1. 1. Information You Provide

   When you visit our Services, make purchases, or create a loyalty account, you may provide us with certain personal information, such as your name, birthday, address, phone number, email address, personal preferences, payment card number, purchase and ordering information, login and authentication information, demographic information, responses to survey questions, questions and inquiries, and any other information you choose to provide. Our Services may also give you the option to upload or share pictures or videos of yourself and others.

   We collect this information at various places on our Services, such as when you check out with your online order; communicate with our chatbot; engage with our mobile applications; subscribe to email offers and mobile messaging offers; participate in surveys; enter contests or sweepstakes; or interact with special-event or program offers.

   We may also collect information that you provide on our Services about people you know. For example, we collect your gift recipient's contact information to process your gift orders.

2. 2. Information Your Devices Provide Automatically

   When you interact with our Services, we obtain certain information by automated means, including the following:

   1. a. Geolocation Information

      We may obtain information about your approximate and precise geolocation when you access or use our Services: for example, via your browser information and other similar device or browser attributes (like IP address), our store locator page, or our mobile applications. For more details, please see "What choices do you have over how your information is used?" below.

   2. b. Navigational Information

      When you access our Services, your computer, phone, or other device may provide navigational information, such as browser type and version, service-provider identification, IP address, the site or online service from which you came, and the site or online service to which you navigate.

   3. c. Device Information

      We also may obtain information about the computer or mobile device you use to access our Services, such as the hardware model, operating system and version, identification numbers assigned to your mobile device, such as the ID for Advertising (IDFA) on Apple devices, and the Advertising ID on Android devices, mobile network information, and website or app usage behavior.

   4. d. Cookies, Clear Gifs, Analytics Services, and Similar Technologies

      To better understand how you interact with our Services, we may collect information using cookies, clear gifs (also known as web beacons or web bugs), analytics services (such as session replay software), and other similar technologies.

      A cookie is a text file with small amount of data that is stored by your browser on your device. It's used to do things like see how you navigate our Services and what you click on; remember you and your online purchases when you return; and recognize you and honor a special deal for you when you redeem one of our offers from a third party’s site. This helps us improve and deliver our Services, provide better customer service, tailor and improve your online experience, and tailor offers to you based on your unique tastes and a combination of your online and offline (e.g., in-store) interactions and purchase history.

      A clear gif is a nearly invisible pixel-sized graphic image on a web page, web-based document, or email message. It helps us to do things like view the URL of the page on which the clear gif appears and the time the site, document, or email in question is viewed; and recognize you and honor a special deal for you when you navigate from a third party’s site to redeem one of our offers that may have appeared there. Clear gifs in emails help us to confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized or better online experience.

      In addition to cookies and clear gifs, we may also use device identifiers, web storage, third-party-provided analytics services, such as session replay services, and other similar technologies and services, to collect information about your interactions with our content and Services. Session replay services consists of an analytics application that allows us to capture and analyze your interaction with our Services to better identify and repair any technical errors and optimize our Services. Such technologies and third-party-provided services may observe or record your activities when using our Services, including movements, scrolling, visit duration, clicks, information typed, and other interactions.

      To facilitate our Services, we enable our third-party service providers to be part of your communications and interactive experiences with us. When you interact or communicate with us, you are also interacting and communicating with or through our third-party service providers and their technologies (session replay, for example). These technologies, illustrated above, may be used to help us understand which of our interactive experiences online users like most. Cookies, clear gifs, session replay services, and other similar technologies also allow us to associate your online navigational information and purchases and interactions (both online and offline) with personal information you provide (such as name, address, phone number, survey responses, and email address). We may associate this information to deliver products and services to you; improve our business; transact business; recognize other devices within your household; and market our products and services on this and other online services through a variety of media like email, mobile advertising, direct mail, and social media.

      For information about your options with respect to cookies and clear gifs, see "What choices do you have over how your information is used?" below.

