Online Privacy Policy

This Online Privacy Policy ("Policy") explains what personal information is collected through our websites and online services, how that information is used, to whom it's disclosed, and how it's safeguarded. Unless indicated otherwise, this Policy applies only to personal information collected through the websites, microsites, mobile applications, and other online services of the Bath & Body Works brand and lines of business that expressly adopt, and display or link to, this Policy (collectively, the "Services"). By "personal information" we mean information that relates to you, an individual user of our Services, including information that can be used directly to identify you (including name, home address, and email address), as well as other information (like tastes and preferences) when coupled with your identifying information. We refer to Bath & Body Works Direct, Inc. Five Limited Parkway, Reynoldsburg, OH 43068, as "BBW," "we," "us," or "our" throughout this privacy policy.

This Privacy Policy answers these questions:

What information is collected and how is it used?
How is technology used to serve our advertisements on other online services and what choices do you have?
How do our Services interact with third-party services and content?
What information do we share with third parties and our sister brands (or what information may they access because of the services they provide to us)?
What choices do you have over how your information is used?
How do you update your personal information?
How do we secure your information on our Services?
Where is personal information stored and processed?
Whom should you contact with questions or concerns?
When was this Policy last updated?

WHAT INFORMATION IS COLLECTED AND HOW IS IT USED?

1. Information You Actively Provide through our Services

You actively provide personal information when you visit our Services to do all the things typically associated with online services. Examples of the personal information we collect include name, address, phone number, email address, personal preferences, payment card number, purchase and ordering information, demographic information, responses to survey questions, sizing information and any other information you choose to provide. Our Services may also give you the option to upload or share pictures or videos of yourself and others. You know what information you directly provide, because you are affirmatively and actively submitting the information.

This information is collected at various places on our Services: for instance, when you check out with your online order; engage with our mobile applications; subscribe to email offers, and mobile messaging offers; participate in surveys; enter contests or sweepstakes; or interact with special-event or program offers.

We may also collect information that you provide on our Services about people you know. For example, we collect your gift recipient's contact information to process your gift orders. We may also collect contact information about your friends and family members when you participate in one of our refer-a-friend programs. In these instances, we may send a message to your friend or family member on your behalf. Please ensure that you only submit email addresses of individuals with whom you have a personal or family relationship and who would want to receive the message from you.

2. Information Your Devices Provide Automatically

a. Location Information
You may provide information about your location when you access or use our Services. For more details, please see "What choices do you have over how your information is used?"

b. Navigational Information
When you access our Services, your computer, phone or other device provides navigational information, such as browser type and version, service-provider identification, IP address, the site or online service from which you came, and the site or online service to which you navigate.

c. Device Information
You also provide information about the computer or mobile device used to access our Services, such as the hardware model, operating system and version, identification numbers assigned to your mobile device, such as the ID for Advertising (IDFA) on Apple devices, and the Advertising ID on Android devices, mobile network information, and website or app usage behavior.

d. Cookies, Clear Gifs and Similar Technologies
To better understand how you interact with our Services, we may collect information using cookies, clear-gifs (also known as web beacons or web bugs) and similar technologies. We deliver a customized experience and do not currently respond to "Do Not Track" signals of web browsers.

A cookie is a small amount of data that's stored by your browser on your device. It's used to do things like see how you navigate our Services, what you click on, remember you and your online purchases when you return, and recognize you and honor a special deal for you, when you redeem one of our offers from a third party’s site. This helps us improve and deliver our Services, provide better customer service, tailor and improve your online experience, and tailor offers to you based on your unique tastes and both your online and offline (e.g., in-store) interactions and purchase history.

A clear gif is a nearly invisible pixel-sized graphic image on a web page, web-based document or email message. It helps us do things like view the URL of the page on which the clear gif appears and the time the site, document, or email in question is viewed; and recognize you and honor a special deal for you when you navigate from a third party’s site to redeem one of our offers that may have appeared there. Clear gifs in emails help us confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized or better online experience.

In addition to cookies and clear gifs, we may also use device identifiers, web storage, and other technologies to collect information about your interactions with our content and Services.

The above technologies may be used to help us see which of our interactive experiences online users like most: for example, by keeping track of the number of times a video, widget, or other media is accessed or embedded on social networking sites; and on which social networking sites it is embedded, based on inquiries that are sent to our Services. Cookies, clear gifs, and similar technologies also allow us to associate your online navigational information, or purchases and interactions (both online and offline), with any personal information you provide (such as name, address, phone number, survey responses, and email address). We'll associate this information to deliver products and services to you; to improve our business; to transact business; and to market our products and services on this and other online services through a variety of media like email, mobile advertising, and direct mail. As an example, we may use cookies to keep track of what you put into your shopping bag. That can help us contact you if your online session is disrupted in mid-purchase, resulting in an abandoned cart. We can also use this technology to determine whether you'd be interested in participating in special events, given your preferences. The end result is a more personalized experience that's tailored to your needs and tastes.

