Privacy & Cookie Notice
Updated: 20 July, 2023
At TOMS, we are committed to protecting the privacy and security of your personal information in accordance with local law in the places where we operate (see details below). To learn more, please read this Privacy Notice.
This Privacy Notice describes the types of personal information we collect, how we use this information and when (under certain circumstances) we disclose this information. This Privacy Notice also details the steps we have taken to secure your personal information and describes your data protection rights, including a right to object to some of the processing which we carry out. For more information on your rights, please see the "OPT OUT / CORRECTIONS AND YOUR RIGHTS" section below.
Our Sites contain links to other websites which are not included in the "Questions and Feedback" section below and are not managed by us. Also, links to our Sites may be contained on other third party websites. We are not responsible for the content on, or privacy practices of, any non-TOMS website to which this Site links or which contains links to our Site. We advise you to read these websites' privacy notices to find out more about their privacy practices.
Data collected directly from you:
Otherwise, TOMS will also collect personal information about you when specifically and knowingly provided by you. Examples of such information are name, shipping and billing addresses, phone number, email address, credit card information when you make an order and customer preference data (eg. gender). Examples of ways in which we collect such information from you include the following:
- Registration and Ordering. Before using certain parts of this Site or ordering products, you must complete a registration form. When registering, you will be prompted to provide certain personal information, including but not limited to your name, shipping and billing addresses, phone number, email address, and credit card number. In addition, you may also be asked to provide your country of residence and/or if you register for corporate account: the company's country of operation, so we can comply with applicable laws and regulations. These kinds of personal information are used for billing purposes, to fulfil your orders, to manage our relationship with you as our customer and communicate with you about your order and this Site, and for marketing purposes. If we encounter a problem when processing your order, we will use the personal information to contact you.
- Email Addresses. Some areas of the Site allow you to enter your email address for purposes indicated at the point of collecting this information, for example, for signing up to the TOMS newsletter or creating a TOMS account.
Data from other sources:
We receive data from third party social networks (e.g. such as Facebook,Google). This includes any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with us. Examples include your account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share with us. We receive your third party social network profile information (or parts of it) including statistics and analysis of your social network information every time you download or interact with a TOMS web application on a third party social network such as Facebook, every time you use a social networking feature that is integrated within a TOMS site (such as Facebook Connect) or every time you interact with us through a third party social network (for example, you send us Facebook messages or you post on our Facebook page). To learn more about how your information from a third party social network is obtained by TOMS, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.
Data that is mandatory is indicated on relevant forms that you complete. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register or otherwise engage with TOMS. All other provision of your information is optional.
Information Use And The Legal Grounds For Such Use
In this section we explain for which purposes we collect and use your personal information and on which grounds we rely under data protection law to use such information.
Legal grounds for use (EU)
To process your orders and communicate with you about your orders and deliveries (including, by sending you a confirmation email when you register/place an order with us).
Contractual necessity: to the extent the information is necessary to fulfil our contract with you (e.g. your delivery address and payment information),
Legitimate interests: to the extent the information is necessary to process queries relating to your orders and effectively manage our relationship with you as our customer.
If you open a TOMS account, we will use this information to effectively manage your account (e.g. send you an account activation email or process any changes you make to your account) and stay in touch with you.
Legitimate interests: i.e. to effectively manage your account and enable account features (e.g. order tracking).
To send you marketing communications about TOMS, including offers about our products and services, or to send you our newsletter when you sign up to receive this and to monitor whether you open our emails and/or click on URLs in our emails.
Your consent where this is required by law. Otherwise, we rely on our legitimate interest to keep you informed of TOMS products and services, when we are allowed by law to do so.
To create marketing profiles about our customers and understand their preferences in relation to our products and services.
Our legitimate interests to carry out marketing activities.
To display our advertisements to you on other platforms, such as social media platforms. For example, we provide Facebook with hashed identifiers (e.g. hashed email addresses) of our customers which Facebook then matches with those customers’ Facebook profiles and displays our advertisements to them.