3. 3. Information Derived Through or Provided by Others

   Affiliated entities, sister brands, vendors, social media networks, and advertising networks may provide us with, or supplement, information about you. We may use this information for a variety of operational or marketing purposes, such as to correct shipping information, market to you, deliver more relevant offers through customer insights, improve our business, and transact business.

4. 4. Third-Party Analytics and Personalization Services

   We may use third-party analytics services to analyze site metrics and performance, analyze our visitors' preferences, address technical issues, optimize our Services for better user experiences, and serve personalized content to you through the use of some or all of the technologies described above, such as cookies, clear gifs, session replay software, and other similar technologies.

5. 5. How We Use the Information We Obtain

   We use the personal information we obtain through the Services to:

   1. deliver our Services;
   2. process your online orders;
   3. facilitate payment and transactions;
   4. create and manage your online account;
   5. personalize your online experience with content and offers that are tailored to your interests;
   6. provide customer service and respond to your inquiries and requests;
   7. include you in surveys and contests;
   8. enable you to post your content, such as comments, images or videos;
   9. facilitate networks of online social activity centered around our products and services;
   10. improve our Services, the manner in which offers are made on our Services, and the interactions and experience visitors have with our Services;
   11. enable you to interact with third-party content service providers, whether by linking to their sites, viewing their content within our online environment, or by viewing our content within their online environment;
   12. market our products and services that may be of interest to you;
   13. create aggregated, permanently de-identified, or anonymized information for statistical purposes, which we will maintain and use in a non-individually identifiable form and will not attempt to re-identify the data; and
   14. administer technology and ensure technology integrity (including, for example, by maintaining and improving networks; and identifying and fixing problems).

On our Services, we and third parties may collect information about your online activities to provide you with advertising about products and services tailored to your interests. We contract with third-party advertising companies, which may collect information about your use and interactions with the Services over time and across third-party websites and online services (which include social platforms), for use in delivering tailored online display and banner advertising to you on other websites and online services. To serve this advertising, these third-party companies place, use, or rely on the technologies described above, including cookies, clear gifs, device identifiers and similar technologies to obtain information about customer interactions with us through our Services and interactions with other online services. These companies use the information they collect to serve you ads that are targeted to your interests. For consumers in certain states, you may opt-out of targeted advertisements. For consumers in California and Colorado, you may do so by submitting a request through our Do Not Sell or Share My Personal Information link. For consumers in Connecticut, Utah, and Virginia, please make the request through our Targeted Ad Preferences link

You can also specify your preferences over the use of some of these technologies by opening Cookie Preferences to view or change your preferences (to address future cookie placement). If you have it enabled, we recognize Global Privacy Control (GPC) signals from your web browser or web browser extension to effectuate the same cookie preferences. For more information about GPC, please visit Global Privacy Control.

You may also specify your preferences through a centralized registry. To learn about how to opt out of interest-based advertising in general, click the following: NAI Opt Out or DAA Opt Out. Your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers like us and other businesses.

Please note that if you disable your cookies and similar technologies, certain features of our Services may be disabled, and you could limit the functionalities we provide when you visit our Services.

We link to third-party sites and services, or otherwise display third-party content through our Services, for your convenience and information. These third-party sites and services may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked third-party sites and services are not owned or controlled by us, we are not responsible for these third parties’ information practices.

Here are examples of the types of third-party content and services available through or via our Services:

1. 1. Interactive Maps

   We may facilitate easy access to the online maps of content providers like Apple or Google to help you get quick location, driving, and contact information for our stores.

2. 2. Sweepstakes, Contests, and Survey Sites

   We may at times facilitate easy access to third-party sites and online services, like social networks and other services that host user-generated content. This may include easy click-through access, the ability for you to share content on third-party services, or even "single sign-on" to these services. The third party's privacy policy applies to any information or content you provide through these services.

3. 3. Social Networking and other Third-Party Sites and Services

   We may at times facilitate easy access to third-party sites and online services, like social networks and other services that host user-generated content. This may include easy click-through access, the ability for you to share content on third-party services, or even "single sign-on" to these services. The third party's privacy policy applies to any information or content you provide through these services.