For information about your options with respect to cookies, see "What choices do you have over how your information is used?"

3. Purposes of Information Collection

We use personal information about you, which is collected through the Services to:

  • Process your online orders.
  • Open an online account at your request.
  • Personalize your online experience with content and offers that are tailored to your interests.
  • Provide Customer Service, whether it's responding to a request or following up on an order.
  • Include you in surveys and contests.
  • Enable you to post your content, such as comments, images or videos.
  • Facilitate networks of online social activity centered around our products and services.
  • Improve our Services, the manner in which offers are made on our Services, the purchase decisions of our visitors, and the interactions visitors have with our Services.
  • Improve your experience with our Services: for example, through faster, better, smarter, and more customized online interactions.
  • Enable you to interact with third-party content service providers, whether by linking to their sites, viewing their content within our online environment, or by viewing our content within their online environment.
  • Market our products and services that may be of interest to you—for instance, we may add you to the BBW email list when you make an online purchase or sign up to receive emails; or we may add you to BBW print-catalogue list when you make an online purchase.
  • Create aggregated, pseudonymized or anonymized information for statistical purposes.

4. Information Others Observe or Collect through Technology

We evaluate and select third-party service providers to help us provide certain features on our Services and analyze our visitors' preferences for us, through the use of services such as Google Analytics. These service providers may use some or all of the technologies described above.

HOW IS TECHNOLOGY USED TO SERVE OUR ADVERTISEMENTS ON OTHER ONLINE SERVICES AND WHAT CHOICES DO YOU HAVE?

We contract with third-party advertising companies, which may collect information about your use and interactions with the Services over time and across third-party websites and online services, for use in delivering tailored online display and banner advertising to you on other websites and online services. To serve this advertising, these third-party companies place, use, or rely on the technologies described above, including cookies, clear gifs, device identifiers and similar technologies to obtain information about customer interactions with us through our Services and interactions with other online services. These companies use the information they collect to serve you ads that are targeted to your interests.

For information about opt-out programs that these third party advertising companies participate in, and to opt out of the use of website browsing data for interest-based advertising by companies that participate in these programs, click the following: NAI Opt Out or DAA Opt Out. To opt out of the use of data collected from the mobile applications on your device to serve ads that are targeted to your interests, consult the settings on your device. You can also click the preference icon that may appear on some of our advertising served through use of these technologies.

HOW DO OUR SERVICES INTERACT WITH THIRD-PARTY SERVICES AND CONTENT?

We link to third-party sites and services, or otherwise display third-party content through our Services. We do this for your convenience. We don't endorse or generally have any affiliation with these third parties.

Here are examples of the types of third-party content and services available through or via our Services:

1. Interactive Maps

We may facilitate easy access to the online maps of content providers like Google. There you can get quick location, driving, and contact information for our stores.

2. Sweepstakes, Contests, and Survey Sites

We may rely on the expertise of third-party service providers to run sweepstakes, contests, and surveys. Navigation to these sites may be seamless so that it appears you're still using our Services. In these cases, the third-party's privacy policy may apply to any personal information you provide in connection with the event. Please take note of who's running the event in question; and the terms, conditions, and policies that apply.

3. Social Networking and other Third-Party Sites and Services

We may at times facilitate easy access to third-party sites and online services, like social networks and other services that host user-generated content. This may include easy click-through access, the ability for you to share content on third-party services, or even "single sign-on" to these services. The third-party's privacy policy applies to any information or content you provide through these services.

WHAT INFORMATION DO WE SHARE WITH THIRD PARTIES AND OUR SISTER BRANDS (OR WHAT INFORMATION MAY THEY ACCESS BECAUSE OF THE SERVICES THEY PROVIDE TO US)?

We may share information about you with third parties, as described below, and as otherwise described in this Policy:

1. Our Sister Brands

We may share the information described in this Policy, like postal and email address, customer preferences, and purchase history with affiliated entities that operate our sister brands so they may market to you. Our sister brands include such brands as Victoria's Secret (including Victoria's Secret PINK), Henri Bendel, White Barn Candle Co., and La Senza International. We will obtain your consent to this sharing in jurisdictions where it is legally required. If you don’t want this information shared with our sister brands, follow the instructions below in What choices do you have over how your information is used?

