This Privacy Policy ("Policy") explains what personal information/data (“personal information”) is collected when you apply for an employment opportunity with us in person or through our websites and online services, how we use that information, to whom we disclose it, how we safeguard personal information, and how you can exercise your privacy rights. Personal information is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual, consumer or household. We refer to Bath & Body Works, Inc., Bath & Body Works Brand Management, Inc., Bath & Body Works (Canada) Corp., Bath & Body Works Direct, Inc., and Bath & Body Works, LLC (Three Limited Parkway, Columbus, OH 43230) as "we," "us," or "our" throughout this Policy.
Unless indicated otherwise, this Policy applies only to personal information collected through the websites, bbwinc.com and careers.bathandbodyworks.com (in the U.S., Puerto Rico, Canada, China—including Hong Kong, India, UAE, and Vietnam), microsites, and other online services that expressly adopt, and display or link to, this Policy (collectively, the “Services”).
This Policy addresses these topics:
We collect personal information that you provide directly to us (such as through the job application process) as well as information your devices provide to us automatically, as described below. We may also collect personal information indirectly with consent. For example, we collect background verification information from third-party background screening providers, and we may also obtain personal information from recruitment agencies or job references.
1. Information You Provide
When you visit our Services, you may provide us with certain personal information, such as your name, address, phone number, email address, company information, phone number, and any other information you choose to provide. If you apply for a career opportunity with us or register to be included in our Talent Community candidate database, we may also collect certain other information, such as your work experience and resume, birthday (where permitted), educational history, job preferences and interests, and other information you provide in connection with an application for employment. If you create a profile on careers.bathandbodyworks.com, we will also collect your profile username and password.
We collect this information at various places on our Services. For instance, when you subscribe for investor alerts, we will request that you provide your email address. We may also collect your information if you register on careers.bathandbodyworks.com and create a profile.
If you apply for a career opportunity with us, we might contact you to obtain additional identifying information to complete the application process, including background checks and other checks to verify the information you have provided to us. We will only carry out background checks that are considered relevant to the role for which you are applying and with your consent (where required by applicable law). If you are offered employment with us, we may also ask you to provide certain personal information required to complete the onboarding process for the role which you have been offered. For example, we may also collect social security number (or local equivalent), bank account numbers, dependent personal information, marital status, gender, date of birth, and emergency contact information.
Please be advised that some employment applications may be automatically filtered from consideration through an automated processing system, for example, if the resume does not meet certain minimum criteria. If you have any questions, please contact us as set out below.
2. Information We Collect Automatically and with the Assistance of Our Third-Party Service Providers
When you interact with our Services, we obtain certain information by automated means, including the following:
Location Information: With your consent, we may access your location data through your device in order to provide you a service you request, such as searching for a job near you.
Navigational Information: When you access our Services, we may collect navigational information such as information about where visitors go on our Services, how many visits are made to the Services, when the Services are visited and other information such as domain type, browser information, service provider identification, and IP address.
Device Information: We may obtain information about the computer or mobile device used to access our Services, such as the hardware model, operating system and version, identification numbers assigned to your mobile device, such as the ID for Advertising (IDFA) on Apple devices, and the Advertising ID on Android devices, mobile network information, and website usage behavior.
Cookies, Clear Gifs, Analytics Services, and Similar Technologies: To better understand how you interact with our Services, we may collect information using cookies, clear-gifs (also known as web beacons, web bugs, or pixels), analytics services (such as session replay software), and similar technologies.
Cookies are small amount of data that's stored by your browser on your device. They are used to do things like see how you navigate our Services and determine browser plug-ins. This helps us improve and deliver our Services, provide better customer service, and tailor and improve your online experience.
Clear gifs are nearly invisible pixel-sized graphic images on a web page, web-based document or email message. They help us do things like view the URL of the page on which the clear gifs appear and the time the site, document or email in question is viewed. Clear gifs in emails help us confirm the receipt of, and response to, our emails.
In addition to cookies and clear gifs, we may also use device identifiers, web storage, third-party-provided analytics services (such as session replay services), and other technologies and services to collect information about your interactions with our content and Services. Session replay services consists of an analytics application that allow us to capture and analyze your interaction with our Services to better identify and repair any technical errors and optimize our Services. Such technologies and third-party-provided services may observe or record your activities when using our Services, including movements, scrolling, visit duration, clicks, information typed, and other interactions.
