Skip to content
Bath & Body Works, Inc.
Home / States Privacy Rights (Certain States)

California, Colorado, Connecticut, Utah, and Virginia Privacy Rights Summary Notice

Bath & Body Works respect your concerns about privacy. If you are a California, Colorado, Connecticut, Utah, or Virginia consumer, the information on this Privacy Rights Summary Notice (the “Summary Notice”) page applies to you.

This Summary Notice explains the categories of personal information/data (“personal information”) that we collect and how we use them in accordance with the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act [“CPRA”]), the “Shine-the-Light” law, the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), and the Virginia Consumer Data Protection Act (“VCDPA”) (collectively, the “Privacy Laws”).

This also delivers information on certain opt-out rights concerning (1) disclosures, “sales,” or “sharing” of personal information to third parties, (2) the use of third-party information to deliver “targeted ads,” and (3) “profiling” in furtherance of decisions that produce legal or similarly significant effects. Finally, this describes how we use “sensitive personal information” and our retention schedule for each category of personal information.

Personal Information Collection

We may collect (and may have collected during the 12-month period prior to the effective date of this Policy) the following categories of personal information about you:

  • Identifiers (personal) (including, for example, name, alias, postal address, unique personal identifier, online and device identifier, IP address, email address, account name and number, telephone number, postal address, and other similar identifiers).

  • Identifiers (others) (including, for example, insurance policy number, certain financial information, and health insurance information).

  • Personal characteristics, histories, and associations (including, for example, marital status, gender or gender expression, age, and characteristics of protected classification under California or federal law).

  • Commercial Information (including, for example, records of personal property; products or services purchased, obtained, or considered; marketing histories; purchasing histories or tendencies; purchase profiles; shopping and retail browsing channel preferences; online browsing and website interaction histories; and direct marketing histories).

  • Biometric information (including, for example, signature; and physical characteristics or description).

  • Computing or mobile-device information and internet or other electronic-network-activity information (including, for example, online advertisement engagements; and cookies, tags, and similar device or user identifying information).

  • Geolocation information (approximate) (including, for example, through the mobile app).

  • Audio and visual information (including, for example, videos you upload with a review or in-store security cameras).

  • Professional or employment-related information (including applications, professional history, and work history).

  • Education information.

  • Inferences (including, for example, predictive information, purchase profiles, shopping profiles and characteristics (e.g., loyalty shopper, cardholder, or online shopper)).

  • Sensitive Personal Information (including, for example, social security number; driver’s license number or other state identification card number; login credential; and precise geographic information).

  • Financial information (including, for example, banking details and income level).

  • Payment card and transaction information (including, for example, credit card number; debit card number, and other financial information).

  • Household information (including, for example, family size and composition).

  • Incident-related information (including, for example, statements; or insurance, or similar claims).

Our products and services are designed for a general audience and are not directed to children. We do not knowingly collect or solicit personal information from children under the age of thirteen (13) (or other relevant ages, which may apply by virtue of applicable law).

Personal Information Uses

During the last 12 months, we may have used the personal information we collect for the following business or commercial purposes:

  • Facilitate accounting, auditing, and reporting.

  • Deliver analytics (machine generated through computing/mobile devices for performance, monitoring, personalization, and order processing).

  • Deliver advertising through technology (including, for example, to facilitate personalized content, remarketing, online display ads, and interest-based ads).

  • Deliver advertising through direct or mass media (including, for example, via email, SMS, telephone, post, and broadcasts).

  • Facilitate affiliate marketing.

  • Administer claims management, handling, and insurance.

  • Respond to incidents.

  • Deliver customer service.

  • Pursue legal matters.

  • Deliver website, mobile-app, and e-commerce services.

  • Facilitate information security.

  • Facilitate fraud monitoring and prevention.

  • Deliver logistics (including, for example, order management, shipping, and fulfillment).

  • Develop customer information for personalization.

  • Process, fulfill, and ship orders.

  • Deliver shopping and customer engagement (including events and experiences, such as contests, sweepstakes, previews, and shows).

  • Deliver social media engagement.

  • Conduct surveys.

  • Administer technology and ensure technology integrity (including, for example, by maintaining and improving networks; and identifying and fixing problems).

  • Process transactions and payments.

  • Develop, review, and test products and services.

  • Deliver WiFi and similar online services (including in store-service).

  • Perform miscellaneous services.

Full Privacy Policy

You may you may review our complete Privacy Policy by clicking here, including the Supplemental Privacy Notice for California, Colorado, Connecticut, Utah, and Virginia Consumers by clicking here.

Opting Out of “Sale” or “Share” of Personal Information and “Targeted Ads” or “Profiling”

You also have the right to opt out of the “selling” or “sharing” of your personal information and the right to opt out of “targeted ads” or “profiling,” as these terms are defined under the Privacy Laws. We do not have actual knowledge that we sell or share personal information of consumers under the age of 16.

To specify your preferences, California and Colorado consumers may visit Do Not Sell or Share My Personal Information and Connecticut, Utah, and Virginia consumers may visit Targeted Ad Preferences. We will not deny, charge different prices for, or provide a different level or quality of goods or services, if you choose to exercise any of your privacy rights.

Opting Out of Information Disclosures to Unaffiliated Third Parties

In addition to the rights mentioned above, we provide you with a cost-free means to opt-out of our sharing your information with third parties with whom we do not share the same brand name, if that third party will use it for its own direct marketing purposes.

If you would like to exercise this right under California law, please click here.

Sensitive Personal Information

We will only process Sensitive Personal Information where it is necessary for the purposes of carrying out our legal obligations or exercising specific rights as permitted by law. For an explanation of Sensitive Personal Information or how you can change your mobile app settings, please click here.

Retention Policy

We seek to ensure that we retain only information necessary to effectively service our customers; provide relevant product assortments and advertisements; assist you with customer service-related matters; and comply with our legal obligations. The need to retain personal information varies widely with the type of information and the purpose for which it was collected. We strive to ensure that personal information is only retained for the period to fulfill the purpose for which it was collected and is deleted when no longer required per our retention policies. For a full summary, please click here.

Contact Information

If you have general questions about this Summary Notice, please contact us via:

ATTN: Privacy Matter
Bath and Body Works, Inc.
3 Limited Parkway
Columbus, OH 43230
US

Updates

Last Updated: July 1, 2023