Lulus Privacy Policy
YOUR PRIVACY IS OUR PRIORITY
![]() Only the Best We use your data to give you |
![]() Locked Up Tight Protecting your data and privacy is- |
![]() No Spam You decide when and how you |
![]() Clear Communication Have a question about your data? |
II) Personal Information We Collect
III) Personal Information We Disclose
IV) Your Profile
VI) Security and Storage
VI) U.S. Privacy Rights
VII)EEA/UK/Switzerland/Canada Privacy Rights
WHO WE ARE
Lulu’s Fashion Lounge, LLC, which is known as Lulus or Lulus.com, along with our representatives, officers, shareholders, subsidiaries, affiliates, parents, employees, and agents (collectively “Lulus” or “we” or “us” or “our”), respects your privacy and in this Privacy Policy (“Policy”) describes our current privacy practices concerning the collection and use of your personal information and your choices concerning our use and collection. This Policy applies to personal information we obtain from and about individuals interacting with any Lulus’ websites, mobile applications, social media sites, online advertisements, or other digital properties (collectively, the "Digital Properties" unless otherwise noted), as well as our products and services, and through other online and offline interactions.
Capitalized terms not defined in this Privacy Policy are defined in the Terms of Service on Lulus.com.
WHO YOU ARE
This Policy applies to information we obtain from and about individuals interacting with any Lulus’ Digital Properties, products and services. However, it does not apply to the following:
Under Lulus’ Terms of Service, you must be at least 18 years old and not a person barred from receiving services under the laws of the United States or other applicable jurisdictions to use our Digital Properties. Persons under the age of 18 should use our website only with the consent and supervision of your parents or guardian.
We do not knowingly collect personally identifiable information from children under the age of 18. If you are under 18, please do not submit personal information to us or use the website.
We may amend or change this Privacy Policy from time to time. Changes to the Privacy Policy will be posted to our Digital Properties.
To provide you with the full Lulus shopping experience, we collect and use your personal information in a number of different ways. We, and our service providers, may combine your personal information with other personal information we collect from you. Why we collect your information depends on how you interact with us. The tables below lists common uses of the data we collect. In addition, we may use your personal information for some or all of the following purposes:
When you use Lulus digital properties, such as our website or mobile app, or contact customer service via the Lulus website, we may collect the information described below.
YOUR NAME AND CONTACT DETAILS
If you create a Lulus account or place an order with us, we collect your name and contact details, such as your email address, shipping addresses, and phone number. We also collect your email address if you enter it on our website to join our mailing list, sign-up for our Love Rewards Loyalty Program (“Love Rewards”) or participate in our Refer-a-Friend Program.
Information Collected | Why? |
---|---|
Name |
|
|
|
Phone Number |
|
Shipping Address(es) |
|
Information Collected | Why? |
---|---|
Birthday |
|
Birth Year |
|
When you place an order, we require payment information. When you enter your payment information (credit card number, expiration date, and CVV code) it is sent directly to a secure third-party credit card processing center. Lulus does not store any full credit card or third party payment information. We do store billing addresses, generic payment type, and, if you opt in, the last four digits of your credit card for your convenience during the ordering process.
Information Collected | Why? |
---|---|
Billing Address |
|
Generic Payment Type |
|
Last Four Digits of Credit Card |
|
What you’ve said to us — for example, over the phone, on email, or on live chat.
Information Collected | Why? |
---|---|
Email Correspondence |
|
Phone Correspondence |
|
Live Chat/SMS Text Correspondence |
|
Correspondence and Engagement through our Social Media Accounts |
|
Survey or Site Feedback |
|
What you’ve bought, what’s in your shopping cart, what’s on your wishlist, and your loves (favorite items you’ve identified by clicking the Lulus heart)
Information Collected | Why? |
---|---|
Purchased Items, including Prior Purchases, Returns, and Exchanges |
|
Items Added to Your Cart |
|
Items You Have Saved (by adding to your wishlist, saving for later, adding to your love list, and/or requesting to be added to a waitlist) |
|
Reviewed Items (including written comments, ratings, and photos) |
|
We automatically receive and record information from your browser or device when you visit our site, including your IP address and device type (i.e. computer, tablet, or smartphone), cookies, and data about which pages you visit. This information is stored in log files and is collected automatically. We use this information for a range of purposes, including targeted advertising, analytics, and other functions. This information is stored in log files and is collected automatically. We may combine this information with other personal information we collect about you. Additional information related to cookies and online trackers are further fully described in our Cookie Policy.