2. Contractors

We use third-party service providers and contractors to help handle parts of our business because of their expertise, resources, or scale. They help us do things like fulfill orders, process payments, provide some customer service through chat features, monitor activity on our Services, serve surveys and provide analysis from the surveys (which could be combined with Services usage analytics), maintain databases, administer and monitor emails, administer and send mobile messages, serve ads on this and other Services, and provide consulting services. Contractors may also assist us in hosting microsites, mobile websites and mobile applications where you may provide personal information about yourself and others you know; and where they may observe information about you in the same way as described above (see What information is collected and how is it used?)

3. Other Marketers

We may share your name, postal address, and summary purchase information with other merchants and merchant exchanges. Other merchants may, in turn, use this information to send you offers for their products and services. We will obtain your consent for this sharing in jurisdictions where it is legally required. If you don't want this information shared with these merchants and exchanges, please click here and select "My Account Assistance" for the Subject and then complete the form.

4. Law Enforcement and Emergency Response

We may disclose specific information about visitors to our Services if we have a good-faith belief that it's necessary or authorized under the law or to protect our customers, the public, or our business.

5. Sale or Merger

In the event we sell or transfer all or a portion of our business assets (including in the event of a reorganization, dissolution or liquidation), including a brand or line of business, information about you may be one of the business assets that is transferred in connection with the transaction.

WHAT CHOICES DO YOU HAVE OVER HOW YOUR INFORMATION IS USED?

1. Email

You may remove yourself from the Bath & Body Works email list by following the removal instructions located at the bottom of each commercial email. Opting out of any of these emails will not stop operational or transactional messages such as password-reset or account related information from the brand or line of business in question, email confirmations of your online orders, or customer service communications. You may also call us at 1-800-756-5005. For Bath & Body Works Direct TDD, call 1-877-215-5245.

Accessibility Support: 1-800-531-4504
See our policy on accommodating assistive readers for visiting our website.

We may occasionally provide you with the opportunity to opt in to receive email messages from third parties. If you do opt in, we'll share your email address with the specific third party in question. Please review their privacy policies to see how they treat your personal information.

2. Text or Mobile Messaging

If you've signed up for mobile text messaging offers but later decide you no longer wish to receive these offers, simply follow the opt-out instructions included in the mobile message.

3. Mobile Push Notification Alerts

With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

4. Location Information

You may have the ability to turn location-based services on and off by adjusting the settings of your Internet browser or mobile device or, for some devices, by revoking permission for our mobile apps to access your location information.

5. Postal Mail

If you'd like to specify your preferences for our postal mail, simply follow the instructions on each catalog, or call us at 1-800-395-1001.

6. Cookies and Clear Gifs

Your browser may offer the ability to block or delete cookies from your device. Simply follow your browser's instructions on how to block and clear cookies.

7. Other Marketers

If you don't want your basic contact and purchase information shared with other merchants and exchanges for their direct marketing, contact us at bbwrequest@bbw.com or Bath & Body Works, P.O. Box 183025, Columbus, OH 43218-3025, US, and we'll send you a form which you may complete and return to opt out of any such marketing.

8. Our Sister Brands

If you don't want your contact and purchase information shared with our sister brands for their direct marketing, please contact us at 1-800-395-1001 to make a request. For Bath & Body Works Store Relations TDD, call 1-866-315-3129.

Accessibility Support: 1-800-531-4504
See our policy on accommodating assistive readers for visiting our website.

HOW DO YOU UPDATE YOUR PERSONAL INFORMATION?

We need your help to keep your personal information accurate and up-to-date. You may update or modify your billing and shipping-related information by logging onto Your Account, or by calling us at 1-800-756-5005. For Bath & Body Works Direct TDD, call 1-877-215-5245.

HOW DO WE SECURE YOUR INFORMATION ON OUR SERVICES?

We maintain administrative, technical and physical safeguards designed to protect the personal information we collect through our Services against accidental, unlawful destruction, loss, alteration, access, disclosure or use. We use tools that are designed to protect our Services. They include web application firewall, account authentication, account fraud protection, encryption for information sent over the internet to and from the Services, security software and malicious code protections.

While we implement the above security measures on this site, you should be aware that 100% security is not always possible.

WHERE IS PERSONAL INFORMATION STORED AND PROCESSED?

Our employees involved in data processing and our servers are based in Columbus, Ohio, US, and other locations throughout the United States. We work with affiliated and unaffiliated service providers in the United States, the United Kingdom, India, China, and other jurisdictions around the world.

WHOM SHOULD YOU CONTACT WITH QUESTIONS OR CONCERNS?

General Inquiries

If you have general questions about our Policy, please feel free to contact us by letter or email at:

ATTN: Privacy Matter
L Brands, Inc.
3 Limited Parkway
Columbus, OH 43230
US
privacy@lb.com

WHEN WAS THIS POLICY LAST UPDATED?