We may share information about you with certain third parties, as described below, and as otherwise described in this Policy. We do not sell or share personal information about you, except as described in this Policy.

1. 1. Our Affiliated Entities

   We may share the information we collect about you, such as your postal and email address, customer preferences and purchase history, with affiliated entities that operate our sister brands so they may market to you. We will obtain your consent to this sharing to the extent required by applicable law. If you don’t want this information shared with our affiliated entities, follow the instructions below in What choices do you have over how your information is used?

2. 2. Service Providers, Processors, and Contractors

   We provide or make available personal information, and your communications and interactive experiences with us, to third-party service providers, processors, and contractors whom we engage to provide services to us. These third-party services are integrated into all the data and communications processing activities that are covered by this Policy. When you interact or communicate with us, you are also interacting and communicating with or through our third-party service providers and their technologies. These processing services and activities include, for example, fulfilling orders; processing payments; providing customer service through chat or chatbot features; monitoring activity on our Services; delivering surveys and related analysis (which could be combined with Services usage analytics); maintaining databases; hosting and operating our microsites, mobile websites and mobile applications; administering, sending and monitoring emails and text messages; delivering direct or online advertisements as described above; and providing consulting services.

   We provide or make available personal information (such as contact information and information collected through cookies and similar technologies) to social networks to identify customers who are common to both parties. This enables us to market to you on these social networks.

3. 3. Third-Party Payment Processors and Payment Platforms

   We provide or make available personal information (including purchase and payment details) to third-party payment processors and payment platforms to facilitate your transaction. When you complete a transaction with us, you direct us to intentionally disclose personal information to or interact with the payment processor or platform to complete the transaction that you have requested. There are also instances where you may interact directly with these payment processors and platforms through our Services. Please review the privacy policies of these third parties to learn more about how they treat your personal information.

4. 4. Other Marketers

   We may sell or share your personal information (such as your name, postal address, and summary purchase information) with other merchants and merchant exchanges who may use this information to send you offers for their products and services. We will obtain your consent for selling or sharing to the extent required by applicable law. We may occasionally provide you with the opportunity to opt in to receive email messages from third parties. If you do opt in, we'll share your email address with the specific third party in question. Please review the privacy policies of these third parties to learn more about how they treat your personal information.

5. 5. Law Enforcement and Emergency Response

   We also may disclose personal information about you in the following circumstances: (a) if we are required to do so by law or legal process (such as a court order or subpoena); (b) in response to requests by government agencies, such as law enforcement authorities; (c) to establish, exercise, or defend our legal rights; (d) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (e) in connection with an investigation of suspected or actual illegal activity; or (f) otherwise with your consent.

6. 6. Sale or Merger

   We reserve the right to transfer your personal information in the event we sell or transfer all or a portion of our business assets (including, without limitation, in the event of a merger, demerger, spin off, acquisition, joint venture, reorganization, dissolution, or liquidation).

We offer you certain choices in connection with the personal information we obtain about you.

1. 1. Email

   You may opt out of the Bath & Body Works email list by following the instructions located at the bottom of each commercial email. If you opt out of the email list, we may still send you operational or transactional messages, such as password-reset or account related information, from the relevant brand or line of business. You may also call us at 1-800-756-5005. For relay service, please dial 711.

2. 2. Mobile Text Messaging

   If you've signed up for mobile text messaging offers but later decide you no longer wish to receive these offers, simply follow the opt-out instructions included in the mobile message. We may send a final text message confirming instructions. Data and message rates may apply.

3. 3. Mobile Push Notifications/Alerts

   We may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

4. 4. Location Information

   You may have the ability to turn location-based services on and off by adjusting the settings of your Internet browser or mobile device or, for some devices, by adjusting the permission settings for our mobile apps to access your location information. Instructions for adjusting or disabling the location settings on our mobile app can be found here.

