This Policy was last updated on February 21, 2025
Victoria’s Secret & Co. and its associated retail brands, including Victoria's Secret and Victoria's Secret Pink (“Pink”) respect your concerns about privacy. This Privacy Policy ("Policy") explains what personal information we collect through our Services (as defined below), how we use that information, to whom we disclose it, and how we safeguard personal information. Unless indicated otherwise, this Policy applies only to personal information collected from and about you through your use of the websites, microsites, mobile applications, and other online services of Victoria's Secret and Pink that expressly adopt, display, or link to this Policy, and then only to the extent indicated, and through your interaction with us offline, including when you visit or make a purchase at our physical retail stores in the United States and Canada (not including Puerto Rico) (collectively, the “Services”).
This Policy addresses these topics:
- I. What information do we collect and how do we use it?
- II. How is technology used to serve our advertisements on other online services and what choices do you have?
- III. How do our Services interact with third-party services and content?
- IV. What information do we share with, or disclose to, third parties and our sister brands?
- V. What choices do you have over how your information is used?
- VI. What rights do you have over your personal information?
- VII. How do you update your personal information?
- VIII. How do we protect personal information?
- IX. Where is personal information stored and processed?
- X. Do we collect children's personal information?
- XI. Whom should you contact with questions or concerns?
- XII. How will we communicate updates to our Policy?
Additionally, our Policy contains the following:
I. What information do we collect and how do we use it?
-
Information You Provide
When you visit our Services, you may provide us with certain personal information, such as your name, address, phone number, email address, personal preferences, payment card number, purchase and ordering information, demographic information, responses to survey questions, sizing information and any other information you choose to provide. Our Services may also give you the option to upload or share pictures or videos of yourself and others.
We collect this information at various places on our Services, such as when you check out with your online order or make a purchase in one of our stores; engage with our mobile applications; subscribe to catalogs, email offers, and mobile messaging offers; participate in surveys; enter contests or sweepstakes; or interact with special-event or program offers.
We may also collect information that you provide on our Services about people you know. For example, we collect your gift recipient's contact information to process your gift orders. We may also collect contact information about your friends and family members when you participate in one of our refer-a-friend programs. In these instances, we may send a message to your friend or family member on your behalf (so please only submit email addresses of individuals with whom you have a personal or family relationship and who would want to receive the message from you).
-
Information Your Devices Provide Automatically
When you interact with our Services, we may obtain certain information by automated means, including the following:- Location Information
We may obtain information about your location when you access or use our Services: for example, via your browser information and other similar device or browser attributes (like IP address), our store locator page, or our mobile applications. For more details, please see What choices do you have over how your information is used? below.
- Navigation Information
When you access our Services, your computer, phone, or other device may provide, or we may obtain, navigational information, such as browser type and version, service-provider identification, IP address, the site or online service from which you came, and the site or online service to which you navigate.
- Device Information
We also may obtain information about the computer or mobile device you use to access our Services, such as the hardware model, operating system and version, identification numbers assigned to your mobile device, such as the ID for Advertising (IDFA) on Apple devices, and the Advertising ID on Android devices, mobile network information, and website or app usage behavior.
- Usage Information
We may collect information about your activity on our Services including via technologies supplied by our third-party service providers. Examples of such information include your access dates and times, pages or screens viewed, how long you spent on a page or screen, the routes by which you access a page or screen, searches you conduct on the Services, information about your activity on a page or screen (e.g., links clicked, mouse movements, page or screen scrolling, and keystrokes), app crashes and other system activity, products viewed, and your use of any hyperlinks available within our Services (“Usage Information”). Usage Information may be used to create a “session replay” of your activity on our Services.
- Cookies, Pixels and Similar Technologies
To better understand how you interact with our Services, we may collect information using cookies, pixels, clear-gifs, web beacons, tags and similar technologies.
A cookie is a small amount of data that's stored by your browser on your device. It's used to do things like see how you navigate our Services, what you click on, maintain items in your shopping cart, remember you and your online purchases when you return, and recognize you and honor a special deal for you when you redeem one of our offers from a third party's site. This helps us improve and deliver our Services, provide better customer service, tailor and improve your online experience, and tailor offers to you based on your unique tastes and a combination of your online and offline (e.g., in-store) interactions and purchase history.
A pixel (also known as a clear-gif, web beacon or tag) is a small (often pixel-sized) graphic image on a web page, web-based document or email message. It helps us collect information about your interactions with our Services, including information about the site, page, document or email that you viewed and when you viewed it; and recognize you and honor a special deal for you, when you navigate from a third party's site to redeem one of our offers that may have appeared there. Pixels in emails help us confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized or better online experience.
In addition to cookies and pixels, we may also use device identifiers, web storage, and other technologies to collect information about your interactions with our content and Services.
