American Eagle Outfitters EU Privacy Notice
This American Eagle Outfitters EU Privacy Notice (the “AEO EU Notice”) is effective as of November 24, 2022.
This AEO EU Notice explains how data about you is collected, used and disclosed by AEO Europe Retail Co B.V., a Dutch private limited liability company located at Basisweg 10, 1043 AP Amsterdam, the Netherlands registered in the Dutch Trade Register of the Chamber of Commerce under number 86530763 with Dutch VAT number [NL863997260B01] ("AEO EU", "we", "us", or "our").
We are responsible for the processing of your Personal Data (as defined below) that we collect or receive from you, as a data controller. This AEO EU Notice applies to data we collect when you access or use of our website [https://aeo.eu/] (the “Website”) and mobile applications, engage with us via social media, or when you otherwise interact with us (whether in our physical store(s) or not; collectively the “Platforms”). By using the Platforms, you agree to the use of your personal data as described in this Privacy Notice.
QUICK GUIDE TO CONTENTS
1. COLLECTION OF PERSONAL DATA.
2. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA.
3. DISCLOSURES AND SHARING.
4. YOUR RIGHTS AND CHOICES.
5. SECURITY AND RETENTION.
6. INTERNATIONAL TRANSFERS OF PERSONAL DATA.
8. INSPECTION AND MODIFICATION OF PERSONAL DATA.
9. CONTACT US.
1. COLLECTION OF PERSONAL DATA.
a) Definition of Personal Data
In this AEO EU Notice, our use of the term "Personal Data" refers to the GDPR (and other applicable privacy laws). In general, "Personal Data" includes any information relating to an identified or identifiable natural person, such as name, e-mail address, telephone number, home address, or payment data (e.g., account data or credit card number).
b) When do we collect your Personal Data?
We may collect Personal Data when you interact with AEO EU, any of our brands, such as when you:
• Visit, purchase, return, reserve or try-on merchandise at (one of) our store(s);
• Consent to receive our promotional email, SMS/text messages, or other communications;
• Visit, use, and/or register, or when you otherwise interact with us through our Platforms;
• Participate in our contests, sweepstakes or promotions;
• Participate in one of our surveys or other customer research;
• Consent to the collection and processing of your location data; and
• Contact or visit our Customer Service Department, or otherwise contact us or one of our service providers with a comment, question or complaint.
In addition, we may collect and receive Personal Data about you from third parties, including our vendors and service providers whether these are our affiliates or subsidiaries or third-parties with whom we have an agreement and who are located both inside and outside the EU. For instance, we may engage vendors and work with other partners to provide services to us or to you on our behalf (such as payment processors, cloud hosting and service providers).
When we collect your Personal Data we will indicate whether it is optional or mandatory for you to provide specific types of Personal Data. The collection of some Personal Data is mandatory for the purposes described in this AEO EU Notice. If you do not provide us such mandatory Personal Data, we may not be able to administer and manage our relationship with you (such as communicate with you or perform our contract with you), which in some cases may mean we are unable to continue with your engagement with us if applicable, or we may be prevented from complying with our legal obligations.
2. PURPOSES AND LEGAL BASES OF PROCESSING PERSONAL DATA
While the purposes for which we may process Personal Data will vary depending upon the circumstances, in general, we use Personal Data for the business purposes set forth in this section.
In this section, we also explain the purposes for which we collect and process your personal information, as well as the legal bases upon which we process Personal Data, as required by certain privacy laws, such as the GDPR.
a) Legal bases of processing
Pursuant to the GDPR, in general, we process your Personal Data on the following legal bases:
• Performance of our contract with you: The Personal Data we collect may be used to perform our agreements with you, including our other terms and conditions applicable. Please see [https://aeo.eu/] for our Return Policy and [https://aeo.eu/] for our Gift Card Policy.
• To comply with a legal obligation to which AEO EU is subject: The Personal Data we collect may be processed in order to comply with the law and our legal obligations.
