Sites
3. Social Networking and other Third-Party Sites and Services
What information do we share with, or disclose to, third parties and our sister brands?
We may share information about you with certain third parties, as described below, and as otherwise described in this Policy.
1. Our Sister Brands
We may share the information we collect about you, such as your postal and email address, customer preferences and purchase history, with affiliated entities that operate our sister brands so they may market to you. Such sister brands include White Barn Candle Co. We will obtain your consent to this sharing to the extent required by applicable law. If you don’t want this information shared with our sister brands, follow the instructions below in "What choices do you have over how your information is used?"
2. Service Providers and Contractors
We provide or make available personal information, and your communications and interactive experiences with us, to trusted third-party service providers, processors, and contractors whom we engage to provide services to us. These third-party service providers are integrated into all the data and communications processing activities that are covered by this Policy. When you interact or communicate with us, you are also interacting and communicating with or through our third-party service providers and their technologies. These processing services and activities include, for example, fulfilling orders; processing payments; providing customer service through chat or chatbot features; monitoring activity on our Services; diagnosing troubleshooting, optimizing, debugging, rectifying, and fixing our Services; delivering surveys and related analysis (which could be combined with Services usage analytics); maintaining databases; hosting and operating our microsites, mobile websites; administering, sending and monitoring emails and text messages; session replay services; serving online advertisements as described above; and providing consulting services.
3. Other Marketers
We may occasionally provide you with the opportunity to opt in to receive email messages from third parties. If you do opt in, we'll share your email address with the specific third party in question. Please review the privacy policies of these third parties to learn more about how they treat your personal information. If you wish to opt out of receiving emails from these third parties, please contact the third party directly or unsubscribe by following the links or instructions included in their emails.
4. Law Enforcement, Legal Disclosures, and Emergency Response
We or our service providers may disclose personal information about you (a) if we are required or permitted to do so by law or legal process (such as a court order or subpoena); (b) in response to requests by government agencies, such as law enforcement authorities in the jurisdictions in which we or our service providers process your personal information; (c) to establish, exercise, or defend our legal rights; (d) to detect, suppress or prevent fraud; (e) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (f) in connection with an investigation of suspected or actual illegal activity; or (g) otherwise with your consent.
5. Sale, Merger, and Business Transaction
We may disclose and/or transfer your personal information to a third party in the event of a proposed or actual purchase, sale (including a liquidation, realization, foreclosure or repossession), lease, merger, demerger, amalgamation or any other type of acquisition, disposal, transfer, conveyance or financing of all or any portion of our business, assets, or shares in order for you to continue to receive the same products, benefits, and services from that third party.
Your Privacy Choices
What choices do you have over how your information is used?
We offer you certain choices in connection with the personal information we obtain about you.
You may opt out of Bath & Body Works marketing emails by following the instructions located at the bottom of each marketing email or by contacting Customer Service at 1-800-395-8008. For Relay Service, dial 711 or use an internet protocol relay service. If you opt out of the marketing email list, we may still send you operational or transactional messages, such as password-reset, delivery information, or account related information.
2. Mobile Text Messaging
If you've signed up for mobile text messages but later decide you no longer wish to receive them, the quickest means to opt out is to follow the instructions included in a mobile text message and reply STOP to one of them. You may also contact us at 1-800-395-8008.
3. Mobile Push Notifications/Alerts
We may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
4. Location Information
You may have the ability to turn location-based services on and off by adjusting the settings of your internet browser or mobile device.
5. Postal Mail
If you'd like to specify your preferences for our postal mail, simply follow the instructions on the mailer. You may also inform us of your preference by dialing 1-800-395-8008. For Relay Service, dial 711 or use an internet protocol relay service.
6. Cookies and Clear Gifs
Visit "How is technology used to serve our advertisements on other online services, and what choices do you have?" to learn about how to specify your preferences over our use of cookie and similar technologies or click Cookie Preferences. You can also set your browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies you may not be able to take advantage of all of the features on our Services.
7. Our Sister Brands
If you don't want your information shared with our sister brands for those brands’ own direct marketing purposes, please follow the instructions below in "How do you access and/or rectify your personal information or withdraw your consent?" or contact us at 1-800-395-8008 to make a request. For Relay Service, dial 711 or use an internet protocol relay service.
8. Social Sharing
To opt-out of the sharing of your email address, and basic personal and purchase details, with social networking sites and other third-party platforms for the purposes of serving tailored advertisements to you or others, please complete this opt-out form.
How do you access and/or rectify your personal information or withdraw your consent?