Information Collected | Why? |
---|---|
IP Address |
|
Device Type |
|
Page Visit History |
|
Cookies and Other Information Collected through Tracking Technologies (First and Third Party) |
|
Unique Device ID |
|
Location Information |
|
You may enter some specific details about yourself to help other customers or for personalization towards yourself. We collect body information related to fit measurements and photographs for product representations. You can choose to enter your fit details (height, body type, weight, and measurements) in your profile or as part of leaving product reviews for other customers. There are a few ways we might have your photographs: if you post a photograph review, if you participate in a Lulus-sponsored photography contest or giveaway on social media, if you accepted our request to use your photo from a third-party site (like Instagram), or if you send a photograph to us as part of a customer service request.
Information Collected | Why? |
---|---|
Uploaded Photos |
|
Your Fit Details |
|
We allow our customers to provide public feedback in the form of reviews about our website and comments on our blog posts. Please remember that any information that you disclose on public portions of the website, such as the reviews and blog comments, are not private and may be viewed (and potentially shared) on the Lulus.com and beyond. Please use caution when deciding to disclose your personal information in the public portions of our website. In addition, we may read, collect, or respond to reviews about Lulus or Lulus products on third party websites.
Information Collected | Why? |
---|---|
Product Reviews |
|
Blog Comments |
|
Public Reviews on Third Party Websites (i.e. Trustpilot) |
|
When you visit our physical locations, such as a retail store or pop-up shop, we may collect the following information.
RETAIL STORE SERVICES
In our retail store, you can engage with our associates and/or stylists, make event appointments, sign-up for services or promotions. We may request your personal information to provide you these services, or to send you personalized recommendations or promotions you have signed up to receive.
Information Collected | Why? |
---|---|
Name |
|
Last Four Digits of Credit Card |
|
Email Address |
|
Phone Number |
|
Style Preferences |
|
Details about your event |
|
Video of you (without audio) |
|
Mobile Device Type and Device Name |
|
We may disclose personal information to third parties, who may disclose it to their subprocessors, i including the categories of recipients described below:
A. Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership.
B. Service providers that work on our behalf to provide the products and services you request or support our relationship with you, such as IT providers, internet service providers, web hosting providers, data analytics providers, and companies that provide business support services, financial administration, or event organization.
C. Professional consultants, such as accountants, lawyers, financial advisors, and audit firms.
D. Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.
E. Law enforcement, government agencies, and other recipients for legal, security, or safety purposes, such as when we share information to comply with law or legal requirements, to enforce or apply our Terms of Service and other agreements or policies, and to protect ours, our customers’, or third parties' safety, property, or rights.
F. To other entities in connection with a corporate transaction, such as if we, or some or all of our assets, are acquired by another entity, including through a sale in connection with bankruptcy or other forms of corporate change.
G. Business partners that can use personal information for their own purposes, such as companies that operate cookies and other tracking technologies, social media companies, data brokers, and other business partners for their own marketing, research, or analytics purposes. Where required by law, we will obtain your consent prior to disclosing your personal H. information to our business partners. Where recipients use your personal information for their own purposes independently from us, we are not responsible for their privacy practices or personal information processing policies. You should consult the privacy notices of those third-party services for details on their practices.
H. Entities to which you have consented to the disclosure. Where possible, Lulus may also share anonymized demographic information about our website visitors with vendors.
Much of your information is stored in your Lulus account profile. You may change or correct the information in your account profile by clicking here or emailing privacy@lulus.com. Only your first and last name and email address are required to have an account with Lulus. If you would like to cancel your account entirely, please email privacy@lulus.com.
