This Policy was last updated on July 1, 2020.
This Policy addresses these topics:
Additionally, our Policy contains the following:
What information do we collect and how do we use it?
1. Information You Provide
When you visit our Services, you may provide us with certain personal information, such as your name, address, phone number, email address, personal preferences, payment card number, purchase and ordering information, demographic information, responses to survey questions and any other information you choose to provide. Our Services may also give you the option to upload or share pictures or videos of yourself and others.
We collect this information at various places on our Services, such as when you check out with your online order; engage with our mobile applications; subscribe to email offers and mobile messaging offers; participate in surveys; enter contests or sweepstakes; or interact with special-event or program offers.
We may also collect information that you provide on our Services about people you know. For example, we collect your gift recipient's contact information to process your gift orders.
2. Information Your Devices Provide Automatically
When you interact with our Services, we obtain certain information by automated means, including the following:
a. Location Information
We may obtain information about your location when you access or use our Services: for example, via your browser information and other similar device or browser attributes (like IP address), our store locator page, or our mobile applications. For more details, please see "What choices do you have over how your information is used?" below.
b. Navigational Information
When you access our Services, your computer, phone, or other device may provide navigational information, such as browser type and version, service-provider identification, IP address, the site or online service from which you came, and the site or online service to which you navigate.
c. Device Information
We also may obtain information about the computer or mobile device you use to access our Services, such as the hardware model, operating system and version, identification numbers assigned to your mobile device, such as the ID for Advertising (IDFA) on Apple devices, and the Advertising ID on Android devices, mobile network information, and website or app usage behavior.
d. Cookies, Clear Gifs and Similar Technologies
To better understand how you interact with our Services, we may collect information using cookies, clear gifs (also known as web beacons or web bugs) and similar technologies.
A cookie is a small amount of data that is stored by your browser on your device. It's used to do things like see how you navigate our Services and what you click on; remember you and your online purchases when you return; and recognize you and honor a special deal for you when you redeem one of our offers from a third party’s site. This helps us improve and deliver our Services, provide better customer service, tailor and improve your online experience, and tailor offers to you based on your unique tastes and a combination of your online and offline (e.g., in-store) interactions and purchase history.
A clear gif is a nearly invisible pixel-sized graphic image on a web page, web-based document or email message. It helps us do things like view the URL of the page on which the clear gif appears and the time the site, document, or email in question is viewed; and recognize you and honor a special deal for you when you navigate from a third party’s site to redeem one of our offers that may have appeared there. Clear gifs in emails help us confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized or better online experience.
In addition to cookies and clear gifs, we may also use device identifiers, web storage, and other technologies to collect information about your interactions with our content and Services.
These technologies, illustrated above, may be used to help us understand which of our interactive experiences online users like most. Cookies, clear gifs, and similar technologies also allow us to associate your online navigational information and purchases and interactions (both online and offline) with personal information you provide (such as name, address, phone number, survey responses, and email address). We associate this information to deliver products and services to you; improve our business; transact business; and market our products and services on this and other online services through a variety of media like email, mobile advertising, and direct mail.
For information about your options with respect to cookies, see "What choices do you have over how your information is used?" below.
3. Information Derived Through or Provided by Others
Affiliated entities, sister brands, vendors, social media networks, and advertising networks may provide us with, or supplement, information about you. We may use this information for a variety of operational or marketing purposes, such as to correct shipping information, market to you, deliver more relevant offers through customer insights, improve our business, and transact business.
4. Third-Party Analytics and Personalization Services
We may use third-party analytics services to analyze site metrics and performance, analyze our visitors' preferences, and serve personalized content to you through the use some or all of the technologies described above, such as cookies and clear gifs.
5. How We Use the Information We Obtain
We use the personal information we obtain through the Services to:
- deliver our Services;
- process your online orders;
- facilitate payment and transactions;
- create and manage your online account;
- personalize your online experience with content and offers that are tailored to your interests;
- provide customer service and respond to your inquiries and requests;
- include you in surveys and contests;
- enable you to post your content, such as comments, images or videos;
- facilitate networks of online social activity centered around our products and services;
- improve our Services, the manner in which offers are made on our Services, and the interactions and experience visitors have with our Services;
- enable you to interact with third-party content service providers, whether by linking to their sites, viewing their content within our online environment, or by viewing our content within their online environment;
- market our products and services that may be of interest to you; and
- create aggregated, pseudonymized or anonymized information for statistical purposes.
How is technology used to serve our advertisements on other online services and what choices do you have?