These technologies, illustrated above, may be used to help us see which of our interactive experiences online users like most. Cookies, pixels, and similar technologies also allow us to associate your online navigational information and purchases and interactions (both online and offline) with personal information you provide (such as name, address, phone number, survey responses, and email address). We associate this information to deliver products and services to you; improve our business; transact business; and market our products and services on this and other online services, and through a variety of media like email, mobile advertising, and direct mail.
For information about your options with respect to cookies, see What choices do you have over how your information is used? below.
- Location Information
-
Information Derived Through or Provided by Others
Affiliated entities, sister brands, vendors, social media networks, analytics companies and advertising networks may provide us with, or supplement, information about you. We may use this information for a variety of operational or marketing purposes, such as to correct shipping information, market to you, deliver more relevant offers through customer insights, improve our business, and transact business.
-
How We Use the Information We Obtain
We use the personal information we obtain through the Services to:- deliver our Services
- process your orders; including to send you an e-receipt in store, where available and upon request;
- facilitate payment and transactions;
- create and manage your online account;
- personalize your online experience with content and offers that are tailored to your interests;
- provide personalized search bar results on the Services;
- provide customer service and respond to your inquiries and requests;
- include you in surveys and contests;
- enable you to post your content, such as comments, images or videos;
- facilitate networks of online social activity centered around our products and services;
- improve, troubleshoot, or otherwise analyze the use of our Services, either individually or in the aggregate, including the manner in which offers are made on our Services, and the interactions and experience visitors have with our Services;
- enable you to interact with third-party content service providers, whether by linking to their sites, viewing their content within our online environment, or by viewing our content within their online environment;
- protect us and you from fraud, security threats, emergencies, and other illegal or harmful activity
- comply with legal and regulatory requirements, as well as monitor compliance of internal policies
- market our products and services that may be of interest to you; and
- create aggregated, pseudonymized or anonymized information for statistical purposes.
-
Third Party Analytics and Personalization Services
We may use third-party analytics and personalization services to analyze site metrics and performance, analyze our visitors' preferences, and serve personalized content to you through the use some or all of the technologies described above, such as cookies, pixels and similar technologies.
-
Radio Frequency Identification (RFID) Technology Notice
We place RFID tags on our online and in-store merchandise to maintain inventory, ensure adequate product availability, and for fraud monitoring and prevention. The RFID tags contain product and inventory information, and do not otherwise store your personal information. We do not link the RFID information with your account, address or payment details or other personal information.
RFID tags are identified to enable you to remove them after purchase.
II. How is technology used to serve our advertisements on other online services and what choices do you have?
On our Services, we and third parties may collect information about your online activities to provide you with advertising about products and services tailored to your interests.
We contract with third-party advertising companies, which may collect information about your use and interactions with the Services, over time and across third-party websites and online services, for use in delivering online display and banner advertising to you on other websites and online services tailored to your inferred preferences and interests. To serve this advertising, these third-party companies place, use, or rely on the technologies described above, including cookies, pixels, device identifiers and similar technologies to obtain information about customer interactions with us through our Services and interactions with other online services. These companies use the information they collect to serve you ads that are targeted to your interests
You can specify your preferences over the use of these technologies on our website by opening Cookie Preferences to view or change your preferences (to address future cookie placement).
You may also specify your preferences for companies participating in a centralized registry. Your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers like us and other businesses.
The “Do Not Track” or DNT header refers to a proposal for how individuals might broadcast their preferences for being tracked online. As the DNT standard was never finalized or widely adopted our Services do not respond to it.
III. How do our Services interact with third-party services and content?
We link to third-party sites and services, or otherwise display third-party content through our Services, for your convenience and information. These third-party sites and services may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked third-party sites and services are not owned or controlled by us, we are not responsible for these third parties’ information practices.
Here are examples of the types of third-party content and services available through or via our Services:
-
Interactive Maps
We may facilitate easy access to the online maps of content providers like Google. There you can get quick location, driving, and contact information for our stores.
-
Sweepstakes, Contests, and Survey Sites
We may work with third-party service providers to run sweepstakes, contests, and surveys. Navigation to these sites may be seamless so that it appears you're still using our Services. In these cases, the third-party's privacy policy may apply to any personal information you provide in connection with the event. Please take note of who's running the event in question; and the terms, conditions, and policies that apply.
-
Social Networking and other Third-Party Sites and Services
We may at times facilitate easy access to third-party sites and online services, like social networks and other services that host user-generated content. This may include easy click-through access, the ability for you to share content on third-party services, or even "single sign-on" to these services. The third-party's privacy policy applies to any information or content you provide through these services.
-
The Victoria's Secret Credit Card Site (US only)
We enable you to apply for the Victoria’s Secret card on the victoriassecret.com site. Comenity issues and owns the Victoria’s Secret Credit Card accounts. When you apply online for a Victoria’s Secret credit card, the information is shared with Comenity. When you pay your VS card bill online, you do so on the Comenity site and are using Comenity services.
