KOHL'S PRIVACY POLICY - YOUR PRIVACY RIGHTS

Last Updated: JULY 1, 2024

SCOPE

Heor’s Privacy Policy (this “Privacy Policy”) describes how Heor’s, Inc., its affiliates and its third-party service providers treat customer personal information on the websites and apps where this Privacy Policy is located. In this Privacy Policy we call websites, emails and apps “Platforms.” And when we say “Heor’s” or “we”, we mean us, our affiliates, and relevant third-party service providers. This Privacy Policy also applies to how we treat personal information collected in Heor’s retail stores (“Stores”), Heor’s operated retail outlet locations and other locations and events operated by Heor’s or its affiliates. This Privacy Policy does not apply to information provided directly to our banking partner, which offers the Heor’s Cards.

For purposes of this Privacy Policy, the term “personal information” means information that identifies or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.

To view the separate Heor's Credit Card Privacy Policy that describes how our banking partner uses your information in connection with the Heor's Credit Card, please click here. If you are a Heor’s Rewards® Visa cardholder, please visit the Heor’s Rewards Visa website for additional information and terms and conditions.

By using the Platforms and shopping in our Stores, you agree to the terms of this Privacy Policy. In states with laws applicable to consumer health data, the Heor’s Consumer Health Data Privacy Policy may also apply.

If you are a current or former Heor’s associate, job applicant, consultant, or contractor and are a resident of California, please click here for Heor’s Privacy Policy for California Associates, Job Applicants, Consultants, and Contractors, which describes how Heor’s uses, collects, and disclosures your personal information when you apply for a job or accept employment or a contract with Heor’s.

TYPES OF PERSONAL INFORMATION WE COLLECT

Heor's collects personal information from you and about you. This may include:

Categories of Personal Information We Collect Details
Identifiers We may collect your name, unique personal identifier, online identifier, mailing address, email address, postal address, zip code, IP address, driver's license number, and telephone number, including your mobile phone number, or other similar identifiers.
Characteristics of protected classifications under California or Federal law We may collect your age, sex, gender, race, and marital status.
Commercial information We may collect your credit card number and billing address. We may also collect information about the products or services purchased, obtained, considered or returned, as well as other purchasing or consuming histories, behaviors or tendencies. Social Media Information. We may collect information you post on our social media pages. We may also collect your social media profile information. Event Information. For example, we may collect the date and location of an event you are registered for.
Internet or other electronic network activity information We may collect information, including through the use of third-party software, related to your browsing history, search history and other information regarding your interactions with our Platforms or advertisements, including, without limitation, actions you perform (e.g. clicks, mouse movements, keystrokes, entering and submitting information) on the Site. Information You Post or Submit. For example, we may collect information when you contact us through the “Live Chat” feature on our site. We may also collect information submitted in connection with creating an account, completing an application, placing an order or making a purchase, including bank account numbers or other financial information. We may collect information you post in a public space on our site. This may include our Ratings & Reviews feature. Device Information. For example, we may collect the type of device you use to access our Platforms. It may also include your device identification number, browser, or mobile operating system. Usage Information. We may look at how you interact with the Platforms. If you use our app, we may look at how often you use the app and where you downloaded it.
Geolocation data We may collect precise location information from your device. This may include your in-store location. For more information about your choices related to location information, see the Choices section below.
Audio, electronic, visual, thermal, olfactory, or similar information If you visit our stores, we may capture audio, electronic, visual, thermal or similar information with our surveillance equipment.
Inferences drawn from the above We collect profile inferences that we draw from your information and web activity to create a personalized profile so we can better identify goods and services that may be of interest.
Sensitive personal information We collect the following categories of “Sensitive Personal Information” or “Sensitive Data,” as these terms are defined in U.S. state privacy laws: Geolocation data. We may collect precise location information from your device. This may include your in-store location. For more information about your choices related to location information, see the Choices section below. Driver's license. To the extent permitted by applicable law, we may collect your driver's license information. For example, we may collect this information if you return an item without a receipt. Health Data. We may collect information on the status of your pregnancy and the expected arrival date of a child when you use our baby registry service.