On our Services, we and third parties may collect information about your online activities to provide you with advertising about products and services tailored to your interests. We contract with third-party advertising companies, which may collect information about your use and interactions with the Services over time and across third-party websites and online services, for use in delivering tailored online display and banner advertising to you on other websites and online services. To serve this advertising, these third-party companies place, use, or rely on the technologies described above, including cookies, clear gifs, device identifiers and similar technologies to obtain information about customer interactions with us through our Services and interactions with other online services. These companies use the information they collect to serve you ads that are targeted to your interests.
You can specify your preferences over the use of some of these technologies by opening Cookie Preferences to view or change your preferences (to address future cookie placement).
You may also specify your preferences through a centralized registry. To learn about how to opt out of interest-based advertising in general, click the following: NAI Opt Out or DAA Opt Out. Your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers like us and other businesses.
Our Services do not respond to “Do Not Track” signals.
How do our services interact with third-party services and content?
We link to third-party sites and services, or otherwise display third-party content through our Services, for your convenience and information. These third-party sites and services may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked third-party sites and services are not owned or controlled by us, we are not responsible for these third parties’ information practices.
Here are examples of the types of third-party content and services available through or via our Services:
1. Interactive Maps
We may facilitate easy access to the online maps of content providers like Google to help you get quick location, driving, and contact information for our stores.
2. Sweepstakes, Contests, and Survey Sites
3. Social Networking and other Third-Party Sites and Services
What information do we share with or disclose to third parties and our sister brands?
We may share information about you with certain third parties, as described below, and as otherwise described in this Policy. We do not sell or otherwise share personal information about you, except as described in this Policy.
1. Our Sister Brands
We may share the information we collect about you, such as your postal and email address, customer preferences and purchase history, with affiliated entities that operate our sister brands so they may market to you. Such sister brands include White Barn Candle Co., Victoria's Secret and Victoria's Secret PINK. We will obtain your consent to this sharing to the extent required by applicable law. If you don’t want this information shared with our sister brands, follow the instructions below in What choices do you have over how your information is used? below.
2. Service Providers and Contractors
We may share personal information with third-party service providers and contractors whom we engage to provide services to us, such as fulfilling orders; processing payments; providing customer service through chat features; monitoring activity on our Services; delivering surveys and related analysis (which could be combined with Services usage analytics); maintaining databases; hosting and operating our microsites, mobile websites and mobile applications; administering, sending and monitoring emails and text messages; serving online advertisements as described above; and providing consulting services.
3. Other Marketers
We may share your personal information (such as your name, postal address, and summary purchase information) with other merchants and merchant exchanges who may use this information to send you offers for their products and services. We will obtain your consent for this sharing to the extent required by applicable law. We may occasionally provide you with the opportunity to opt in to receive email messages from third parties. If you do opt in, we'll share your email address with the specific third party in question. Please review the privacy policies of these third parties to learn more about how they treat your personal information.
4. Law Enforcement and Emergency Response
We also may disclose personal information about you (a) if we are required to do so by law or legal process (such as a court order or subpoena); (b) in response to requests by government agencies, such as law enforcement authorities; (c) to establish, exercise, or defend our legal rights; (d) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (e) in connection with an investigation of suspected or actual illegal activity; or (f) otherwise with your consent.
5. Sale or Merger
We reserve the right to transfer your information in the event we sell or transfer all or a portion of our business assets (including, without limitation, in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
What choices do you have over how your information is used?
We offer you certain choices in connection with the personal information we obtain about you.
You may opt out of the Bath & Body Works email list by following the instructions located at the bottom of each commercial email or by completing the email opt-out form If you opt out of the email list, we may still send you operational or transactional messages, such as password-reset or account related information, from the relevant brand or line of business. You may also call us at 1-800-756-5005. For Bath & Body Works Direct TDD, call 1-877-215-5245.
2. Mobile Text Messaging
If you've signed up for mobile text messaging offers but later decide you no longer wish to receive these offers, simply follow the opt-out instructions included in the mobile message.
3. Mobile Push Notifications/Alerts
With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
4. Location Information
You may have the ability to turn location-based services on and off by adjusting the settings of your Internet browser or mobile device or, for some devices, by adjusting the permission settings for our mobile apps to access your location information.
5. Postal Mail
If you'd like to specify your preferences for our postal mail, simply follow the instructions on the mailer; or dial 1-800-395-1001 (for our US and Canada customers), (08) 082340481 (for our UK customers), and +1-937-438-4197 (for our customers elsewhere). To reduce postal mail, click here, select “Mailing Address Add/Update” as the topic, select “Unsubscribe me from the mailing list” as the Request Type, then complete and submit the form.
