Online Privacy Policy

This Policy was last updated on December 18, 2019.

Bath & Body Works Direct, Inc. and Bath & Body Works, LLC ("BBW," "we," "us," or "our"), respect your concerns about privacy. This Online Privacy Policy ("Policy") explains what personal information we collect through our websites and online services, how we use that information, to whom we disclose it, and how we safeguard personal information. Unless indicated otherwise, this Policy applies only to personal information collected through the websites, microsites, mobile applications, and other online services of the Bath & Body Works brand and lines of business that expressly adopt, display or link to this Policy, and then only to the extent indicated (collectively, the "Services").

Contents

This Policy addresses these topics:

Additionally, our Policy contains the following:

What information do we collect and how do we use it?

Prev Next
  1. 1. Information You Provide

    When you visit our Services, you may provide us with certain personal information, such as your name, address, phone number, email address, personal preferences, payment card number, purchase and ordering information, demographic information, responses to survey questions and any other information you choose to provide. Our Services may also give you the option to upload or share pictures or videos of yourself and others.

    We collect this information at various places on our Services, such as when you check out with your online order; engage with our mobile applications; subscribe to email offers and mobile messaging offers; participate in surveys; enter contests or sweepstakes; or interact with special-event or program offers.

    We may also collect information that you provide on our Services about people you know. For example, we collect your gift recipient's contact information to process your gift orders.

  2. 2. Information Your Devices Provide Automatically

    When you interact with our Services, we obtain certain information by automated means, including the following:

    1. a. Location Information

      We may obtain information about your location when you access or use our Services: for example, via your browser information and other similar device or browser attributes (like IP address), our store locator page, or our mobile applications. For more details, please see "What choices do you have over how your information is used?" below.

    2. b. Navigational Information

      When you access our Services, your computer, phone, or other device may provide navigational information, such as browser type and version, service-provider identification, IP address, the site or online service from which you came, and the site or online service to which you navigate.

    3. c. Device Information

      We also may obtain information about the computer or mobile device you use to access our Services, such as the hardware model, operating system and version, identification numbers assigned to your mobile device, such as the ID for Advertising (IDFA) on Apple devices, and the Advertising ID on Android devices, mobile network information, and website or app usage behavior.

    4. d. Cookies, Clear Gifs and Similar Technologies

      To better understand how you interact with our Services, we may collect information using cookies, clear gifs (also known as web beacons or web bugs) and similar technologies.

      A cookie is a small amount of data that is stored by your browser on your device. It's used to do things like see how you navigate our Services and what you click on; remember you and your online purchases when you return; and recognize you and honor a special deal for you when you redeem one of our offers from a third party’s site. This helps us improve and deliver our Services, provide better customer service, tailor and improve your online experience, and tailor offers to you based on your unique tastes and a combination of your online and offline (e.g., in-store) interactions and purchase history.

      A clear gif is a nearly invisible pixel-sized graphic image on a web page, web-based document or email message. It helps us do things like view the URL of the page on which the clear gif appears and the time the site, document, or email in question is viewed; and recognize you and honor a special deal for you when you navigate from a third party’s site to redeem one of our offers that may have appeared there. Clear gifs in emails help us confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized or better online experience.

      In addition to cookies and clear gifs, we may also use device identifiers, web storage, and other technologies to collect information about your interactions with our content and Services.

      These technologies, illustrated above, may be used to help us understand which of our interactive experiences online users like most. Cookies, clear gifs, and similar technologies also allow us to associate your online navigational information and purchases and interactions (both online and offline) with personal information you provide (such as name, address, phone number, survey responses, and email address). We associate this information to deliver products and services to you; improve our business; transact business; and market our products and services on this and other online services through a variety of media like email, mobile advertising, and direct mail.

      For information about your options with respect to cookies, see "What choices do you have over how your information is used?" below.

  3. 3. Information Derived Through or Provided by Others

    Affiliated entities, sister brands, vendors, social media networks, and advertising networks may provide us with, or supplement, information about you. We may use this information for a variety of operational or marketing purposes, such as to correct shipping information, market to you, deliver more relevant offers through customer insights, improve our business, and transact business.

  4. 4. Third-Party Analytics and Personalization Services

    We may use third-party analytics services to analyze site metrics and performance, analyze our visitors' preferences, and serve personalized content to you through the use some or all of the technologies described above, such as cookies and clear gifs.

