Effective Date: December 31, 2019
If you are a resident of the European Economic Area (EEA), including the EU, or otherwise accessing the Site from a country located in the EEA, which enforces the General Data Protection Regulation (GDPR), you are not permitted to visit the Site or provide us with any information.
Table of Contents
- Information We Collect
- Information You Provide to Us
- Information We Collect When You Use the Site
- Location-Based Information
- Information We Collect from Third Parties
- Information We Collect When You Interact with Third-Party Sites
- Information You Provide About a Third Party
- How We Use the Information We Collect
Sharing of Information with Third Parties
- When You Request We Share with Third Parties
- Third Parties Providing Services to Company
- To Protect the Rights of Company and Others
- Affiliates and Business Transfer
- Sweepstakes, Contests and Promotions
- Online Marketing
- Use of Information for Recruitment Purposes
- Information You Disclose Publicly
- Ads and Information About You
- Third-Party Content and Links to Third-Party Sites
- Your California Privacy Rights
- California / Delaware Do Not Track Disclosures
- Your Nevada opt-Out From Sale of Personal Information Rights
- Transfer of Information to and from the United States
- Children’s Privacy
- Updating and Modifying Your Personal Data and Communication Preferences
Information We Collect
Information You Provide to Us. We may ask you to provide us: (i) your first and last name, email address, home or other mailing address, telephone number, mobile number, credit and debit card numbers and date of birth or other information that could reasonably be used to identify you personally (hereinafter “personal data”); and/or (ii) demographic information, such as information like your gender or product preferences (“Demographic Information”). We may collect this information from you at various times and places, such as when you:
- Make a purchase through the Site;
- Submit account registration forms or otherwise save your information with us on our Site;
- Sign up or request to be placed on our mailing, SMS text and/or email marketing lists;
- Sign up for a loyalty program;
- Participate in a survey or Promotion;
- Contact us regarding a question or concern such as when you make inquiries concerning our merchandise or services;
- Participate in any location services we offer (g., to provide you with information about new Store openings near you and inform you of new products and promotions that may be of interest to you based on your location); or
- Submit an application for employment.
Your decision to provide us with information is voluntary, but if you choose not to provide any requested information you may not be able to take advantage of all of the Site’s features, including purchasing products or services from us.
Information We Collect When You Use the Site. In addition to information that you choose to submit to us, we automatically receive and store certain information when you visit or interact with the Site (“Usage Information”). Usage Information is stored on and accessed from your personal computer, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Site. Usage Information includes:
- your IP address, UDID or other unique identifier (“Device Identifier”); A Device Identifier is a number that is automatically assigned to your Device used to access the Site, and our computers identify your Device by its Device Identifier;
- your Device functionality (including browser, operating system, hardware, mobile network information);
- the areas within our Site that you visit and your activities there, including remembering you and your preferences;
- your Device location;
- your Device characteristics; and
- other Device data, including the time of day you visit our Site.
We use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies used on the Site, include, without limitation, the following (and subsequent technology and methods later developed):
- Cookies. A cookie is a file placed on a Device to uniquely identify your browser and to store information on your Device. Our Site may use HTTP cookies, HTML5 cookies, Flash cookies and other types of cookie technology to store information on local storage. Regular cookies may generally be disabled or removed by tools that are available as part of most commercial browsers, and in some (but not all) instances can be blocked by selecting certain settings. Each browser you use will need to be set separately and different browsers offer different functionality and options. Please note that these tools may not be effective with regard to Flash cookies or HTML5 cookies. For information on disabling Flash cookies, visitadobe.com. Please understand that if you disable or remove any type of cookie, some parts of our Site may not function properly, and that when you revisit our Site your ability to limit cookies is subject to your browser settings and limitations.
- Web Beacons. A Web Beacon is a small tag (which may be invisible to you) that may be placed on our Site’s pages and messages. Web beacons may be used by us for a number of purposes, including to count visitors to the Site, to monitor how users navigate the Site, to count how many emails that were sent by us were actually opened or to count how many particular links were actually viewed.
- Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on within our Site. The code is temporarily downloaded onto your Device from our web server or one of our third party service providers, is active only while you are connected to the Site, and is deactivated or deleted thereafter.
