TORY BURCH
PRIVACY POLICY

Last Updated: October 1, 2019

Introduction

At Tory Burch, we respect privacy and your rights to control your personal data.

This Privacy Policy (the “Privacy Policy”) applies to information that we collect through our websites, mobile applications, and connected products and services (collectively, the "Websites"), in our stores, at events, and through our customer service channels. This Privacy Policy describes the personal data we collect, and explains why we collect it, how we use it, and when we share it with third parties. Our Privacy Policy also describes the choices you can make about how we collect and use your personal data.

Note to Residents of California and individuals located in the European Economic Area: Further region specific information for our California customers and our European customers is outlined in the “Region/Country-Specific Disclosures” section below.

Who We Are

We are Tory Burch LLC and Coöperatie Tory Burch U.A., as well as our family of affiliated companies that operate the brands TORY BURCH and TORY SPORT (collectively “Tory Burch,” “we,” “us,” or “our”).

If you are located in the United States, the Tory Burch company that is responsible for your information under this Privacy Policy is Tory Burch LLC, with an address of 11 West 19th Street, 7th Floor, New York, NY 10011, USA.

Information We Collect From You

We collect your personal data in a number of ways and for various purposes, including:

Making a Purchase: We collect personal data from you in order to process your purchase, confirm your order, and ship merchandise to you. This personal data may include your name, billing and shipping address, telephone number, email address, date of birth, and payment card information. Tory Burch does not store your payment card information unless you choose to save it in your “My Account” (see below).

Creating an Account: You have the opportunity to create a personal account with Tory Burch, which allows you to shop faster and easier online. When you create a personal account with Tory Burch, we collect personal data which may include your name, billing and shipping address, telephone number, email address, date of birth, and payment card information. By creating a user name and a password of your choice, you may access your account online at any time to view and/or edit your profile, address book, payment methods, order history, wish list, and email preferences. You are responsible for maintaining the confidentiality of your access information and for controlling access to your account. If you ever use a public computer to visit your account, we strongly encourage you to log out at the conclusion of your session.

Marketing: You may sign up on the Websites or in stores to receive promotional emails, texts, and other communications from Tory Burch. When you sign up, we may collect personal data such as your name, mailing address, telephone number, email address, date of birth, and preferences. If you elect to be added to the Tory Burch marketing list, we may use your contact information to communicate with you about products, services, promotions, offers, news, and events from Tory Burch. From time to time, we may also provide information to you about the Tory Burch Foundation.

Customer Care: If you call, email or chat with our Customer Care center, we may collect personal data such as your name, mailing address, telephone number, email address, and – if you choose to make a purchase – your payment card information and billing address. We use this information to assist you and to process and/or review your transaction. Tory Burch does not store your payment card information unless you choose to include it in your “My Account” (see above).

Surveys, Sweepstakes & Promotions: From time to time, you may be able to participate in surveys, contests, sweepstakes and promotions offered by Tory Burch. If you choose to participate in these activities, we may collect personal data such as your name, mailing address, telephone number, email address, date of birth or age, and preferences. We may use this information to communicate with you about our products, services and promotions if you have given us your consent to do so. We may invite you to participate in promotions that are co-marketed with an unaffiliated business partner. If you participate in this type of promotion, we may also share the information you provide to us with our business partner, who may use it if you have provided your consent. If you elect to receive communications from our business partner, your information will be used by that company in accordance with its policies, and this Privacy Policy will not apply to that company’s use of your information. Sometimes the rules, terms and conditions or disclaimers that apply to a particular promotion include information on how we may use the information that you provide to us through your participation in the promotion. If there is a conflict between the rules, terms and conditions that apply to a particular promotion and this Privacy Policy, those applying to the particular promotion will govern. Please review all of the information about a promotion before you provide us (or our business partners) with any personal data.

