Privacy Center

Privacy Center

PRIVACY POLICY

Effective Date: November 20, 2020

At Forever 21 we value you, and we strive for transparency in our interactions with you. We seek to make your in-store and online experiences with us fun, efficient and as personalized as you would like. You should be able to find the fashion looks you desire as quickly as possible. If you want to hear from us, you can set that up with us. If you decide you’ve heard enough from us for a while, you can do that too! The information that we obtain from or about you, whether directly or indirectly, helps us understand you better and improve your shopping and other experiences with us.

Above it all, though, our main goals are to gain and maintain your trust, including by addressing any questions or concerns you might have about the privacy and safety of your personal information when it is in our hands. In this regard, we have partnered with OneTrust, a leading technology platform, to allow us to better communicate with you and to respond to your requests more efficiently.

You can click on the boxes below to review each section of our Privacy Policy. Or, if you would like, you can print and read the entire Privacy Policy.

Privacy Choices and Rights

To manage your Cookie preferences at any time (including to withdraw consent previously given), click here. When you first visit our site we asked you to tell us your Cookie preferences. In the Cookie Preference Center you can view your current preferences, research categories and specific Cookie information, and manage your preferences. In addition we have lots of information in our Privacy Policy under the Cookies and Other Tracking Technologies and Additional Rights and Choices; Managing Preferences sections.

Under the laws of certain jurisdictions you may have certain specific privacy rights.

If you are a California consumer, click here to exercise your CCPA rights. To learn more see the California Privacy Rights section of our Privacy Policy.

If you are a person accessing our service from Europe or the UK, click here to exercise your GDPR rights. To learn more see the Supplement for European and UK Users section of our Privacy Policy.

If you are a Nevada consumer, click here to exercise your rights. To learn more see the Nevada Consumers section of our Privacy Policy.

For all other users of our services, please click here to submit privacy-related requests, such as to ask us to close your account, unsubscribe you from marketing emails, delete information that we may have in our systems, or other similar requests. We will make good faith efforts to comply with your requests, but reserve the right to limit requests to what is required by applicable law and to exercise such discretion to limit or reject requests as permitted by applicable law.

To manage your preferences and learn more click here.

This Privacy Policy (“Privacy Policy”) describes how Forever 21 (F21 OpCo, LLC), (“Forever 21,” “we,” “us”) collects, uses, processes and shares your personal information (sometimes referred to as “PI”) and other information when you use our US-based website (the “Site”) or mobile app (the “App”) (sometimes collectively referred to as the “Sites”), visit or make a purchase in our US-based stores (the “Stores”), visit or talk to us on our US-targeted social media pages (“Social Media”), participate in a sweepstakes or contest open to US residents (“Prize Promotions”), contact our customer service agents (“Customer Service”), open our ads, receive or open our e-mails or text messages, or otherwise interact or communicate with us related to any of these services (sometimes collectively referred to as the “Services”).

Throughout this Privacy Policy, we refer to the PI we collect from you, about you, or which may be associated with you, interchangeably without any geographic or legal distinctions. (Please note the subsections below addressing specific jurisdictions and any additional rights that you may have, or any additional requirements that we may have, under the laws of those jurisdictions (see California Privacy RightsSupplement for European and UK Users, and Nevada Consumers). By using the Services from wherever in the world you are located, you consent to our data practices set forth herein (and, if applicable in any particular cases, to any other privacy notice provided at the point of collection, which collection notice will prevail if different from this general Privacy Policy). Unless otherwise noted, your use of our Sites is also subject to our Terms of Use.

Simply put, your PI is important to us. We take commercially reasonable steps to secure it, and aim to use it responsibly and transparently. If you have any privacy questions or concerns, or need reasonable accommodations to enable disability access, you can always contact us at [email protected] or at 1-888-494-3837, our general Customer Service Number.

In this section we disclose details about the information we collect from and about you in connection with the Services. Please note that if you are accessing our Services from the European Economic Area (Member States of the European Union together with Iceland, Norway , and Liechtenstein), including from the UK after Brexit (an “EEA User”), the level of disclosure set forth below meets the standards of the European Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”).

Information Collected Directly from You.

We collect personal information and other data from you when you submit it to us or a third party acting on our behalf. The information collected directly from you depends upon how you use the Services. For example:

  • When you create an account, we collect your e-mail address, username and password. If you provide it to us, we may also collect additional information from you, including your name, birthday (day and month), physical address, zip code/post code, phone number (home or mobile), gender and/or user image.
  • If you make a purchase on our Sites and your shipping address is in the US, we will collect your order-related information, including your billing and shipping address (“Transaction Info”). We will also ask that you provide your payment information (credit card, debit card, or other payment method) at the point of purchase, but Forever 21 does not itself collect that information. Instead, that information is passed on to our payment processors, or if you use any third party payment services, directly to them.
  • When you return or exchange products, we may also collect Transaction Info.
  • When you visit or make a purchase in our Stores, we generally do not collect your PI except as set forth below. If you provide us your e-mail address or phone number so that we can send you promotional offers, fashion news or other marketing materials, we will collect your e-mail address and/or phone number to send you such marketing communications. In addition, if you are in one of our Stores and you apply for a Forever 21-branded credit card, we may collect the PI requested on the application from you and pass it on to the bank issuing the Forever 21-branded credit card. Only US residents are eligible to apply for a Forever 21-branded credit card. After you make a purchase in our Stores, we may also give you the opportunity to answer a few survey questions about your experience and get a discount coupon next time you shop with us. We work with a third party vendor to provide the platform for the survey. The information you provide on that survey platform is subject to this Privacy Policy.
  • If you join our marketing e-mail list, we will collect your e-mail address, and when we send marketing e-mails to you, we (or our vendors working on our behalf) will collect information such as your reaction to our marketing, whether you open or share our e-mails, how long you engage with them, and whether you click the links in the e-mails.
  • If you are a resident of the US and join our promotional text messaging program, we will collect your mobile phone number. Only residents of the US are eligible to participate in promotional text messaging programs.
  • Our occasional referral programs may enable you to send communications to friends and family, in which case we will collect PI from you about you and about your friend or family member. If you choose to participate in these programs, we rely on you to only send these communications to people who have given you permission to do so. The recipients’ PI that you provide will be used to facilitate the communication, and your contact information and message may also be included in the communication.
  • When you contact our Customer Service agents by e-mail, chat, phone, Social Media or via contact forms we provide for that purpose, we will collect (and you expressly consent to our doing so) any personal details and other content that you provide to us, which may include, without limitation, your name, e-mail address, postal address, IP address, geolocation data, and if you contact us via Social Media, your social media handle, your profile photo and any other publicly available information.
  • If you participate in a Prize Promotion, we may collect and process your name, social media handle, address, e-mail address, phone number, image, photograph, voice, statements, and/or other information, such as the prize you have won.
  • If you are on our App and search by UPC code or voice search, we will access your device camera and microphone, with your permission. If you wish to update your permissions, you may do so in the “Settings” options on your device.