5. 5. Postal Mail

   If you'd like to specify your preferences for our postal mail, simply follow the instructions on the mailer; or dial 1-800-395-1001 (for our US and Canada customers) or +1-937-438-4197 (for our customers elsewhere). To reduce postal mail, click here, select “Mailing Address Add/Update” as the topic, select “Unsubscribe me from the mailing list” as the Request Type, then complete and submit the form.

6. 6. Cookies and Clear Gifs

   Visit How is technology used to serve our advertisements on other online services, and what choices do you have? to learn about how to specify your preferences over our use of cookie and similar technologies.

7. 7. Our Affiliated Companies

   If you don't want your information sold or shared with our affiliated companies for their own direct marketing purposes, please call us at 1-800-756-5005. For relay service, please dial 711.

You may update or modify your billing- and shipping-related information, and other account information, by logging onto our Services (e.g., Your Account on bathandbodyworks.com) or by calling us at 1-800-756-5005. For relay service, please dial 711

We maintain administrative, technical, and organizational safeguards designed to protect the personal information we collect through our Services against accidental, unlawful or unauthorized destruction, loss, alteration, access, and acquisition.

Our administrative and organizational safeguards include implementing, maintaining, and training employees on company privacy and information security policies and procedures.  Our technical safeguards include maintaining policies and standards that are designed to protect company systems and data, and a cybersecurity program overseen by our executive leadership team.

Our Services are designed for a general audience and are not directed to children. We do not knowingly collect or solicit personal information from children under the age of thirteen (13) (or other relevant ages, which may apply by virtue of applicable law) through our Services. If we become aware that we have collected personal information from a child under such age, we will promptly delete the information from our records. If you believe a child under such age may have provided us with personal information, please contact us as specified in the Whom should you contact with questions or concerns? section of this Policy.

Our employees involved in data processing and our servers are based in Columbus, Ohio, US, and other locations throughout the United States. We work with affiliated and unaffiliated service providers or processors in the United States, Canada, the United Kingdom, India, China, and other jurisdictions around the world.

General Inquiries

If you have general questions about our Policy, please contact us. Or contact us via:

ATTN: Privacy Matter
Bath and Body Works, Inc.
3 Limited Parkway
Columbus, OH 43230
US

This Policy may be updated periodically to reflect changes in our personal information practices. Changes to the Policy will be posted on this page. For significant changes, we will notify you by posting a prominent notice on our Services indicating at the top of the Policy when it was most recently updated.

If you are a California, Colorado, Connecticut, Utah, or Virginia consumer, the information below also applies to you, in addition to our Online Privacy Policy. Certain terms used in this section have the meanings given to them in the California Consumer Privacy Act found at California Civil Code § 1798.100 et seq and its implementing regulations (the “CCPA”); the Colorado Privacy Act found at Colo. Rev. Stat. § 6-1-1301 et seq. (the “CPA”); the Connecticut Data Privacy Act found at Conn. Gen. Stat. Ann. § 42-515 to 42-525 (the "CTDPA"), the Utah Consumer Privacy Act found at Utah Code § 13-61-101 to 13-61-404 (the "UCPA"), and the Virginia Consumer Data Protection Act found at Va Code Ann. § 59.1-571 et seq. (the “VCDPA”). For clarity, the information below applies to personal information we collect about California, Colorado, Connecticut, Utah, or Virginia consumers both on our Services and offline, such as in our physical retail stores.