You may update or modify your billing- and shipping-related information, and other account information, by logging onto our Services (e.g., Your Account on bathandbodyworks.ca). You may also (a) request to access and rectify your personal information, (b) withdraw any consent, or (c) submit a complaint regarding our privacy practices by clicking Your Data Rights or by calling us at 1-800-395-8008. For Relay Service, dial 711 or use an internet protocol relay service.
Upon request, we’ll (1) provide you with access to your personal information in our records, subject to limited exceptions set out under applicable privacy laws; (2) inform you of the existence, use and general disclosure of your personal information; and (3) correct/rectify or update any personal information that is inaccurate or incomplete, as necessary. You may request this information by calling 1-800-395-8008 or by contacting us as set out below. For Relay Service, dial 711 or use an internet protocol relay service. We may request certain personal information for the purpose of verifying the identity of the individual seeking access to their personal information records.
How do we protect personal information?
We maintain administrative, technical, and physical safeguards designed to protect the personal information that we collect through our Services against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure or use.
Our administrative safeguards include implementing, maintaining, and training employees on company privacy and information security policies and procedures. Our physical and technical safeguards include maintaining physical security policies and standards to protect company systems and data, and a cybersecurity program overseen by our executive leadership team.
We limit access to personal information on a need-to-know basis, and our associates are advised of the importance of confidentiality. The categories of our associates who have such access to your personal information include those responsible for (1) accounting, auditing, & reporting; (2) advertising; (3) analytics; (4) claims management; (5) customer service; (6) fraud monitoring and prevention; (7) human resources (e.g., for applications, payroll, and benefits); (8) information security; (9) logistics (e.g., for order processing, fulfillment, and shipping); (10) payment and transaction processing; (11) product and services development (e.g., for focus-group administration); (12) shopping and customer engagements (e.g., events, contests, sweepstakes, and loyalty programs); (13) surveys; and (14) technology administration and integrity.
Do we collect children's personal information?
Our Services are designed for a general audience and are not directed to children. We do not knowingly collect or solicit personal information from children under the age of fourteen (14) (or other relevant ages, which may apply by virtue of applicable law) through our Services. If we become aware that we have collected personal information from a child under such age, we will promptly delete the information from our records. If you believe a child under such age may have provided us with personal information, please contact us as specified in the "Whom may I contact for general inquiries?" section of this Policy.
Where is personal information stored and processed?
Our employees involved in data processing, and our servers are based in Columbus, Ohio, US, and other locations throughout the United States. We work with affiliated and unaffiliated service providers in the United States, India, China, and other jurisdictions around the world. This means that personal information will be communicated outside of Canada or your province (including, for residents of Quebec, outside Quebec) to locations throughout the U.S. and other countries where we or our service providers access or store your personal information. Also, the governmental bodies that have jurisdiction in that instance (e.g., courts and law enforcement agencies) may be entitled to access your personal information in accordance with the laws of those jurisdictions.
How long is personal information retained?
We seek to retain information necessary to effectively service our customers; provide relevant product assortments and advertisements; assist you with customer service-related matters; and otherwise meet our legitimate business needs and comply with our legal and contractual obligations. The need to retain personal information varies widely with the type of information and the purpose for which it was collected. We strive to ensure that personal information is retained only for the period required to fulfill the purposes for which it was collected and is deleted when no longer required for such purposes or to comply with applicable laws.
Whom may I contact for general inquiries?
If you have general questions, comments, or concerns about our Policy or the manner in which we or our service providers treat your personal information, please contact us at 1-800-395-8008. For Relay Service, dial 711 or use an internet protocol relay service.
Or contact us via:
ATTN: Chief Privacy Officer
Bath & Body Works
3 Limited Parkway
Columbus, OH 43230
How will we communicate updates to our policy?
Information about our Privacy Governance Policies and Practices
We are committed to protecting personal information and have implemented a comprehensive set of policies and practices that govern our treatment of personal information. These policies and procedures include, among other things, the following:
- We have implemented policies and procedures to protect personal information in our custody and control from unauthorized access, use or disclosure.
- We have implemented processes to respond to data subject requests and complaints in a timely and effective manner.
- As set out above, we have implemented a framework for the retention and destruction of personal information to ensure compliance with legal obligations, and to securely destroy personal information once no longer required.
- We have designated a Privacy Officer who is responsible for overseeing the company’s compliance with privacy legislation.
- We have implemented a privacy framework that defines the roles and responsibilities for our employees with respect to the treatment of personal information.
- We provide our employees with regular privacy training and awareness.