Information Collected from Other Sources.

We may receive information about you from third parties, including, without limitation, from your friends or family members who invite you participate in our referral programs, from our CRM (customer relationship management) and other vendor(s) and business partners, such as our data, marketing, personalization, performance, deep linking, or analytics service providers, advertising networks we work with, credit bureaus, fraud prevention service providers, mailing list providers, fulfillment partners, shipping carriers, and/or financial institutions that issue our Forever 21-branded credit cards and in cooperation with which we manage our credit cards-related loyalty/rewards program.

We may also obtain information about you when you log in through a third-party social network or authentication service, such as Facebook or Google. These services will authenticate your identity (so that you do not have to register for an account on our Site or App separately). When you log-in via their services, you will be re-directed to their websites for log-in and they will then share with us your user ID, profile URL, profile picture, name and e-mail address so that (i) we can identify you and so that (ii) your account on their platforms will be connected to our Services. Such platforms may furthermore provide you the option to share certain PI with us, in which case we may receive further information (such as your address book). Your username and profile picture may be visible to all other Forever 21 users, regardless of whether they are your “friends.”

When you interact with us through a social media site or third-party service, such as when you like, follow, or share Forever 21 content on Facebook, Twitter, Instagram or other sites, we may receive information from the social network, including your profile information, picture, user ID associated with your social media account, and any other information you permit the social network to share with third parties. The data we receive from these third-party sites is dependent upon that third party’s policies and your privacy settings on that third-party site. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services. If you make a comment or post other content on our Social Media pages, please be aware that you are providing information directly to the social media network subject to their Privacy Policy and terms of use. As with other third party sites, we have no control over and are not responsible for their own data and privacy practices.

We may combine information we receive from other sources with information we have collected directly from you.

Information Automatically Collected when You Use our Services.

In addition to information that you or other parties provide us, “cookies” and other tracking technologies (sometimes generically referred to as “Cookies”) enable us and third parties to collect certain information from you passively when you use our Services. What information is collected depends on how you use our Services, and includes:

  • domain name visited
  • your browser type and version
  • your operating system
  • the web pages and other content you view
  • the links you click on
  • your IP address
  • the length of time you spend interacting with the Services
  • the referring URL
  • the device type from where you access our Sites
  • the advertising ID and other unique identifiers associated with your device
  • the screen resolution of your device
  • the manufacturer of the device you use to access our Services
  • the exit page
  • your language preferences
  • what devices you use to access the Services
  • your mobile device ID
  • your device name and model
  • your mobile operating system, type, name, and version
  • the App version
  • geolocation data, such as inferred and precise location; provided, however, that we will collect precise location information from your mobile device only if you enable that feature; nevertheless, even if you elect not to enable that feature we may be able to determine location by other means such as when you use wi-fi in our Stores. Turning off device location tracking does not affect the processing of the data that has been collected before the feature has been disabled.

We and third parties offer you ways to limit Cookies. Click here to find out more about what Cookies are, what kind of Cookies we use and what choices you have regarding Cookies.

Our use of your PI, including location information when applicable, is limited to the following purposes, subject to applicable law, unless otherwise disclosed at the point of collection or otherwise consented by you:

  • To provide Services to you (including to fulfill your orders)
  • To communicate with you through e-mail, text messaging, push notifications, cloud-enabled voice services or other means and devices regarding your account, your purchases (including, without limitation, delivery or shipping-related information), your returns, or your other uses of our Services, including, for example, to send you product updates and availability of previously out-of-stock items
  • To respond to your inquiries, resolve your problems and concerns, and for other Customer Service purposes, including, without limitation, for business purposes such as record keeping, quality assurance, training purposes and to improve our Customer Service operations
  • To distinguish you from other users of our Sites
  • To measure traffic and the effectiveness/success of our ad campaigns and other Services (including those offered through third parties, including our online targeted advertising and offline promotional campaigns)
  • To offer you location customization; for example, our store finder feature may access and use information about your device location (such as based on IP address or GPS, as applicable), or your account information, to suggest appropriate store locations; moreover our content may be personalized based on various information pieces we may have about you to try to provide you with more location-relevant content
  • To offer you personalized search capability, recommendations, instructions, or help on our Sites and on third party sites
  • To assist us in advertising our Services on third party websites, mobile apps, and other online services, and provide you with a better, more personalized experience when you visit our Sites or when we send you marketing communications, or when we otherwise display our content to you on our Sites or on third party sites, or when you otherwise interact with any of our Services
  • To customize your experience when you engage with us and to tailor ads and other content to you while you use our Services or when you navigate across the Internet or interact with us across devices
  • To better understand how you and others access and use our Services, both on an aggregated and individualized basis, and to conduct further analysis such as identify usage trends and identify target groups, with the goal of continuously improving our Services and enhancing your experience when engaging with us across our Services
  • If you have asked us to send you marketing e-mails (or, if you are a US resident, marketing text messages) about our current or upcoming promotional offers or new products or other information we think may be of interest to you, to send you such marketing communications
  • To send you promotional mailers by regular (post) mail
  • For research, product development, Services enhancement, and analytics purposes
  • To build (and/or have others build on our behalf) custom audiences or look-alike audiences that will help us better tailor our ad campaigns and other outreach communications to you, subject to territorial, platform and other limitations where applicable
  • To administer our customer loyalty programs
  • To administer our customer referral programs
  • To execute and promote our Prize Promotions
  • To manage Cookies and allow you to manage your Cookie preferences
  • To administer surveys and questionnaires for market research or member satisfaction purposes
  • To comply with legal obligations, as part of our general business operations, and for other business administration purposes
  • To manage the security of the data in our possession and where we believe necessary, to investigate, prevent or take action regarding illegal activities, suspected fraud, cyber security threats, situations involving potential threats to your safety or the safety of any other person or violations of our Terms of Use or this Privacy Policy, or to bring or defend legal claims
  • To debug or repair errors in our systems
  • To facilitate arrangements we have with business partners
  • To permit certain partners we think you may want to hear from, such as the issuer of our Forever 21-branded credit cards, to reach out to you, and
  • For other purposes as permitted by applicable law and not inconsistent with this Privacy Policy or any other express statement we make at the point of collection of the PI