Depending on your location, you may also have certain rights with respect to your information, as further described in this Policy below.
We take commercially reasonable steps to safeguard and deter unauthorized access to your information. Lulus complies with the Payment Card Industry Data Security Standard (PCI DSS). This means that when we collect or transmit sensitive information such as a credit or debit card number, we use industry-standard methods to protect that information.
Although we take reasonable measures to safeguard against unauthorized disclosures of your information, no e-commerce platform, website, electronic database or system is completely secure.
Unless you have exercised one of your rights listed in this Policy, Lulus will retain your information for as long as is necessary for our legitimate business purposes. This includes retaining your information to provide you with the products or services you have requested and interact with you; maintain our business relationship with you; improve our business over time; ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once you have terminated your relationship with us, we may retain your information in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts; for other legitimate business purposes, such as to demonstrate our business practices and contractual obligations or provide you with information about our products and services in case of interest; or otherwise in accordance with our internal retention procedures. Lulus will always retain data to the extent necessary to comply with our legal and financial obligations (for example, to satisfy our auditors, to comply with applicable tax/revenue laws, to enforce our agreements, and as otherwise described in this policy) If you would like to know more about the retention periods applicable to your personal information, you can contact us using details provided in the Who We Are section above.
Lulus is located in the United States, and we primarily store your information in the United States. By using our website and/or providing us with information, you understand that your personal information may be transferred to and stored in the United States. For customers in the European Economic Area (“EEA”), United Kingdom (“UK”), Switzerland or Canada, see the EEA/UK/Switzerland/Canada Privacy Rights section below for more details on our processing of your personal information and your rights.
At times, we may transfer your personal information outside of the United States, in which case we take reasonable steps to make sure your personal information continues to be appropriately protected. However, no data transfer system is completely secure.
Lulus.com contains links to other websites. Other websites we link to include social platforms. We also use third-party plug-ins in certain places on our website. For example, when you click on an icon on the Lulus website to share our products on a third party social platform, you are also loading content from that third-party site. That site may request cookies directly from your browser. These interactions are subject to the privacy policy and terms of service of the third-party site, not ours. We are not responsible for the privacy practices or the content of such services. We do not make any representations regarding the policies or practices of third parties. When you use third-party sites or services, their own terms and privacy policies will govern your use of those sites or services. We encourage you to read the privacy policies of third parties before disclosing personal information to them. For the purposes of EEA and UK law, these third parties are independent controllers of data.
Depending on the state in the United States within which you reside, you may have certain rights regarding your personal information, subject to legal limitations. In addition to the disclosures above, this section also provides supplemental information about how we process your personal information, as further described in subsection G below.
Request to Know
You may have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your personal information. Subject to legal limitations, if you submit a Request to Know, for each category of personal information listed in the Information We Collect section above, we will provide:
You may also have the right to request that we disclose the specific pieces of personal information we collected about you. Once we receive and confirm your verifiable consumer request, we will disclose to you:
Request to Delete
You may have the right to request that we delete personal information that we collected from you and retained, with certain exceptions.
Request to Correct
You may have the right to request that we correct inaccurate personal information that we maintain about you, with certain exceptions.
How to Submit a Request to Know / Request to Delete / Request to Correct
If you have an account with Lulus, you can make a request to delete or know in your account profile by clicking on the “See My Data” or “Delete My Data” tools. A request to delete through this tool will delete your Lulus account profile.
If you do not have an account with Lulus, you can make requests by going to https://www.lulus.com/mydata, entering your email address and selecting the “Delete My Data” or “See My Data” tools.
If you received a referral coupon via email and do not have a Lulus account, please email privacy@lulus.com to request removal of your email address from the Refer a Friend program.
You can also submit verified consumer requests by calling our toll free number (1-866-918-5858) or by emailing privacy@lulus.com. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.