The above technologies may be used to help us understand which of our website’s features online users utilize most: for example, by keeping track of the number of times our Environmental Responsibility statement is accessed. They also may be used to help us diagnose, troubleshoot, optimize, debug, rectify, and fix our Services. Cookies, clear gifs, session replay services, analytic services, and similar technologies and services also allow us to associate your online navigational information with any personal information you provide (such as name, address, phone number, and email address). We associate this information to deliver services to you; improve our business and sites; transact business; and direct marketing and/or information relating to job opportunities and applications on this and other online websites and services, and through a variety of media like email, mobile advertising, and direct mail.
For information about your options with respect to cookies, navigate to What choices do you have over how your information is used? below.
3. How We Use the Information We Obtain
We use the personal information we collect about you through the Services to:
communicate with you and respond to your requests;
sending you communications and email alerts you have requested, such as Bath & Body Works, Inc. financial information by email;
evaluate the effectiveness of our website, analyze trends, and administer our website (including, for example, by maintaining and improving networks; and identifying and fixing problems);
provide customer service;
improve our Services and the interactions visitors have with our Services;
personalize and enhance your experience with our Services;
enable you to interact with third-party content service providers, whether by linking to their sites, displaying their content within our online environment, or by displaying our content within their online environment;
maintain and create information for statistical purposes;
if you apply for employment with us, evaluate your suitability for employment (including obtaining additional information about you from third parties for this evaluation), carry out a background check, send you job alerts (if you request them), and communicate with you about jobs and positions that may match your skills and interests; and
if you have asked to be included in our Talent Community candidate database, to contact you about job openings that may be of interest to you.
4. Third-Party Service Providers
communications and interactive experiences with us. These third-party services are integrated into all the data and communications processing activities that are covered by this Policy. When you interact or communicate with us, you are also interacting and communicating with or through our third-party service providers and their technologies (session replay, for instance). These processing services and activities include, for example, providing customer service through chat or chatbot features (to the extent they are used); monitoring activity on our Services; delivering surveys and related analysis (which could be combined with Services usage analytics); maintaining databases; hosting and operating our microsites, mobile websites and mobile applications; administering, sending, and monitoring emails and text messages; providing consulting services; and delivering analytics to provide certain features on our Services and analyze our visitors’ preferences for us (e.g., through the use of some or all the technologies described above, such as cookies, clear gifs, session replay, and web server logs).
Two third-party analytic services that we use are Google Analytics and Adobe Analytics. To learn more about Google Analytics and how to opt out, please visit https://support.google.com/analytics/answer/181881?hl=en. To learn more about Adobe Analytics and how to opt out, please visit https://adobe.com/privacy/opt-out.html.
We link to third-party sites and services, or otherwise display third-party content through our Services, for your convenience and ease of reference. Those third-party sites and services may operate independently of us. The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of those parties, which we strongly suggest you review. To the extent any linked third-party sites and services are not owned or controlled by us, we are not responsible for these third parties’ information practices.
Here are examples of the types of third-party content and services available through or via our Services:
Stock Information: We may facilitate easy access to information about the performance of our stock through third-party websites such as the SEC’s EDGAR database.
Social Networking and other Third-Party Sites and Services: We may at times facilitate easy access to third-party sites and online services, like social networks and other services that host user-generated content. This may include easy click-through access, or the ability for you to share content on third-party services. The third-party's privacy policy applies to any information or content you provide through these services.
Annual Reports and Proxy Statements: We enable you to navigate easily to The Public Register and Broadridge, where you can request a hard copies or e-deliveries of our Annual Reports and Proxy Statements.
We may share, or enable access to, information about you with certain unaffiliated entities and affiliates, as described below, and as otherwise described in this Policy:
Service Providers, Contractors, and Processors: We use affiliated and unaffiliated service providers, contractors, and processors (including the third-party service providers described above) to help handle parts of our business because of their expertise, resources, or scale. They help us do things like fulfill requests, operate our Services, monitor activity on our Services, analyze use of our Services, maintain databases, administer and monitor emails, evaluate applications for employment and conduct background checks, and provide consulting services. They may also assist us in hosting microsites and mobile websites where you may provide personal information about yourself and where they may observe information about you in the same way as described above (visit What information do we collect and how do we use it? to learn more).
