Global Privacy Notice
This Global Privacy Notice is effective as of February 21, 2019, and applies to our customers outside of North America, specifically our European customers.
This Global Privacy Notice (this "Notice") explains how data about you (specifically, a data subject of the European Union) is collected, used and disclosed by American Eagle Outfitters, Inc., a company incorporated under the laws of Delaware (United States of America) and our affiliates and subsidiaries (collectively, "AEO", "we", "us", or "our") with its principal business office located at 77 Hot Metal Street, Pittsburgh, PA 15203, United States. We are responsible for the processing of your Personal Data (as defined below), as a data controller. This Notice applies to data we collect when you access or use our technology platforms (including, without limitation, our websites, mobile applications and other AEO-controlled properties that link to this Notice; collectively, the "Platforms"), engage with us via social media, or when you otherwise interact with us. Please read this Notice completely (before providing us with your personal data or otherwise interacting with us) to understand how we collect, use and disclosure your personal data. We may supply different or additional notices on how we process Personal Data specific to certain programs or activities. We may also provide different notices on how we process Personal Data with respect to certain subsidiaries or affiliates, in which case this Notice will not apply.
QUICK GUIDE TO CONTENTS
- Collection & Use of Personal Data.
- Sharing of data.
- Your Rights and access.
- SECURITY OF YOUR PERSONAL DATA.
- aknowledgement of PROCESSING AND TRANSFER OF PERSONAL DATA.
- CONTACT US.
1. COLLECTION & USE OF PERSONAL DATA.
- Definition of Personal Data
"Personal Data" is data that may be used to identify you as an individual, such as your name, e-mail address, telephone number, home address, or payment data (e.g., account data or credit card number).
- When do we collect your Personal Data?
We may collect Personal Data when you interact with AEO or any of our brands, such as when you:
- Purchase, return, reserve or try-on merchandise at one of our stores or through our Platforms;
- Consent to receive our promotional email, SMS/text messages, job postings or other communications;
- Visit or register through our Platforms;
- Participate in our contests, sweepstakes or promotions;
- Participate in one of our surveys or other customer research;
- Consent to the collection and processing of your location data;
- Purchase gift cards for others; and
- Contact or visit our Customer Service Department, or otherwise contact us or one of our service providers with a comment, question or complaint.
Please read in the following additional details about each of these situations:
- Purchasing, returning, reserving or trying-on merchandise
When you purchase or return merchandise through one of our stores or through our Platforms, we collect and use the Personal Data that you provide, such as your order, postal address, email address, age and payment information, for the purposes of fulfilling your order, processing your return, and updating you on the status of your order/return. When you reserve or try-on merchandise in-store, we may collect Personal Data such as your name, telephone number, email address, location and the items you wish to reserve or try-on for the purposes of fulfilling your request. The processing of your Personal Data for these purposes is based on Article 6(1) lit. b) GDPR, as it is necessary for the performance of a contract with you.
We also use this Personal Data collected based on Article 6(1) lit. f) GDPR, as necessary for our legitimate interests. These legitimate interests are namely fraud detection, improving our Platforms and business operations, information security purposes, monitoring our sales, and aggregate analytic modeling.
When you consent to receive information from us such as promotional/marketing emails, job postings or other information, we process your email address and/or postal address for the purposes of fulfilling your request. You may unsubscribe from promotional communications by following the instructions in the message. If you have any questions about unsubscribing from our messages or would like assistance in unsubscribing from promotional messaging, please contact us as outlined below. The processing of your Personal Data for this purpose is based on Article 6(1) lit. a) GDPR, namely your consent.
- Platform use
If you choose to visit or register with one of our Platforms, we process the information that you provide, such as your name, email address, date of birth, shipping/billing address, credit card and account-related data for the purposes of administering and securing your account on our Platforms. Please note, when registering an account, you will be prompted to provide certain information. If you do not provide shipping, billing or credit card information upon account registration, we will automatically save this information to your account when provided, including upon your completion of an order. If you would like to revise this information, please access your account at any time. The processing of your Personal Data for these purposes is based on Article 6(1) lit. b) GDPR as it is necessary for the performance of a contract with you.