Subject to applicable law, this Privacy Policy, and any other applicable notices at the point of collection, we may share, or you may yourself share via our Services, your PI, and other information, in connection with our operation of our business, and more specifically as follows:

  • Companies providing services on our behalf. We may share your PI with third-party vendors that perform services on our behalf, as needed to carry out their work for us, which may include delivering your orders, providing Customer Service, providing marketing and advertising services to us, conducting security audits, providing accounting or legal services, administering our Prize Promotions, providing web hosting, payment processing services or fraud prevention services, assessing or measuring the performance and functioning of our Sites, providing analytics or providing any other services that we need to operate our business.
  • Third party ad networks. We use third party ad networks and other advertising services providers and intermediaries to develop information to enable personalized advertising content for you, to display our ads to you on third party websites and apps you visit, and to measure the effectiveness of those ads. These third parties may place Cookies on your device if you use our Services. Our shared use of your information with these parties helps us tailor ads to your interests. Other parties’ use of Cookies are governed by each applicable company’s specific Privacy Policy. If you would like to learn more about how we and our third party partners use Cookies and how to manage your settings and choices, click here.
  • Payment service providers. We may use third-party payment service providers to process payments made through the Services. If you wish to make a payment in connection with your use of the Services, your PI will be collected by such a third-party payment service provider and not by us, and thus will be subject to the third party’s Privacy Policy rather than this Privacy Policy.
  • Corporate transactions. If we are, or under consideration to be, acquired by, merged with, or invested in by another company, or if our assets are, or may be under consideration to be, transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise (each, a “Corporate Transaction”), we may transfer your PI in connection therewith. As part of Corporate Transactions, we may also share certain of your PI with lenders, auditors, and third party legal and financial advisors.
  • In the context of legal processes. We may disclose your PI to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena or if we reasonably believe that such action is necessary to comply with the law and the reasonable requests of law enforcement.
  • To protect us and others. We may disclose your PI when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the rights, property or personal safety of any person, violations of our Terms of Use or this Privacy Policy, or as evidence in litigation, arbitration or government agency investigation in which we are involved.
  • General public and other Site or App users. Your user name and any information, including, without limitation, reviews, comments, and text will be available to, and searchable by, all users of our Sites if you post such content there.
  • Non-PI. We may share aggregate, anonymized, or de-identified information, and other non-PI, about you with affiliated and non-affiliated entities for marketing, advertising, research and other purposes. This Privacy Policy is not intended to limit our disclosure of non-PI, which we reserve the right to disclose and otherwise share as permitted by applicable law.
  • If you apply for a Forever 21-branded credit card. In order to process your application for a Forever 21-branded credit card made on our Site or App, or in-Store, we collect and pass on, or facilitate the collection and transfer of, your PI included in the application to the financial institution that issues the card credit card. Only US residents are eligible to apply for a Forever 21-branded credit card. Such application information may include among other things, your name, your address, your social security number, your income and your driver’s license. This is done at your direction in connection with applying for the card.
  • If you make a purchase on our Site and your shipping address is outside the US. If you make a purchase on the Site and your shipping address is outside the US, your international order will be fulfilled by our third party vendor named Global-e (“Global-e”), and accordingly your information will be provided by you directly to Global-e, and will be handled by Global-e in accordance with their Privacy Policy, which you will be able to review on the checkout page before you submit your order. The checkout page is hosted by Global-e (through an i-frame implemented on our Site), and not by us, so Global-e (and not Forever 21) is doing the collection. Please note, however, that Global-e will share your information with us so that we can service your order in terms of Customer Service, returns or exchanges. Moreover, if on the checkout page you have chosen to opt-in to receiving marketing e-mails from us, Global-e will share your e-mail address with us, so that we can send you marketing e-mails as requested.

We, our service providers and third parties automatically collect certain types of usage information when you use our Services or otherwise engage with us. We, and they, collect this information through a variety of Cookies, including traditional cookies, web beacons, pixel tags, Flash cookies, embedded scripts, location-identifying technologies, SDKs or similar technologies now or hereafter developed. To the extent required by applicable law, we ask you to provide your consent to the use of Cookies. You can avoid certain Cookies by not consenting to their use or if you already provided your consent, by subsequently withdrawing it. To learn more, manage your Cookies preferences and see a complete list of the Cookies we use, go to the Cookie Preference Center. To learn more general information about how to exercise your preferences regarding Cookies through your browser or device settings, go to the Additional Privacy Rights and Choices; Managing Preferences section of this Privacy Policy. Please note that blocking or disabling Cookies may negatively impact your experience using our Sites, as some of the features may not work properly or as intended.

What Are Cookies?