6. Cookies and Clear Gifs
Visit How is technology used to serve our advertisements on other online services, and what choices do you have? to learn about how to specify your preferences over our use of cookie and similar technologies.
7. Other Marketers
If you don't want your information shared with other merchants and exchanges for those third parties’ own direct marketing purposes, please click here, and follow the instructions on the page.
8. Our Sister Brands
If you don't want your information shared with our sister brands for those brands’ own direct marketing purposes, please contact us at 1-800-395-1001 to make a request. For Bath & Body Works Store Relations TDD, call 1-866-315-3129.
How do you update your personal information?
You may update or modify your billing- and shipping-related information, and other account information, by logging onto our Services (e.g., Your Account on bathandbodyworks.com) or by calling us at 1-800-756-5005. For Bath & Body Works Direct TDD, call 1-877-215-5245.
How do we protect personal information?
We maintain administrative, technical and physical safeguards designed to protect the personal information we collect through our Services against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Our administrative safeguards include implementing, maintaining, and training employees on company privacy and information security policies and procedures. Our physical and technical safeguards include maintaining physical security policies and standards to protect company systems and data, and a cybersecurity program overseen by our executive leadership team.
Do we collect children's personal information?
Our Services are designed for a general audience and are not directed to children. We do not knowingly collect or solicit personal information from children under the age of thirteen (13) (or other relevant ages, which may apply by virtue of applicable law) through our Services. If we become aware that we have collected personal information from a child under such age, we will promptly delete the information from our records. If you believe a child under such age may have provided us with personal information, please contact us as specified in the Whom should you contact with questions or concerns? section of this Policy.
Where is personal information stored and processed?
Our employees involved in data processing and our servers are based in Columbus, Ohio, US, and other locations throughout the United States. We work with affiliated and unaffiliated service providers in the United States, the United Kingdom, India, China, and other jurisdictions around the world.
Whom should you contact with questions or concerns?
How will we communicate updates to our policy?
This Policy may be updated periodically to reflect changes in our personal information practices. Changes to the Policy will be posted on this page. For significant changes, we will notify you by posting a prominent notice on our Services indicating at the top of the Policy when it was most recently updated.
Supplemental Privacy Notice for California Consumers
1. Collection and Disclosure
- We may collect (and may have collected during the 12-month period prior to the effective date of this Policy) the following categories of personal information about you:
- Identifiers (personal) (including, for example, name, alias, postal address, unique personal identifier, online and device identifier, IP address, email address, account name and number, social security number, telephone number, postal address, or other similar identifiers).
- Identifiers (Government-Issued Identification Information) (including, for example, driver's license number or state identification card number).
- Commercial Information (including, for example, records of personal property; products or services purchased, obtained, or considered; marketing histories; purchasing histories or tendencies; purchase profiles; shopping and retail browsing channel preferences; online browsing and website interaction histories; and direct marketing histories).
- Personal characteristics, histories, and associations (including, for example, signature; physical characteristics or description; and characteristics of protected classifications under California or federal law).
- Computing or mobile-device information and internet or other electronic-network-activity information (including, for example, login credentials; online advertisement engagements; and cookies, tags, and similar device or user identifying information).
- Education and professional information.
- Financial information (including, for example, banking details and income level).
- Geolocation information.
- Inferences (including, for example, predictive information, purchase profiles, shopping profiles and characteristics (e.g., loyalty shopper, cardholder, or online shopper).
- Payment card and transaction information (including, for example, credit card number; debit card number, and other financial information).
- Household information (including, for example, family size and composition).
- Incident-related information (including, for example, statements; or insurance, or similar claims).
- Audio and visual information (including, for example, videos you upload with a review or in-store security cameras).
- During the 12-month period prior to the effective date of this Policy, we may have collected personal information about you from the following categories of sources:
- You (for example, through your use of our Services).
- Your computing or mobile devices.
- Our technology (for example, through observed consumer interactions with us and through our Services).
- Our Services and systems.
- Our vendors.
- Public records.
- Our customers’ associations (e.g., through refer-a-friend or -family programs).
- Social media networks.
- Advertising networks.
- Unaffiliated third parties.
- We may collect or sell (and may have collected or sold during the 12-month period prior to the effective date of this Policy) personal information about you for the purposes described in the “How We Use the Information We Obtain” section of the Policy and for the following business or commercial purposes:
- Facilitate accounting, auditing, and reporting.