-
International Checkout
We work with Globel-e) to sell and deliver our products to certain international destinations. The Global-e Privacy Policy will apply to information that you directly provide to the international checkout page, such as your payment information. Additionally, when you checkout internationally, we will share and exchange information about you and your order with Global-e to facilitate your purchase of our products from Global-e.
IV. What information do we share with or disclose to third parties and our sister brands?
We may share information about you with certain third parties, as described below, and as otherwise described in this Policy. We do not sell or otherwise share personal information about you, except as described in this Policy.
-
Our Sister Brands
We may share the information we collect about you, such as your postal and email address, customer preferences and purchase history, with affiliated entities that operate our sister brands so they may market to you. Such sister brands include Victoria's Secret, Victoria's Secret Pink, and Happy Nation. We will obtain your consent to this sharing to the extent required by applicable law. If you don’t want this information shared with our sister brands, follow the instructions below in What choices do you have over how your information is used?
-
Service Providers and Contractors
We may share personal information with third-party service providers and contractors whom we engage to provide services to us, such as fulfilling orders; processing payments; providing customer service and delivering feedback surveys through chat features; monitoring Usage Information and activity on our Services; providing personalized search bar results; delivering surveys and related analysis (which could be combined with Services usage analytics); maintaining databases; hosting and operating our microsites, mobile websites and mobile applications; administering, sending and monitoring emails and text messages; serving online advertisements as described above; and providing consulting and analytics services. These third-party service providers and contractors have access to this information in order to perform services for us. Your information may also be collected and processed by third parties, such as the payment providers you select, who will process your information independently in accordance with their own privacy notices.
-
Other Marketers
We may share your personal information (such as your name, postal address, and summary purchase information) with other merchants and merchant exchanges who may use this information to send you offers for their products and services. We will obtain your consent for this sharing to the extent required by applicable law. If you don't want this information shared with these merchants and exchanges, please click here, and then complete the form.
We may occasionally provide you with the opportunity to opt in to receive email messages from third parties. If you do opt in, we'll share your email address with the specific third party in question. Please review the privacy policies of these third parties to learn more about how they treat your personal information.
-
Law Enforcement and Emergency Response
We or our service providers also may disclose personal information about you (a) if we are required to do so by law or legal process (such as a court order or subpoena); (b) in response to requests by government agencies, such as law enforcement authorities; (c) to establish, exercise, or defend our legal rights; (d) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (e) in connection with an investigation of suspected or actual illegal activity; or (f) otherwise with your consent.
-
Sale or Merger
We reserve the right to transfer your information in the event we sell and/or transfer all or a portion of our business assets (including, without limitation, in the event of a proposed or completed merger, acquisition, joint venture, reorganization, dissolution, or liquidation).
-
Other Disclosures with your Consent
We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Policy
V. What choices do you have over how your information is used?
We offer you certain choices in connection with the personal information we obtain about you.
-
Email
You may opt out of the Victoria's Secret and Pink email list by following the instructions located at the bottom of each commercial email or by completing the email opt-out form. If you opt out of the Victoria’s Secret email lists, we may still send you operational or transactional messages, such as password-reset or account related information, from the relevant brand or line of business.
-
Mobile Text Messaging
If you've signed up for mobile text messaging offers but later decide you no longer wish to receive these offers, simply follow the opt-out instructions included in the mobile message.
Please note that these text messages are subject to Victoria’s Secret’s Text Message Terms and Conditions, which are expressly incorporated by reference.
-
Mobile Push Notifications/Alerts
With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
-
Location Information
You may have the ability to turn location-based services on and off by adjusting the settings of your Internet browser or mobile device or, for some devices, by adjusting the permission settings for our mobile apps to access your location information.
-
Postal Mail
If you'd like to specify your preferences for our postal mail, simply follow the instructions on the mailer, or dial 1-800-411-5116 (for our US and Canada customers); (08) 082340481 (for our UK customers); and +1-937-438-4197 (for our customers elsewhere). To reduce postal mail click here.
-
Cookies, Pixels and Similar Technologies
Visit How is technology used to serve our advertisements on other online services, and what choices do you have? to learn about how to specify your preferences over our use of cookies and similar technologies.
-
Other Marketers
If you don't want your information shared with other merchants and exchanges for those third parties’ own direct marketing purposes, please click here, and then complete the form.
- Our Sister Brands
If you don't want your information shared with our sister brands for those brands’ own direct marketing purposes, please click here, and then complete the form.
VI. What rights do you have over your personal information?
Depending on your state or country of residence, you may have certain rights regarding your personal information. If you are a resident of a state or country with these privacy rights and you use the Services or interact with us in an individual or household capacity (and not in a commercial or employment context), we will provide you with your privacy rights where required by law, as described in the bullet points below. We do not discriminate against individuals who exercise any of their rights described in the Policy. Please note if you are a resident of California, Canada, or the EEA, additional information about your privacy rights can be found in the respective Supplemental Privacy Notices below.