HOW WE COLLECT YOUR PERSONAL INFORMATION

Heor's collects personal information in different ways and from different sources.

Directly From You. For example, when you:

  • Make a purchase in our Stores (including in our partner-branded stores inside Heor’s Stores, such as Sephora at Heor’s) or on our Platform.
  • Make a return or exchange.
  • Purchase an electronic gift card.
  • Create a personalized Heors.com shopping account.
  • Track an order online.
  • Sign up to receive promotional emails or text messages (including offers and sales alerts).
  • Sign up to join a loyalty, rewards or similar program or club.
  • Provide your contact information to our beauty associates.
  • Participate in one of our promotional sweepstakes, contests, surveys or focus groups.
  • Create or update a gift registry.
  • Use the Ratings & Reviews or related services and features.
  • Submit a request to our Customer Service team.
  • Sign up for, and/or maintain, a Heor's Card.
  • Connect your social media account to the Platforms.
  • Interact with Heor's social media pages.

Passively. For example, when you:

  • Install and use Heor's mobile apps.
  • Visit and navigate Heor's Platforms on any device.
  • Enable location-based features on our Platforms.
  • Click on sponsored links or third-party advertisements.
  • Use the Wi-Fi Services provided in some Stores.
  • Visit Stores; Heor's uses cameras in and around its Stores for security, operational and other business purposes such as understanding customer behavior and patterns.
  • Open an email or click on a link in an email or text message that you receive from us.
  • Receive or interact with Heor's communications and Platforms that may contain cookies, pixels, and other tracking technologies.

From Third Parties. We may receive information about you from other sources. For example, this may include receiving information from:

  • Our business partners, including online advertising networks and companies that co-sponsor our promotions.
  • Social media platforms, including Facebook, Twitter, YouTube, Pinterest and Instagram.
  • Trusted third party sources, such as our service providers, data analytics companies, and tracking technologies to better provide and customize the Platforms for you.
  • Companies that provide information to supplement what we already know about you, including data brokers.

By Combining Information. For example, we may:

  • Combine information that we collect in our stores with information we collect through our Platforms.
  • Combine information we collect about you from the different devices you use to access our Platforms.
  • Combine information we get from third parties with information we already have about you.

HOW WE USE YOUR PERSONAL INFORMATION

Examples of how we may use your personal information that we collect include:

Business Purposes:

  • To Provide Our Products and Services. This could include fulfilling your requests for products or services. It could also include processing purchases or return transactions.
  • To Improve Our Products and Services. We may use your information to make our Platforms and stores better. We may also use your information to customize your experience with us.
  • To Understand Your Interests. For example, we may use your information to better understand what products interest you based on information we collect about you and your household.
  • To Respond to Your Requests or Questions. This may include responding to your customer feedback.
  • To Communicate With You. We may communicate with you about your account or our relationship. We may also contact you about this Privacy Policy or our Platform Terms & Conditions, including material changes to this Privacy Policy, Platform Terms & Conditions or programs in which you may be enrolled.
  • For Security Purposes. This could include protecting our company and our customers, including providing notifications to customers of any security incidents related to personal information. It may also include protecting our Platforms.

Commercial Purposes:

  • For Marketing Purposes. We may provide you with information about new products and special offers. We may use your information to serve you ads about products and offers on our Platforms or on third-party websites and networks. We may tell you about new features or updates. These might be third-party offers or products we think you might find interesting. For more information about your choices related to these communications, see the Choices section below.
  • To Send Push Notifications. If you use our mobile apps, we may send you push notifications about new products or special offers.