Law Enforcement, Legal Disclosures, and Emergency Response: We and our third-party service providers may disclose personal information about you (a) if we are required or permitted to do so by law or legal process (such as a court order or subpoena); (b) in response to requests by courts or government agencies, such as law enforcement authorities the jurisdictions in which we or our third-party service providers process your personal information; (c) to establish, exercise, or defend our legal rights; (d) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (e) in connection with an investigation of suspected or actual illegal activity; or (f) otherwise with your consent.
Sale, Merger, Demerger, Transfer, or Similar Event: We reserve the right to disclose and/or transfer your personal information in the event we sell or transfer all or a portion of our business assets (including, without limitation, in the event of a prospective or completed merger, demerger, spin off, acquisition, joint venture, reorganization, dissolution, or liquidation).
Email: You may remove yourself from the bbwinc.com email list by following the removal instructions located at the bottom of each E-mail Alert. If you would like to stop receiving job alert emails, you may similarly follow the unsubscribe link located at the bottom of each email. Note that if you opt out of job alert emails from us, we may still send you operational or transactional email messages in connection with your application for employment (such as emails related to your application, updating your account information). Opting out of job alert emails also will not automatically remove you from our brands’ marketing lists or the bbwinc.com email list. If you have joined our Talent Community, you can unsubscribe from receiving communications about jobs that may be of interest to you by following the unsubscribe link located at the bottom of each email.
Cookies and Clear Gifs: You may view and specify your preferences over the use of cookie and similar technologies on bbwinc.com (our corporate information site) by opening Cookie Preferences for bbwinc.com found on the bottom left-hand corner. And you may do the same for careers.bathandbodyworks.com by accessing the cookie preferences gear control at the bottom right-hand corner of careers.bathandbodyworks.com. Note that your cookie preferences are specific to each of these two sites and address future cookie placement, only. You may also specify your preferences with respect to companies that participate in a centralized registry. To learn about how to opt out of interest-based advertising in general, click the following: NAI Opt Out or DAA Opt Out (for Canadian residents, see the DAAC Opt Out). Additionally, your browser may offer the ability to block or delete cookies from your device. Simply follow your browser's instructions on how to block and clear cookies. Please note that, without cookies, you may not to be able to use all features of our Services.
Withdrawing an Employment Application: If at any time you wish to withdraw your application for employment, please log in to your account at careers.bathandbodyworks.com and select “Withdraw Your Application.” You may also withdraw your application by writing to us at:
Human ResourcesBath & Body Works, Inc.
Three Limited Parkway
Columbus, OH 43230
USA
Mobile Text Messages: By providing your telephone number, you agree to the Telephone/Message Terms, including the individual arbitration provision therein, and consent to receive automated text messages from Bath & Body Works, and unaffiliated entities acting on our behalf, regarding any matters related to your application, as well as other or future job opportunities that matches your skills, experience, or preferences. If you are receiving mobile text messages, for example related to an application or employment opportunities, but you no longer wish to receive these text messages, simply reply STOP to any text message. Message and data rates may apply.
Location Information: You may have the ability to turn location-based services on and off by adjusting the settings of your internet browser or mobile device.
Depending on your jurisdiction, you may have the right to request access to or correction/rectification of your personal information, or to withdraw your consent. You can exercise these rights by contacting us at the contact information below. If you are a job applicant, you may also update or modify certain personal information by logging into your account at careers.bathandbodyworks.com.
We maintain administrative, technical, organizational, and physical safeguards designed to protect the personal information we collect through our Services against accidental, unlawful destruction, loss, alteration, access, disclosure, or use.
Our administrative and organizational safeguards include implementing, maintaining, and training employees on company privacy and information security policies and procedures. Our physical and technical safeguards include maintaining physical security policies and standards to protect company systems and data, and a cybersecurity program overseen by executive leadership team and the Bath and Body Works board of directors.
Our employees involved in data processing and our servers are based in Columbus, Ohio, US, and other locations throughout the United States. We work with affiliated and unaffiliated service providers or processors in the United States, Canada, the United Kingdom, India, China, and other jurisdictions around the world. This means that personal information will be communicated outside of the jurisdiction in which you reside (including, for residents of Quebec, outside Quebec).
If you have general questions or concerns about our Policy, or the manner in which we or our service providers treat your personal information, please feel free to contact us via:
ATTN: Chief Privacy Officer
Bath & Body Works, Inc.
3 Limited Parkway
Columbus, OH 43230
US
We are committed to protecting personal information and have implemented a comprehensive set of policies and practices that govern our treatment of personal information. These policies and procedures include, among other things, the following:
We have implemented policies and procedures to protect personal information in our custody and control from unauthorized access, use or disclosure.