• For our legitimate business interests: We may process Personal Data in furtherance of our legitimate business interests in protecting, maintaining and improving the Platforms; developing new Platforms, features and services; marketing and promoting our products and Platforms (including by profiling and marketing); protecting our legal rights and interests; in support of mergers, acquisitions, reorganizations and other business transactions; and to generally operate and improve our business.
• With your consent: We may process Personal Data about you based on your consent, for example to send you marketing communications, surveys, news, updates and other communications. Where required by applicable law, AEO EU will obtain your consent to this AEO EU Notice and our collection, use and disclosure of your Personal Data. You may be able to withdraw your consent at any time in accordance with applicable laws; please see Section 4. Your Rights and Choices. below for information on how to withdraw your consent.
b) How we collect, use and process Personal Data
Below we describe how we may collect and for what purposes we use Personal Data, including, where applicable, Personal Data we receive from third parties.
i. Purchasing, returning, reserving or trying-on merchandise
When you purchase or return merchandise through our store(s), we collect and use the Personal Data that you provide, such as your order, postal address, email address, age and payment information, for the purposes of fulfilling your order, processing your return, and updating you on the status of your order/return. When you reserve or try-on merchandise in-store, we may collect Personal Data such as your name, telephone number, email address, location and the items you wish to reserve or try-on for the purposes of fulfilling your request.
Where applicable, the processing of your Personal Data for these purposes is necessary for the performance of a contract with you. We also use this Personal Data collected as necessary for our legitimate interests, including fraud detection, improving the Platforms and business operations, information security purposes, monitoring our sales, and aggregate analytic modeling.
We may send promotional/marketing communications, ads and other information about our products, services, news, offers, promotions and events (e.g. contests, sweepstakes and surveys) which we think may be of interest to you via direct mail and email and other electronic means. We process your Personal Data for these purposes, and we obtain your consent to send you direct marketing communications. You may unsubscribe from these communications by following the instructions in the message. If you have any questions about unsubscribing from our messages or would like assistance in unsubscribing from promotional messaging, please contact us as outlined below.
Our processing of your Personal Data for marketing and promotional purposes is based on your consent.
iii. (digital) Platform use
If you choose to visit, use, and/or register with our (digital) Platforms we process the information that you provide, such as your name and email address.
Where applicable, the processing of your Personal Data for these purposes is as necessary for the performance of a contract with you. We also use this Personal Data collected as necessary for our legitimate interests. These legitimate interests are namely improving our (digital) Platforms and business operations, information security purposes, monitoring our sales, and aggregate analytic modeling.
The processing of your Personal Data for this purpose is based on your consent and in compliance with applicable legal requirements.
We process the Personal Data that you provide if you choose to participate in one of our contests, sweepstakes or promotions for the purposes of conducting them and communicating with you, all as further described in the respective terms and conditions. Where applicable, the processing of your Personal Data for these purposes is as necessary for the performance of a contract with you.
If you consent, we may also process your photo and/or video recorded at any relating event where you participate. The processing of your Personal Data for this purpose is then based on your consent.
vi. Customer surveys and other customer research
If you consent, we process the Personal Data that you provide if you choose to participate in one of our customer surveys or other research tools to analyze and better understand how customers like you interact with our brands.
Where applicable, the processing of your Personal Data for this purpose is based on your consent.
vii. Customer Service
We process the Personal Data you provide to us when you contact our Customer Service Department (name, telephone number, email address, purchase details) for the purposes of reviewing any issues you raise and responding to you. Depending upon the nature of your query, we may request additional Personal Data for the purposes of verifying your identity (e.g. birth date or banking details). We may record the audio information in customer service telephone calls, and may save and store written customer service interactions such as chat and email, for quality and training purposes and to meet our legal obligations.
As applicable, the processing of your Personal Data for this purposes is as necessary for the performance of a contract with you.
viii. Securing our business and complying with legal obligations
We may process Personal Data to secure and protect our business, defend our legal rights, and comply with legal obligations. In addition, we may process Personal Data for our internal auditing, reporting, corporate governance, and internal operations purposes.