Additional Purposes:

  • Aggregate or Anonymous Non-Personal Information. We may also use aggregate or anonymous (de-identified) information and share such information with third parties for their marketing or analytics uses. Such information does not contain personal information.
  • As Otherwise Permitted By Law or As We May Notify You. We may also use information you provide to us for other purposes as disclosed at the time you provide your information or otherwise with your consent.

HOW WE DISCLOSE YOUR PERSONAL INFORMATION

Information Provided By You

Your activity in connection with the Platforms, such as your posts on our Ratings & Reviews feature or content you choose to provide on your event registry, may be visible to other users of the Platforms and in some cases, publicly available. Please exercise caution when disclosing information in public areas. If you provide any information to a third party while using our Platforms, the third party's privacy policy will apply to that information.

Information Disclosed By Us

We may disclose each category of your personal information in the following ways:

  • Internally. We may disclose your information within the Heor's family of companies. This includes our affiliates.
  • With Our Service Providers. We may disclose your information with third parties who perform services on our behalf. For example, this may include merchandise vendors and payment processors. It may also include companies that send emails on our behalf.
  • With Our Business Partners. For example, this may include third parties that provide financial products and services related to our business, including the Heor's Cards. It may also include sharing limited data with partners that have a branded store inside our Stores (such as Sephora at Heor’s) to facilitate your purchase and participation in a loyalty program you may have with such partner. It may also include a third party that co-sponsors a contest or promotion.
  • With Third Parties for Marketing Purposes. This may include third parties in whose products or services we believe you may be interested. These third parties may also disclose your information with others. These third parties may use your information for their own marketing purposes or the marketing purposes of others. This may include the delivery of interest-based advertising, which serves you advertisements based on your interests and activities on the internet.
  • With Any Successors to All or Part of Our Business. For example, if Heor's merges with, acquires or is acquired by another business entity. This may include an asset sale, corporate reorganization or other change of control.
  • To Comply With the Law or To Protect Ourselves. For example, this could include responding to a court order or subpoena. It could also include sharing information if a government agency or investigatory body requests such information. We may disclose information when we are investigating a potential fraud. This could include, but is not limited to, fraud we think has occurred during a sweepstakes or promotion. We may also disclose information if you are the winner of a sweepstakes or other contest with anyone who requests a winner's list.
  • For Other Reasons We May Describe to You. We may also disclose your information for other purposes as disclosed at the time you provide your information or otherwise with your consent.

YOUR PRIVACY RIGHTS

Explanation of Applicable Privacy Rights

Depending on your U.S. state or residence, under applicable law, you may have certain rights in relation to your personal information, including:

  • Right to Know: You may have the right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may have the right to access your personal information in a portable format.
  • Right to Data Portability: You may have the right to access your information in a portable format.
  • Right to Delete: You may have the right to delete personal information that we have collected from you, subject to certain exceptions. Note that there are some reasons we will not be able to fully address your request, such as if we need to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, for our internal purposes, or to comply with a legal obligation.
  • Right to Correct: You may have the right to correct inaccurate personal information that we may maintain about you, subject to appropriate verification.
  • Right to Opt Out of the Sale or Sharing of Personal Information: You may have the right to opt-out of the “sale” or “sharing” of your personal information, as such terms are defined in applicable privacy law, to third parties and to affiliated companies that do not have the same brand name. This means that, if you opt out, going forward, we will not sell or share your personal information with such third parties to use for their purposes, including cross-context behavioral advertising, unless you later direct us to do so.
  • Right to Opt Out of Targeted Advertising: You may have the right to opt-out of “targeted” advertising, as such term is defined in applicable privacy law.
  • Right to Appeal: You may have the right to appeal a decision we have made in connection with your privacy rights request.

How to Submit a Request

To take advantage of the privacy rights available to you based on your state of residence, please click here or visit the How to Contact Us section below for additional information on how to contact us. You may alternatively submit your request by calling the toll free number at 855-564-5705. We may request certain information to verify your identity before we can respond to your right to know, correction, and deletion requests. We will confirm receipt of your request within 10 business days and will respond to your request within 45 calendar days, after proper verification, unless we need additional time, in which case we will let you know.