  • Cookies. The traditional cookies are small text files which are placed on your device (such as computer or smart phone) when you visit our Services. Cookies store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie has been placed, as well as information about the age of the cookie and a random alphanumeric identifier, the so-called cookie-ID. They help to recognize the device and make any pre-settings immediately available.
  • Flash Local Storage Objects. We may use Adobe Flash Local Storage Objects (“Flash LSOs”) to store your Sites preferences and to personalize your visit. Flash LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable the acceptance of Flash LSOs through your web browser. For more information on Flash LSOs, or to learn how to manage your settings for Flash LSOs, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently on your computer, choose “Website Storage Settings Panel” and follow the instructions to review and, if you so choose, to delete any specific Flash LSO. Please go to the following link to exercise your choices: www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
  • Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons or pixel tags), in connection with our Services to, among other things, track the activities of our Site and App users, help us manage content, and compile statistics about usage of the Sites. We and our third party service providers also use clear GIFs in HTML e-mails sent to you, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded. If you are an EEA User and sign up to receive marketing e-mails, you acknowledge and agree to the uses set forth above. If you are an EEA User and you do not agree to our use of pixel tags in marketing e-mails, please do not sign up to receive marketing e-mails from us.
  • Embedded scripts. An embedded script is programming code that is designed to collect information about your interactions with our Services, such as the links you click on. The code is temporarily downloaded onto your computer or device from our web server or a third-party service provider, is active only while you are connected to the applicable Services, and is deactivated or deleted thereafter.
  • SDKs. SDKs are blocks of code that may be installed in our App and that come from third party companies with which we work. SDKs helps us understand how you interact with our App and collect certain information about the device and network you use to access our App, such as the advertising identifier associated with your device and information about how you interact with our App.
  • Location-identifying technologies. GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate you (sometimes precisely), or make assumptions about your location, for purposes such as verifying your location and delivering or restricting content (including ads) based on your location. If you have enabled GPS or use other location-based features on your device while using the Services, your device location may be tracked by us and third parties.
  • Device recognition technologies. These technologies, which include application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household).
  • In-app tracking methods. There are a variety of tracking technologies that may be included in mobile applications, and these are not browser-based like traditional cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as “Ad IDs” to associate app user activity to a particular app and to track user activity across apps and/or devices.

Cookie Categories and Purposes

We categorize the Cookies we use in connection with our Services in four general categories as follows:

  • Strictly Necessary Cookies let you navigate our Sites and use essential features such as access to the shopping cart and tools to pay for your purchase or enhance your security. We use Strictly Necessary Cookies to identify you as being logged in to the Sites and to authenticate you. Strictly Necessary Cookies are required to ensure that the products that you add to your shopping cart are kept there while you are shopping, and that the data that you enter during the ordering process is retained, to allow you to proceed with the payment of your order. These Cookies are persistent and allow for session to session browsing. You may not opt out of Strictly Necessary Cookies, because if you disable these Cookies we can't guarantee how the Sites or the security on the Sites will perform during your visit or subsequent visits.
  • Performance Cookies may be placed on your device by us (or others) to collect analytics, statistical and other information about how you and others use our Sites (e.g. which pages you visit, when you open or read the communications we send you, which of our ads you interact with on our Sites or other websites or access points where our ads may appear, if you receive any error messages, how many users have viewed a product, etc.).
  • Functionality Cookies may be placed on your device by us (or others) and are used to improve your visit to our Sites by providing you the personalized or enhanced features that you have selected or by remembering certain settings you have chosen (e.g., language preferences, the country from where you are visiting, if you have engaged with a particular component or list on the Sites so that it won’t repeat, show you when you're logged in to the Sites, etc.). If you disable these Cookies, we will not be able to retain your preferences or selected settings for your next visit.
  • Targeting or Advertising Cookies are used to track your visit to our Sites or other interaction with our Services, as well as your interaction with other websites, applications or online services (including social media) and the pages you visited and links you followed. This allows us and others to display targeted ads to you, improve their delivery, measure the success of our ad campaigns and see when, whether and for how long you interact with our Services. We may also use these Cookies to limit the number of times you see the same ad.

Do Not Track; Opting Out of Interest Based Advertising

Some information about your use of the Services and certain third-party services may be collected using Cookies across time and services. This information may be used by us and third parties for purposes such as to associate different devices you use and deliver relevant ads and/or other content to you on the Service and certain third-party services. Some services purport to offer “do not track” signals that are or can be associated with your device. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, currently, our systems do not recognize browser “do-not-track” signals. You may, however, disable certain Cookies as discussed below, you may also opt-out of targeted advertising by going to the Cookie Preference Center, and if you are a California consumer, you may also exercise your Do Not Sell right from each of your browsers and devices by means of the Forever 21 DNS Opt-out Signal Tool, as further explained in the California Privacy Rights section. Remember that if you opt out of interest-based advertising, you will still receive ads, but they will not be personalized to your interests.

To obtain access to your PI or to ask us to delete your PI from our systems, or for other choices you may have regarding the exercise of your privacy rights, go to our Privacy Rights Requests Center or e-mail us at [email protected] California Consumers can also call our CCPA-dedicated toll free line 844-674-2442 as described more fully in the California Privacy Rights section. To honor your requests, we may require additional information about you to verify your identity and authenticate your request. Our responses to and processing of your requests may differ based on the applicable data protection laws which apply to you and your transactions, and the sensitivity of the data you seek to access. We will make good faith efforts to comply with your requests, but reserve the right to limit requests to what is required by applicable law and to exercise such discretion to limit or reject requests as permitted by applicable law.

Account-related choices. You may update your profile information, such as your user name and password, by accessing the profile section of your account. You may also be able to adjust certain communications preferences in your account settings. If you would like us to close your account associated with a particular e-mail address, please send us an e-mail from that e-mail address to [email protected] with the words CLOSE MY ACCOUNT in the subject line. We will only honor “close my account” requests associated with a particular e-mail address if we locate an account in our systems associated with that e-mail address.

Access to your Device Information. You may control the App’s access to certain of your device information through the “Settings” on your device.

Marketing communications preferences. You can stop receiving promotional e-mail communications from us by using the “unsubscribe” mechanism provided in the e-mail message, by using the form provided at the Privacy Rights Requests Center, or by sending an e-mail to [email protected] with the words UNSUBSCRIBE FROM E-MAIL in the subject line. If you are a US resident and have signed up for our marketing text message program, you can opt out by replying “STOP” to the last marketing text message you received from us. We make every effort to promptly process all unsubscribe requests; however, this may take a few days. If you unsubscribe from receiving promotional e-mails or text messages, we may still send you transactional e-mails or text messages about your account or any services you have requested or receive from us (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices, responses to your communications, purchase-related communications if you made a purchase, etc.).