- To submit a request to access (including portability), correct, or delete your personal information, please visit the Your Privacy Rights webform and select your state of residence and the nature of your request, or call us at 1-800-411-5116. We will comply with your request in accordance with our obligations under applicable law.
- To submit a request for a list of third parties to whom personal data is disclosed, please visit the Your Privacy Rights webform and select your state of residence and the nature of your request, or call us at 1-800-411-5116. We will comply with your request in accordance with our obligations under applicable law
- To submit a request to opt out of the processing of your personal information for purposes of targeted advertising or the sale of your personal information, please visit the Do not sell or share my personal information webpage or call us at 1-800-411-5116.
- To submit a request as an authorized agent on behalf of a consumer, please visit the Your Privacy Rights webform. On the form, add your email address and information about the individual for whom you are submitting the request in the other required fields. Please add your name and phone number in the Request Details field and an indication that you are submitting the request as an authorized agent.
- Appeals: We will make every reasonable effort to fulfill Your Privacy Rights request. However, if we are unable to fulfill your request, whether because we cannot verify you or if you believe we did not adequately respond to your request, we will provide you instructions to appeal and, where required by applicable law, the reasons for any refusal. If you are submitting your appeal by email, please explain your concerns and provide us your reference number so we may properly review your privacy rights request history. We may also have a person from our Privacy Team reach out to you with additional questions or to address your specific concerns.
We may require certain personal data for the purpose of verifying the identity of the individual making the request.
VII. How do you update your personal information?
You may update or modify your billing- and shipping-related information, and other account information, by logging onto your Victoria's Secret account. You may also update or modify your postal mailing information by clicking here.
IX. How do we protect personal information?
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of any unauthorized access to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Some of our websites permit you to create an account. When you do so, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.
X. Do we collect children’s personal information?
Our Services are designed for a general audience and are not directed to children. We do not knowingly collect or solicit personal information from children under the age of fourteen (14) (or other relevant ages, which may apply by virtue of applicable law) through our Services. If we become aware that we have collected personal information from a child under such age, we will promptly delete the information from our records. If you believe a child under such age may have provided us with personal information, please contact us as specified in the Whom should you contact with questions or concerns? section of this Policy.
Where is personal information stored and processed?
Our employees involved in data processing and our servers are based in Columbus, Ohio, US, and other locations throughout the United States. We work with affiliated and unaffiliated service providers in the United States, the United Kingdom, India, China, and other jurisdictions around the world. We and our service providers may disclose your personal data if we are required or permitted by applicable law or legal process, which may include lawful access by foreign courts, law enforcement or other government authorities in the jurisdictions in which we or our service providers operate.
XI. Whom should you contact with questions or concerns?
If you have general questions about our Policy, contact Customer Care. Or contact us via:
ATTN: Privacy MatterVictoria’s Secret & Co. Legal Department
4 Limited Parkway
Reynoldsburg, OH 43068
US
XII. How will we communicate updates to our Policy?
This Policy may be updated periodically to reflect changes in our personal information practices. Changes to the Policy will be posted on this page. For significant changes, we will notify you by posting a prominent notice on our Services indicating at the top of the Policy when it was most recently updated.
Accessibility
If you are visually impaired, you may access this notice by visiting our website and accessing your Privacy Rights through your browser’s audio reader.
Appendix A: Supplemental Privacy Notice for California Residents
If you are a California resident, the information below (the “California Supplement") also applies to you, in addition to our Privacy Policy. Certain terms used in this section have the meaning given to them in the California Consumer Privacy Act, as amended by the California Privacy Rights Act, found at California Civil Code § 1798.100 et seq and its implementing regulations (collectively the “CCPA/CPRA”). For clarity, the information below applies to personal information we collect about California residents both on our Services and offline, such as in our physical retail stores. This California Supplement does not apply to Victoria’s Secret personnel or job applicants
Collection and Disclosure of Personal Information
During the 12-month period prior to the effective date of this California Supplement, we may have collected and disclosed the following categories of personal information about you for a business purpose to the following categories of third parties, as described in the table below:
Category of Personal Information Collected | Category of Third-Party, to Whom Information is Disclosed for a Business Purpose (as defined under the CCPA/CPRA) | Category of Third-Party, to Whom Information is Sold or Shared (for cross-context behavioral advertising purposes) (as each term is defined under the CCPA/CPRA) |
---|---|---|
Identifiers (Personal) including, for example, name, alias, postal address, unique personal identifier (e.g., device identifiers, cookies, tags, mobile ad identifiers and similar technology, customer number, unique pseudonym, or user alias/ID), login credentials, online identifier, IP address, email address, account name and number, Social Security number, telephone number driver’s license number, or other similar identifiers). |
• Analytics insights provider • Advertising vendor • Direct marketing (e.g., email, text, telephone, postal) vendor • Affiliated brands and entities • Contextual online experience provider • Customer service provider • Customer information provider • Data centers • Event or experience provider • Focus group service • Fraud monitoring and prevention provider • Human resources service provider • Information security service provider • In-store Wifi provider • Logistics provider, e.g., order management and fulfillment • Payment and transaction processor • Process, services, or technology development or improvement vendor • Product review vendor • Social media platform • Technology administration and integrity provider (including for maintaining and improving networks; identifying problems; and fixing problems) • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent • Vendor who provide services on our behalf |
• Advertising technology provider (including for online advertising) affiliated brand or entity • Affiliate marketer • Social media platforms • Survey company |
Additional Data Subject to Cal. Civ. Code § 1798.80 Including, for example, state identification card number, credit card number, debit card number, bank account number and other financial information) |