Public Forum: From time to time, you may be able to participate in an online customer forum or other public or private forum on the Websites where you can post comments or other content. In order to participate in such a forum, we may ask for information such as your name, mailing address, telephone number, email address, date of birth, and preferences, and we may request that you create a username and password. We may use the information you provide to us in order to communicate with you about our products, services and promotions if you have provided your consent. If you voluntarily disclose information, personal or otherwise, online in any community area (whether through the Websites or any other services available online), that information can be collected and used by others. Accordingly, you should use caution when sharing any personal data with others in any community area (whether through the Websites or any other services available online).

Connected Devices: We may also collect personal data when you interact with a device that is connected to the Internet, such as a fitness tracker, digital watch, or other wearable or other connected device that is not a personal computer or mobile phone or tablet. A separate Privacy Policy may apply to personal data collected through our connected devices, and, if so, will be made available within the app for the connected device.

Social Media: You may choose to enable, log into, or sign on to Tory Burch social media websites such as Facebook, Instagram, or Twitter (“Social Networking Services” or “SNS”). When you connect using your SNS accounts, we may collect personal data that you have provided to that SNS. For example, when you log in with your Facebook credentials, with your consent, we may collect personal data from your Facebook profile that is permitted under Facebook’s Terms of Use – such as your email address, profile picture, and friend list. We use this data to provide, enhance, and personalize the services we provide to you. If you do not want us to provide us with this information, please change the privacy settings on your SNS account.

Information We Collect By Automated Means

Cookies: Cookies are files that contain information about your general Internet usage, and are stored on the hard drive of your device. From these cookies, we may collect information about your browser, including, where available, your IP address, operating system and browser type, for system administration. Cookies help us to improve our Websites and to deliver a better and more customized service. They enable us to:

  • estimate usage numbers and patterns;
  • store information about your preferences;
  • customize our Websites according to your individual interests;
  • speed up your searches; and
  • recognize you when you return to our Websites.

You may refuse to accept cookies by activating the setting on your browser that allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Websites or to avail yourself of some of our services, and may receive advertisements or other content that are not tailored to your interests. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you log on to our Websites. Additionally, if a browser is set to issue a “do not track” signal, we do not place tracking cookies on that browser. However, some third parties who place cookies on our Websites may not respond to such “do not track” signals, as the online community has not reached a consensus as to Do Not Track standards, implementations and solutions.

Pixel Tags: We may also use "pixel tags" (sometimes called “Internet tags”, "web beacons" or "clear GIFS"), which are tiny graphic images, on our Websites. Pixel tags help us analyze our customers’ online behavior and measure the effectiveness of our Websites and our advertising. We work with service providers that help us track, collect, and analyze this information. Pixel tags on our Websites may be used to collect information about your visit, including the pages you view, the features you use, the links you click, and other actions you take in connection with the Websites. This information may include your device’s IP address, your browser type, your operating system, date and time information, and other technical information about your device. We may also track certain information about the identity of the website you visited immediately before coming to our site. We do not otherwise track any information about your use of other websites.

Mobile Location Analytics Data: We may use tracking technology to collect certain information about your Wi-Fi enabled mobile device, including the presence of the device in our stores, its signal strength, its manufacturer, and a unique identifier known as its Media Access Control (“MAC”) address (collectively, “Customer Mobile Device Data”). This Customer Mobile Device Data may be collected for the purpose of determining the amount, location and frequency of customer traffic into our stores. A mobile device’s MAC address identifies a specific device to the surrounding Wi-Fi networks. The MAC address does not disclose the identity or any other personal data of the mobile device user. You may opt-out of having your MAC address recorded by visiting the following link and entering your mobile device’s MAC address: https://optout.smart-places.org/. To learn more about the use of Customer Mobile Device Data and your choices, please visit: www.smartstoreprivacy.com

Other Tracking Technology: Pixel tags and cookies in our emails may be used to track your interactions with those messages, such as when you receive, open, or click a link in an email message from us. We also work with business partners that use tracking technologies to deliver promotions on our behalf across the Internet. These companies may collect information about your visits to our Websites, and your interaction with our advertising and other communications. We may combine the information we collect through cookies and pixel tags with other information we have collected from you. This information may be used to improve our Websites, to personalize your online experience, to help us deliver information to you, to determine the effectiveness of our advertising, and for other internal business purposes.