Managing Cookies. To manage your choices and preferences regarding the Cookies we use on our Services, go to the Cookies and Other Tracking Technologies section of this Privacy Policy to learn more about the categories of Cookies we use or to the Cookie Preference Center to manage your preferences regarding the Cookies we use. You may also set your e-mail options to prevent the automatic downloading of images that may contain Cookies that would allow us to know whether you have accessed our e-mails and performed certain functions with it. To learn more about Cookies and how to manage them generally, you can visit http://www.aboutcookies.org or http://www.allaboutcookies.org/, but we do not guaranty the accuracy of that third party information. If you prefer not to accept traditional Cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a Cookie, which lets you choose whether or not to accept it; (ii) disable existing Cookies; or (iii) set your browser to automatically reject Cookies. Please check your browser and browser settings to determine where traditional Cookies are stored and whether and how they may be deleted. The “help” portion of the toolbar on most browsers will tell you more. To find out how to manage traditional Cookies on popular browsers, go to Google Chrome; Microsoft Edge; Mozilla Firefox; Microsoft Internet Explorer; Opera and Apple Safari. To find information relating to other browsers, visit the browser developer's website. Deleting Cookies in the manner described above does not delete Local Storage Objects (LSOs) such as Flash objects and HTML5. You can learn more about Adobe Flash objects—including how to manage privacy and storage settings for Flash cookies—here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#124401

Depending on your mobile device and operating system, you may not be able to delete or block all Cookies.

Managing Your Interest-Based Advertising Preferences and Choices. To specifically manage your choices and preferences regarding the Advertising and Targeting Cookies we use, go to the Cookie Preference Center. In addition, you can opt-out of receiving behavioral advertisements from certain vendors that are members of specific self-regulatory associations, as described below.

If you are a US based user of our Site, you may opt out of many third party ad networks through the use of various trade association websites. For example, you may go to the Digital Advertising Alliance (DAA) Consumer Choice Page for information about opting out of interest-based advertising and signaling your choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (NAI) Consumer Opt-Out Page for information about opting out of interest-based advertising and your choices regarding having your information used by NAI members. Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page Page will opt you out from those companies' delivery of interest-based content or ads to you, but it does not mean that you will no longer receive advertising, even advertising that appears relevant to you. For example, you may still receive contextually-based ads that are based on the particular website that you are visiting at that particular time. Also, if your browsers are configured to reject Cookies when you attempt to exercise your right to opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA's website at www.aboutads.info or the NAI's website at www.networkadvertising.org.

If you are a Canada-based user of our Site, you may also opt out of interest-based advertising from companies registered with the Digital Advertising Alliance of Canada (Canadian DAA). As with the US program, please be aware that you will continue receiving ads, but that advertising will be delivered based on other factors not including your particular interests as demonstrated by your visits to sites across time. Additional information is available on the Canadian DAA’s website at https://youradchoices.ca.

If you opt out of interest-based advertising, your opt-out will be specific to the web browser, app, or device from which you accessed the opt-out. If you use multiple devices or web browsers, you will need to opt out on each browser or device that you use.

We are not responsible for the effectiveness of, or compliance with, third-party opt-out options or programs, or the accuracy of their statements.

Managing Google.

To prevent your personal information or other data from being used by Google Analytics, you can install Google’s opt-out browser add-on. You can also access your Google Ads settings to control what data Google uses to show ads to you. Google offers other choices in the settings and privacy control portions of its service. We are not responsible to the accuracy of Google’s statements of the effectiveness of its choice controls.

This section provides specific information for California consumers, as required under California privacy laws, including the California Consumer Privacy Act as amended, and its implementing regulations (“CCPA”). The CCPA requires that we provide certain information to California consumers about how we handle their PI, and their rights in that regard. Under the CCPA, “PI” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device or household, including the categories identified in the chart below to the extent they identify, relate to, describe, are capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer, device or household, subject to certain exceptions (e.g., publicly available information is not PI).

Consistent with the CCPA, this notice, and the rights described, do not apply in calendar year 2020 to job applicants, current or former employees, contractors, or persons interacting with us in their capacity as a representative of a business.

This notice reflects our good faith understanding of the law and our data practices as of the Effective Date, but as of that date, the CCPA’s implementing regulations are not yet final and there remain differing interpretations of the law. Accordingly, we may from time-to-time update information in this and other notices regarding our data practices and your rights, modify our methods for responding to your requests, and/or supplement our response to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.

Categories of PI of California Consumers that We Collect, Disclose, and Sell

The CCPA requires us to disclose the categories of PI about California consumers that we collect, disclose for a business or commercial purpose, or sell. These categories are defined in the CCPA. Our PI practices for the 12 months preceding the Effective Date were as described in this Privacy Policy, and more specifically as follows:

Categories of PICollection SourcesPurpose(s) for CollectionCategories of Parties We Share PI With
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, e-mail address, account name, government ID or other similar identifiers.From the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors.Managing Cookies, sending marketing e-mails and text messages, conducting other advertising and promotional campaigns, data security, debugging, internal research and development, processing and managing customer interactions and transactions, facilitating arrangements we have with business partners, performing services requested by the consumer, and research and quality assurance.Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
2. Personal records, including signature, physical characteristics or description, written statements, telephone number, address, credit card number, or other financial information.From the consumer, by us and from the consumer’s e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors.Data security, debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, research and quality assurance.Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
3. Characteristics such as gender and age.From the consumer and from vendorsProviding more relevant service to consumersService providers, Corporate Transaction recipients, and as directed by the Consumer or as required by applicable law.
4. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.From the consumer, by us from the consumer’s browser, device, e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors.Data security, debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, advertising, research and quality assurance.Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
5. Biometric information.N/AN/AN/A
6. Internet or other electronic network activity information, including, but not limited to, browsing history, browsing time, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.From the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, and our vendors.Debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, advertising, quality assurance and research and analytics.Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
7. Geolocation data, including, but not limited to, precise physical location and movement patternsFrom the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, and otherwise directly from ConsumersManaging Cookies, processing and managing consumer interactions and transactions, performing services requested by the consumer, targeted advertising, quality assurance, fraud prevention and security, and research and analytics.Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
8. Audio, electronic, visual, thermal, olfactory, or similar information, including, but not limited to, image, photograph, and voice.Directly from consumersProcessing and managing consumer interactions and transactions, performing services requested by the consumer, quality assurance, and fraud prevention and security.Service providers, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
9. Professional or employment-related information.N/AN/AN/A
10. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).N/AN/AN/A
11. Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, and behavior.Consumer’s browser, device, e-mail and/or social media account, and otherwise directly from consumers or as created by us or our vendors.Processing and managing customer interactions and transactions, performing services requested by the customer, and quality assurance and security and fraud prevention.Service providers, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.