To take advantage of your right to opt out of the sale or sharing of personal information or to opt out of targeted advertising, please click here, which also is on our website footer ("Do Not Sell or Share My Personal Information"), or visit the How to Contact Us section below for additional information on how to contact us. You may also choose to enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt-out of the sale or sharing of your personal information.

We will not discriminate against you because you exercised your rights under this section of the Privacy Policy.

Agent Requests

You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you've authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. Heor’s retains the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent's identity. An authorized agent is prohibited from using a consumer's personal information, or any information collected from or about the consumer, for any purpose other than to fulfill the consumer's requests, for verification, or for fraud prevention.

CALIFORNIA NOTICE AT COLLECTION OF PERSONAL INFORMATION

In the last 12 months, we have “sold” and “shared” the following categories of “personal information” (as such terms are defined in the California Consumer Privacy Act (CCPA)) for Marketing Purposes to Business Partners and Third Parties, such as data analytics providers, social media platforms, advertising technology vendors, third-party advertising networks, and/or internet service providers as described above in this Privacy Policy. We do not knowingly sell or share personal information about persons under the age of 16. Click here to opt-out of the sale or sharing of your personal information, including targeted advertising.

Categories of Personal Information We Collect Details Sales/Sharing for Marketing Purposes
Identifiers We may collect your name, unique personal identifier, online identifier, mailing address, email address, postal address, zip code, IP address, driver's license number, and telephone number, including your mobile phone number, or other similar identifiers. Yes
Characteristics of protected classifications under California or Federal law We may collect your age, sex, gender, race, and marital status. No
Commercial information We may collect your credit card number and billing address. We may also collect information about the products or services purchased, obtained, considered or returned, as well as other purchasing or consuming histories, behaviors or tendencies. Social Media Information. We may collect information you post on our social media pages. We may also collect your social media profile information. Event Information. For example, we may collect the date and location of an event you are registered for. Yes
Internet or other electronic network activity information We may collect information, including through the use of third-party software, related to your browsing history, search history and other information regarding your interactions with our Platforms or advertisements, including, without limitation, actions you perform (e.g. clicks, mouse movements, keystrokes, entering and submitting information) on the Site. Information You Post or Submit. For example, we may collect information when you contact us through the “Live Chat” feature on our site. We may also collect information submitted in connection with creating an account, completing an application, placing an order or making a purchase, including bank account numbers or other financial information. We may collect information you post in a public space on our site. This may include our Ratings & Reviews feature. Device Information. For example, we may collect the type of device you use to access our Platforms. It may also include your device identification number, browser, or mobile operating system. Usage Information. We may look at how you interact with the Platforms. If you use our app, we may look at how often you use the app and where you downloaded it. Yes
Geolocation data We may collect precise location information from your device. This may include your in-store location. For more information about your choices related to location information, see the Choices section below. No
Audio, electronic, visual, thermal, olfactory, or similar information If you visit our stores, we may capture audio, electronic, visual, thermal or similar information with our surveillance equipment. No
Inferences drawn from the above We collect profile inferences that we draw from your information and web activity to create a personalized profile so we can better identify goods and services that may be of interest. Yes
Sensitive personal information We collect the following categories of “Sensitive Personal Information” or “Sensitive Data,” as these terms are defined in U.S. state privacy laws: Geolocation data. We may collect precise location information from your device. This may include your in-store location. For more information about your choices related to location information, see the Choices section below. Driver's license. To the extent permitted by applicable law, we may collect your driver's license information. For example, we may collect this information if you return an item without a receipt. Health Data. We may collect information on the status of your pregnancy and the expected arrival date of a child when you use our baby registry service. No