We have implemented processes to respond to data subject requests and complaints in a timely and effective manner.
As set out above, we have implemented a framework for the retention and destruction of personal information to ensure compliance with legal obligations, and to securely destroy personal information once no longer required.
We have designated a Privacy Officer who is responsible for overseeing the company’s compliance with privacy legislation.
We have implemented a privacy framework that defines the roles and responsibilities for our employees with respect to the treatment of personal information.
We provide our employees with regular privacy training and awareness.
Additionally, for California, Colorado, Connecticut, Utah, and Virginia, our Policy contains the following:
If you are a California, Colorado, Connecticut, Utah, or Virginia resident, the information below (the “Certain States Supplement") also applies to you, in addition to our Bath & Body Works, Inc. Privacy Policy. Certain terms used in this section have the meanings given to them in the California Consumer Privacy Act found at California Civil Code § 1798.100 et seq and its implementing regulations (the “CCPA”); the California Privacy Rights Act found at California Civil Code § 1798.100 et seq and its implementing regulations (the “CPRA”); the Colorado Privacy Act found at Colo. Rev. Stat. § 6-1-1301 et seq. (the “CPA”); the Connecticut Data Privacy Act found at Conn. Gen. Stat. Ann. §§ 42-515 to 42-525 (the “CTDPA”), the Utah Consumer Privacy Act found at Utah Code §§ 13-61-101 to 13-61-404 (the “UCPA”), and Virginia Consumer Data Protection Act found at Va. Code Ann. § 59.1-571 et seq. (the “VCDPA”). For clarity, the information below applies to personal information we collect about California, Colorado, Connecticut, Utah, or Virginia residents both on our Services and offline, such as in our corporate offices.
1. Collection and Disclosure
During the 12-month period prior to the effective date of this Policy, we may have:
A: Collected the following categories of personal information about you:
Identifiers (personal) (including, for example, name, alias, postal address, unique personal identifier, online and device identifier, IP address, email address, account name and number, social security number, telephone number, postal address, or other similar identifiers).
Identifiers (others) (including, for example, insurance policy number, certain financial information, and health insurance information).
Personal characteristics, histories, and associations (including, for example, martial status, gender or gender expression, age, and characteristics of protected classifications under California or federal law).
Commercial information (including, for example, online browsing and website interaction histories; and direct marketing histories).
Biometric information (including, for example, signature and physical characteristics or description).
Computing or mobile-device information and internet or other electronic-network-activity information (including, for example, login credentials; online advertisement engagements; and cookies, tags, analytic services, and similar device or user identifying information).
Geolocation information (approximate) (including, for example, through the mobile app).
Photographs, video and audio recordings, and similar information.
Professional or employment-related information (including applications, professional history, and work history).
Educational information.
Inferences (including, for example, preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes).
Sensitive Personal Information (including, for example, social security number; driver’s license number or other state identification card number; precise geographic location, and login credential).
Financial information (including, for example, banking details and income level).
Household information (including, for example, family size and composition).
Incident-related information (including, for example, statements; or insurance, or similar claims).
B. Collected personal information about you from the following categories of sources:
You (for example, through your use of our Services).
Your computing or mobile devices.
Our technology (for example, through observed your interactions with us and through our Services).
Our Services and systems.
Our vendors, such as background check companies.
Public records.
Your associations (e.g., through referral programs).
Social media networks.
Advertising networks.
Credit reporting agencies.
Unaffiliated third parties.
C. Collected, disclosed, or processed personal information about you for the following business or commercial purposes (supplementing the information described above in our Privacy Policy):
Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, or providing similar services.
Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance.
Enabling short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
Undertaking internal research for technological development and demonstration.
Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
Facilitating accounting, auditing, and reporting.
Delivering advertising through technology (including, for example, to facilitate personalized content, remarketing, online display ads, and interest-based ads).
Facilitating affiliate marketing.
Administering claims management, handling, and insurance.
Responding to incidents.
Delivering customer and associate services.
Pursuing legal matters.
Delivering website, mobile-app, and e-commerce services.
Facilitating information security.
Conducting surveys.
Administering technology and ensuring technology integrity (including, for example, by maintaining and improving networks; and identifying and fixing problems).
D. Disclose your personal information with the following categories to unaffiliated entities and affiliates:
Affiliated retail brands and entities.