Your consent where this is required by law. Otherwise we rely on our legitimate interests to carry out marketing activities and inform you of TOMS products and services when we are allowed by law to do so.
We also use personal information of our customers to allow social media platforms (e.g. Facebook) to find individuals who have a similar profile to our customers and who we expect are interested to find more about our products and services, so as to display our ads to them ("Lookalike matching").
Your consent where this is required by law. Otherwise we rely on our legitimate interests to carry out marketing activities and promote TOMS products and services when we are allowed by law to do so.
If you use our Live Chat function, we will use your information for dealing with your query, training and customer service purposes.
Contractual necessity: where you provide information that is necessary to complete and process your order (e.g. your name and delivery address).
To compile statistics and analysis about the use of our Site and related services (e.g. product orders), and use such statistics to enable us to provide a better service, features and functionality to you and other Site users.
Individuals' consent: where we obtain this information by using cookies;
To protect the security of our Sites, information systems and assets, to monitor compliance with our Terms & Conditions, to prevent fraud and other prohibited or illegal activities in relation to our products and our Sites.
Our legitimate interests to protect our business assets against fraud and illegal activities or security threats.
Third party social networks: We use your personal data when you interact with third party social networking features, such as "Like" functions to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that we obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks.
Your consent: where required by law
Our legitimate interests to promote our products and services and to effectively manage our relationship with you as our customer, where this is allowed by law.
To organize sweepstakes, contests and promotions and correspond with and about participants and winners.
Your consent where this is required by law. Otherwise we rely on our legitimate interests to carry out marketing activities and promote TOMS products and services where this is allowed by law.
To respond to complaints, to protect our legal rights and to establish, exercise or defend legal claims relating to our Sites and/or our products and services.
Our legitimate interests to protect our legal rights.
To respond to legitimate requests for the disclosure of information, made by public authorities, law enforcement or governmental bodies or under a court order.
Legal requirement: to the extent we are obliged under law to process such requests Our legitimate interests to assist legitimate investigations carried out by official authorities.
For tax, accounting, record keeping and audit purposes.
Legal requirements: to the extent the law requires that we use your information (for example, tax obligations)
Our legitimate interest to effectively manage our business, audit our business processes and make informed business decisions.
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. Wherever we rely on consent, you will always be able to withdraw that consent at any time, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing purposes, at any time. You can do this by (i) clicking on the unsubscribe link in the relevant marketing communication, or (ii) emailing your opt-out request to email@example.com.
We do not use your personal information to take automated decisions relating to you.
- We do not sell or rent information about our customers. We share personal information of our customers with certain third parties, as we explain below:
- We share aggregate or summary information (such as aggregated sales statistics) regarding our customers with partners, advertisers or other third parties.
- We share information with companies that provide support services to us such as a printer, mailing house, fulfilment company, payment service provider, IT service provider or web host. These companies will process this information to the extent necessary to perform their functions and are subject to confidentiality agreements. Unless otherwise required by law, they are not authorized to use any of the personal information we share with them for any other purpose.
- Subject to your marketing preferences, we share information with social media platforms such as Facebook, for our marketing purposes. This helps them and/or TOMS to market products and services in accordance with any marketing preferences that you indicated during registration.
- We also share personal information with our business advisers (such as legal advisers, accountants, business consultants, insurers, etc.), to the extent it is necessary for them to provide us with their services.
- We may be required to disclose personal information (a) in response to subpoenas, court orders, requests from law-enforcement officials, (b) if the disclosure is necessary to protect the legitimate interests of TOMS or other persons to the extent these are not overridden by your rights and freedoms, or (c) if we are otherwise required to disclose such information by law.
- We may publicly disclose the identity of the winner of any online contests or promotions.
- In the event that TOMS or its assets are acquired by or merged with another company, we will share the personal information we hold with our legal and business advisers, our prospective purchasers’ advisers and any of our legal successors/new owners.