1. 1. Collection and Disclosure

   1. We may collect (and may have collected during the 12-month period prior to the effective date of this Policy) the following categories of personal information about you:
      1. Identifiers (personal) (including, for example, name, alias, postal address, unique personal identifier, online and device identifier, IP address, email address, account name and number, telephone number, postal address, and other similar identifiers).
      2. Identifiers (others) (including, for example, insurance policy number, certain financial information, and health insurance information).
      3. Personal characteristics, histories, and associations (including, for example, marital status, gender or gender expression, age, and characteristics of protected classification under California or federal law).
      4. Commercial Information (including, for example, records of personal property; products or services purchased, obtained, or considered; marketing histories; purchasing histories or tendencies; purchase profiles; shopping and retail browsing channel preferences; online browsing and website interaction histories; and direct marketing histories).
      5. Biometric information (including, for example, signature; and physical characteristics or description).
      6. Computing or mobile-device information and internet or other electronic-network-activity information (including, for example, online advertisement engagements; and cookies, tags, and similar device or user identifying information).
      7. Geolocation information (approximate and precise) (including, for example, through the mobile app).
      8. Audio and visual information (including, for example, videos you upload with a review or in-store security cameras).
      9. Professional or employment-related information (including applications, professional history, and work history).
      10. Education information.
      11. Inferences (including, for example, predictive information, purchase profiles, shopping profiles and characteristics (e.g., loyalty shopper, cardholder, or online shopper)).
      12. Sensitive Personal Information (including, for example, social security number; driver’s license number or other state identification card number; login credential; and precise geographic information).
      13. Financial information (including, for example, banking details and income level).
      14. Payment card and transaction information (including, for example, credit card number; debit card number, and other financial information).
      15. Household information (including, for example, family size and composition).
      16. Incident-related information (including, for example, statements; or insurance, or similar claims).
   2. During the 12-month period prior to the effective date of this Policy, we may have collected personal information about you from the following categories of sources:
      • You (for example, through your use of our Services).
      • Your computing or mobile devices.
      • Our technology (for example, through observed consumer interactions with us and through our Services).
      • Our Services and systems.
      • Our vendors.
      • Public records.
      • Our customers’ associations (e.g., through refer-a-friend or -family programs).
      • Social media networks.
      • Advertising networks.
      • Unaffiliated third parties.
   3. We may collect, sell, share, or process (and may have collected, sold, shared, or processed during the 12-month period prior to the effective date of this Policy) personal information about you for the purposes described in the “How We Use the Information We Obtain” section of the Policy and for the following business or commercial purposes:
      • Facilitate accounting, auditing, and reporting.
      • Deliver analytics (machine generated through computing/mobile devices for performance, monitoring, personalization, and order processing).
      • Deliver advertising through technology (including, for example, to facilitate personalized content, remarketing, online display ads, and interest-based ads).
      • Deliver advertising through direct or mass media (including, for example, via email, SMS, telephone, post, and broadcasts).
      • Faclitate affiliate marketing.
      • Administer claims management, handling, and insurance.
      • Respond to incidents.
      • Deliver customer service.
      • Pursue legal matters.
      • Deliver and/or optimize website, mobile-app, and e-commerce services.
      • Facilitate information security.
      • Facilitate fraud monitoring and prevention.
      • Deliver logistics (including, for example, order management, shipping, and fulfillment).
      • Develop customer information for personalization.
      • Process, fulfill, and ship orders.
      • Deliver shopping and customer engagement (including events and experiences, such as contests, sweepstakes, previews, and shows).
      • Deliver social media engagement.
      • Conduct surveys.
      • Administer technology and ensure technology integrity (including, for example, by maintaining and improving networks; and identifying and fixing problems).
      • Process transactions and payments.
      • Develop, review, and test products and services.
      • Deliver Wi-Fi and similar online services (including in store-service).
      • Perform miscellaneous services.
   4. During the 12-month period prior to the effective date of this Policy, we may have disclosed, sold, or shared your personal information with certain categories of service provider, contractors, processors, or third-parties as described below.