Vendors who provide services on our behalf, including:
Claims management (including, for example, legal or insurance) provider.
Incident-response service provider.
Customer information provider.
Customer service provider.
Data center/host/cloud-service provider.
Focus group host and service.
Fraud monitoring and prevention service.
Information security service provider.
Logistics (for example, order management and fulfillment) provider.
Payment and transaction processor.
Print and mail vendor.
Product and fit tester.
Shipping & handling service provider.
Social media provider.
Solutions (miscellaneous) provider.
Survey administrator.
Technology administration and integrity (e.g., systems maintenance, improvement, and solutions) provider.
Vendor (miscellaneous) services.
E. Disclosed for a business purpose the following categories of personal information about you:
Identifiers (personal) (including, for example, name, alias, postal address, unique personal identifier, online and device identifier, IP address, email address, account name and number, social security number, telephone number, postal address, or other similar identifiers).
Identifiers (Government-Issued Identification Information) (including, for example, driver's license number or state identification card number).
Personal characteristics, histories, and associations (including, for example, signature; physical characteristics or description; and characteristics of protected classifications under California or federal law).
Commercial Information (including, for example, online browsing and website interaction histories; and direct marketing histories).
Computing or mobile-device information and internet or other electronic-network-activity information (including, for example, login credentials; online advertisement engagements; and cookies, tags, analytic services, and similar device or user identifying information).
Geolocation information.
Photographs, video and audio recordings, and similar information.
Professional or employment-related information (including applications, professional history, and work history).
Education and professional information.
Inferences (including, for example, preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes). Household information (including, for example, family size and composition).
Sensitive Personal Information (including, for example, social security number; driver’s license number or other state identification card number; precise geographic location, and login credential).
Financial information (including, for example, banking details and income level).
California, Colorado, Connecticut, Utah, and Virginia Consumer Privacy Rights (for visitors of bbwinc.com and careers.bathandbodyworks.com)
Visitors of bbwinc.com may request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:
the categories and specific pieces of personal information we have collected about you;
the categories of sources from which we collected the personal information;
the business or commercial purpose for which we collected the personal information;
the categories of third parties with whom we disclose the personal information; and
the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
In addition, you have the right to request that we delete the personal information we have collected from you.
If you are a resident of California, Colorado, Connecticut, Utah, or Virginia and want to submit a data subject request under the CCPA/CPRA, CPA, CTDPA, UCPA, or VCDPA, visit bbwinc.com Data Rights. If you are also a customer of Bath & Body Works, you may submit a separate data subject request by visiting Bath & Body Works Data Rights.
To help protect your privacy and maintain security, we take steps to verify your identity before granting access to information or complying with a request. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
You have the right to opt out of the “sale” or “sharing” of your personal information, as those terms are defined under the respective state’s privacy law. If you are a Connecticut, Utah, or Virginia consumer, you may submit your request through our Targeted Ad Preferences (Certain States) link, which will include your rights to opt out of targeted ads, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. To specify your opt-out preferences, visit Do Not Sell or Share My Personal Information (Certain States), Targeted Ad Preferences (Certain States), or call us at 1-800-756-5005. For assistance, contact us via Telecommunications Relay (TRS) Service by dialing 711, or by using an Internet Protocol Relay Service.
We will only process Sensitive Personal Information where it is necessary to achieve the purposes for which the information was granted, carry out our legal obligations, or exercise specific rights as permitted by law. Sensitive Personal Information is any information that reveals your race, ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, personal information of a known child, or precise geographic data.
We seek to retain information as necessary to effectively service you; assist you with service-related matters; and comply with our legal obligations. The need to retain personal information varies with the type of information and the purpose for which it was collected. We strive to ensure that personal information is retained for the period to fulfill the purpose for which it was collected and is deleted when no longer required per our retention policies.
This policy covers all information, including sensitive personal information, collected by us and stored on our owned or leased systems and media, regardless of location. It applies to both information collected and held electronically (including photographs, video and audio recordings) and information that is collected and held as hard copy or paper files. The need to retain certain information may be mandated by federal, state or local laws or regulations, legitimate business purposes, litigation holds, or any combination thereof.
We retain all categories of consumer personal information to:
provide service to you as you are actively engaging with us and for a set period thereafter;
comply with applicable labor, tax and immigration laws;
comply with other regulatory requirements;
conduct investigations;
preserve intellectual property rights; and
assist in defense or prosecution of any litigated or threatened matter.