  5. 5. How We Use the Information We Obtain

    We use the personal information we obtain through the Services to:

    1. deliver our Services;
    2. process your online orders;
    3. facilitate payment and transactions;
    4. create and manage your online account;
    5. personalize your online experience with content and offers that are tailored to your interests;
    6. provide customer service and respond to your inquiries and requests;
    7. include you in surveys and contests;
    8. enable you to post your content, such as comments, images or videos;
    9. facilitate networks of online social activity centered around our products and services;
    10. improve our Services, the manner in which offers are made on our Services, and the interactions and experience visitors have with our Services;
    11. enable you to interact with third-party content service providers, whether by linking to their sites, viewing their content within our online environment, or by viewing our content within their online environment;
    12. market our products and services that may be of interest to you; and
    13. create aggregated, pseudonymized or anonymized information for statistical purposes.

How is technology used to serve our advertisements on other online services and what choices do you have?

Prev Next

On our Services, we and third parties may collect information about your online activities to provide you with advertising about products and services tailored to your interests. We contract with third-party advertising companies, which may collect information about your use and interactions with the Services over time and across third-party websites and online services, for use in delivering tailored online display and banner advertising to you on other websites and online services. To serve this advertising, these third-party companies place, use, or rely on the technologies described above, including cookies, clear gifs, device identifiers and similar technologies to obtain information about customer interactions with us through our Services and interactions with other online services. These companies use the information they collect to serve you ads that are targeted to your interests.

You can specify your preferences over the use of some of these technologies by opening Cookie Preferences to view or change your preferences (to address future cookie placement).

You may also specify your preferences through a centralized registry. To learn about how to opt out of interest-based advertising in general, click the following: NAI Opt Out or DAA Opt Out. Your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers like us and other businesses.

Our Services do not respond to “Do Not Track” signals.

How do our services interact with third-party services and content?

Prev Next

We link to third-party sites and services, or otherwise display third-party content through our Services, for your convenience and information. These third-party sites and services may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked third-party sites and services are not owned or controlled by us, we are not responsible for these third parties’ information practices.

Here are examples of the types of third-party content and services available through or via our Services:

  1. 1. Interactive Maps

    We may facilitate easy access to the online maps of content providers like Google to help you get quick location, driving, and contact information for our stores.

  2. 2. Sweepstakes, Contests, and Survey Sites

    We may work with third-party service providers to run sweepstakes, contests, and surveys. Navigation to these sites may be seamless so that it appears you're still using our Services. In these cases, the third party's privacy policy may apply to any personal information you provide in connection with the event. Please take note of who's running the event in question; and the terms, conditions, and policies that apply.

  3. 3. Social Networking and other Third-Party Sites and Services

    We may at times facilitate easy access to third-party sites and online services, like social networks and other services that host user-generated content. This may include easy click-through access, the ability for you to share content on third-party services, or even "single sign-on" to these services. The third party's privacy policy applies to any information or content you provide through these services.

What information do we share with or disclose to third parties and our sister brands?

Prev Next

We may share information about you with certain third parties, as described below, and as otherwise described in this Policy. We do not sell or otherwise share personal information about you, except as described in this Policy.

  1. 1. Our Sister Brands

    We may share the information we collect about you, such as your postal and email address, customer preferences and purchase history, with affiliated entities that operate our sister brands so they may market to you. Such sister brands include White Barn Candle Co., Victoria's Secret and Victoria's Secret PINK. We will obtain your consent to this sharing to the extent required by applicable law. If you don’t want this information shared with our sister brands, follow the instructions below in What choices do you have over how your information is used? below.

  2. 2. Service Providers and Contractors

    We may share personal information with third-party service providers and contractors whom we engage to provide services to us, such as fulfilling orders; processing payments; providing customer service through chat features; monitoring activity on our Services; delivering surveys and related analysis (which could be combined with Services usage analytics); maintaining databases; hosting and operating our microsites, mobile websites and mobile applications; administering, sending and monitoring emails and text messages; serving online advertisements as described above; and providing consulting services.

  3. 3. Other Marketers

    We may share your personal information (such as your name, postal address, and summary purchase information) with other merchants and merchant exchanges who may use this information to send you offers for their products and services. We will obtain your consent for this sharing to the extent required by applicable law. We may occasionally provide you with the opportunity to opt in to receive email messages from third parties. If you do opt in, we'll share your email address with the specific third party in question. Please review the privacy policies of these third parties to learn more about how they treat your personal information.