We have disclosed the following categories PI of California consumers for a business purpose, consistent with the collection purposes set forth in the chart above, within the 12 months preceding the Effective Date:

  • Identifiers;
  • Personal records;
  • Commercial information;
  • Internet or other electronic network activity information;
  • Geolocation data;
  • Audio, electronic, visual, thermal, olfactory of similar information; and
  • • Inferences drawn from PI to create a profile about a consumer.

The applicable sources, and purposes of the PI collected by us, and the categories of third parties to which we have disclosed it for business purposes, are set forth in the chart above. We do not believe that we have sold PI, except as discussed in the next section. We acknowledge that the data collection by some third party Cookies associated with our Services may be considered by some to be a “sale” under the broad language of the CCPA

Rights that California consumers have under the CCPA. California law grants consumers certain rights and imposes certain restrictions on particular business practices as set forth below.

Do Not Sell Right If you are a California consumer, you have the right to opt-out of the sale of your PI. The CCPA, however, defines “sale” in an unusual way, and with no guidance from the State of California as of the Effective Date as to how broadly the term should be interpreted, a number of differing reasonable interpretations are possible.

Some may argue that when certain third parties place Cookies on your device when you engage with our Sites, the PI collected by such Cookies constitutes a “sale” under the CCPA. We do not agree with this interpretation. However, pending a consensus as to what “sale” actually means under the CCPA, we are providing a way for California consumers to opt-out of future Cookie-based “sales” of their PI, by (i) enabling the Google Restricted Processing solution into our use of certain Google products, (ii) using the IAB Tech Lab “do not sell” signal with third parties that we work with that are participating in the IAB CCPA Compliance Framework, and (iii) disabling other third parties’ Cookies that are not covered by either (i) or (ii) above. The solutions referenced in (i) and (ii) each conveys to the recipient that PI can only be used for restricted purposes, such as providing us services, and cannot be sold by the recipient downstream. We make no guaranty as to how third parties will treat our Do Not Sell signals. In order for the Do Not Sell request to be honored by us as described above, you must make the request from each browser and each mobile device you use. To add our Do Not Sell signals to your browser or device, click on this Do Not Sell My Info link, which you can also access through the Privacy Rights Requests Center. In addition, you can learn more about how to exercise preferences regarding Cookies in our Cookie Preference Center and in the following additional sections of this Privacy Policy: the Cookies and Other Tracking Technologies section, and the Additional Privacy Rights and Choices; Managing Preferences section. We treat Do Not Sell requests in the context of digital advertising based on our evolving good faith interpretation of the law, and we intend to look to direction that may in the future be provided by the State of California to guide our understanding as to how the CCPA should be interpreted in this area.

We do not believe that sharing your information with certain third parties as part of our normal business operations constitutes a sale within the meaning of what most people would consider a sale to be. Even under a broad understanding of “sale,” we do not typically sell your PI, but from time to time, we may decide to share your information with certain trusted third parties so that they can contact you with offers that you might enjoy. Because of this possibility, we are also providing you a way to opt-out of the sharing of your information that might occur under such circumstances. To exercise your right, visit our Privacy Rights Requests Center and fill out the appropriate form or call us at 844-674-2442.

We do not knowingly sell the PI of children under the age of 16 without the authorization required by the CCPA.

Requests for Deletion and Right to Know. If you are a California consumer, you have the right to make the following requests, typically at no charge, up to twice every 12 months:

  • Deletion: the right to request deletion of your PI that we have collected about you, subject to certain exemptions, such as where the information is used to complete the transaction for which the PI was collected, provide a good or service that you have requested, perform a contract between you and us, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, prosecute people responsible for malicious, deceptive, fraudulent or illegal activities, debug to identify and repair errors that impair existing intended functionality, comply with a legal obligation, enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us, or otherwise use your information internally, in a lawful manner that is compatible with the context in which you provided the information.
  • Right to Know (categories or specific information): the right to know what categories of PI we have collected about you in the preceding 12 months, including with regard to each of the categories of PI collected, the categories of sources from which the PI was collected, the business and/or commercial purpose(s) for the collection, disclosure and/or sale of your PI, and the categories of third parties with whom we have sold or disclosed for business purposes your PI. You also have the right to know what specific pieces of PI we have collected about you in the preceding 12 months and the right to request a copy of that information.

Submitting Requests and What You can Expect. You (or your authorized agent) can submit a deletion, or right to know, or Do Not Sell request online by visiting our Privacy Rights Requests Center and filling out the appropriate form. There you will find details on what is required to be verified and to make the request. You (or your authorized agent) can also submit your request by calling 844-674-2442, our CCPA dedicated toll-free line. If you are visiting one of our Stores, you will see a notice that also directs you to the Privacy Rights Requests Center and the CCPA dedicated toll-free line to make your request. If you are disabled and need reasonable accommodations, please let us know. Subject to us being able to verify you (and, if applicable your agent and his or her authority), so that we do not delete the wrong person’s information, or give access to PI to the wrong person or otherwise act upon the wrong person’s instructions, we will respond to your request in a secure manner through the protocols set up by our vendor OneTrust in our Privacy Rights Requests Center. We will notify you that we have received your deletion or right to know request within 10 days of receipt of your request. We will honor Do Not Sell requests, as more fully explained above, within 15 days after we receive such a request. For right to know and deletion requests, we will endeavor to respond within 45 days after receiving the request, but if we believe that in order to thoroughly and accurately respond to your request we need more time, we will notify you that we need an additional 45 days to process your request.