We also use this Personal Data collected based on Article 6(1) lit. f) GDPR, as necessary for our legitimate interests. These legitimate interests are namely improving our Platforms and business operations, information security purposes, monitoring our sales, and aggregate analytic modeling.
With your consent, we collect and use certain information through our Platforms automatically via cookies and similar technologies. We use these technologies as analyzation tools to find out what users like on our Platform, to improve our Platform and to deliver personalized content (e.g. targeted advertisement). For further information, please visit our Cookies Notice
The processing of your Personal Data for this purpose is based on Article 6(1) lit. a) GDPR, namely your consent.
We process the Personal Data that you provide if you choose to participate in one of our contests, sweepstakes or promotions for the purposes of conducting them and communicating with you, all as further described in the respective terms and conditions. The processing of your Personal Data for these purposes is based on Article 6(1) lit. b) GDPR as it is necessary for the performance of a contract with you.
If you consent, we may also process your photo and/or video recorded at any relating event where you participate. The processing of your Personal Data for this purpose is then based on Article 6(1) lit. a) GDPR.
- Customer surveys and other customer research
If you consent, we process the Personal Data that you provide if you choose to participate in one of our customer surveys or other research tools to analyze and better understand how customers like you interact with our brands.
The processing of your Personal Data for this purpose is based on Article 6(1) lit. a) GDPR.
- Location data
When you navigate to any of our Platforms, we use location information to tailor your user experience and provide relevant content. Specifically, we use your device’s address and location information to geo-locate you to a default country, and we also use it to provide relevant store location, shipping, and product selection pages. Additionally, when you first launch any of our mobile applications, you will be asked to consent to the application’s collection of location data. We use this information to provide you with information about nearby stores/locations; products, their availability/location, or reserved items; and special offers and promotions.
The processing of your Personal Data for this purpose is based on Article 6(1) lit. a) GDPR.
If you initially consent to our mobile application’s collection of this location data, you can subsequently change the collection of this data at any time by changing the preferences on your device. You may also stop our collection of location data by following the standard uninstall process to remove all of our mobile applications from your device.
- Gift cards for others
In certain circumstances, we may also collect Personal Data that you provide to us regarding other people. For example, you may provide us with the name and address for a gift recipient. When you provide us with this Personal Data, we use it for the purposes of processing the shipment. We rely on you to obtain any necessary information from the intended recipient to our use of their Personal Data for these purposes. The processing of the gift recipient’s Personal Data for this purpose is based on Article 6(1) lit. b) GDPR as it is necessary for the performance of a contract with you.
Where the gift recipient has consented, we use their Personal Data to communicate with the intended recipient. The processing of the gift recipient’s Personal Data for this purpose is then based on Article 6(1) lit. a) GDPR.
- Customer Service
We process the Personal Data you provide to us when you contact our Customer Service Department (name, telephone number, email address, purchase details) for the purposes of reviewing any issues you raise and responding to you. Depending upon the nature of your query, we may request additional Personal Data for the purposes of verifying your identity (e.g. birth date or banking details).
The processing of your Personal Data for this purposes is based on Article 6(1) lit. b) GDPR as it is necessary for the performance of a contract with you.
- Withdraw consent
In all cases where we process your Personal Data based on your consent, you may withdraw consent for each individual purpose at any time without reasons. Please contact us via firstname.lastname@example.org
to withdraw consent.
Also, you may opt-out of receiving promotional communications from us at any time by: (i) logging into your online account and updating your preferences; (ii) contacting us by phone, email or postal mail, or (iii) following the removal instructions in the communication that you received.