  4. 4. Law Enforcement and Emergency Response

    We also may disclose personal information about you (a) if we are required to do so by law or legal process (such as a court order or subpoena); (b) in response to requests by government agencies, such as law enforcement authorities; (c) to establish, exercise, or defend our legal rights; (d) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (e) in connection with an investigation of suspected or actual illegal activity; or (f) otherwise with your consent.

  5. 5. Sale or Merger

    We reserve the right to transfer your information in the event we sell or transfer all or a portion of our business assets (including, without limitation, in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

What choices do you have over how your information is used?

Prev Next

We offer you certain choices in connection with the personal information we obtain about you.

  1. 1. Email

    You may opt out of the Bath & Body Works email list by following the instructions located at the bottom of each commercial email or by completing the email opt-out form If you opt out of the email list, we may still send you operational or transactional messages, such as password-reset or account related information, from the relevant brand or line of business. You may also call us at 1-800-756-5005. For Bath & Body Works Direct TDD, call 1-877-215-5245.

  2. 2. Mobile Text Messaging

    If you've signed up for mobile text messaging offers but later decide you no longer wish to receive these offers, simply follow the opt-out instructions included in the mobile message.

  3. 3. Mobile Push Notifications/Alerts

    With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

  4. 4. Location Information

    You may have the ability to turn location-based services on and off by adjusting the settings of your Internet browser or mobile device or, for some devices, by adjusting the permission settings for our mobile apps to access your location information.

  5. 5. Postal Mail

    If you'd like to specify your preferences for our postal mail, simply follow the instructions on the mailer; or dial 1-800-395-1001 (for our US and Canada customers), (08) 082340481 (for our UK customers), and +1-937-438-4197 (for our customers elsewhere). To reduce postal mail, click here, select “Mailing Address Add/Update” as the topic, select “Unsubscribe me from the mailing list” as the Request Type, then complete and submit the form.

  6. 6. Cookies and Clear Gifs

    Visit How is technology used to serve our advertisements on other online services, and what choices do you have? to learn about how to specify your preferences over our use of cookie and similar technologies.

  7. 7. Other Marketers

    If you don't want your information shared with other merchants and exchanges for those third parties’ own direct marketing purposes, please click here, and follow the instructions on the page to send a written request for our Third-Party Direct Marketing Opt-Out Form. You may also contact us by emailing bbwrequest@bbw.com or by writing to Bath & Body Works, P.O. Box 183025, Columbus, OH 43218-3025, US, and we'll send you a form which you may complete and return to opt out of any such marketing.

  8. 8. Our Sister Brands

    If you don't want your information shared with our sister brands for those brands’ own direct marketing purposes, please contact us at 1-800-395-1001 to make a request. For Bath & Body Works Store Relations TDD, call 1-866-315-3129.

How do you update your personal information?

Prev Next

You may update or modify your billing- and shipping-related information, and other account information, by logging onto our Services (e.g., Your Account on bathandbodyworks.com) or by calling us at 1-800-756-5005. For Bath & Body Works Direct TDD, call 1-877-215-5245.

How do we protect personal information?

Prev Next

We maintain administrative, technical and physical safeguards designed to protect the personal information we collect through our Services against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

Our administrative safeguards include implementing, maintaining, and training employees on company privacy and information security policies and procedures. Our physical and technical safeguards include maintaining physical security policies and standards to protect company systems and data, and a cybersecurity program overseen by our executive leadership team.

Do we collect children's personal information?

Prev Next

Our Services are designed for a general audience and are not directed to children. We do not knowingly collect or solicit personal information from children under the age of thirteen (13) (or other relevant ages, which may apply by virtue of applicable law) through our Services. If we become aware that we have collected personal information from a child under such age, we will promptly delete the information from our records. If you believe a child under such age may have provided us with personal information, please contact us as specified in the Whom should you contact with questions or concerns? section of this Policy.

Where is personal information stored and processed?

Prev Next

Our employees involved in data processing and our servers are based in Columbus, Ohio, US, and other locations throughout the United States. We work with affiliated and unaffiliated service providers in the United States, the United Kingdom, India, China, and other jurisdictions around the world.

Whom should you contact with questions or concerns?

Prev Next

General Inquiries

If you have general questions about our Policy, please contact us. Or contact us via:

ATTN: Privacy Matter
L Brands, Inc.
3 Limited Parkway
Columbus, OH 43230
US
privacy@lb.com

How will we communicate updates to our policy?

Prev Next

This Policy may be updated periodically to reflect changes in our personal information practices. Changes to the Policy will be posted on this page. For significant changes, we will notify you by posting a prominent notice on our Services indicating at the top of the Policy when it was most recently updated.