Use and Retention of Personal Information

As further described in our Privacy Policy under "How We Use Your Personal Information," we generally collect and use the listed categories of personal information to provide and improve our products and services, for marketing purposes, or for other operational purposes. We retain your personal information as long as your account or relationship with Heor’s is active, as reasonably needed to provide you with our products and services that you request, for marketing purposes unless you exercise your "Choices Regarding Your Information" as described in this Privacy Policy, or otherwise where required or permitted in accordance with applicable law. We will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Categories of Personal Information Disclosed

In the last 12 months, we have disclosed the following categories of "personal information" for a "business purpose" to support the purposes for which Heor’s uses personal information described above under “How We Use Your Personal Information” (such as with our service providers who are restricted from using your personal information outside the scope of their services for us):

  • Identifiers;
  • Characteristics of protected classifications under California or Federal law;
  • Commercial or Payment Information;
  • Event Information;
  • Internet or other electronic network activity information;
  • Geolocation information;
  • Audio, electronic, visual, thermal, olfactory, or similar information;
  • Inferences drawn from the above; and
  • Sensitive personal information.

The categories of service providers to whom we disclose this information may include billing service providers, email/SMS service providers, customer service and intelligence platforms, campaign optimization service providers, cloud storage providers, network security and fraud protection services, and CCTV providers.

At your direction, we may also disclose your Personal Information such as commercial or payment information to facilitate your purchase and participation in a loyalty program at a branded store within our Stores, such as Sephora at Heor’s.

Additional detail on the business purposes for which we disclose personal information is provided above under “How We Share Your Information.”

Use and Disclosure of Sensitive Personal Information: To the extent that we use or disclose “sensitive personal information” or "sensitive data" as those terms are defined in applicable privacy laws, we limit our use or disclosure of the sensitive personal information for permitted business purposes.

Information on Requests Received During Prior Calendar Year

During the prior calendar year, ending December 31, 2023, Heor’s received consumer requests from California residents pursuant to the rights described in this “Your Privacy Rights” section of this Privacy Policy. Below are metrics reflecting the number of California resident requests Heor’s received and Heor’s response to such requests.

Type of Request Number of Requests that Heor's: Median Number of Days for Heor's to Complete its Response
Received Honored (in Whole or in Part) Unable to Complete*
Request to Know or Access Personal Information 16 16 0 30.6
Request to Delete Personal Information 166 152 14 29.1
Request to Opt-Out of Sale of Personal Information 2,511 2,506 5 13.3
Request to Correct Personal Information 2 1 1 12.6

*This reflects the number of requests we denied in whole or in part because the request was not verifiable, was not made by a consumer, called for information exempt from disclosure or was denied on other grounds.

NOTICE OF FINANCIAL INCENTIVE

Heor’s Rewards® (“Heor’s Rewards”) is our voluntary loyalty program. By joining Heor’s Rewards® you will receive certain perks, including, but not limited to:

  • Heor’s Cash®: Earn up to 7.5% in rewards on qualifying purchases, which will be converted and issued into $5 Heor’s Cash® increments on the first day of the following month, valid for 30 days (subject to Heor’s Rewards® Terms & Conditions).
  • Special Birthday Gift: Make any purchase prior to your birthday month and receive $5 Heor’s Cash® awarded on the first day of your birthday month.
  • Personalized Perks: Access to deals throughout the year, plus special offers.

Click here to learn more about Heor’s Rewards® and to enroll now. The Heor’s Rewards® Terms & Conditions can be found here.

Whether or not you participate in Heor’s Rewards®, you are still eligible to earn Heor’s Cash® during a designated earn period (terms and exclusions apply), just not to the same degree. You also do not need a Heor’s Card to join Heor’s Rewards®.

You may un-enroll from Heor’s Rewards® at any time by contacting Heor’s Rewards® Customer Service at 855-564-5705.