- ETag, or entity tag. An Etag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash and/or HTML5 cookies.
- Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other similar data, for purposes of identification.
- Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (g., that a user of multiple devices is the same user).
We use the above Tracking Technologies (or ones we incorporate in the future)
- to allow you to use and access the Site
- for the prevention of fraudulent activity and improved security functionality
- to allow you to make use of shopping cart functionality;
- to assess the performance of the Site, as part of our analytic practices and to improve the content, products or services offered through the Site;
- to identify you when you visit or sign‑in to our Site
- to keep track of your specified preferences and to track your online activities over time and across third-party sites; and
- to deliver content, including ads, relevant to your interests on our Site and third‑party sites based on how you interact with our advertisements and/or content.
- Location-Based Information. Our Site collects and uses information on your location to deliver you relevant content and advertising based on your location as part of the location-based services we offer. We use your location information to display our nearest Store location to you. You have the ability to turn location-based services on and off by adjusting the settings of your Internet browser or mobile device or by following the standard uninstall process and if applicable, removing all Company applications from your mobile device.
- Information You Provide About a Third Party. If you send someone else a communication from the Site, such as an invitation to a friend or if you purchase a gift for another person, the information you provide (e.g., names, email addresses, mobile number, etc.) will be used to facilitate the communication. You need to ensure that you have the recipient’s permission to use his or her information for this purpose. Please be aware that when you use any send-to-a-friend functionality on our Site, your email address, mobile number, name or username and message may be included in the communication sent to your addressee(s).
- Information You Provide to Us. We may ask you to provide us: (i) your first and last name, email address, home or other mailing address, telephone number, mobile number, credit and debit card numbers and date of birth or other information that could reasonably be used to identify you personally (hereinafter “personal data”); and/or (ii) demographic information, such as information like your gender or product preferences (“Demographic Information”). We may collect this information from you at various times and places, such as when you:
How We Use the Information We Collect
We use your personal data, Demographic Information and Usage Information for purposes of:
- Processing, tracking and completing purchase, return and similar transactions;
- Sending you marketing information about Company and other third parties we work with, including through direct mail offerings;
- Sending you email communications such as electronic newsletters about our products, services, events, loyalty programs and Promotions;
- Enabling you to participate in the Site’s features such as surveys and Promotions;
- Improving the effectiveness of our Site, marketing endeavors and service offerings;
- Offering you location-based services (g., to provide you with information about new Store openings near you);
- Processing Site account registration, including, without limitation, loyalty program applications;
- Providing customer service, including responding to your inquiries regarding our merchandise or services;
- Notifying you of product recalls or providing other information concerning products you have purchased;
- Sending you information about orders you have made on the Site;
- Identifying your product and service preferences, providing personalized content and ads and informing you of new or additional products, services and Promotions that may be of interest to you;
- Helping us address problems with and improve our Site and our merchandise and services;
- Providing mobile marketing messages and other communications and messages;
- Protecting the security and integrity of the Site;
- Creating aggregated data and statistics (which does not identify you and which we freely use and share);
- Meeting applicable legal and regulatory requirements;
- For internal business purposes;
- Use of Information for Recruitment Purposes. Where you have provided us with personal data or Demographic Information as part of an online application for employment or internship, we may use that information in order to allow us to make an informed decision about whether to proceed with your application. We may, as part of this recruitment process, collect information about your education, employment history and similar matters. Where this personal data or Demographic Information is considered to be sensitive, you expressly consent to our processing of this information for recruitment purposes by submitting it to us.
Sharing of Information with Third Parties
We may share your information as follows:
- When You Request We Share With Third Parties. You may be presented with an option to receive certain information and/or marketing offers directly from third parties or to have us send certain information to third parties or give them access to it. If you choose to do so, your information may be disclosed to such third parties and all information you disclose will be subject to the third-party privacy policies and practices of such third parties. In addition, third parties may store, collect or otherwise have access to your information when you interact with their content on our Site. This may include using third-party tools such as Facebook, Twitter, Instagram, Pinterest or other third-party posting or content sharing tools and by so interacting you consent to such third party practices. We are not responsible for the privacy policies and practices of such third parties and, therefore, you should review such third-party privacy policies and practices of such third parties prior to requesting information from or otherwise interacting with them.