You may have a right to opt out of (i) the sale or sharing of your personal information and/or (ii) targeted advertising. While Lulus does not sell your personal information to any other retailers for money, we engage in certain routine practices that may be considered a “sale” or “sharing” under applicable law. For example, our website integrates tracking technologies of trusted advertising partners (third-party companies) that allow the recognition of your device and the collection of information about your browsing activity in order to provide advertisements about goods and services likely to be of greater interest to you. In particular, these partners collect information about your activity on Lulus to enable us to show advertisements for our products and/or services to you on third-party websites and apps. For additional instructions to disable the use of tracking technologies on your specific browser, please see our Cookie Policy.
In order to fully exercise the Right to Opt Out, you must undertake both of the following steps:
(1) Click the “Do Not Sell or Share My Personal Info” link on the bottom of our website; and
(2) Enter your email address, check the reCAPTCHA checkbox, and click “Do Not Sell or Share My Personal Info” to complete the request to opt out.
To the extent required by law, we will honor opt-out preference signals, such as Global Privacy Control (GPC), sent in a format commonly used and recognized by businesses, such as an HTTP header field or JavaScript object. We will process opt-out preference signals at the browser level.- If you change browsers or devices, you must complete these steps on our website from each browser and on each device that you use.
- If you block cookies using your browser, we may be unable to comply with your request to opt out of sales/sharing/targeting with respect to device data that we automatically collect and disclose to third parties online using cookies, pixels, and other tracking technologies.
- If you clear cookies, you will need to submit another request to opt-out on each browser and on each device where you have cleared cookies.
Nevada Residents: Please contact us at the information above to inquire about your right to opt out of the sale of your personal information.
You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. We will never discriminate against you for exercising your privacy rights. However, there are certain functions of our website and mobile application that are only available to account holders, such as wishlists, “loves,” online credit, certain promotions, and our loyalty program.
If we deny your rights request, you may have the right to appeal. To submit an appeal, contact us at privacy@lulus.com.
Although we have not "sold" personal information for money in the past 12 months, we engage in routine practices involving third parties that could be considered a "sale" or “sharing” as defined under applicable law. We do not knowingly sell or share any personal information of minors under the age of 18.
Below please find a chart detailing the categories of personal information we collected and with whom it was sold/shared or disclosed for a business purpose in the past 12 months.
Categories of Personal Information we Collect | Categories of Third Parties to Whom We disclose Personal Information for a Business Purpose | Categories of Third Parties to Whom Personal Information is Sold or Shared |
---|---|---|
Identifiers, Such as your name, email address, phone number, billing address, shipping address, and IP address |
|
|
Personal information subject to the California Customers Records Act, such as your date of birth and a physical description of you, such as your fit details. |
|
|
Characteristics of protected classifications under California or federal law, such as your gender. |
|
None |
Commercial information, such as your payment information, purchase history, product feedback history, saved products, and details about your content history with us, such as through email or phone correspondence, live chat logs, survey or site feedback and shipping or delivery details. |
|
|
Internet or other electronic network activity, such as your device type, page visit history, identification cookies, unique device ID. |
|
|
Geolocation data, such as general location information derived from your IP address. |
|
|
Audio, electronic, visual, or other sensory information, such as photos you have uploaded to the Lulus website. |
|
None |
Inferences, drawn from any of the information we collect to assess the level of interest in our products and services based on frequency of visits and contact and determine your preferred frequency for receiving offers. |
|
|
Sensitive Personal Information, such as your social security number or information about your health. |
|
None |
We do not collect or disclose Sensitive Personal Information for any purpose other than those specified below:
- To perform the services or provide goods reasonably expected by an average consumer;
- To prevent, detect, and investigate security incidents;
- To resist malicious, deceptive, fraudulent, or illegal actions directed at the business or to prosecute those responsible for those actions;
- To ensure the physical safety of individuals;
- For short-term, transient use, including non-personalized advertising;
- To verify or maintain the quality or safety of a service or device; or
- To comply with a legal obligation or to exercise or defend legal claims.