As applicable, the processing of your Personal Data for these purposes is as necessary to comply with legal obligations and for our legitimate interests.
ix. Managing our relationships with others
We also process the above mentioned Personal Data to manage our relationship with vendors, and third parties who assist us in providing our services or goods, for example, to ensure the proper performance of their tasks, to evaluate our work with them, and to ensure the smooth transition between different service providers whether these are affiliates or subsidiaries or third-parties with whom we have an agreement and who are located both inside and outside the EU.
As applicable, the processing of your Personal Data for these purposes is as necessary for the performance of a contract with you, and/or as it is necessary for our legitimate interests, namely, improving business operations, monitoring our sales, and securing the proper performance of our service providers whether these are affiliates or subsidiaries or third-parties with whom we have an agreement and who are located both inside and outside the EU.
3. DISCLOSURES AND SHARING OF PERSONAL DATA.
Except as described in this AEO EU Notice, we will not share your Personal Data with third party controllers (i.e. third parties that use the Personal Data for their own purposes). We may, however, share aggregated, non-personal or anonymous data, which cannot be used to identify you, with third parties. We may also share your Personal Data in the following circumstances:
Your Consent to have Your Personal Data Shared: While utilizing our Platforms, you may have the opportunity to opt-in to receive information and/or marketing offers from third parties about goods or services they offer or to otherwise consent to the sharing of your data with a third party. If you agree to have your Personal Data shared, your Personal Data will be disclosed to the third party and the Personal Data you disclose will be subject to the privacy notice and business practices of that third party.
Third Parties Providing Services: We may share your Personal Data with vendors that perform functions on our behalf or assist with our business operations to perform contracts with you, such as those that host or operate our Platforms, process transactions and payments, fulfill orders or provide customer service; or other third parties that provide internal promotional assistance, and analyze our data. Additionally, we may share your Personal Data with vendors that manage our credit card or analyze data, or advertisers and “powered by” partners who power product reviews on our products or services. We may also share your Personal Data with other third parties that we work with to send marketing, conduct advertising campaigns, and provide other promotional assistance. These third parties may assist us in marketing and advertising our products, services, news, offers, promotions and events (e.g. contests, sweepstakes and surveys) which we think may be of interest to you, via mail and via email and other electronic means.
Compliance with Legal Obligations: We may also disclose your Personal Data if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; when we believe it is necessary or appropriate to disclose Personal Data to law enforcement or other governmental or regulatory authorities or the courts (in any relevant jurisdiction worldwide), such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this AEO EU Notice; to regularly exercise our rights in judicial, administrative or arbitration proceedings; to respond to any claims against us; and, to protect the rights, property, or personal safety of AEO EU, our customers, or the public.
Corporate Transactions: In addition, your Personal Data may be disclosed as part of any proposed or actual merger, sale, and transfer of AEO EU, assets, acquisition, bankruptcy, or similar event.
4. YOUR RIGHTS AND CHOICES.
This section describes the choices and rights you have with respect to your Personal Data and how to exercise them.
a) Opt-out of marketing communications.
You may opt-out of marketing emails by: (i) updating your preferences in/on our Platforms, (ii) contacting us by phone, email or postal mail, or (iii) following the removal instructions in the communication that you received. If you opt out of direct marketing communications, we may to the extent permitted by applicable law still send you non-promotional communications, such as those about (for example) the confirmation of an order.
b) Withdraw your consent.
In all cases where we process your Personal Data based on your consent, you may withdraw consent for each individual purpose at any time without reasons. Please contact us via [[email protected]] to withdraw consent.
c) Review and Correct your Personal Data.
If you require our help to exercise your rights or want to make a request regarding your Personal Data held by AEO EU, you may contact us as set forth below, in Section 9. Contact Us. Submitting Requests. Privacy requests should be directed to the AEO‘s Customer Service as set forth below in Section 9. Contact Us. Please keep in mind that certain services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain Personal Data. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request. We also may ask you for additional information so that we can confirm your identity or verify your request.