• Fraud monitoring and prevention • Payment and transaction processor • Human resources service provider • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent |
Not Applicable |
Protected Classifications (characteristics of protected classifications under California or federal law, such as age, gender, marital status). |
• Analytics insights provider • Advertising vendor • Direct marketing (e.g., email, text, telephone, postal) vendor • Affiliated brands and entities • Contextual online experience provider • Customer service provider • Customer information provider • Data centers • Event or experience provider • Focus group service • Fraud monitoring and prevention provider • Human resources service provider • Information security service provider • Process, services, or technology development or improvement vendor • Product review vendor • Social media platform • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent • Vendor who provide services on our behalf |
• Advertising technology provider (including for online advertising) affiliated brand or entity • Affiliate marketer • Social media platforms • Survey company |
Commercial Information Including, for example, products or services purchased, obtained, or considered; marketing histories; purchasing histories or tendencies; purchase profiles; shopping and retail browsing channel preferences; online browsing and website interaction histories; and direct marketing histories |
• Analytics insights provider • Advertising vendor • Direct marketing (e.g., email, text, telephone, postal) vendor • Affiliated brands and entities • Contextual online experience provider • Data center • Fraud monitoring and prevention • Information security service provider • In-store Wifi provider • Solutions (miscellaneous) provider • Technology administration and integrity provider (including for maintaining and improving networks; identifying problems; and fixing problems) • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent • Social media platform • Vendor who provides services on our behalf |
• Advertising technology provider (including online advertising), or affiliated brand or entity • Affiliate marketer • Social media platforms • Survey company |
Online Activity Including, for example, information regarding your interaction with websites or applications, and online advertisement engagements |
• Analytics insights provider • Advertising vendor • Direct marketing (e.g., email, text, telephone, postal) vendor • Affiliated brands and entities • Contextual online experience provider • Data center • Fraud monitoring and prevention • Information security service provider • In-store Wifi provider • Solutions (miscellaneous) provider • Technology administration and integrity provider (including for maintaining and improving networks; identifying problems; and fixing problems) • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent • Social media platform • Vendor who provide services on our behalf |
• Advertising technology provider (including online advertising), or affiliated brand or entity • Affiliate marketer • Social media platforms • Survey company |
Employment Information Including, for example, education and professional information |
• Human resources service provider • Focus group service • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent |
Not Applicable |
Geolocation Information Including, for example through the mobile app |
• Analytics insights provider • Advertising vendor • Affiliated brands and entities • Contextual online experience provider • Customer service provider • Data centers • Fraud monitoring and prevention • Human resources service provider • Information security service provider • In-store WiFi provider • Logistics provider, e.g., order management and fulfillment • Promotional offers, e.g., new product alerts, store event alerts • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent |
Not Applicable |
Incident-Related Information Including, for example, statements; or insurance, or similar claims |
• Information security service provider • Fraud monitoring and prevention • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent |
Not Applicable |
Sensory Information Including, for example, audio and visual information; videos you upload with a review, in-store security cameras, electronic and other similar information |
• Fraud monitoring and prevention • Information security service provider • Customer service provider • Vendor who provide services on our behalf • Product review vendor • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent |
Not Applicable |
Inferences Including, for example, predictive information, purchase profiles, shopping profiles and characteristics (e.g., loyalty shopper, cardholder, or online shopper) and other inferences drawn from any of the information identified above to create a profile about you reflecting your preferences |
• Analytics insights provider • Advertising vendor • Direct marketing (e.g., email, text, telephone, postal) vendor • Affiliated brands and entities • Contextual online experience provider • Customer service provider • Data center • Event or experience provider • Focus group service • Fraud monitoring and prevention • Human resources service provider • Information security service provider • Process, services, or technology development or improvement vendor • Product and fit tester • Social media platform • Solutions (miscellaneous) provider • Third party, performing services in their own name through an independent consumer relationship, e.g., via consent • Vendor who provide services on our behalf |
• Advertising technology provider (including for online advertising) affiliated brand or entity • Affiliate marketer • Social media platforms • Survey company |
Sensitive Personal Information Including, for example, social security number, driver’s license number or other state identification card number, login credential and precise geographic information |
• Customer service provider • Fraud monitoring and prevention • Human resources service provider • Information security service provider • Logistics provider, e.g., order management and fulfillment • Payment and transaction processor • Promotional offers, e.g., new product alerts, store event alerts |
Not Applicable |
We may use (and may have used during the 12-month period prior to the effective date of this California Supplement) the categories of personal information listed above for the purposes described in our Privacy Policy and for certain business purposes specified in the CCPA/CPRA, such as:
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing services, providing analytics services, providing storage or providing similar services
- Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
- Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us
- Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes
- Debugging to identify and repair errors that impair existing intended functionality
- Undertaking internal research for technological development and demonstration
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us
- Providing advertising and marketing services, except for cross-context behavioral advertising (which is addressed in the “Disclosures of Personal Information” section of this California Supplement)
We do not sell your personal information in exchange for monetary compensation. We may share your personal information by allowing certain third parties to collect your personal information via automated technologies on our Services for cross-context behavioral advertising purposes. This kind of sharing may be considered a “sale” under the CCPA/CPRA when the personal information is exchanged for non-monetary consideration. You have the right to opt out of these types of disclosures of your information. We do not have actual knowledge that we sell or share personal information of consumers under the age of 16. We do not sell or share sensitive personal information.