These additional disclosures apply only to individuals who reside in California as required by the California Consumer Privacy Act (“CCPA”) and Colorado as required by the Colorado Privacy Act (“CPA”). We offer incentives to customers that involve the sharing of personal information with us. The personal information collected and retained by us in operating these programs is described in this Privacy Policy, and includes your name and contact details, your date of birth information, your payment information, your contact history with us, your purchase and product feedback history, additional details about you, information about your device type and how you use our website, your public reviews and blog comments and inferences from data and other personal information we may collect in connection with your interaction with our service and/or participation in any of our promotional programs. We may share this information with our affiliates and subsidiaries, service providers, professional consultants, and vendors necessary to complete transactions that you request, and as otherwise described in this Privacy Policy. We do not sell or share your personal information with Data Brokers, as defined by the CPA.
Benefits provided through our promotional programs may be deemed a “financial incentive” (e.g., promotional goods) and/or a different price or rate for goods or services or a different level or quality of goods or services (e.g., discounts, coupons, other promotions) under the CCPA and CPA. We currently offer the following promotional programs in connection with the collection and retention of personal information:
- Love Rewards: We offer rewards to customers participating in Love Rewards, consistent with our Love Rewards Terms and Conditions. Participants in Love Rewards receive promotional offers, including discounts, coupons and opportunities to participate in other promotional opportunities. You can join Love Rewards by logging into your existing Lulus.com account, selecting “Account Info” and then selecting the option to opt in to Love Rewards, or if you do not already have an account, by registering on account on Lulus.com and opting-in to Love Rewards.
The benefits of Love Rewards are described in our Love Rewards Terms and Conditions. The categories of personal information collected through your participation in Love Rewards that may be shared for the purposes of targeted advertising include Personal Identifiers, Commercial Information, and Internet or Other Electronic Network Activity. If you choose to exercise your data privacy rights and request a deletion of your personal information, your Lulus account and any Love Rewards program benefits are deleted. We are only able to provide Love Rewards program benefits to Lulus account holders. - Surveys: You may also be offered the opportunity to participate in a survey. Participation in the survey may result in Lulus collecting additional information from you, including your preferences, experiences, beliefs, opinions, and responses to the survey questions. In exchange for your participation in the survey, you may be offered a financial incentive, as described above.
- Limited-Time Promotions: From time to time, we may offer incentives limited to a specific time period, or time limited sweepstakes, contests and other promotions. Participation in a limited-time offer or promotion is governed by the applicable terms and conditions for the program, which will also describe any financial incentives associated with the promotion.
- Discounts: We also from time to time offer discounts connected to customer’s submission of their email address, phone number or other personal information. You can always opt out of our marketing emails or SMS messaging at any time.
- Product Reviews: When you review a product on our website, you are automatically entered into our Wear. Write. Win. Giveaway, which is governed by our Giveaway Terms. The value of your personal information is the value of the prize divided by the total number of participants.
We treat the value of your Personal Information collected through our promotional programs as equivalent to the value of the benefit provided to you through the program. We calculate the value based on our costs.
Participation in our promotional programs is always optional, and you can terminate program participation at any time as explained in applicable program terms. You can also contact us at privacy@lulus.com to unsubscribe or cancel your participation.
California Civil Code Section 1798.83 permits customers of Lulus who are California residents to request certain information regarding its disclosure of personally identifiable information to third parties for their direct marketing purposes. However, at this time we do not share any of your personally identifiable information with third parties for their direct marketing purposes.
For our customers in the European Economic Area (“EEA”), United Kingdom (“UK”), Switzerland or Canada, Lulu’s Fashion Lounge, LLC is the data controller – the company responsible for your personal information.
Lulus has designated McDermott Will & Emery Belgium LLP as its representative in the EU, whose registered address is at Avenue des Nerviens 9-31, 1040 Brussels, Belgium. For all EU GDPR related issues, you can contact our representative office by post at their registered address or email at Lulus-eu-representative@mwe.com. We recommend you use the email channel for time-saving reasons.