- Deliver analytics (machine generated through computing/mobile devices for performance, monitoring, personalization, and order processing).
- Deliver advertising through technology (including, for example, to facilitate personalized content, remarketing, online display ads, and interest-based ads).
- Deliver advertising through direct or mass media (including, for example, via email, SMS, telephone, post, and broadcasts).
- Facilitate affiliate marketing.
- Administer claims management, handling, and insurance.
- Respond to incidents.
- Deliver customer service.
- Pursue legal matters.
- Deliver website, mobile-app, and e-commerce services.
- Facilitate information security.
- Facilitate fraud monitoring and prevention.
- Deliver logistics (including, for example, order management, shipping, and fulfillment).
- Develop customer information for personalization.
- Process, fulfill, and ship orders.
- Deliver shopping and customer engagement (including events and experiences, such as contests, sweepstakes, previews, and shows).
- Deliver social media engagement.
- Conduct surveys.
- Administer technology and ensure technology integrity (including, for example, by maintaining and improving networks; and identifying and fixing problems).
- Process transactions and payments.
- Develop, review, and test products and services.
- Deliver WiFi and similar online services (including in store-service).
- Perform miscellaneous services.
- During the 12-month period prior to the effective date of this Policy, we may have shared your personal information with certain categories of third parties, as described below.
- We may collect (and may have collected during the 12-month period prior to the effective date of this Policy) the following categories of personal information about you:
We do not have actual knowledge that we sell personal information of consumers under the age of 16.
|Category of Personal Information Collected||Category of Third-Party, to Whom Information is Disclosed for a Business Purpose (as defined under the CCPA)||Category of Third-Party, to Whom Information is Sold (as defined under the CCPA)|
|Identifiers (Government-Issued Identification Information)||
Personal Characteristics, History, and Associations
Inferences (Predictive Information)
|Computing or Mobile Device Information, and Internet or Other Electronic Network Activity Information of End Users||
|Education and Professional Information||
|Financial Related Information||
|Payment Card and Transaction Information||
California Consumer Privacy Rights
You may have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months.
In addition, you have the right to request that we delete certain personal information we have collected from you.
To submit a request, visit Your Data Rights or call us at 1-800-756-5005. For assistance, contact us via Telecommunications Relay (TRS) Service by dialing 711, or by using an Internet Protocol Relay Service. To help protect your privacy and maintain security, we take steps to verify your identity before granting access to information or complying with a request. These steps include first verifying the email address you submit with your request. You will receive an email from us with instructions on completing this step. You will then be contacted to provide additional verification information, which may include your phone number, billing or shipping address, order history, a copy of a utility bill, emails showing order/shipping confirmation, and/or a signed declaration.
To submit a request as an authorized agent on behalf of a consumer, visit Your Data Rights. On the form add your email address and information about the individual for whom you are submitting the request in the other required fields. Please add your name and phone number in the Request Details field and an indication that you are submitting the request as an authorized agent.
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
Do Not Sell My Information: You have the right to opt out of the “sale” of your personal information, as that term is defined under the CCPA. To specify your opt-out preferences, visit Do Not Sell My Personal Information or call us at 1-800-756-5005. For assistance, contact us via Telecommunications Relay Service (TRS) by dialing 711, or by using an Internet Protocol Relay Service.
Shine the Light Rights: Under California law, we also provide you with a cost-free means to opt-out of our sharing your information with third parties with whom we do not share the same brand name, if that third party will use it for its own direct marketing purposes. Follow the instructions here to make your request.
Right to Non-Discrimination for Exercise of Privacy Rights: Under CCPA, you have the right to not receive discriminatory treatment if you exercise your privacy rights conferred by the CCPA.
Financial Incentive Notice: We sometimes offer exclusive price discounts, rewards, offers, deals, coupons, services and other perks for (1) customers who enjoy our loyalty and rewards programs; (2) recipients of our mailing lists who were presented with a financial incentive to sign up; (3) app subscribers who were presented with a financial incentive to download the app; and (4) applicants or registrants who were presented with a financial incentive for their application or registration (collectively “programs”). Through these program offerings, consumers may provide us with some personal information (e.g., name, postal address, email address, phone number, undergraduate school, birthday, and other similar forms of personal information) when they opt-in to our programs. There is no obligation to opt in and consumers may opt out. The details of each program are contained in the program offering. We offer these programs to, among other things, enhance our relationship with customers. The value to our business, in the aggregate, of customers’ personal information depends on specific facts, such as whether and to what extent they take advantage of any offerings. We do not calculate the value of the customers’ information for our accounting statements. To the extent we would, however, such valuation could be directly or reasonably related to the cost associated of acquiring or developing such information.