This Policy was last updated on June 13, 2018.



Supplemental Privacy & Cookie Notice for Visitors from the European Economic Area

If you are accessing our Services from a member state of the European Economic Area ("EEA"), this Supplemental Privacy Notice applies to you in addition to our Online Privacy Policy. This Supplemental Privacy Notice does not otherwise apply to visitors who are accessing our Services from outside the EEA.

European Union Regulation 2016/679 of 27 April 2016, governing the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("EU GDPR"), requires us to provide additional and different information about our data processing practices to data subjects in the EEA.

Cookies. We use the following web cookies and other information technologies to provide features on our web and mobile sites to users in the EEA, including cookies that deliver basic visitor experiences, fuller website experiences such as interactivity with third-party content, and our interest-based advertising on other websites.

The following types of cookies (and cookie technology) are enabled when a web or mobile user visits this website:

Cookie/Technology Type Function
User-Input Cookies Enables visitors’ input, choices, or selections across their website experience. Examples include maintaining a shopping cart during a visit or a form throughout a transaction.
Authentication Cookies Identifies visitors through the website after they log in.
Security Cookies Helps to ensure our website’s security when visitors request a service. For example, we use cookies to help secure account creation and login pages.
Multimedia Player Cookies Ensures such things as image quality, network link speed, or buffer information for video and audio playback.
Load-balancing Session Cookies Directs website traffic to a particular datacenter for the quickest website access, and enables visitors to return to that datacenter if needed.
Visitor Customization Cookies Stores preferences and visitor experiential histories: remembers language preference, product-page display preference, and whether certain visitor experiences should be displayed, such as email marketing signup, based on past experiences.
Social Media Plug-in Cookies These cookies from social media platforms (like Facebook and Instagram) facilitate content sharing on those platforms.
Interest Based Advertising Cookies Enables our advertising vendors to deliver tailored ads to our visitors on other websites. The ads are based on a visitor’s combined online and offline (e.g. in-store) shopping history and experience with us, as well with our vendors’ network of advertisers.
Analytics Cookies Enables us to do things like estimate number of visitors, detect most used search-engine keywords that lead to a webpage, measure page load times, administer visitor surveys, identify navigation issues, and improve web capabilities.

We, the data controller, are Bath & Body Works Direct, Inc., Five Limited Parkway, Columbus, OH 43068, US (+1.937.438.4064, or via https://www.bathandbodyworks.com/customer-care/contact-us). Our authorized representative in the EEA is located at Privacy Liaison, Victoria’s Secret UK Limited, 16 Garrick St. WC2E 9BA London, UK (08) 082340481.

Our data protection officer is:

Frank Triveri
Vice President & Chief Privacy Officer
L Brands, Inc.
3 Limited Parkway
Columbus, OH 43230
US

The legal basis for our processing of your personal data in connection with our Services is Art. 6.1(b) EU GDPR, which allows processing of personal data as necessary for the performance of a contract. When you access our Services, you form a contract with us based on our Terms of Use, and we need to process your personal data to respond to your requests, ship products to you and satisfy our obligations with respect to the other purposes listed in our Online Privacy Policy.

As exceptions, we rely on your consent with respect to cookies and direct marketing emails per Art. 6.1(a) EU GDPR, and legitimate interests under Art. 6.1(f) EU GDPR, especially with respect to situations where we must process your personal data to comply with applicable laws (as a U.S. based company, we are subject to U.S. laws and must comply, just like EEA-based companies have to comply with EEA laws).

Recipients or categories of recipients of your personal data are employees of our company and affiliated and non-affiliated services providers who have a need to know.

When you access our Services, you transfer your personal data to the United States of America and India for which the European Union Commission has not yet issued an unlimited adequacy decision.

We will process and keep your personal information for as long as is necessary for the purposes set out in this Policy, for our legitimate business needs, and for compliance with the law.

You have a right to request from us these EU GDPR rights concerning your personal data: access to data; rectification of data; erasure of data; restriction on processing; objection to data processing; and data portability. You can exercise these rights through a combination of actions: accessing the information in your account; exercising your opt-out options through our Services; and by calling +1 937 438 4064.

If you have provided consent for direct marketing emails or other data processing, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You have the right to lodge a complaint with a supervisory authority.

We do not use automated decision-making, including profiling, as referred to in Article 22(1) EU GDPR, that is, in a way that produces legal effects concerning you or significantly affects you. Our Services’ customization technologies and e-commerce processes are automated, but do not produce legal effects or affect you significantly as contemplated by Art. 22(1) or (2) EU GDPR.

You can contact us with any questions, or to exercise your rights by calling our Customer Care Center at +1 937 438 4064.