In addition to the categories of third parties identified above, during the 12-month period prior to the effective date of this Policy, we may have disclosed personal information about you to the following additional categories of third parties: governmental entities and third parties in connection with corporate transactions (e.g., mergers, acquisitions, joint venture, reorganization, divestitures, dissolution or liquidation).
Collection and Use of Sensitive Personal Information
We collect a subset of personal information that is deemed “sensitive personal information” under California law. The following describes the categories of sensitive personal information we collect and our purposes for collecting it. We do not sell or share for cross-context behavioral advertising sensitive personal information that we collected. We collect driver’s license, state identification card or social security number when processing a Victoria’s Secret credit card application or to issue a temporary card for cardholders at stores at point of sale. We collect debit or credit card number to process order and facilitate payment and transactions. We collect precise geolocation, by consent, in our mobile apps to provide nearest store location information, and promotional offers (e.g. new product alerts, store event alerts).
Retention of Personal Information
We will retain your personal information for the time period reasonably necessary to achieve the purposes described in the Privacy Policy and this California Supplement, or any other notice provided at the time of data collection, taking into account applicable statutes of limitation and records retention requirements under applicable law, as well as our records retention requirements and policies.California Resident Privacy Rights
In addition to the Access, Correction, Deletion and Opt-Out of Sale or Sharing rights noted in What rights do you have over your personal information? Section, you have additional choices regarding your personal information, as described below.- Shine the Light Rights: Under California law, we also provide you with a cost-free means to opt-out of our sharing your information with third parties with whom we do not share the same brand name, if that third party will use it for its own direct marketing purposes.
- Right to Non-Discrimination for Exercise of Privacy Rights: Under the CCPA/CPRA, you have the right to not receive discriminatory treatment if you exercise your privacy rights under the CCPA/CPRA.
How to Submit a Request
To submit an access, correction or deletion request, visit Your Privacy Rights or call us at 1-800-411-5116. For assistance, contact us via Telecommunications Relay Service (TRS) by dialing 711, or by using an Internet Protocol Relay Service. To submit a request as an authorized agent on behalf of a consumer, visit Your Privacy Rights. On the form, add your email address and information about the individual for whom you are submitting the request in the other required fields. Please add your name and phone number in the Request Details field and an indication that you are submitting the request as an authorized agent. To submit a Shine the Light request, follow the instructions here to make your request.To opt out of the sale or sharing of your personal information, visit the Do Not Sell or Share My Personal Information webpage or call us at 1-800-411-5116. For assistance, contact us via Telecommunications Relay (TRS) Service by dialing 711, or by using an Internet Protocol Relay Service.
Verifying Requests
To help protect your privacy and maintain security, we take steps to verify your identity before granting access to information or complying with a request. These steps include first verifying the email address you submit with your request. You will receive an email from us with instructions on completing this step. You will then be contacted to provide additional verification information, which may include your phone number, billing or shipping address, order history, a copy of a utility bill, emails showing order/shipping confirmation, and/or a signed declaration under penalty of perjury that you are the individual whose personal information is the subject of the request. If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and we may require you to verify your identity directly with us (as described above).To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
Financial Incentive Notice: We sometimes offer exclusive price discounts, rewards, offers, deals, coupons, services and other perks for (1) customers who enjoy our loyalty and rewards programs; (2) recipients of our mailing lists who were presented with a financial incentive to sign up; (3) app subscribers who were presented with a financial incentive to download the app; and (4) applicants or registrants who were presented with a financial incentive for their application or registration (collectively “programs”). Through these program offerings, consumers may provide us with some personal information (e.g., name, postal address, email address, phone number, undergraduate school, birthday, and other similar forms of personal information) when they opt-in to our programs. There is no obligation to opt in and consumers may opt out. The details of each program are contained in the program offering. We offer these programs to, among other things, enhance our relationship with customers. The value to our business, in the aggregate, of customers’ personal information depends on specific facts, such as whether and to what extent they take advantage of any offerings. We do not calculate the value of the customers’ information for our accounting statements. To the extent we would, however, such valuation could be directly or reasonably related to the cost associated of acquiring or developing such information.