Categories of Personal Information Collected	Categories of Service Provider, Contractor, or Processor to Whom Information is Disclosed for a Business Purpose (as defined under the CCPA/CPRA, CPA, or VCDPA)	Categories of Third-Party to Whom Information is Sold or Shared (as defined under the CCPA/CPRA, CPA, or VCDPA)
Identifiers (Personal)	Analytics insights provider Advertising vendor Direct marketing (e.g., email, text, telephone, postal) vendor Affiliated brands and entities Contextual online experience provider Customer service provider Customer information provider Data center Event or experience provider Focus group service Fraud monitoring and prevention Human resources service provider Information security service provider In-store Wi-Fi provider Logistics provider, e.g., order management and fulfillment Payment and transaction processor Process, services, or technology development or improvement vendor Product review vendor Social media platforms Technology administration and integrity provider (including for maintaining and improving networks; identifying problems; and fixing problems) Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent Vendor (miscellaneous) services	Advertising technology provider (including for online advertising) affiliated brand or entity Affiliate marketer Social media platforms Survey company
Identifiers (Other)	Fraud monitoring and prevention Human resources service provider Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent	Not applicable
Personal Characteristics, History, and Associations	Analytics insights provider Advertising vendor Direct marketing (e.g., email, text, telephone, postal) vendor Affiliated brands and entities Contextual online experience provider Customer service provider Data center Event or experience provider Focus group service Fraud monitoring and prevention Human resources service provider Information security service provider Process, services, or technology development or improvement vendor Product and fit tester Social media platforms Solutions (miscellaneous) provider Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent Vendor (miscellaneous) services	Advertising technology provider (including for online advertising) affiliated brand or entity Affiliate marketer Social media platforms Survey company
Commercial Information	Analytics insights provider Advertising vendor Direct marketing (e.g., email, text, telephone, postal) vendor Affiliated brands and entities Contextual online experience provider Customer service provider Data center Event or experience provider Focus group service Fraud monitoring and prevention Human resources service provider Information security service provider Process, services, or technology development or improvement vendor Product and fit tester Social media platforms Solutions (miscellaneous) provider Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent Vendor (miscellaneous) services	Advertising technology provider (including online advertising), or affiliated brand or entity Affiliate marketer Social media platforms Survey company
Biometrics	Not applicable	Not applicable
Computing or Mobile Device Information, and Internet or Other Electronic Network Activity Information of End Users	Analytics insights provider Advertising vendor Direct marketing (e.g., email, text, telephone, postal) vendor Affiliated brands and entities Contextual online experience provider Data center Fraud monitoring and prevention Information security service provider In-store Wi-Fi provider Solutions (miscellaneous) provider Technology administration and integrity provider (including for maintaining and improving networks; identifying problems; and fixing problems) Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent Social media platforms Vendor (miscellaneous) services	Advertising technology provider (including online advertising), or affiliated brand or entity Affiliate marketer Social media platforms Survey company
Geolocation (Approximate and Precise)	Analytics insights provider Advertising vendor Affiliated brands and entities Contextual online experience provider Customer service provider Data center Fraud monitoring and prevention Human resources service provider Information security service provider In-store Wi-Fi provider Logistics provider, e.g., order management and fulfillment Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent Social media provider	Advertising technology provider (including online advertising), or affiliated brand or entity Social media platforms Affiliate marketer Survey company
Audio and Visual Information	Analytics insights provider Advertising vendor Affiliated brands and entities Contextual online experience provider Customer service provider Data center Fraud monitoring and prevention Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent	Advertising technology provider (including online advertising), or affiliated brand or entity Affiliate marketer Social media platforms Survey company
Professional or Employment-Related Information	Human resources service provider Focus group service Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent	Not applicable
Education Information	Human resources service provider Focus group service Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent	Not applicable
Inferences (Predictive Information)	Analytics insights provider Advertising vendor Direct marketing (e.g., email, text, telephone, postal) vendor Affiliated brands and entities Contextual online experience provider Customer service provider Data center Event or experience provider Focus group service Fraud monitoring and prevention Human resources service provider Information security service provider Process, services, or technology development or improvement vendor Product and fit tester Social media platforms Solutions (miscellaneous) provider Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent Vendor (miscellaneous) services	Advertising technology provider (including online advertising), or affiliated brand or entity Affiliate marketer Social media platforms Survey company
Sensitive Personal Information	Customer service provider Human resources service provider Fraud monitoring and prevention Information security service provider Logistics provider, e.g., order management and fulfillment Payment and transaction processor	Not applicable
Financial Related Information	Customer service provider Human resources service provider Payment and transaction processor	Not applicable
Payment Card and Transaction Information	Customer service provider Fraud monitoring and prevention Information security service provider Logistics provider, e.g., order management and fulfillment Payment and transaction processor	Not applicable
Household Information	Analytics insights provider Direct marketing (e.g., email, text, telephone, postal) vendor	Not applicable
Incident-Related Information	Information security service provider Fraud monitoring and prevention Vendor, performing services in their own name through an independent consumer relationship, e.g., via consent	Not applicable

