Privacy & Cookie Notice
Updated: 9 September, 2020
At TOMS, we are committed to protecting the privacy and security of your personal information in accordance with local law in the places where we operate (see details below). To learn more, please read this Privacy Notice.
This Privacy Notice describes the types of personal information we collect, how we use this information and when (under certain circumstances) we disclose this information. This Privacy Notice also details the steps we have taken to secure your personal information and describes your data protection rights, including a right to object to some of the processing which we carry out. For more information on your rights, please see the "OPT OUT / CORRECTIONS AND YOUR RIGHTS" section below.
Our Sites contain links to other websites which are not included in the "Questions and Feedback" section below and are not managed by us. Also, links to our Sites may be contained on other third party websites. We are not responsible for the content on, or privacy practices of, any non-TOMS website to which this Site links or which contains links to our Site. We advise you to read these websites' privacy notices to find out more about their privacy practices.
Data collected directly from you:
Otherwise, TOMS will also collect personal information about you when specifically and knowingly provided by you. Examples of such information are name, shipping and billing addresses, phone number, email address, credit card information when you make an order and customer preference data (eg. gender). Examples of ways in which we collect such information from you include the following:
- Registration and Ordering. Before using certain parts of this Site or ordering products, you must complete a registration form. When registering, you will be prompted to provide certain personal information, including but not limited to your name, shipping and billing addresses, phone number, email address, and credit card number. In addition, you may also be asked to provide your country of residence and/or if you register for corporate account: the company's country of operation, so we can comply with applicable laws and regulations. These kinds of personal information are used for billing purposes, to fulfil your orders, to manage our relationship with you as our customer and communicate with you about your order and this Site, and for marketing purposes. If we encounter a problem when processing your order, we will use the personal information to contact you.
- Email Addresses. Some areas of the Site allow you to enter your email address for purposes indicated at the point of collecting this information, for example, for signing up to the TOMS newsletter or creating a TOMS account.
- Live Support: Our Live Chat function stores all chats you may have with us. These transcripts are only accessed and used for training and customer service purposes.
Data from other sources:
We receive data from third party social networks (e.g. such as Facebook, Twitter, Google). This includes any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with us. Examples include your account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share with us. We receive your third party social network profile information (or parts of it) including statistics and analysis of your social network information every time you download or interact with a TOMS web application on a third party social network such as Facebook, every time you use a social networking feature that is integrated within a TOMS site (such as Facebook Connect) or every time you interact with us through a third party social network (for example, you send us Facebook messages or you post on our Facebook page). To learn more about how your information from a third party social network is obtained by TOMS, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.
Data that is mandatory is indicated on relevant forms that you complete. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register or otherwise engage with TOMS. All other provision of your information is optional.
Information Use And The Legal Grounds For Such Use
In this section we explain for which purposes we collect and use your personal information and on which grounds we rely under data protection law to use such information.
|Purpose||Legal grounds for use (EU)|
|To process your orders and communicate with you about your orders and deliveries (including, by sending you a confirmation email when you register/place an order with us).||Contractual necessity: to the extent the information is necessary to fulfil our contract with you (e.g. your delivery address and payment information),
Legitimate interests: to the extent the information is necessary to process queries relating to your orders and effectively manage our relationship with you as our customer.
|If you open a TOMS account, we will use this information to effectively manage your account (e.g. send you an account activation email or process any changes you make to your account) and stay in touch with you.||Legitimate interests: i.e. to effectively manage your account and enable account features (e.g. order tracking).|
|To send you marketing communications about TOMS, including offers about our products and services, or to send you our newsletter when you sign up to receive this and to monitor whether you open our emails and/or click on URLs in our emails.||Your consent where this is required by law. Otherwise, we rely on our legitimate interest to keep you informed of TOMS products and services, when we are allowed by law to do so.|
|To create marketing profiles about our customers and understand their preferences in relation to our products and services.||Our legitimate interests to carry out marketing activities.|
|To display our advertisements to you on other platforms, such as social media platforms. For example, we provide Facebook with hashed identifiers (e.g. hashed email addresses) of our customers which Facebook then matches with those customers’ Facebook profiles and displays our advertisements to them.||Your consent where this is required by law. Otherwise we rely on our legitimate interests to carry out marketing activities and inform you of TOMS products and services when we are allowed by law to do so.|
|We also use personal information of our customers to allow social media platforms (e.g. Facebook) to find individuals who have a similar profile to our customers and who we expect are interested to find more about our products and services, so as to display our ads to them ("Lookalike matching").||Your consent where this is required by law. Otherwise we rely on our legitimate interests to carry out marketing activities and promote TOMS products and services when we are allowed by law to do so.|
|If you use our Live Chat function, we will use your information for dealing with your query, training and customer service purposes.||Contractual necessity: where you provide information that is necessary to complete and process your order (e.g. your name and delivery address).