2. SHARING OF DATA.
Except as described in this Notice, we will not share your Personal Data with third party controllers (i.e. third parties that use the Personal Data for their own purposes). We may, however, share aggregated, non-personal or anonymous data, which cannot be used to identify you, with third parties. We may also share your Personal Data in the following circumstances:
Your Consent to have Your Personal Data Shared: While utilizing our Platforms, you may have the opportunity to opt-in to receive information and/or marketing offers from someone else or to otherwise consent to the sharing of your data with a third party. If you agree to have your Personal Data shared, your Personal Data will be disclosed to the third party and the Personal Data you disclose will be subject to the privacy notice and business practices of that third party.
Third Parties Providing Services: We may share your Personal Data with Vendors that perform functions on our behalf or assist with our business operations to perform contracts with you, such as those that host or operate our Platforms, process transactions and payments, fulfill orders or provide customer service; or other third parties that participate in or administer our marketing (including promotions, contests, sweepstakes, and surveys), provide internal promotional assistance, and analyze our data. Additionally, subject to your consent, we may share your Personal Data with Vendors that provide targeted marketing or promotional assistance, manage our credit card, analyze data, advertisers and “powered by” partners who power product reviews on our products or services.
3. YOUR RIGHTS AND ACCESS.
- Your rights concerning your Personal Data
Accessing/Updating/Deleting or Restricting the processing of Your Personal Data: If you wish to access, modify, verify, correct, delete, or restrict the processing of any of your Personal Data collected through the Platforms, you may contact us using the contact data provided below. Alternatively, you may access, modify, verify, correct or delete your registered user data through our Platforms. Please note, all active accounts must be associated with a physical address and customer service may assist with certain changes. Additionally, we may refuse requests that are manifestly unfounded or excessive, in particular because of their repetitive character.
If you think that the processing of Personal Data by us violates data protection laws, you may lodge a complaint with the competent supervisory authority.
- Right to Object
You may ask us at any time to stop processing your Personal Data, and we will do so, if we:
- rely on legitimate interests to process your Personal Data, except if we can demonstrate compelling legal grounds for the processing; or
- process your Personal Data for direct marketing.
- Deletion of your Personal Data
In accordance with our routine record keeping, we may delete certain records that contain Personal Data you have submitted through the Platforms or otherwise. We are under no obligation to store such Personal Data indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Data. It may not always be possible to completely remove or delete all of your data from our databases without some residual data remaining due to backups and other reasons. We will retain and use your data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and obligations. Thus, we will:
- Delete Personal Data relating to your account if you have been inactive for two (2) years;
- Delete Personal Data relating to marketing, such as your preferences, whether collected via cookies or your own insertion, 17 months after the last contact between you and us (e.g. newsletter, purchase etc.);
- Delete cookie data collected from you that does not relate to marketing after two (2) years;
- Delete Personal Data relating to our contractual relationship, i.e. your purchases, after seven years.
4. SECURITY OF YOUR PERSONAL DATA.
We take industry-standard administrative, technical and physical measures to help protect data about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
5. ACKNOWLEDGEMENT OF PROCESSING AND TRANSFER OF PERSONAL DATA.
We are based in the United States and are governed by U.S. law. By accessing or using the Platforms, or otherwise providing information to us, you acknowledge that we collect, process, transfer and store data about you in and to the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen. We will however make sure that your Personal Data is as safe as in the country where you reside. Please use the contact information below if you have a question or complaint about the policies, practices or manner in which we or our Vendors treat your Personal Data.
We may update this Notice from time to time. If we make changes, we will notify you by revising the date at the top of the Notice and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review this Notice whenever you interact with us to stay informed about our data practices and the ways you can help protect your privacy.
7. CONTACT US.
As it relates to questions you might have about this Notice or if you have a concern that AEO may have failed to adhere to this Notice, please contact us as follows:
Please note, the role and department responsible for compliance with the obligations under this Notice is:
American Eagle Outfitters
c/o Legal Department
77 Hot Metal Street
Pittsburgh, PA 15203
Attention: Associate General Counsel, Privacy
You may contact our European Local Representives as required under Art. 27 GDPR as follows: