While we are primarily based in the United States, Forever 21 maintains operations in Europe and may direct our Services to individuals located in the EEA, United Kingdom, and Switzerland, including through our Site https://www.forever21.com/ (collectively, our “European Services”). The following disclosures (“European Privacy Disclosures”) apply to our processing of personal data in connection with our European Services.
F21 OpCo, LLC is the data controller responsible for the processing of personal data in connection with our European Services. This means that we determine and are responsible for how your personal data is used.
Personal Data: Personal Data: When we use the term “personal data” in this section, we mean information relating to an identified or identifiable natural person.
Legal Bases for Processing
In connection with our European Services, we only collect, use, share or otherwise process your PI by obtaining your consent or by using other legal bases for processing your PI as set forth in more detail below:
- Contract. If you make a purchase throughour Sites or if you contact us to request any other service, we will use your information to fulfill your order or otherwise provide you the features and functionality of the services you requested.
- Legitimate Interests. The use of your personal data may also be necessary for our own legitimate business interests. Our use of your personal data to perform a legitimate interest, takes into consideration your privacy rights, and the relative necessity we have to use your personal data to fulfill that interest. For example, we process your personal databased on the legitimate interests legal basis to analyze and improve the quality of our Services, such as providing you with Customer Service, and to understand you as a customer. This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising. In addition, based on your use of our Services and the products you purchased, we may target you with ads or other marketing materials that are customized to your personal preferences and experiences, or conduct other direct marketing initiatives (to the extent we are permitted to process such personal data on the basis of legitimate interest; otherwise we will ask for your consent). We may also use your personal datafor our other legitimate interests, such as to operate and expand our business activities, to administer our Services, to evaluate and review our business performance, to facilitate social sharing functionality, to generate aggregated statistics about the users of our products and Services, to facilitate our business operations, to operate company policies and procedures, to conduct fraud monitoring and prevention, to identify cyber threats, to enable us to enter into corporate transactions, or for other legitimate business purposes as permitted by applicable law. If necessary, we may also use your corporate transactions, to pursue or defend ourselves against legal claims.
- Legal Obligation or Claim.We may process your personal data when it is necessary to comply with a relevant legal or regulatory obligation that we have, such as to maintain appropriate business records according to tax and commercial law, to comply with lawful requests by public authorities, to comply with applicable laws and regulations, to respond to a legal claim, or as otherwise required by law.
How Long Will We Store Your Personal Data
The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:
- Legitimate Interests. Where we are processing personal information based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
- Consent. Where we are processing personal information based on your consent, we generally will retain the information until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal information.
- Contract. Where we are processing personal information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
- Legal Obligation. Where we are processing personal information based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation.
- Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal information, as well as the potential risk of harm from unauthorized use or disclosure of your personal information.
Recipients of Personal Information
- Service Providers and Advisors: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing professional services, such as legal and accounting services, mailing, email or chat services, fraud prevention, web hosting, or providing analytic services.
- Affiliates: Other companies owned by or under common ownership as Forever 21, including our subsidiaries (i.e., any organization we own or control) and our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under these Privacy Disclosures.
- Purchasers and Third Parties in Connection with a Business Transaction:your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business.
Marketing and Advertising
From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.
We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the “unsubscribe” link at the bottom of our marketing emails, by updating your preferences via your account on the Site, or by submitting a request through our Privacy Rights Requests Center.
Storing and Transferring your Personal Data
- Security.We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All personal data we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.
- International Transfers of your Personal Data. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third party service providers have operations. If you are located in the EEA, United Kingdom or Switzerland, your personal data may be processed outside of those regions, including in the United States.
In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard contractual clauses adopted by the European Commission.
We may analyze personal data we have collected about you to create a profile of your interests and send product updates. We may also use personal data about you to detect and reduce fraud.
Your Rights in Respect of Your Personal Data
In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:
- Right of access. have the right to obtain:
─ confirmation of whether, and where, we are processing your personal information;
─ information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
─ information about the categories of recipients with whom we may share your personal information; and
─ a copy of the personal information we hold about you.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
- Right to withdraw consent. There are certain circumstances where we require your consent to process your personal information. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information before your withdrawal.
You have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html).
If you wish to exercise one of these rights, please contact us using the contact details at the end of these European Privacy Disclosures.
Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.
Tracking Technologies In Our Emails
Our emails may contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.
Most popular email clients will allow you to block these pixels by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display "remote images", "remote content" or "images" by default.
Some browsers also give you the option of downloading and installing extensions that block pixels and other tracking technologies.