Our legitimate interests to handle your queries and provide you with requested information, to ensure high customer service quality and to train staff in responding to such requests).
|To compile statistics and analysis about the use of our Site and related services (e.g. product orders), and use such statistics to enable us to provide a better service, features and functionality to you and other Site users.||Individuals' consent: where we obtain this information by using cookies;
Our legitimate interests to ensure the smooth and effective functioning of our Site and services, to make sound business decisions about our products and services and to design, inform and deploy our business strategies.
|To protect the security of our Sites, information systems and assets, to monitor compliance with our Terms & Conditions, to prevent fraud and other prohibited or illegal activities in relation to our products and our Sites.||Our legitimate interests to protect our business assets against fraud and illegal activities or security threats.|
|Third party social networks: We use your personal data when you interact with third party social networking features, such as "Like" functions to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that we obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks.||Your consent: where required by law
Our legitimate interests to promote our products and services and to effectively manage our relationship with you as our customer, where this is allowed by law.
|To organize sweepstakes, contests and promotions and correspond with and about participants and winners.||Your consent where this is required by law. Otherwise we rely on our legitimate interests to carry out marketing activities and promote TOMS products and services where this is allowed by law.|
|To respond to complaints, to protect our legal rights and to establish, exercise or defend legal claims relating to our Sites and/or our products and services.||Our legitimate interests to protect our legal rights.|
|To respond to legitimate requests for the disclosure of information, made by public authorities, law enforcement or governmental bodies or under a court order.||Legal requirement: to the extent we are obliged under law to process such requests Our legitimate interests to assist legitimate investigations carried out by official authorities.|
|For tax, accounting, record keeping and audit purposes.||Legal requirements: to the extent the law requires that we use your information (for example, tax obligations)
Our legitimate interest to effectively manage our business, audit our business processes and make informed business decisions.
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out in the 'Questions and Feedback' section below.
Wherever we rely on consent, you will always be able to withdraw that consent at any time, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing purposes, at any time. You can do this by (i) clicking on the unsubscribe link in the relevant marketing communication, or (ii) emailing your opt-out request to newsletters@TOMS.com.
We do not use your personal information to take automated decisions relating to you.
TOMS will transfer your personal information between TOMS Shoes, LLC (U.S.) and TOMS EMEA B.V. (The Netherlands) as necessary to provide the products and services you have requested and to fulfil any of the other purposes set out above. Wherever your personal information is exchanged between these parties, TOMS will (i) comply with all applicable laws and (ii) take reasonable steps to safeguard the privacy of your personal information.
We do not sell or rent information about our customers. We share personal information of our customers with certain third parties, as we explain below:
- We share aggregate or summary information (such as aggregated sales statistics) regarding our customers with partners, advertisers or other third parties.
- We share information with companies that provide support services to us such as a printer, mailing house, fulfilment company, payment service provider, IT service provider or web host. These companies will process this information to the extent necessary to perform their functions and are subject to confidentiality agreements. Unless otherwise required by law, they are not authorized to use any of the personal information we share with them for any other purpose.
- Subject to your marketing preferences, we share information with social media platforms such as Facebook, for our marketing purposes. This helps them and/or TOMS to market products and services in accordance with any marketing preferences that you indicated during registration.
- We also share personal information with our business advisers (such as legal advisers, accountants, business consultants, insurers, etc.), to the extent it is necessary for them to provide us with their services.
- We may be required to disclose personal information (a) in response to subpoenas, court orders, requests from law-enforcement officials, (b) if the disclosure is necessary to protect the legitimate interests of TOMS or other persons to the extent these are not overridden by your rights and freedoms, or (c) if we are otherwise required to disclose such information by law.
- We may publicly disclose the identity of the winner of any online sweepstakes, contests or promotions.
- In the event that TOMS or its assets are acquired by or merged with another company, we will share the personal information we hold with our legal and business advisers, our prospective purchasers’ advisers and any of our legal successors/new owners.
Where information is transferred outside the European Economic Area (e.g. in US, Switzerland, Canada) and where this is to a TOMS affiliate or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses. A copy of the relevant mechanism can be provided for your review on request.
- Strictly necessary cookies: These cookies are essential in order to enable you to move around our Site and use its features, such as accessing secure areas of the Site. Without these cookies, services you have asked for, like shopping baskets, cannot be provided.
- Performance cookies: These cookies collect information about how visitors use our Sites, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
- Functionality cookies: These cookies allow the Site to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
- Targeting/advertising cookies: These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They are usually placed by advertising networks with our permission and with your consent. They remember that you have visited the Site and this information is shared with other organizations such as advertisers (for more information, see below the list of the third parties using cookies on our Sites). For example, we use Facebook Custom Audiences and Facebook Lookalike to deliver advertisements to website visitors.
- Social Media Cookies: These cookies allow you to share what you’ve been doing on the Site on social media such as Facebook and Twitter. These cookies are not within our control. Please refer to the respective privacy policies of the social media networks you are using to understand how their cookies work.
Further to this, please note that our Site and our service providers also process your device’s IP address (either full or in part) for the purposes explained above.