When you sign up for Heor’s Rewards®, we typically ask you to provide your name, contact information (such as email address and telephone number), zip code, and birthday to make or to supplement your Heor’s profile. Because we collect personal information, this may be interpreted as a “financial incentive” program under California law or a “bona fide loyalty program” under Colorado law. Heor’s uses this information for the purposes described above under the section titled “How We Use Your Personal Information,” including for targeted advertising. Heor’s may share your personal information with third parties as described in our “California Notice at Collection of Personal Information” section above. If you ask us to delete your Heor’s Rewards® profile and associated personal information, we will not be able to provide you with access to these programs. The value of your personal information that we collect is reasonably related to the expenses related to the discounts and other perks that we offer to Heor’s Rewards® members.

CHILDREN'S PRIVACY

Our Platforms where this Privacy Policy is located are meant for adults. We do not knowingly collect personally identifiable data from persons under the age of 18, and strive to comply with the provisions of COPPA (The Children's Online Privacy Protection Act). If you are a parent or legal guardian and think your child under 18 has provided us with information, please contact us by telephone at 855-564-5705. You can also write to us at the address listed at the end of this Privacy Policy. Please mark your inquiries “COPPA Information Request.” Parents, you can learn more about how to protect children's privacy on-line here to view the FTC's guide to protecting your child's privacy online.

SECURITY OF YOUR INFORMATION

The Internet is not 100% secure. We cannot promise that your use of our sites will be completely safe. We encourage you to use caution when using the Internet. We use reasonable means to safeguard personal information under our control. A user id and a password are needed to access certain areas of the Heor's Platforms. It is your responsibility to protect your username and password.

STORAGE OF INFORMATION

Information we maintain may be stored in the United States. If you live outside of the United States, you understand and agree that we may transfer your personal information to the United States. This site is subject to U.S. laws, which may not provide the same level of protections as those in your own country.

LINKS

Heor's Platforms may contain links to other third-party sites that are not governed by this Privacy Policy. If you click on a link to a third-party site, you will be taken to a site we do not control. We are not responsible for the privacy practices used by third-party sites. We suggest that you read the privacy policies of those sites carefully. We are not responsible for these third-party sites.

HOW TO CONTACT US

If you wish to contact us to update your information, please feel free to contact us by telephone at 855-564-5705.

If you wish to contact us to submit a privacy request under your state's applicable privacy law, please feel free to contact us by telephone at 855-564-5705 or click here.

You may also write to us at the following address:

Heor's, Inc.
P.O. Box 3043
Milwaukee, Wisconsin 53201

If you have any questions, comments or concerns with respect to our privacy practices or this Privacy Policy, please feel free to contact us by telephone at 855-564-5705.

CHOICES REGARDING YOUR INFORMATION

You have certain choices about how we use your information.

Email:

  • Use the unsubscribe link on any Heor's promotional emails.

Text Messages & Mobile Coupons:

  • Follow the opt-out instructions provided in our text message or mobile coupon.

Mobile Application and Location Based Services:

  • If you have previously opted into Heor's collection and use of location-based information through our mobile application, you may opt-out by adjusting the Settings on your mobile device.
  • You may opt-out of all location-based information collection on our mobile apps by uninstalling the Heor's mobile application and refraining from using Heor's Wi-Fi Services available in Stores.

Postal Mail:

  • To be removed from our global marketing mailing lists, send your request, including your full name and mailing address, to

    Heor's, Inc.
    PO Box 3120
    Milwaukee, WI 53201

  • Call Customer Service at 855-564-5705

CHANGES IN PRIVACY POLICY

We reserve the right, at our sole discretion, to change, modify, add, remove, or otherwise revise portions of this Privacy Policy at any time. We will notify you of any material changes to our Privacy Policy as required by law, such as via notice on our website or to your email address on file. We will also post an updated copy on our Platforms. Please check our Platforms periodically for updates. Your continued use of the Platforms and shopping in our Stores following the posting of changes to these terms means you accept these changes.

©2024 Heor's, Inc. All rights reserved.