LS&Co. strongly supports individuals’ rights to control their own personal information. Our privacy program is based on a documented global privacy framework with implementation overseen by our Chief Privacy Officer in partnership with other leaders, including our Chief Information Security Officer. The global breadth of our privacy program is supported by a network of privacy champions embedded in the business.
More than 130 countries have enacted at least one unique privacy and/or data protection law. By basing the core elements of our program on the Fair Information Processing Principles, LS&Co. can more easily respond and adjust to the rapid legislative change in this area. We monitor changing legal requirements and engage numerous external resources and experts to help us appropriately respond to data protection laws and regulations in the jurisdictions where we operate. Our commitment to data protection has visibility at the most senior levels of the organization and forms part of the unique LS&Co. culture. Regular data privacy and data security updates are given by our Chief Privacy Officer and Chief Information Security Officer to senior leadership, the LS&Co. Enterprise Risk Committee and the Board of Directors’ Audit Committee. In addition, we provide mandatory annual information security training for all employees, along with supplementary training on topics such as phishing and social media risk.
Our Privacy Policy (available on all our websites) describes how we use the information we collect about customers when they interact with us in our stores, through customer service, on our retail websites, through our mobile app or on our corporate website (levistrauss.com). LS&Co. is not engaged in the direct sale of consumer data to third parties. We also do not add customers to our marketing communications list or to any membership programs, such as our RedTab™ loyalty program, without their consent. We provide customers with opportunities to join the program and subscribe to communications, and they are free to opt out at any time.
The LS&Co. consumer Privacy Policy is updated at least annually. We also maintain an Employee Privacy Notice that details how LS&Co. processes the personal information of its employee base, and a Candidate Privacy Notice that provides information about LS&Co.’s privacy practices for job applicants.
We apply a number of approaches to protect company, employee, applicant and customer data from risk, including risks of unauthorized disclosure, loss or misuse. These approaches include vendor security assessments; privacy impact assessments; and legislative monitoring, analysis and benchmarking. In addition, LS&Co. maintains standard data processing agreements and security templates for use in our contract processes that are developed in line with our data use, privacy and security requirements. We actively participate in the data privacy initiatives of multiple third-party associations and industry organizations such as the International Association of Privacy Professionals, the Retail Industry Leaders Association (RILA) and the National Retail Federation (NRF). Together, these help LS&Co. in its commitment to meet applicable legal requirements and to protect data and systems against the greatest risks and latest cybersecurity threats.