Lulus has designated McDermott Will & Emery UK LLP as its representative in the UK. For all UK GDPR related issues, you can contact our representative office by email at Lulus-uk-representative@mwe.com.
When you access or use our Digital Properties, we collect, use, and otherwise process your personal information as described in this Policy. We rely on a number of legal bases to use your information:
- As necessary to perform a contract with you or to take steps in preparation for a contract with you, including enabling you to make a purchase from us;
- Because you have consented to the processing, such as for receiving marketing messages or third-party data sharing related to advertising;
- As necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims;
- As necessary for the purposes of our or a third party’s legitimate interests;
- As necessary to protect your vital interests, or those of others.
Here are some of our legitimate interests for collecting and processing your personal information:
- Detecting and preventing fraud: We have a legitimate interest in detecting and preventing fraud. To do so, it is necessary that we collect and retain information about each transaction made at Lulus. Our auditors require that we keep this information so they can verify that all transactions recorded by Lulus were made by real customers. The credit card companies we work with require this information in the event that fraudulent charges are made using your credit card.
- Providing access to and improving Lulus.com: We may use your information to improve and customize our website, including sharing of your information for such purposes, and this is necessary to pursue our legitimate interests of improving our website and our products. This is also necessary to enable us to pursue our legitimate interest in understanding how our website is being used, and to develop and expand our customer base. It is also necessary to allow us to pursue our legitimate interest in improving our website’s functionality and in obtaining insights into what our customers and potential customers want.
- Providing access to and improving our customer service: We may use your information to provide you with customer service, and also to improve the service we provide to all customers. This is necessary for us to pursue our legitimate interest in providing great customer service.
- Improving our product offerings: We may use your information to improve the products offered at Lulus, and to inform our buying team so they can provide you and our other customers with a great selection of products. This is necessary for us to pursue our legitimate interest in being your destination for affordable luxury.
- Keeping our website and your data secure: We have a legitimate interest in ensuring the security of our website, including enhancing protection of our company and our customers against spam, harassment, intellectual property infringement, crime, and security risks of all kinds.
If you reside in the EEA, UK, Switzerland or Canada, and you shopped on our website aimed at these markets, you have the following rights, subject to conditions provided in applicable data protection laws:
a)data access and portability (including the right to obtain a copy of your personal information, some of which is available through your account profile, and receive it in a structured, commonly used and machine-readable format);
b) data correction (including the ability to update your personal information, much of which you can change directly using your account settings);
c) data deletion (including the right to have Lulus delete your personal information, except information we are required by law to retain, or as otherwise provided by applicable data protection laws);
d) withdrawal of consent (when we rely on your consent to process your information, such as for our marketing emails you are free to refuse to give it. If you have given your consent, you may withdraw it at any time without any adverse consequences. The lawfulness of any processing of your personal information that occurred prior to the withdrawal of your consent will not be affected);
e) objection to processing (when our processing is based on legitimate interests; this includes, in limited circumstances, the right to ask Lulus to stop processing your personal data, including for direct marketing purposes); and
f) restrict processing of your personal information in certain circumstances.
If you would like to exercise your rights, please email privacy@lulus.com with your request and your place of residence.
Without prejudice to any other rights you may have, you have the right to lodge a complaint with your local data protection regulator.
As noted in the Where Are We Located section, we may process your personal information in countries outside the EEA/UK, Switzerland and Canada that do not provide an adequate level of data protection as defined by EU/UK/Swiss/Canadian data protection laws. Certain third countries have been officially recognized by the European Commission, UK Secretary of State, Swiss and Canadian/or authorities as providing an adequate level of protection. Transfers within our corporate group or to third parties located in such third countries take place using an acceptable data transfer mechanism, such as the EU and/or UK Standard Contractual Clauses, Binding Corporate Rules, approved Codes of Conduct and Certifications, on the basis of permissible statutory derogations, or any other valid data transfer mechanism issued by the EEA/UK/Swiss/Canadian authorities. Please reach out to us if you want to receive further information about how we transfer Personal Data or, where available, a copy of the relevant data transfer mechanism.