Incentives and "Non-Discrimination." The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on financial incentives, including loyalty programs, offered to California consumers related to their PI. Accordingly, we will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI provided to us.

Currently, Forever 21 offers a loyalty program for the users of its Forever 21-branded credit cards. If you have a Forever 21-branded credit card, you receive points based on purchase activities, and you consent to our sending marketing communications to you, such as to provide you notice of special offers and activities available to cardholders. The program terms are available here. Your choice to participate in this loyalty program will not affect your right to submit right to know, deletion, or Do Not Sell requests under the CCPA, except that as long as you are a member of this loyalty program you must allow us to retain and use your PI to administer the program, which includes sending you marketing messages. We have determined that consumers knowingly electing to accept the program terms to receive the program benefits establishes that the value of the benefits is reasonably related to the value of the program PI and its use to us. Please note that participating in incentive programs such as this one is entirely optional. By submitting a Forever 21-branded credit card application you are affirmatively opting in to the program. You can opt-out of the program by closing your Forever 21-branded cards (thus terminating participation and forgoing the ongoing incentives). We may from time to time change the terms of this incentive program by posting notice, so be sure to check them regularly.

Shine the Light

We do not typically share PI about you with third parties for their direct marketing purposes, except where we offer you the ability to consent (either on an opt-in or opt-out basis), but we sometimes may. Where permitted by applicable law, if we elect to share your personal information (as defined by California’s “Shine The Light” law, California Civil Code Section 1798.83) with third parties for their direct marketing purposes without giving you the ability to consent to such sharing (such as may from time to time be the case with the issuer of our Forever 21-branded credit card(s)), the law allows you to, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of PI to third parties for their direct marketing purposes without your opportunity to consent. If this applies, you may obtain the categories of PI shared and the names and addresses of all third parties that received PI for their direct marketing purposes during the immediately prior calendar year (e.g. requests made in 2020 will receive information about 2019 sharing activities). You may make one request per calendar year. To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request by sending us an e-mail at [email protected], or by writing to us at Forever 21 (F21 OpCo, LLC), Attn: Legal Department/Privacy, 3880 N. Mission Rd., Los Angeles, CA 90031. Any such request must include “Shine the Light Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code, and confirmation that you are a California resident. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address or mail address. Please allow up to 30 days for a response.

CA Minors Any California residents under the age of eighteen (18) who have registered to create an account to use the Services, and who post content on the Service, can request removal by contacting us as set forth in the Contact Us section, detailing where the content or information is posted and attesting that they posted it. We will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished or archived content by search engines and others that we do not control.

Data Controller. Forever 21 is the data controller for purposes of your PI. Our address is 3880 N. Mission Rd., Los Angeles, CA 90031.

If you are an EEA User, the GDPR provides you with certain additional operational protections and rights, which we describe here.

Legal bases for processing. If you are an EEA User, we only collect, use, share or otherwise process your PI by obtaining your consent or by using other legal bases for processing your PI as set forth in more detail below:

  • Processing on the Basis of Consent. We may collect, use, share or otherwise process your PI by obtaining your consent. You are free to deny your consent and the denial will have no negative consequences for you. Your consent will be limited to our (or our vendors’) processing of your PI for the purposes for which we collect it, which purposes we can adequately demonstrate through notice. For example, we may obtain your consent at the point in time when you set up an account with us, or when you provide your consent for the use of Cookies, or when you sign up to receive marketing e-mails from us. If you sign up for our marketing e-mails, we will use your PI to send you e-mails containing promotional materials relating to our Services. You can always withdraw your consent, as we explain in the Marketing Communications Preferences section of this Privacy Policy.
  • Processing for the performance of a contract (or in preparation of entering into a contract). If you order anything on our Sites or if you contact us to request any other service, we will use your information to fulfill your order or otherwise provide you the features and functionality of the services you requested.
  • Processing based on Legitimate Interests. The use of your PI may also be necessary for our own legitimate business interests. Our use of your PI to perform a legitimate interest, takes into consideration your privacy rights, and the relative necessity we have to use your PI to fulfill that interest. For example, we process your PI based on the legitimate interests legal basis to analyze and improve the quality of our Services, such as providing you with Customer Service, and to understand you as a customer. This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising. In addition, based on your use of our Services and the products you purchased, we may target you with ads or other marketing materials that are customized to your personal preferences and experiences, or conduct other direct marketing initiatives (to the extent we are permitted to process such PI on the basis of legitimate interest; otherwise we will ask for your consent). We may also use your PI for our other legitimate interests, such as to operate and expand our business activities, to administer our Services, to evaluate and review our business performance, to facilitate social sharing functionality, to generate aggregated statistics about the users of our products and Services, to facilitate our business operations, to operate company policies and procedures, to conduct fraud monitoring and prevention, to identify cyber threats, to enable us to enter into Corporate Transactions, or for other legitimate business purposes as permitted by applicable law. If necessary, we may also use your PI to pursue or defend ourselves against legal claims.
  • Processing for compliance with legal obligations. We may process your PI when it is necessary to comply with a relevant legal or regulatory obligation that we have, such as to maintain appropriate business records according to tax and commercial law, to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law.

Exercising your rights under the GDPR:As an EEA User, you have the following GDPR-specific rights with respect to your PI:

  • Right of access. The right to obtain access to your PI.
  • Right to rectification. The right to obtain rectification of your PI without undue delay where that PI is inaccurate or incomplete.
  • Right to erasure. Subject to certain exceptions (such as for example, the need to retain the PI in order to comply with a legal obligation or to establish, exercise or defend a legal claim), the right to obtain the erasure of your PI without undue delay in certain circumstances, such as where the PI is no longer necessary in relation to the purposes for which it was collected or processed, and where consent is withdrawn and there is no other legal ground for processing.
  • Right to restriction. The right to obtain restriction of the processing undertaken by us on your PI in certain circumstances, such as where the accuracy of the PI is contested by you, for a period of time enabling us to verify the accuracy of that PI.
  • Right to portability. The right to portability allows you to move or have the PI moved, copied or transferred easily from one organization to another.
  • Right to Opt-Out of Processing. There are a number of ways for you to opt-out of further processing of your PI: (i) you can withdraw your consent; (ii) you can object to our processing of your PI based on legitimate interests where there are grounds related to your particular situation; and (iii) you can object to the processing of your PI for direct marketing purposes for whatever reason whatsoever at any time.