Cookies and Other Tracking Technologies on Social Networking Services: Tory Burch maintains Tory Burch-branded pages on various Social Networking Services. When you visit these Tory Burch-branded Social Networking Services, the provider of the Social Network Services and other third parties may set cookies and other tracking technologies on your browser or device.

Use of Your Personal Data

We use the information we collect from our customers for various purposes, including to:

  • Process transactions;
  • Send communications to you about our products, services, promotions, offers, news, and events
  • Serve advertising and offers to you based on your interests and online activities, from us or third parties;
  • Improve our stores, Websites, events, customers shopping experience, and quality of service;
  • Determine the amount, location and frequency of customer traffic into our stores;
  • Prevent and detect fraud and abuse;
  • Process information or claims in connection with incidents at our stores;
  • Enable our service providers to perform certain activities on our behalf;
  • Respond to requests for information or services;
  • Communicate with you about changes to our Websites;
  • Comply with our legal obligations, policies, and procedures; and
  • Otherwise for internal administrative and analytics purposes.

If you have provided personal data to us through more than one method, for example, in store and online, we may combine such information for the purposes identified above.

We will not sell your personal data to any third party. We may share your information under certain circumstances with business partners that help the Websites function or assist us in fulfilling your order, as well as otherwise detailed below.

Others with Whom We May Share Your Information

We may disclose your personal data to companies that help us bring you the products and services we offer. For example, we may disclose your personal data to service providers and vendors that assist us as follows:

  • To manage a database of customer information;
  • To distribute emails;
  • To distribute other marketing materials or advertisements, including on our Websites and the websites of third parties;
  • To operate our stores in certain jurisdictions;
  • To provide data storage and/or analytics;
  • To prevent fraud;
  • To provide customer service;
  • To provide other services designed to assist us in providing products and services to you.

We require that these vendors agree to keep confidential all information we share with them and to use the information only to perform their obligations in the agreements and in a manner consistent with this Privacy Policy.

We may share data in aggregate form and/or in a form which does not enable the recipient of such data to identify you (for example, for industry analysis).

In the event of a corporate reorganization, asset transfer, or change of control, your personal data may also be transferred. However, use of your personal data will remain subject to this Privacy Policy.

We may also disclose your personal data when legally required to do so, to cooperate with legal proceedings, law enforcement, court orders, laws, regulations, or other legal obligations, or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce our Terms of Use, this Privacy Policy, or agreements with third parties, for crime-prevention purposes, or to protect against misuse or unauthorized use of our Websites.

Removal from Marketing List

To be removed from our marketing list, please email us at inquiries@toryburch.com, or simply click the unsubscribe button found at the bottom of any of the emails that we send you. If you have set up “My Account,” you can also go to the “email preferences” section of your account and modify your subscription settings. Please allow us at least ten (10) business days from when the request was received to complete the removal, as some of our promotions may already be in process before you submit your request.

Maintenance and Processing of Information

Your personal data may be stored, transferred and process in and to the United States and in other countries by our affiliates and/or service providers. The data protection laws in these countries may provide a lower standard of protection for your personal data than your country of residence. We take great care in protecting your personal data and have put in place adequate mechanisms to protect it when it is transferred internationally. We will transfer your personal data in compliance with applicable data protection laws and will implement suitable safeguards to ensure that your personal data is adequately secured by any third party that will access your information (for instance, by using the Model Clauses as approved by the European Commission).

By using our Websites and providing personal data to Tory Burch, you consent to the terms of this Privacy Policy and the collection, use, maintenance, transfer to and processing of your personal data in the United States or other countries or territories, and, unless otherwise stated in this Privacy Policy, we use this consent as the legal basis for that data transfer.

If you have questions or wish to obtain more information about the international transfer of your personal data or the implemented safeguards, please send us an email to inquiries@toryburch.com.