- Third Parties Providing Services to Company. We may use third-party service providers to perform certain services on behalf of us or the Site, such as: (i) to assist us in Site operations; (ii) to manage a database of customer information; (iii) hosting the Site; (iv) designing and/or operating the Site’s features; (v) tracking the Site’s activities and analytics; (vi) enabling us to send you special offers or perform other administrative services; and (vii) other services designed to assist us in maximizing our business potential. We may provide these vendors with access to user information, including Device Identifiers and personal data, to carry out the services they are performing for you or for us. Third-party analytics and other service providers may set and access their own Tracking Technologies on your Device and they may otherwise collect or have access to information about you, potentially including personal data, about you. For any third party we share your personal data with, we enter into contracts limiting their use of your personal data to their provision of services for us. By way of example, the online store on this Site is hosted by Shopify, Inc. Shopify provides Company with the e-commerce platform that allows us to sell products and services to you. In this instance, your information (including your credit card or other payment data) may be collected directly and stored through Shopify’s data storage, databases and the general Shopify application (which may be located outside of the United States). For more insight, please review Shopify’s Terms of Service or Privacy Statement.
- Affiliates and Business Transfer. We may share your information with our parent, subsidiaries and affiliates. For a list of our affiliated brands, visit www.chicosfas.com, which currently includes TellTale, Chico’s, White House | Black Market, Soma, and Chico’s Off the Rack. We also reserve the right to disclose and transfer all such information: (i) to a subsequent owner, co-owner or operator of the Site; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including during the course of any due diligence process.
- Sweepstakes, Contests and Promotions. We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) through the Site or through one of our social media pages that may require registration. By participating in a Promotion, you are agreeing to official rules that govern that Promotion, which may contain specific requirements of you, including, allowing the sponsor of the Promotion to use your name, voice and likeness in advertising associated with the Promotion. If you choose to enter a Promotion, personal data may be disclosed to third parties or the public in connection with the administration of such Promotion, including in connection with winner selection, prize fulfillment, and as required by law or permitted by the Promotion’s official rules, such as on a winner’s list.
- Online Marketing. Where permitted by law, we may share your personal information and data related to your activities on our Site for purposes of retargeting our advertisements and other companies’ direct marketing purposes.
- Use of Information For Recruitment Purposes. In conjunction with laws and regulations enforced by the Equal Employment Opportunity Commission (“EEOC”), the Office of Federal Contract Compliance Programs (“OFCCP”) and similar state and local regulatory agencies, we may, in connection with your employment at Chico’s or its Affiliates, ask you to provide us with self-identifying information (such as veteran status, gender and ethnicity). Providing such self-identifying information is voluntary, but if you do provide us with such information, we may submit that information, to the EEOC, the OFCCP and similar state and local regulatory agencies or otherwise use or disclose it for business-related purposes, including, without limitation, responding to information requests, fulfilling regulatory reporting requirements and defending against employment related complaints.
Information You Disclose Publicly
- User Content and Public Information. The Site may permit you to submit ideas, photographs, videos, audio recordings, questions, comments, suggestions or other content, including personal data (collectively, “User Content”), on blogs and message boards, product reviews and other public forums. You acknowledge and agree that we or others shall have the right to store, display, publish, distribute or otherwise use User Content online or offline in any media or format and may or may not attribute the User Content to you. Others may have access to this User Content and may have the ability to share it with third parties. Please note that Company does not control who will have access to the information that you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on the Site or what others do with information you share with them on the Site.
Ads and Information About You
This collection and ad targeting takes place both on our Site and on third-party websites that participate in the ad network, such as websites that feature advertisements delivered by the ad network. This process also helps us track the effectiveness of our marketing efforts.
Third-Party Content and Links to Third-Party Sites
Your California Privacy Rights
This section applies to any California residents about whom we have collected personal data from any source, including through your use of our Site, by buying our products or services, or by communicating with us electronically, in paper correspondence, or in person. This section may only apply to non-California residents as may be consistent with applicable state law in your state of residence.
What Personal Data Do We Collect?