You may opt-in to our programs by signing up in the manner invited for an individual program. And you can opt out of these programs by contacting our Customer Care team via Contact Us at VictoriasSecret.com.
Appendix B: Supplemental Privacy & Cookie Notice for Visitors from the European Economic Area
If you are accessing our Services from a member state of the European Economic Area ("EEA"), this Supplemental Privacy Notice applies to you in addition to our Privacy Policy. This Supplemental Privacy Notice does not otherwise apply to visitors who are accessing our Services from outside the EEA.
Cookies. We use the following web cookies and other information technologies to provide features on our web and mobile sites to users in the EEA, including cookies that deliver basic visitor experiences, fuller website experiences such as interactivity with third-party content, and our interest-based advertising on other websites.
The following types of cookies (and cookie technology) are used on this website. Cookies that are strictly necessary are set as soon as the user visits the website. Cookies that are not strictly necessary are only set if the web or mobile user gives consent to the use of those cookies.
Strictly Necessary Cookies | |
---|---|
Cookie / Technology Type | Function |
User-Input Cookies | Enables visitors' input, choices, or selections across their website experience. Examples include maintaining a shopping cart during a visit or a form throughout a transaction. |
Authentication Cookies | Identifies visitors through the website after they log in. |
Security Cookies | Helps to ensure our website's security when visitors request a service. For example, we use cookies to help secure account creation and login pages. |
Multimedia Player Cookies | Ensures such things as image quality, network link speed, or buffer information for video and audio playback. |
Load-balancing Session Cookies | Directs website traffic to a particular data center for the quickest website access and enables visitors to return to that data center if needed. |
Analytics and Personalization Cookies | |
Visitor Customization Cookies | Stores preferences and visitor experiential histories: remembers language preference, product-page display preference, and whether certain visitor experiences should be displayed, such as email marketing signup, based on past experiences. These types of cookies are set only if you give consent. |
Analytics and Personalization Cookies | Enables us to do things like estimate number of visitors, detect most used search-engine keywords that lead to a webpage, measure page load times, administer visitor surveys, identify navigation issues, serve personalized content on our websites and improve web capabilities. These types of cookies are set only if you give consent. |
Targeting Cookies | |
Social Media Plug-in Cookies | These cookies from social media platforms (like Facebook and Instagram) facilitate content sharing on those platforms. These types of cookies are set only if you give consent. |
Remarketing and Interest Based Advertising Cookies | Enables our advertising vendors to deliver tailored ads to our visitors on other websites. The ads are based on a visitor's combined online and offline (e.g. in-store) shopping history and experience with us, as well with our vendors' network of advertisers. These types of cookies are set only if you give consent. |
To view, specify, and change your cookie preferences, open your cookie preferences. And visit How is technology used to serve our advertisements on other online services, and what choices do you have? to learn more about how to specify your preferences over our use of cookie and similar technologies.
You may contact our data protection officer at:
ATTN: Privacy MatterVictoria’s Secret & Co. Legal Department
4 Limited Parkway
Reynoldsburg, OH 43068
US
When we process your personal data for any of the purposes described above, we rely on the following legal bases:
- When we process personal data to (i) deliver our services, (ii) process your online orders, and (iii) facilitate payments and transactions, we do so because it is necessary to perform a contract with you.
- When we process personal data to (i) create and manage your online account, (ii) personalize your online experience with content and offers tailored to your interests, (iii) provide customer services and respond to your queries and requests, (iv) enable you to post content such as comments, images or videos, (v) improve our Services, (vi) create aggregated, pseudonymized or anonymized information for statistical purposes, (vii) facilitate networks of online social activity centered around our products and services, and (viii) enable you to interact with third party content providers, we do so because we have a legitimate interest that is not overridden by your fundamental rights and freedoms. We have a legitimate interest in providing and improving our services, providing products and services to our customers that is likely to be of interest, and ensuring a high level of customer service.
- When we process personal data to (i) include you in surveys and contests or (ii) send electronic communications about our products and services to you, we do so where you have given us consent, if required by applicable law, or where consent is not required and we have a legitimate interest in marketing our products and services to you that is not overridden by your fundamental rights and freedoms.