Security

Security Measures: Tory Burch uses commercially reasonable measures to keep your personal data private and safe. We take appropriate physical, electronic and administrative steps to maintain the security of personal data we collect, including limiting the number of people who have physical access to our servers, as well as employing electronic security systems and password protections that guard against unauthorized access. In addition, it is our policy to never send your payment card number via email. Our customer care center and stores operate over private, secure networks. Please note, however, that email is not encrypted and is not considered to be a secure means of transmitting payment card information.

We use industry standard security technology in transferring information to process your orders. All payment card transactions should take place in protected areas of our Websites, which are designed to reduce the risk of any loss, misuse or alteration of the information collected. When you begin the checkout process, you should move into such a protected area. Once you've entered, the page address (URL) should change from “http” to “https.” Also, a key or a closed lock should appear in the lower right hand corner of your screen to notify you of this change. You should remain in this secure zone for the entire checkout process. Please check that you are still in this protected area when you type in your payment card details.

Despite our best efforts, the transmission of data over the Internet cannot be guaranteed to be 100% secure. While we use commercially reasonable means to ensure the security of information you transmit to us, we cannot guarantee that such information will not be intercepted by third parties. We may, however, prosecute any unauthorized or fraudulent transactions to the fullest extent permitted by law.

Spoofing and Phishing: Spoofing and phishing are common Internet scams. These may occur when you receive an email from what appears to be a legitimate source requesting personal data from you. Please be aware that Tory Burch will never send you an email requesting you to verify payment card or bank information. If you ever receive an email that appears to be from us requesting such information from you, do not respond to it, and do not click on any links appearing in the email. Instead, please forward the email to us at inquiries@toryburch.com, as we will endeavor to investigate all instances of possible online fraud.

Other Websites: Our Websites may include links to third party websites whose privacy practices may differ from ours. If you provide personal data to any of those third parties, your data is governed by their privacy policies, and we encourage you to read those privacy policies carefully before providing your personal data.

Children's Privacy

Our Website is not intended for children. We do not intentionally collect any personal data from children under the age of sixteen, and will dispose of any such information if we become aware that it has been provided to us.

Changes to this Policy

Tory Burch may amend this Privacy Policy from time to time. If we change our Privacy Policy, we will post the updated Privacy Policy on this page with an updated date. Under certain circumstances (for example, in connection with certain material adverse changes to this Privacy Policy), we may also elect to notify you through additional means, such as posting a notice on the home page of our Websites or contacting you via email.

How To Contact Us

If you have any questions about your privacy or security on our Website, please contact us at inquiries@toryburch.com. If your country of residence is the United States, you may also contact us at Tory Burch LLC, 11 West 19th Street, 7th Floor, New York, NY 10011, USA. If your country of residence is outside of the United States, you may also contact us as Coöperatie Tory Burch U.A., with an address of Barbara Strozzilaan 101-201, 1083 HN Amsterdam, the Netherlands.

REGION/COUNTRY-SPECIFIC DISCLOSURES

California Privacy Rights: California residents are entitled to ask us for a notice describing what categories of personal data we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties and affiliates with which it was shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please see the “How To Contact Us” section below for where to submit a request. Please allow 30 days for a response.

Nevada Privacy Rights: If you are a Nevada resident, in addition to the rights set forth above, you have the right to request that we do not make any sale (as such term is defined in N.R.S. 603A) of your covered information (as such term is defined in N.R.S. 603A.320) that we may have collected from you (or may collect from you in the future). .We currently do not sell covered information, as “sale” is defined by such law, and we don’t have plans to sell this information. However, if you would like to be notified if we decide in the future to sell personal information covered by the Act, such requests should be made to our designated email address above in the “How to Contact Us” section. Please allow up to 60 days for a response.

Opting out of these sales will not cease marketing communications from Tory Burch. To opt out of marketing communications, see “Removal from Marketing List” above.

If you are located in the European Economic Area (EEA):

Controller of your Personal Data

The controllers of your personal data under this Privacy Policy are Tory Burch LLC, with an address of 11 West 19th Street, 7th Floor, New York, NY 10011, USA and Coöperatie Tory Burch U.A., with an address of Barbara Strozzilaan 101-201, 1083 HN Amsterdam, the Netherlands.