We may collect the following categories of personal data about you:
- Identifiers, such as real name, alias, postal address unique personal identifier, online identifier, Internet Protocol address, email address, account number, social security number; driver’s license number, passport number, or other similar identifiers;
- Commercial information, such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- Biometric information; which includes fingerprints; facial scans; voice recognition information; genetic information; and/or other similar biometric identifiers;
- Information relating to Internet activity or other electronic network activity, including browsing history, search history, and information regarding a consumer’s interaction with a website, application, or advertisement;
- Geolocation data; which includes Global Positioning System (“GPS”) data; locational information based upon your IP address; cell network data; and/or other similar locational data; and which may be collected from various devices including your mobile device(s) or vehicle(s);
- Audio, electronic, or visual information; which includes records of calls to or from our customer service centers; and/or video surveillance information;
- Professional or employment-related information, such as your employer, job, assets and income;
- Education information;
- Inferences about you;
- Information related to characteristics protected under California or federal law which includes gender; race and ethnicity; nationality; marital status; military service / veteran status; and/or date of birth; and
- Other personal data not listed above and described in California Civil Code §1798.80(e) (e.g., signature, physical characteristics or description, insurance policy number, bank account number, credit card number, debit card number, and other financial, medical, or health insurance information).
To help you further understand what we do with the above categories of personal data, we have provided you with a matrix detailing the sources, purposes, and any sharing related to each category. You may review that matrix by scrolling down to Table 1 in section 7(g) below.
What Do We Do With Your Personal Data?
We use the personal data we collect from you for the purposes outlined in Section 2 above. Other than as outlined in Section 5 with respect to our participation in behavioral ad networks to the extent this is considered a sale of data under applicable law, we do not sell your personal data for monetary or other valuable consideration.
Sources of Collected Information
We may collect personal data from the following categories of sources:
- Our customers, including via our websites, mobile applications, telephone, text message, postal mail, social media, forums, message boards, chatbot, or other means;
- Our affiliates, which includes Chico’s, Chico’s Off the Rack, White House | Black Market and Soma;
- Our service providers, which includes customer relationship management providers, analytics providers, website hosting providers, systems administrators, and communications delivery services;
- Nonaffiliated companies with which we have a business relationship, which includes promotional and joint marketing partners;
- Other third parties, which includes other websites and mobile applications, online advertising partners, and other data suppliers;
- Things that other third parties may post publicly about you or otherwise provide to us; and
- Employees and job applicants.
Who We Share Personal Data With?
We may share your personal data with the following categories of third parties:
- Companies offering similar products and services as Company;
- Advertising and marketing companies;
- Social media companies;
- Technology companies; and
- Nonaffiliated companies with which we have a business relationship.
Your Privacy Rights
If you are a California resident, subject to applicable law, you have the following rights under California law with respect to your personal data:
- Right to Know. You may have the right to request what personal data we collect, use, disclose, and/or sell, as applicable.
- Right to Delete. You have the right to request the deletion of your personal data that is collected or maintained by us.
- Right to Opt-Out of Sale (Do Not Sell My Info). You have the right to request to be opted out from any sales of your personal data by us. This opt-out will not change your preferences with respect to the receipt of marketing and other communications from the Company. Information about modifying your communication preferences is set forth in Section 13 below.
- Right to Non-Discrimination. You have the right not to be denied goods or services, charged different prices or rates for goods or services, or receive a differing level of quality of goods or services as a result of exercising the above rights.
- Right to request information regarding third party direct marketing. We may from time to time elect to share certain information about you collected by us on the Site with third parties for those third parties’ direct marketing purposes. California Civil Code Section 1798.83 permits California residents who have supplied personal data, as defined in the statute, to us, under certain circumstances, to request and obtain certain information regarding our disclosure, if any, of personal data to third parties for their direct marketing purposes. If this applies, you may obtain the categories of personal data shared and the names and addresses of all third parties that received personal data for their direct marketing purposes during the immediately prior calendar year (g., requests made in 2020 will receive information about 2019 sharing activities). To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. To make such a request (limit one request per year), please submit a written request to the following address (limit one request per year): TellTale, 11215 Metro Parkway, Fort Myers, FL 33966 (Attn: General Counsel. – California Privacy Rights Notice). You must include your full name, email address, and postal address in your request.