Certain parts of our Site require cookies that are strictly necessary (category A above) and these cannot be disabled. The rest of the cookies we use are subject to your consent, and you can select at any time to enable or disable these. Use our consent banner, our cookie management tool and/or adjust your browser settings (consult the "Help" section of your browser for more details) so as to accept or reject cookies. You can find out more information about cookies at: www.allaboutcookies.org.
|Google DoubleClick Floodlight:||https://www.google.com/policies/technologies/ads/|
|Microsoft Bing Ads:||https://advertise.bingads.microsoft.com/en-us/resources/policies/microsoft-bing-ads-privacy-policy|
Note that by disabling strictly necessary cookies, you will not be able to shop from this Site and by disabling performance cookies your user experience may be disrupted. However, you can still place orders over the telephone by contacting our customer service number at +0-800-028-1816+0-800-028-1841.
We do not intentionally collect personally identifiable information from children under the age of thirteen. If we become aware that we have collected personally identifiable information from a user of the Site who is under the age of thirteen, we will remove that child's personal information from our files.
We retain your personal information for as long as this is necessary to allow us to fulfil the purposes for which we use your information. We provide below further detail on the retention periods of specific types of personal information we process.
- If you have an account with us, we will retain and use your personal information associated to that account for as long as your account is active, and for such further period after the closure of your account as needed to provide you with the products you have ordered and respond to queries, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Where you have provided a product review, we will retain this information for a minimum period of 1 year and for no more than 2 years from the date of publication of the review.
- Where we process your personal information for marketing purposes, we process the data until you ask us to stop and for a short period after this (to allow us to fulfil your requests). If you object to direct marketing or withdraw your marketing consent, we will keep a record of your contact details and the fact that you have asked us not to use your information for direct marketing purposes indefinitely, so that we can respect your request in future.
- Where we process personal information in connection with performing our contract with you (for example, your purchase orders) or for a competition, we keep such information for 6 years from your last interaction with us in relation to that contract or competition.
- Where we process personal information to monitor and compile statistics about the use of our Site, we keep the personal information for 13 months.
- Where we process personal information to meet legal requirements, we hold this information for as long as necessary to allow us to comply with these legal obligations.
Opt Out / Corrections And Your Rights
You can ask us for a copy of your personal information, to correct, delete or restrict (stop any active) processing of your personal information and to obtain the personal information you provide to us for a contract or with your consent in a structured, machine readable format.
In addition, you can object to the processing of your personal information in some circumstances, when we use your information for our or other parties’ legitimate interests or when we use it for direct marketing purposes.
These rights may be limited, for example if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below, depending on who is the data controller of your personal information:
- EU Compliance (data controller: TOMS EMEA B.V.): firstname.lastname@example.org
- US Compliance (data controller: TOMS Shoes, LLC): email@example.com
You can also deactivate your account to prevent any future purchases through that account. Please note that in case of account deactivation, we will still retain certain information (including but not limited to personal information) to the extent necessary to fulfil our legal, tax and accounting obligations, for business purposes and to protect TOMS’ interests (e.g. invoices, payment transaction details, shipping and transactional information, etc.). You can make such a request by emailing TOMS Customer Support department at firstname.lastname@example.org.
If you wish to submit any request relating to your above rights, please clearly label the subject line of your email "Opt Out / Corrections," and do not email your credit-card number or other sensitive information. In specific circumstances, proof of identity and payment might be required.
Offline Collection, Use & Disclosure of Information
The majority of information that we collect is obtained through our Sites, and this Privacy Notice applies only to that online collection of personal information. We also collect information offline: for example, when we receive a call to our Customer Support department, we will collect certain information, such as the caller’s telephone number, and any further information required to place an order via phone or respond to their query. We will also record calls with our Customer Support department and store the recording for as long as necessary for training/customer service purposes and, where relevant, to keep evidence of transactions. When we need to store information (such as order information), we will enter it into our database using standard industry practice (SSL) encryption.
We may change our Privacy Notice from time-to-time, for example when the way we use personal information changes or where necessary to comply with the law. We encourage you to refer to this Privacy Notice on an ongoing basis so that you are aware of our current Privacy Notice.
Any substantive or material change to the Privacy Notice will be brought to your attention – for example, by including a pop-up notice on our Sites. If you continue to use our Sites after we notify you of such changes to our Privacy Notice, without objecting to these, we will understand that you are happy with the changes in our Privacy Notice.
Questions And Feedback
We welcome your questions, comments and feedback in relation to this Privacy Notice and the way we use personal information.
|www.toms.com||TOMS Shoes, LLC||5404 Jandy Place, Los Angeles, California 90066 (USA)|
|www.toms.com/uk||TOMS EMEA B.V.||Danzigerkade 13 F, 1013 AP Amsterdam (The Netherlands)|
If the controller of your personal information is TOMS EMEA B.V. (as per the above table) and you have unresolved concerns relating to how we use your personal information or do not believe that we have complied with this Privacy Notice, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.