Supplemental Privacy Notice for California Consumers

Prev Next

If you are a California consumer, the information below (the “California Supplement") also applies to you, in addition to our Online Privacy Policy. Certain terms used in this section have the meaning given to them in California Civil Code § 1798.100 et seq. For clarity, the information below applies to personal information we collect about California consumers both on our Services and offline, such as in our physical retail stores.

  1. 1. Collection and Disclosure

    During the 12-month period prior to the effective date of this Policy, we may have:

    1. Collected the following categories of personal information about you:
      • Identifiers (personal) (including, for example, name, alias, postal address, unique personal identifier, online and device identifier, IP address, email address, account name and number, social security number, telephone number, postal address, or other similar identifiers).
      • Identifiers (Government-Issued Identification Information) (including, for example, driver's license number or state identification card number).
      • Commercial Information (including, for example, records of personal property; products or services purchased, obtained, or considered; marketing histories; purchasing histories or tendencies; purchase profiles; shopping and retail browsing channel preferences; online browsing and website interaction histories; and direct marketing histories).
      • Computing or mobile-device information and internet or other electronic-network-activity information (including, for example, login credentials; online advertisement engagements; and cookies, tags, and similar device or user identifying information).
      • Education and professional information.
      • Financial information (including, for example, banking details and income level).
      • Geolocation information.
      • Inferences (including, for example, predictive information, purchase profiles, shopping profiles and characteristics (e.g., loyalty shopper, cardholder, or online shopper).
      • Personal characteristics, histories, and associations (including, for example, signature; physical characteristics or description; and characteristics of protected classifications under California or federal law).
      • Payment card and transaction information (including, for example, credit card number; debit card number, and other financial information).
      • Household information (including, for example, family size and composition).
      • Incident-related information (including, for example, statements; or insurance, or similar claims).
    2. Collected personal information about you from the following categories of sources:
      • You (for example, through your use of our Services).
      • Your computing or mobile devices.
      • Our technology (for example, through observed consumer interactions with us and through our Services).
      • Our Services and systems.
      • Our vendors.
      • Public records.
      • Our customers’ associations (e.g., through refer-a-friend or -family programs).
      • Social media networks.
      • Advertising networks.
      • Unaffiliated third parties.
    3. Collected or sold personal information about you for the following business or commercial purposes:
      • Facilitate accounting, auditing, and reporting.
      • Deliver analytics (machine generated through computing/mobile devices for performance, monitoring, personalization, and order processing).
      • Deliver advertising through technology (including, for example, to facilitate personalized content, remarketing, online display ads, and interest-based ads).
      • Deliver advertising through direct or mass media (including, for example, via email, SMS, telephone, post, and broadcasts).
      • Facilitate affiliate marketing.
      • Administer claims management, handling, and insurance.
      • Respond to incidents.
      • Deliver customer service.
      • Pursue legal matters.
      • Deliver website, mobile-app, and e-commerce services.
      • Facilitate information security.
      • Facilitate fraud monitoring and prevention.
      • Deliver logistics (including, for example, order management, shipping, and fulfillment).
      • Develop customer information for personalization.
      • Process, fulfill, and ship orders.
      • Deliver shopping and customer engagement (including events and experiences, such as contests, sweepstakes, previews, and shows).
      • Deliver social media engagement.
      • Conduct surveys.
      • Administer technology and ensure technology integrity (including, for example, by maintaining and improving networks; and identifying and fixing problems).
      • Process transactions and payments.
      • Develop, review, and test products and services.
      • Deliver WiFi and similar online services (including in store-service).
      • Perform miscellaneous services.
    4. Shared your personal information with the following categories of third-parties for a business purpose:
      • Affiliated retail brand and entity.
      • Affiliate marketer.
      • Vendor that provides services on our behalf, including:
        • Advertising technology (e.g., online advertising) provider.
        • Advertising via direct marketing (e.g., email, SMS, telephone, post) or mass-media.
        • Claims management (including, for example, legal or insurance) provider.
        • Incident-response service provider.
        • Customer information provider.
        • Customer service provider.
        • Data center/host/cloud-service provider.
        • Focus group host and service.
        • Fraud monitoring and prevention service.
        • Information security service provider.
        • Logistics (for example, order management and fulfillment) provider.
        • Payment and transaction processor.
        • Print and mail vendor.
        • Product and fit tester.
        • Shipping & handling service provider.
        • Social media provider.
        • Solutions (miscellaneous) provider.
        • Store WiFi service provider.
        • Survey administrator.
        • Technology administration and integrity (e.g., systems maintenance, improvement, and solutions) provider.
        • Vendor (miscellaneous) services.
    5. Shared your personal information with the following categories of third-party vendors (qualifying as a data “sale” within the meaning of the California Consumer Privacy Act):
      • Affiliate marketer.
      • Analytics insights (e.g., site performance, site monitoring, shopping personalization, and order processing) provider.
      • Advertising technology (e.g., online advertising) provider.
      • Advertising/direct marketing (e.g., email, SMS, telephone, post) or mass-media provider.
      • Credit card issuer or company.
      • Customer event or experience provider.
      • Product review host.
      • Testing company.
      • Survey company.
      • Social media platforms.
    6. Within the meaning of the California Consumer Privacy Act, “sold” the following categories of personal information about you:
      • Identifiers (personal) (including, for example, name, alias, postal address, online and device identifier, IP address, email address, telephone number, postal address, or other similar identifiers).
      • Commercial Information (including, for example, records of personal property; products or services purchased, obtained or considered; marketing histories; purchasing histories or tendencies; purchase profiles; shopping and retail browsing channel preferences; online browsing and website interaction histories; and direct marketing histories).
      • Computing or mobile-device information and internet or other electronic-network-activity information (including, for example, online advertisement engagements; and cookies, tags, and similar device or user identifying information).
      • Geolocation information.
      • Inferences (including, for example, predictive information, purchase profiles, shopping profiles and characteristics (e.g., loyalty shopper, cardholder, or online shopper)).
      • Personal characteristics, histories, and associations (including, for example, physical characteristics or description).
      • Household information (including, for example, family size and composition).
    7. Disclosed for a business purpose the following categories of personal information about you:
      • Identifiers (personal) (including, for example, name, alias, postal address, unique personal identifier, online and device identifier, IP address, email address, account name and number, social security number, telephone number, postal address, or other similar identifiers).
      • Identifiers (Government-Issued Identification Information) (including, for example, driver's license number or state identification card number).
      • Commercial Information (including, for example, records of personal property; products or services purchased, obtained or considered; marketing histories; purchasing histories or tendencies; purchase profiles; shopping and retail browsing channel preferences; online browsing and website interaction histories; and direct marketing histories).
      • Computing or mobile-device information and internet or other electronic-network-activity information (including, for example, login credentials; online advertisement engagements; and cookies, tags, and similar device or user identifying information).
      • Education and professional information.
      • Financial information (including, for example, banking details and income level).
      • Geolocation information.
      • Inferences (including, for example, predictive information, purchase profiles, shopping profiles and characteristics (e.g., loyalty shopper, cardholder, or online shopper).
      • Personal characteristics, histories, and associations (including, for example, signature; physical characteristics or description; and characteristics of protected classifications under California or federal law).
      • Payment card and transaction information (including, for example, credit card number; debit card number, and other financial information).
      • Household information (including, for example, family size and composition).
      • Incident-related information (including, for example, statements; or insurance, or similar claims).