You may opt in to our programs by signing up in the manner invited for an individual program. And you can opt out of these programs by contacting our Customer Care team via Contact Us at BathAndBodyWorks.com.
Supplemental Privacy & Cookie Notice for Visitors from the European Economic Area
Cookies. We use the following web cookies and other information technologies to provide features on our web and mobile sites to users in the EEA, including cookies that deliver basic visitor experiences, fuller website experiences such as interactivity with third-party content, and our interest-based advertising on other websites.
The following types of cookies (and cookie technology) are enabled when a web or mobile user visits this website:
|User-Input Cookies||Enables visitors’ input, choices, or selections across their website experience. Examples include maintaining a shopping cart during a visit or a form throughout a transaction.|
|Authentication Cookies||Identifies visitors through the website after they log in.|
|Multimedia Player Cookies||Ensures such things as image quality, network link speed, or buffer information for video and audio playback.|
|Load-balancing Session Cookies||Directs website traffic to a particular data center for the quickest website access, and enables visitors to return to that data center if needed.|
|Visitor Customization Cookies||Stores preferences and visitor experiential histories: remembers language preference, product-page display preference, and whether certain visitor experiences should be displayed, such as email marketing signup, based on past experiences.|
|Social Media Plug-in Cookies||These cookies from social media platforms (like Facebook and Instagram) facilitate content sharing on those platforms.|
|Remarketing and Interest Based Advertising Cookies||Enables our advertising vendors to deliver tailored ads to our visitors on other websites. The ads are based on a visitor’s combined online and offline (e.g. in-store) shopping history and experience with us, as well with our vendors’ network of advertisers.|
|Analytics and Personalization Cookies||Enables us to do things like estimate number of visitors, detect most used search-engine keywords that lead to a webpage, measure page load times, administer visitor surveys, identify navigation issues, serve personalized content on our websites, and improve web capabilities.|
To view, specify, and change your cookie preferences, open your cookie preferences. And visit How is technology used to serve our advertisements on other online services, and what choices do you have? to learn more about how to specify your preferences over our use of cookie and similar technologies.
We, the data controller, are Bath & Body Works Direct, Inc., Five Limited Parkway, Columbus, OH 43068, US (+1.937.438.4064, or via https://www.bathandbodyworks.com/customer-care/contact-us). Our authorized Privacy Representative in the EEA is located at Privacy Liaison, Victoria’s Secret UK Limited, 16 Garrick St. WC2E 9BA London, UK (08) 082340481.
You may contact our data protection officer at:
ATTN: Privacy Matter
L Brands, Inc.
3 Limited Parkway
Columbus, OH 43230
The legal basis for our processing of your personal data in connection with our Services is Article 6.1(b) EU GDPR, which allows processing of personal data as necessary for the performance of a contract. When you access our Services, you form a contract with us based on our Site Terms, Conditions and Notices and we need to process your personal data to respond to your requests, ship products to you, and satisfy our obligations with respect to the other purposes listed in this Policy.
As exceptions, we rely on your consent with respect to cookies and direct marketing emails per Article 6.1(a) EU GDPR, and legitimate interests under Article 6.1(f) EU GDPR, especially with respect to situations where we must process your personal data to comply with applicable laws.
Recipients or categories of recipients of your personal data are employees of our company and affiliated and non-affiliated services providers who have a need to know.
When you access our Services, you transfer your personal data to the United States of America and India for which the European Union Commission has not yet issued an unlimited adequacy decision.
We will process and keep your personal information for as long as is necessary for the purposes set out in this Policy, for our legitimate business needs, and for compliance with the law.
You have a right to request from us these EU GDPR rights concerning your personal data: access to data; rectification of data; erasure of data; restriction on processing; objection to data processing; and data portability. You can exercise these rights through a combination of actions: (a) visit Your Data Rights; (b) access the information in your account; (c) exercise your opt-out options through our Services; or (d) call +1-937-438-4064.
If you have provided consent for direct marketing emails or other data processing, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint with a supervisory authority.
We do not use automated decision-making, including profiling, as referred to in Article 22(1) EU GDPR, that is, in a way that produces legal effects concerning you or significantly affects you. Our Services’ customization technologies and e-commerce processes are automated, but do not produce legal effects or affect you significantly as contemplated by Article 22(1) or (2) EU GDPR.
You can contact us with any questions, or to exercise your rights by calling our Customer Care Center at +1-937-438-4064.