Legal Bases for Using Personal Data

We process your personal data only if we have a legal basis to do so, including:

  1. to comply with our legal and regulatory obligations;
  2. for the performance of our contract with you or to take steps at your request before entering into a contract;
  3. for our legitimate interests or those of a third party;
  4. where you have given consent to our specific use.

The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is further explained below.

Purposes for which we will process the information Legal Basis for the processing
To deliver services to users and process transactions. It is necessary for us to process your personal data in order to deliver the services and process transactions according to the applicable contract between us.
To send communications to you about our products, services, promotions, offers, news, and events. We will send electronic communications to you if you have consented to these communications. With respect to other communications, it is in our legitimate interest to communicate to you about our products, services, promotions, offers, news, and events. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
To serve advertising and offers to you based on your interests and online activities, from us or third parties. We will serve you advertising and offers to you based on your interests and online activities if you have consented to this processing.
To improve our stores, Websites, events, customers shopping experience, and quality of service. It is in our legitimate interest to improve our offerings. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
To determine the amount, location and frequency of customer traffic into our stores. It is in our legitimate interest to understand our customer traffic at our stores. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
To process information or claims in connection with incidents at our stores. We conduct this processing to comply with our legal obligations and to protect the public interest.
To enable our service providers to perform certain activities on our behalf; It is necessary for us to process your personal data in this manner in order to deliver the services and process transactions according to the applicable contract between us. It is also in our legitimate interest to enable our service providers to perform certain activities on our behalf. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
To notify you of any changes to the Websites that may affect you. It is necessary for us to process your personal data in order to deliver the services and process transactions according to the applicable contract between us.
To provide you with information and services that you request from us. It is necessary for us to process your personal data in order to deliver the services and process transactions according to the applicable contract between us.

To administer our Websites including troubleshooting, data analysis, testing, research, statistical and survey purposes;

To improve our Websites to ensure that consent is presented in the most effective manner for you and your computer, Device or other item of hardware through which you access the Websites; and

To keep our Websites safe and secure and to prevent detect fraud and abuse;

To comply with our legal obligations, policies, and procedures

For all these categories, it is in our legitimate interest to continually monitor and improve our services and your experience of the Websites and to ensure network security. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

We conduct this processing to comply with our legal obligations and to protect the public interest.

To process otherwise for internal administrative and analytics purposes. It is in our legitimate interest to process your personal data for internal administrative or analytics purposes. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

International Transfers

We share your personal data with and amongst Tory Burch entities, including Tory Burch LLC and Coöperatie Tory Burch U.A. This will involve transferring your data outside the European Economic Area ("EEA"). Some of our external third party service providers are also based outside of the EEA, and their processing of your personal data will involve a transfer of data outside the EEA. This includes the United States. Where personal data is transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal data, we take steps to provide appropriate safeguards to protect your personal data, including entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data.

Retention of Personal Data

Tory Burch will retain your personal data only for as long as necessary for the purposes it was retained, such as to enable you to use the Websites and your products or to provide services to you. In some instances, we may retain data for longer periods in order to comply with applicable laws (including those regarding document retention), resolve disputes with any parties, and otherwise as necessary to allow us to conduct our business. All personal data we retain will be subject to this Privacy Policy and our internal retention guidelines.

Data Subject Access Rights

You have the following rights:

  • Right of access to your personal data: You have the right to ask us for confirmation on whether we are processing your personal data, and access to the personal data and related information.
  • Right to correction: You have the right to have your personal data corrected, as permitted by law.
  • Right to erasure: You have the right to ask us to delete your personal data, as permitted by law.
  • Right to restriction of processing: You have the right to request the limiting of our processing under limited circumstances.
  • Right to data portability: You have the right to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
  • Right to object: You have the right to object to our processing of your personal data, as permitted by law, under limited circumstances.

In order to exercise any of these rights, please contact us according to the “How to Contact Us” section above. Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.