Some technology & advertising partners may also collect personal data when you use our website. These partners are committed to acting as service providers on behalf of Toms and are committed to using your personal data only for Toms’s purposes as described in this policy.
In some instances, our website allows you to log-in with your Toms account with a third-party social media or partner account. If you do, your use of their technology on our website is subject to their terms and policies.
Your browser can help you manage these trackers. You can choose to have your computer warn you every time a cookie is sent, or you can choose to disable all cookies in your browser settings. If you disable all cookies, some parts or functions of our website may not work properly. There are also general resources for opting out of interest-based advertising available on the European Interactive Digital Advertising Alliance websites.
Similarly, you can adjust your advertising preferences on your mobile device at the device level. For example, to adjust your ad preference in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking. To adjust your ad preferences in Android, visit Settings > Google > Ads > Opt Out of Interest-Based Ads.
Below we have listed all the cookies we collect and what information they store.
We do not intentionally collect personally identifiable information from children under the age of thirteen. If we become aware that we have collected personally identifiable information from a user of the Site who is under the age of thirteen, we will remove that child's personal information from our files.
We retain your personal information for as long as this is necessary to allow us to fulfil the purposes for which we use your information. We provide below further detail on the retention periods of specific types of personal information we process.
- If you have an account with us, we will retain and use your personal information associated to that account for as long as your account is active, and for such further period after the closure of your account as needed to provide you with the products you have ordered and respond to queries, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Where you have provided a product review, we will retain this information for a minimum period of 1 year and for no more than 2 years from the date of publication of the review.
- Where we process your personal information for marketing purposes, we process the data until you ask us to stop and for a short period after this (to allow us to fulfil your requests). If you object to direct marketing or withdraw your marketing consent, we will keep a record of your contact details and the fact that you have asked us not to use your information for direct marketing purposes indefinitely, so that we can respect your request in future.
- Where we process personal information in connection with performing our contract with you (for example, your purchase orders) or for a competition, we keep such information for 6 years from your last interaction with us in relation to that contract or competition.
- Where we process personal information to monitor and compile statistics about the use of our Site, we keep the personal information for 13 months.
- Where we process personal information to meet legal requirements, we hold this information for as long as necessary to allow us to comply with these legal obligations.
Opt Out / Corrections And Your Rights
You can ask us for a copy of your personal information, to correct, delete or restrict (stop any active) processing of your personal information and to obtain the personal information you provide to us for a contract or with your consent in a structured, machine readable format.
In addition, you can object to the processing of your personal information in some circumstances, when we use your information for our or other parties’ legitimate interests or when we use it for direct marketing purposes.
These rights may be limited, for example if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
You can also deactivate your account to prevent any future purchases through that account. Please note that in case of account deactivation, we will still retain certain information (including but not limited to personal information) to the extent necessary to fulfil our legal, tax and accounting obligations, for business purposes and to protect TOMS’ interests (e.g. invoices, payment transaction details, shipping and transactional information, etc.).
If you wish to submit any request relating to your above rights, please clearly label the subject line of your email "Opt Out / Corrections," and do not email your credit-card number or other sensitive information. In specific circumstances, proof of identity and payment might be required.
Offline Collection, Use & Disclosure of Information
The majority of information that we collect is obtained through our Sites, and this Privacy Notice applies only to that online collection of personal information. We also collect information offline: for example, when we receive a call to our Customer Support department, we will collect certain information, such as the caller’s telephone number, and any further information required to place an order via phone or respond to their query.
We may change our Privacy Notice from time-to-time, for example when the way we use personal information changes or where necessary to comply with the law. We encourage you to refer to this Privacy Notice on an ongoing basis so that you are aware of our current Privacy Notice.
Any substantive or material change to the Privacy Notice will be brought to your attention – for example, by including a pop-up notice on our Site or through email marketing. If you continue to use our Sites after we notify you of such changes to our Privacy Notice, without objecting to these, we will understand that you are happy with the changes in our Privacy Notice.