If you wish to exercise any of the above rights, please fill out the appropriate form located at the Privacy Rights Requests Center. Prior to releasing any PI to you, we may ask you for additional information to verify your identity and for security purposes. The processing of your request will generally be free of charge, unless your request is manifestly unfounded or excessive. In such a case, we reserve the right to charge a reasonable fee in accordance with applicable law. We will decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable law.

  • Right to lodge a complaint. You also have the right to lodge a complaint with an EU national data protection authority. Further information about how to contact your local data protection authority is available at the following link: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. However, we encourage you to first reach out to us by contacting us at [email protected] so that we first have an opportunity to address your concerns directly and find a mutually agreeable solution together.

Use of Processors. We may engage service providers to perform certain business-related functions. In this regard, such service providers will act as our processors and will only process your PI in accordance with applicable law, our written instructions, and as included in any relevant data processing agreement entered into between such processors and us. These processors may not engage subprocessors without our prior consent. We will only engage processors who provide adequate guarantees with regard to the application of appropriate technical and organizational measures as required by applicable law and who ensure the protection of your rights.

International Transfers of your PI. We may transfer PI about you outside the EEA or the UK, and when we do so, we rely on appropriate or suitable safeguards recognized under the GDPR, including adequacy decisions and standard contractual clauses. If you wish to enquire further about the safeguards we use, please contact us using the details set out in the Contact Us section of this Privacy Policy.

Although we do not “sell” “covered information” of Nevada “consumers” as those terms are defined by Chapter 603A of the Nevada Revised Statutes, if you are a Nevada consumer, please go to the Privacy Rights Requests Center to register an e-mail address for us to provide you notice in the event we should do so in the future, at which point you will have an opportunity to be verified and exercise your opt-out rights under that law. Contact us in the same manner to update your contact e-mail address for notices. Changing your e-mail elsewhere (e.g., informational requests, account information, etc.) will not update your Nevada notice contact information. It is your responsibility to keep your notice contact information current.

Our Sites are not designed for children under 16 and we do not knowingly collect information from children under the age of 16. In fact, our Sites require you to have reached the age of majority in the jurisdiction in which you live in order to make purchases there. If you are under the age of 16, please do not use our Services or otherwise provide us with any PI either directly or by other means. Forever 21 does not knowingly collect or solicit any information from anyone under the age of 16 on our Services. In the event that we learn that we have inadvertently collected PI from a child under age 16, we will delete that information as required by applicable law. If you believe that we might have any information from a child under 16, please contact us using the contact details set out at the end of this Privacy Policy. Visitors older than the age of 16, but younger than their country’s legal age of majority are permitted to use and/or submit their PI only with parental supervision. We encourage parents and guardians to spend time online with their minor children and to participate and monitor their interactive activities.

We will retain your PI only for as long as necessary for the purposes outlined in this Privacy Policy, and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection, or audit purposes, or as otherwise required by law. Where your PI is no longer required we will delete it consistent with our data retention and deletion policy. If you do not have an account on our Site or App, or a Forever 21-branded credit card, but you have signed up to receive Forever 21 marketing communications (e-mails or text messages), we will only retain your PI for as long as we have your consent to send you marketing communications. When you shop online on the Site or on the App without having opened an account (i.e., you shop as a guest), we will only retain your PI for a commercially reasonable period of time after you have completed your order in order to fulfill any contractual or legal obligations we have such as processing any refunds, exchanges, refunds, or honor any product warranties (unless you have also signed up to receive marketing communications from us, in which case we will add this order information to your customer record). If you already have an account with us, but you choose to make a purchase as a guest, we will add the guest checkout purchase to your customer record internally automatically. To avoid this, please use a different e-mail address to make a purchase as a guest.

Data Security. We care about the security of your PI and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through our Services. In addition to implementing various security measures, we do not store your PI for an unlimited period of time. However, no security system is impenetrable, and we cannot guarantee the 100% security of our systems. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with applicable law.

Please take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing robust and unique passwords that nobody else knows or can easily guess, and keeping your log-in ID and password private. Also, please be aware that, if you publicly post your PI, it is not protected. Please refrain from sending us sensitive data by e-mail. We are not responsible for any lost, stolen, or compromised passwords, for any activity on your account via unauthorized password activity, or for any PI that you publicly and intentionally disclose via our Services.

Closed Circuit Television in Stores (“CCTV”). The places in which we use CCTV are generally closed places accessible to the public in and around our Stores. We use CCTV systems for surveillance and supervision, including prevention, establishment or detection of crimes or other disturbances which, where required by applicable laws, is disclosed through signage.

We are based in the US and the information we and our service providers and other third parties collect is governed by US law, except as otherwise stated in this Privacy Policy or required by applicable law. If you are accessing the Services from outside of the US, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the US and other parts of the world, where the data protection laws may be different from and less protective than those of your country of residence. Except as otherwise provided with respect to transfers of the PI of EEA Users as set forth in the Supplement for European and UK Users), your use of the Services and the provision of any information therefore constitutes your consent to the transfer to, and the processing, usage, sharing, and storage of your information, including your PI, in, the US and other countries, as set forth in this Privacy Policy.

If you have any questions about this Privacy Policy or the way we process your PI or if you want to make a complaint or exercise your rights, please contact us at:

Forever 21 (F21 OpCo, LLC)

ATTN: Privacy

3880 North Mission Road

Los Angeles, CA 90031

1-888-494-3837

[email protected]

You can also visit our Privacy Rights Requests Center or our Cookie Preference Center .

We may change this Privacy Policy to reflect new practices, better inform you, or to comply with changes in applicable laws. Please check back periodically to ensure you are familiar with all of our current practices. When we change the Privacy Policy in a material manner, we will let you know by updating the “Effective Date” at the top of this page. If you object to any changes, you may stop using our Services.