Exercising Your Rights
If you are a California resident and wish to seek to exercise any of the rights in Section (e) above (other than your right to request information regarding third party direct marketing which must follow the process set forth in the last bullet above), please reach us in one (1) of the following ways:
- Call 888.855.4986
- Send an email to CCPA@chicos.com describing the rights you wish to exercise and include your first and last name, where you can be contacted regarding the request, and, if applicable, the email associated with your account.
You may also authorize someone to exercise the above rights on your behalf. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child.
The above rights are subject to our being able to reasonably verify your identity and authority to make these requests. After you make a request to exercise these rights, you may receive an email requesting that you verify your identify. In order for us to verify your identify, you may be required to provide your name, loyalty or customer number, transaction history details, and/or any and all email addresses that you have used to interact with our brands. We will respond to your request only after your identity has been verified. Note that these rights are also subject to various exclusions and exceptions under applicable laws. Please note that in some instances, we may offer coupons or discount codes to users who subscribe to our email list or SMS text marketing program.
Table 1: Categories of information collected and related purpose, source and third party disclosure of such information.
- What Personal Data Do We Collect?
California / Delaware Do Not Track Disclosures
Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals). Currently, we do not monitor or take any action with respect to these signals or other mechanisms.
Your Nevada Opt-Out From Sale of Personal Information Rights
Company reserves the right to sell personal data to third parties either now or in the future. Nevada S.B.220 allows Nevada residents to opt-out of the sale of their personal data. If you are a Nevada resident we want you to know that you have choices and can opt-out of Company selling your personal information after the date you opt-out by contacting us at email@example.com. This may prevent or restrict your use of the Site now or in the future.
Transfer of Information to and from the United States
Our Site is operated in the United States. If you are located outside of the United States, please be aware that you will be sending your personal data to the United States.
We understand the importance of protecting children’s privacy in the interactive world. Our Site is not intended to be used by children and we do not knowingly collect personal data from children under the age of 13. If you are a child under 13 years of age, you are not permitted to use the Site and should not send any information about yourself to us through the Site. If a parent or guardian discovers that his or her child has provided us with personally identifiable information, such parent or guardian has the right, upon request, to view the information provided by the child and/or to require that it be deleted from our records. In such a case we ask that the parent or guardian of the child contact a Customer Service representative (Contact Us) or our Privacy Officer at firstname.lastname@example.org.
We ensure data is secure by providing, among other things, secured access to physical buildings and data processing areas, controlled computer access to data processing systems including individual log-ins, complex password requirements, automatic time out for inactivity, automatic lock for invalid password attempts, controlled, monitored and traceable staff access rights to personal data, encryption and firewall technologies, data back-up and storage, input and job control through record authentication, password requirements and electronic recording of entries and routine auditing, and separation of processing for different purposes. We incorporate commercially reasonable safeguards to help protect and secure your personal data, however, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from our Site, and you provide us with your information at your own risk.
If you receive an email that appears to be a request from us for personal data, Do Not Respond as this may be a “phishing” scam designed to steal your information. Never include your credit or debit card number or other sensitive information in an email as it is not a secure means of transmitting information. We will only request such information during secure transactions on our Site.
It is your responsibility to safeguard any password you create to access “My Account” and to sign-out when your visit is complete.
Updating and Modifying Your Personal Data and Communications Preferences
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. If you wish to update, delete or modify your personal data or do not wish to be contacted via email, direct mail and/or telephone for commercial purposes, please make changes to “My Account” online by clicking “Profile & Preferences”. Be sure to “Save” once you've completed your changes. You may also call or email Customer Service. Provide your exact name and postal or email address so that we may identify you accurately. You may also “unsubscribe” from our email by using the link provided at the bottom of each email. If you ask us to remove you from marketing lists, we will maintain you on a “do not contact” list to ensure that we continue to honor your request. In most cases it takes ten (10) days or less to process your “do not email” request. It may take up to eight (8) weeks to process your “do not mail” request because mailings are planned long in advance. If you purchase online, we will continue to confirm your order and shipment status via email, postal address or telephone. If you change your mind about choices you've previously made, make changes to “My Account” online or contact Customer Service (Contact Us). We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records). Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons.
TellTale Returns Department
150 Stewart Parkway
Greensboro, GA 30642