We do not have actual knowledge that we sell or share personal information of consumers under the age of 16.

We also do not use or disclose any sensitive personal information for purposes other than those authorized by you or as permitted by law. For more information on our policy regarding sensitive personal information, please click How is Sensitive Personal Information processed?

Back to Top

You may have the right to request, up to twice in a 12-month period (depending on the law in your state), that we disclose to you the personal information we have collected, used, disclosed, sold, and shared about you. In addition, you have the right to request that we delete or correct certain personal information that we have collected from you.

To submit a request, visit Your Data Rights or call us at 1-800-756-5005. For assistance, contact us via Telecommunications Relay Service (TRS) by dialing 711, or by using an Internet Protocol Relay Service. To help protect your privacy and maintain security, we take steps to verify your identity with a high degree of certainty before granting access to specific pieces of personal information or complying with a deletion or correction request. These steps include first verifying the email address you submit with your request. You will receive an email from us with instructions on completing this step. You will then be contacted to provide additional verification information, which may include your phone number, billing or shipping address, order history, a copy of a utility bill, emails showing order/shipping confirmation, and/or a signed declaration.

To submit a request as an authorized agent on behalf of a consumer, visit Your Data Rights. On the form, you will need to add your email address and information about the individual for whom you are submitting the request in the other required fields. Please add your name and phone number in the Request Details field and an indication that you are submitting the request as an authorized agent. We will require the authorized agent to verify its own identity and submit proof that the consumer has given signed permission for the authorized agent to submit the request.

To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

Appeals: We will make every reasonable effort to fulfill Your Data Rights request. However, if we are unable to fulfill your request, we will provide you instructions to appeal as applicable in your state. If you are submitting your appeal by email, please explain your concerns and provide us your reference number so we may properly review your data rights request history. We may also have a person from our Privacy Team reach out to you with additional questions or to address your specific concerns.

Do Not Sell or Share My Personal Information / Targeted Ad Preferences: You have the right to opt out of the “sale” or “sharing” of your personal information, as those terms are defined under the respective state’s privacy law. If you are a Connecticut, Utah, or Virginia consumer, you may submit your request through our Targeted Ad Preferences link, which will include your rights to opt out of targeted ads, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. To specify your opt-out preferences, visit Do Not Sell or Share My Personal Information or call us at 1-800-756-5005. For assistance, contact us via Telecommunications Relay (TRS) Service by dialing 711, or by using an Internet Protocol Relay Service.

We also recognize Global Privacy Control (GPC) signals from your web browser or web browser extension to opt you out of the selling or sharing of any personal information that is derived through your web browser. If you wish to identify yourself to fully effectuate an opt-out of the selling or sharing of your personal information, you will also need to submit a Do Not Sell or Share My Personal Information request. For more information about GPC, please visit Global Privacy Control.

Shine the Light Rights: Under California law, we also provide you with a cost-free means to opt-out of our sharing your information with third parties with whom we do not share the same brand name, if that third party will use it for its own direct marketing purposes. Follow the instructions here to make your request.

Right to Non-Discrimination or Retaliatory Treatment for Exercise of Privacy Rights: You, whether as a consumer, employee, former employee, applicant, or contractor, have the right to exercise your privacy rights without receiving discriminatory or retaliatory treatment. If you exercise any of your privacy rights, including the right to restrict the selling or sharing of your personal information, you will not be treated differently from those who do not exercise their privacy rights.