    We do not sell the personal information of consumers under the age of 16 if we have actual knowledge of the individual’s age.

California Consumer Privacy Rights

You may have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:

  1. the categories and specific pieces of personal information we have collected about you;
  2. the categories of sources from which we collected the personal information;
  3. the business or commercial purpose for which we collected or sold the personal information;
  4. the categories of third parties with whom we shared the personal information; and
  5. the categories of personal information about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold that information or disclosed it for a business purpose.

In addition, you have the right to request that we delete the personal information we have collected from you.

To submit a request, visit Your Data Rights. To help protect your privacy and maintain security, we take steps to verify your identity before granting access to information or complying with a request. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

You also have the right to opt out of the “sale” of your personal information, as that term is defined under the California Consumer Privacy Act. To specify your opt-out preferences, visit Do Not Sell My Personal Information. We will not deny, charge different prices for, or provide a different level or quality of goods or services, if you choose to exercise these rights.

Under California law, we also provide you with a cost-free means to opt-out of our sharing your information with third parties with whom we do not share the same brand name, if that third party will use it for its own direct marketing purposes. You may follow the instructions here to make your request.

Supplemental Privacy & Cookie Notice for Visitors from the European Economic Area

Prev Next

If you are accessing our Services from a member state of the European Economic Area (“EEA”), this EEA Supplemental Privacy Notice applies to you in addition to our Online Privacy Policy. This EEA Supplemental Privacy Notice does not otherwise apply to visitors who are accessing our Services from outside the EEA.