5. SECURITY AND RETENTION
We have implemented administrative, technical, and physical measures to help protect the Personal Data we collect from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. However, no website or Internet transmission is completely secure. Thus, we cannot and do not guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your Personal Data safe, such as choosing a strong password and keeping it private, enabling multifactor authentication (where available), as well as closing your web browser when finished using the (digital) Platforms.
In general, we retain your Personal Data as long as necessary for purposes for which the Personal Data was collected and is used by us, as stated in this AEO EU Notice, and as otherwise necessary to fulfill our legal obligations, resolve disputes, maintain appropriate business records, enforce our agreements or for such longer period as required by applicable law. The retention period depends on the information and the reason for which we have collected it. For example, we keep records of customer purchases and transactions in accordance with the relevant return and exchange periods under our Return Policy [https://aeo.eu/].
6. INTERNATIONAL TRANSFERS OF PERSONAL DATA.
We are based in the Netherlands and are governed by the Netherlands law. We will take steps to ensure that your Personal Data is subject to appropriate safeguards and receives an adequate level of protection as required under applicable privacy laws, when your Personal Data is transferred to and processed in other jurisdictions, including through appropriate written data processing terms and/or data transfer agreements. Please use the contact information below if you have a question or complaint about the policies, practices or manner in which we or our vendors treat your Personal Data.
When we transfer your Personal Data outside the European Economic Area (EEA), we do so on the basis of: (i) an adequacy decision, (ii) contractual model clauses as drafted and approved by the European Commission and (iii) another valid transfer mechanism in accordance with the GDPR.
We may update this AEO EU Privacy Notice from time to time. If we make changes, we will notify you by revising the date at the top of this AEO EU Notice and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). Where required to do so by applicable law, we will seek your consent to such changes. We encourage you to review this AEO EU Notice whenever you interact with us to stay informed about our data practices and the ways you can help protect your privacy.
8. INSPECTION AND MODIFICATION OF PERSONAL DATA
Users have the following rights with regard to our processing of their Personal Data:
• Right to Access, Correct and Restrict the Processing of Your Personal Data: If you wish to access, modify, verify, correct, delete, or restrict the processing of any of your Personal Data, you may contact us using the contact information provided below. Alternatively, you may access, modify, verify, correct or delete your registered data. Customer service may assist with certain changes. Additionally, we may refuse requests that are manifestly unfounded or excessive, in particular because of their repetitive character.
• Right to Object: You may ask us at any time to stop processing your Personal Data, and we will do so, if we: (i) rely on legitimate interests to process your Personal Data, except if we can demonstrate compelling legal grounds for the processing or where we need to process it for the establishment, exercise or defense of legal claims; or (ii) process your Personal Data for direct marketing.
• Right of Deletion: You have the right, in certain circumstances, to request that we delete or remove your Personal Data, such as where we no longer need it or if you withdraw your consent (where applicable). To the extent permitted by applicable law, we will retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.
• Right to Data Portability: You have the right, in certain circumstances, to receive a copy of Personal Data we have obtained from you in a structured, commonly used and machine readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
• Right to Withdraw Your Consent: In the event your Personal Data is processed on the basis of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: If you think that the processing of Personal Data by us violates data protection laws, you may lodge a complaint with the competent supervisory authority. For the Netherlands, this is the Personal Data Authority (‘Autoriteit Persoonsgegevens’). At www.autoriteitpersoonsgegevens.nl you will find all the information on how to file a complaint in the Netherlands. The contact details of the Dutch Personal Data Authority are as follows:
Hoge Nieuwstraat 8
088 - 1805 250
Please note that some of these rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the data. Please contact us using the information set out below, in Section 9. Contact Us, if you wish to exercise any of your rights or if you have any inquiries or complaints regarding the processing of your Personal Data by us.
9. CONTACT US.
As it relates to questions you might have about this AEO EU Notice or if you have a complaint or concern that AEO EU may have failed to adhere to this Notice, please contact us as follows:
AEO Europe Retail Co B.V.
Spuistraat 9, 2511BC , Den Haag
Attention: [Costumer Service], Privacy
E-mail: [email protected]