Financial Incentive Notice: We provide price discounts, coupons, services and other perks for (1) members of our rewards programs; (2) customers who buy specific products or use specific services; (3) recipients of our mailing lists who were presented with and took advantage of an incentive to sign up; (4) app subscribers who were presented with and took advantage of an incentive to download the app; and (5) entrants and winners of our sweepstakes (collectively “programs”). Consumers provide us with some personal information (e.g., names, email addresses, phone numbers, zip codes, and birthday) when they sign up for our programs. There is no obligation to opt in and consumers may opt out at any time.

We invest resources in and offer these programs to, among other things, enhance our relationship with you, show you the products and services we believe you’ll enjoy, and deliver value. The value to our business of any individual consumer’s personal information depends on a number of factors, including, for example, whether and to what extent you take advantage of these offerings, our ability to learn about you and your shopping preferences and history to show you products and services we believe you will enjoy, whether and to what extent you respond to our offers, and coupons, services, and perks, and whether we are able to enhance this information through our efforts described below.

Our ability to create any value from the programs is heavily based on our ability to develop and use information. We do not calculate the value of consumer information in our accounting statements. Rather, we make a good faith estimate for California residents. To the extent we create overall value from our programs for our business that could be directly or reasonably related to the value of customer information, the calculation method would include (1) the expenses associated with the program offer and associated operations, (2) the expenses related to the collection, retention and enhancement of customer’s personal information, and (3) all other expenses reasonably related to these programs.

You may opt-in to, or opt-out of, our programs at any time through the same means they are offered, or by contacting us at the Customer Care or Live Chat.

We will only process Sensitive Personal Information where it is reasonably necessary for the purposes of carrying out our legal obligations or exercising specific rights as permitted by law. Sensitive personal information is any information that reveals your race, ethnic origin, religious beliefs, mental or physical health condition, treatment, or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, personal information of a known child, or precise geographic data. For example, we may share financial or other data to provide customer service, process or fulfill orders and transactions, verify your information, or process payments. For any other use, we will obtain your explicit consent. For example, if you consented to precise geographic location when installing our mobile app, we may use this information to provide you with store locations and distances to such locations. If you did not consent, we will use approximate geographic data or geographic data based on your input (e.g., zip code).

When installing the Bath & Body Works app, you may have given the app permission to access the precise geographic location data from your phone’s operating system. If you wish to change this setting, you may do so through the app. Within the app, go to the More function at the bottom of the screen. Then go to App Settings and find Permissions. Under Location Permission, you can turn off “Use precise location” if you wish to change to approximate location setting. You can also select “Don’t Allow” or “Ask every time.” Your phone specific operating system may also allow you to change the permission settings. Please review your operating system instructions as they may be different for each operating systems and versions.

We retain information as necessary to effectively service our customers; provide relevant product assortments and advertisements; assist you with customer service-related matters; and comply with our legal obligations. The need to retain personal information varies widely with the type of information and the purpose for which it was collected. We strive to ensure that personal information for the period required to fulfill the purposes for which it was collected and is deleted when no longer required per our retention policies.

This policy covers all information, including sensitive personal information, collected by us and stored on our owned or leased systems and media, regardless of location. It applies to both information collected and held electronically (including photographs, video and audio recordings) and information that is collected and held as hard copy or paper files. The need to retain certain information may be mandated by federal, state or local laws or regulations, legitimate business purposes, litigation hold, or any combination thereof.

We retain all categories of consumer personal information to:

• service our customers who are actively engaging with us and for a set period thereafter;
• comply with applicable labor, tax and immigration laws;
• comply with other regulatory requirements;
• investigate security incident or other investigation;
• preserve Intellectual property rights; and
• assist in defense or prosecution of any litigated or threatened matter.

When the retention period for the information as outlined above expires, we will destroy the information covered by this policy.