We rely on your consent with respect to processing of personal data in connection with the use of non-necessary cookies, and when we process personal data to send you direct marketing emails. We also rely on the legitimate interest's legal basis in relation to processing of personal data that is necessary to comply with applicable laws in the US, because we have a legitimate interest in complying with laws to which we are subject. When we collect and process sensitive personal data for the purposes described above, we do so when required by law or otherwise with your explicit consent.
We share your personal data with our affiliates, as well as employees of our company and our affiliates, when necessary for any of the purposes described above. If you place an order your personal data will be shared with Global-e as necessary to complete the order. We also share personal data with affiliated and non-affiliated service providers that perform services on our behalf, such as payment service providers, analytics providers, hosting providers, and providing customer service (including chat features). In accordance with applicable law, we have entered into legally binding agreements requiring our service providers to use or disclose personal data only as necessary to perform services on our behalf or to comply with legal obligations.
When you access our Services, your personal data is processed in the United States of America and India, countries that do not provide the same level of legal protection for personal data as the EEA. We comply with applicable legal requirements providing adequate protection for the transfer of personal data to recipients outside the EEA, including to India. We only transfer your personal data to such countries if (i) the country to which the personal data has been transferred has been granted a European Commission adequacy decision, or (ii) we have put in place appropriate safeguards in respect of the transfer, such as the EU Standard Contractual Clauses. You may request a copy of the safeguards that we have put in place in respect of transfers of personal data by contacting us as described below.
We will process and keep your personal data for as long as is necessary for the purposes set out in this Policy, for our legitimate business needs, and for compliance with the law.
You have a right to request from us these EU GDPR rights concerning your personal data: access to data; rectification of data; erasure of data; restriction on processing; objection to data processing; and data portability. You can exercise these rights through a combination of actions: (a) visit Your Privacy Rights; (b) access the information in your account; (c) exercise your opt-out options through our Services; or (d) call 1-800-411-5116 for our US and Canada customers; (08) 082340481 for our UK customers; and +1-937-438-4197 for our customers elsewhere.
If you have provided consent for direct marketing emails or other data processing, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint with a supervisory authority
You can contact us with any questions, or to exercise your rights by calling our Customer Care Center at 1-800-411-5116 for our US and Canada customers; for our UK customers, if you have an existing order and the order number begins with a C, E or W, please call (08) 082340481; otherwise, contact 0333-777-4554 or dataprotection@next.co.uk; and +1-937-438-4197 for our customers elsewhere.
Appendix C: Supplemental Privacy Notice for Canadian Residents
The following applies in addition to the Privacy Notice above:
We collect and use personal information for the purposes disclosed to you at the time personal information is collected, and as set out below and under “What information do we collect and how do we use it?”
If you sign-up to receive marketing emails, we will send you Victoria's Secret and Victoria's Secret PINK exclusive online and in-store offers, new product alerts, store events and store openings in your area. Our communications may be tailored based on your online and in-store purchases, preferences, and interests. You can unsubscribe any time. If you have shopped with us previously (in stores or online), we may use information from your payment card to identify you and associate your purchase information with your customer identification number. See “What choices do you have over how your information is used?”
We will not disclose your personal information to third parties for their own marketing purposes unless we have obtained your consent to do so.
You may have the right to access, update, rectify and correct inaccuracies in your personal information in our custody and control, request a copy of your personal information and withdraw your consent to our collection, use and disclosure of your personal information. You may exercise these rights by using the Your Privacy Rights webform or by calling or writing to us at the contact information set out below.
To submit a request as an authorized agent on behalf of a consumer or to learn more about our appeals process, please see the “What rights do you have over your personal information?” section above.
See What information do we share with or disclose to third parties and our affiliates? to learn about how we may share your personal information. Your personal information will be transferred to us and our affiliated and unaffiliated service providers outside of your province.
Information about our Privacy Governance Policies and Practices
We are committed to protecting personal information and have implemented a comprehensive set of policies and practices that govern our treatment of personal information. These policies and procedures include, among other things, the following:- We have implemented policies and procedures to protect personal information in our custody and control from unauthorized access, use or disclosure.
- We have implemented processes to respond to data subject requests and complaints in a timely and effective manner.
- We have implemented a framework for the retention and destruction of personal information addressing compliance with legal obligations, and to securely destroy personal information once no longer required.
- We have designated a Privacy Officer who is responsible for overseeing the company’s compliance with privacy legislation.
- We have policies and trainings that define the roles and responsibilities for our employees with respect to the treatment of personal information.
- We provide our employees with regular privacy training and awareness.
How to Contact Us
If you have general questions or concerns about our Privacy Policy or the manner in which we or our service providers treat your personal information, or if you wish to be directed to our Privacy Officer, you can call Customer Care Center at 1-800-411-5116 for our US and Canada customers. You may also contact our Privacy Officer at the contact information below:ATTN: Privacy Officer
Victoria’s Secret & Co. Legal Department.
4 Limited Parkway
Reynoldsburg, OH 43068
US