Cookies. We use the following web cookies and other information technologies to provide features on our web and mobile sites to users in the EEA, including cookies that deliver basic visitor experiences, fuller website experiences such as interactivity with third-party content, and our interest-based advertising on other websites.

The following types of cookies (and cookie technology) are enabled when a web or mobile user visits this website:

Cookie/Technology Type Function
User-Input Cookies Enables visitors’ input, choices, or selections across their website experience. Examples include maintaining a shopping cart during a visit or a form throughout a transaction.
Authentication Cookies Identifies visitors through the website after they log in.
Security Cookies Helps to ensure our website’s security when visitors request a service. For example, we use cookies to help secure account creation and login pages.
Multimedia Player Cookies Ensures such things as image quality, network link speed, or buffer information for video and audio playback.
Load-balancing Session Cookies Directs website traffic to a particular data center for the quickest website access, and enables visitors to return to that data center if needed.
Visitor Customization Cookies Stores preferences and visitor experiential histories: remembers language preference, product-page display preference, and whether certain visitor experiences should be displayed, such as email marketing signup, based on past experiences.
Social Media Plug-in Cookies These cookies from social media platforms (like Facebook and Instagram) facilitate content sharing on those platforms.
Remarketing and Interest Based Advertising Cookies Enables our advertising vendors to deliver tailored ads to our visitors on other websites. The ads are based on a visitor’s combined online and offline (e.g. in-store) shopping history and experience with us, as well with our vendors’ network of advertisers.
Analytics and Personalization Cookies Enables us to do things like estimate number of visitors, detect most used search-engine keywords that lead to a webpage, measure page load times, administer visitor surveys, identify navigation issues, serve personalized content on our websites, and improve web capabilities.

To view, specify, and change your cookie preferences, open your cookie preferences. And visit How is technology used to serve our advertisements on other online services, and what choices do you have? to learn more about how to specify your preferences over our use of cookie and similar technologies.

We, the data controller, are Bath & Body Works Direct, Inc., Five Limited Parkway, Columbus, OH 43068, US (+1.937.438.4064, or via https://www.bathandbodyworks.com/customer-care/contact-us). Our authorized Privacy Representative in the EEA is located at Privacy Liaison, Victoria’s Secret UK Limited, 16 Garrick St. WC2E 9BA London, UK (08) 082340481.

You may contact our data protection officer at:

ATTN: Privacy Matter
L Brands, Inc.
3 Limited Parkway
Columbus, OH 43230
US
privacy@lb.com

The legal basis for our processing of your personal data in connection with our Services is Article 6.1(b) EU GDPR, which allows processing of personal data as necessary for the performance of a contract. When you access our Services, you form a contract with us based on our Site Terms, Conditions and Notices and we need to process your personal data to respond to your requests, ship products to you, and satisfy our obligations with respect to the other purposes listed in this Policy.

As exceptions, we rely on your consent with respect to cookies and direct marketing emails per Article 6.1(a) EU GDPR, and legitimate interests under Article 6.1(f) EU GDPR, especially with respect to situations where we must process your personal data to comply with applicable laws.

Recipients or categories of recipients of your personal data are employees of our company and affiliated and non-affiliated services providers who have a need to know.

When you access our Services, you transfer your personal data to the United States of America and India for which the European Union Commission has not yet issued an unlimited adequacy decision.

We will process and keep your personal information for as long as is necessary for the purposes set out in this Policy, for our legitimate business needs, and for compliance with the law.

You have a right to request from us these EU GDPR rights concerning your personal data: access to data; rectification of data; erasure of data; restriction on processing; objection to data processing; and data portability. You can exercise these rights through a combination of actions: (a) visit Your Data Rights; (b) access the information in your account; (c) exercise your opt-out options through our Services; or (d) call +1-937-438-4064.

If you have provided consent for direct marketing emails or other data processing, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You have the right to lodge a complaint with a supervisory authority.

We do not use automated decision-making, including profiling, as referred to in Article 22(1) EU GDPR, that is, in a way that produces legal effects concerning you or significantly affects you. Our Services’ customization technologies and e-commerce processes are automated, but do not produce legal effects or affect you significantly as contemplated by Article 22(1) or (2) EU GDPR.

You can contact us with any questions, or to exercise your rights by calling our Customer Care Center at +1-937-438-4064.