RH PRIVACY NOTICE
AT A GLANCE: A MESSAGE REGARDING YOUR PRIVACY
At RH, we value you as a customer and take the privacy and security of your information seriously. Whether you are visiting our Galleries, dining in our Restaurants, or exploring our collections online, we want you to understand how we manage your information.
How We Collect Your Information
To provide you with a seamless luxury experience, we collect information in three primary ways:
- Directly from You: When you make a purchase, join our Members Program, or create a gift registry.
- Through Technology: As you navigate our online platforms, we use cookies, pixels, and session replay technology to understand how you interact with our site, so we can refine our digital experience.
- From Physical Locations: For your safety and ours, we utilize CCTV at our Physical Properties (Galleries, Guesthouses, and Outlets).
How We Use and Share Your Data
We use your data to fulfill your orders, send our Sourcebooks, and curate personalized design services. To do this, we share information with:
- Our Affiliates: We may share your information across the various brands and subsidiaries within the RH Group to provide a consistent experience across all of our specialized collections and services.
- Service Providers: Partners who assist with specialized tasks like white-glove delivery, payment processing, and IT security.
- Advertising Partners: We may share identifiers with marketing agencies and data aggregators to show you relevant RH advertisements. Under certain laws, this may be considered the "selling" or "sharing" of data for targeted advertising.
Your Rights and Choices
We believe you should have control over your personal information. Depending on where you live, you may have the following rights:
- Direct Marketing: You may have the right to opt out of our email communications or cancel the delivery of our physical Sourcebooks.
- Data Control: You may have the right to request access to the personal data we hold about you, request corrections, or ask that we delete your information.
- Opt-Out of "Sales": You may be able to specifically request that we do not "sell" or "share" your data for cross-contextual behavioral advertising via our "Do Not Sell" web form.
Our Global Standards
While RH is a US-headquartered business and we centralize our data processing in the United States, we adhere to rigorous standards for our international guests. For those in the UK, EU, and Canada, we utilize a variety of measures to ensure that your information transferred to these countries receives adequate protection consistent with data protection rules.
LAST UPDATED: 12 February 2026
WHEN DOES THIS NOTICE APPLY?
Restoration Hardware, Inc. ("RH" or "we" or "us" or "our") wants you to understand how we collect, use and disclose your Personal Data (as defined below). This Privacy Notice applies to Personal Data collected through our websites including RH.com, as well as any other RH-branded online platforms that link to this Privacy Notice (collectively, the “RH Online Properties”), including RH, RH Modern, RH Contemporary, RH Outdoor, RH Beach House, RH Ski House, RH Baby & Child, RH TEEN, RH Outlet, RH Contract and RH Trade. Additionally, this Privacy Notice covers Personal Data collected through our physical locations, including RH galleries, outlets, restaurants, cafés, wine vaults, Guesthouse, call centers and distribution centers (collectively, the “RH Physical Properties”). This Notice does not, however, apply to Personal Data that is collected and used in connection with RH Credit Cards. By using the RH Online Properties, visiting RH Physical Properties, and/or providing your Personal Data to us, you acknowledge that your Personal Data will be collected, used and shared as described in this Privacy Notice. Residents of the European Union, United Kingdom, Canada, and California should visit “Location Specific Disclosures” to learn more about our processing of their Personal Data.
Terms used in this Notice shall have the same or the analogous meaning ascribed to them in the applicable data privacy law.
UPDATES TO THIS NOTICE
We may change this Privacy Notice at any time. Please refer to the “Last Updated” date at the top of this page to see when this Privacy Notice was last revised. Any changes to this Privacy Notice will become effective on the "Last Updated" date indicated above. Your continued use of our websites or interactions with us after the posting of any amended Privacy Notice shall constitute your agreement to be bound by such changes.
PERSONAL DATA WE COLLECT
The term “Personal Data” as used in this Privacy Notice refers to any information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, to an identifiable individual. We and our service providers may collect and/or process, and may have collected or processed in the 12 months preceding the effective date of this Notice, the following categories of Personal Data about you:
- Identifiers and Contact Information: such as first and last name, postal address (including billing and shipping address), online identifiers, account identifiers and registration information, IP address, phone number, and email address.
- Financial information: such as payment details, including credit or debit card number, and salary information.
- Commercial information: such as records of products or services purchased, exchanged, returned, obtained, or considered, or other purchasing or consuming histories or tendencies. We also maintain a record of your wish lists and gift registries in connection with the RH Online Properties as well as your marketing preferences.
- Content of communications: such as the date and times of any communications with us, and any Personal Data contained in the content of such communications (including any recordings of customer service calls), and our responses. We also maintain information you provide to us related to any customer support requests.
- Other internet or electronic data: such as network activity, browsing history, search history, information regarding your interaction with our sites or advertisements, browser and device information, server log files (e.g., IP address, visit times, pages viewed), data from cookies, pixel tags, and similar tracking technologies, or physical location of your device.
- CCTV footage: such as audio and video recordings via CCTV cameras at RH Physical Properties.
- Inferences: such as preferences, characteristics, and purchasing behavior.
- Events Information: such as Personal Data related to your participation in our events. For example, if you register for and attend an event that we host or sponsor, we may collect information related to your registration for and participation in such event.
- Sensitive or Special Category Personal Data: such as your log-in, financial account, debit card, or credit card number in combination with a required security or access code, password, or credentials allowing access to an account, precise geolocation information, or Personal Data concerning your health. In addition, there may be cases where you voluntarily provide us with information about major events such as weddings, the birth of a child, and/or the purchase of a new home in connection with you or another individual’s gift registry or in other similar circumstances. In such cases, you may be providing us with information concerning or alluding to racial or ethnic origin, religious beliefs, or information concerning sex life or sexual orientation, which may be considered “sensitive” or “special category” Personal Data under applicable privacy laws (collectively, “Sensitive Personal Data”). You may also include Sensitive Personal Data in any communications that you send to us.
We process Sensitive Personal Data with your consent where required by applicable law, to provide you with the products and services you requested or that would be reasonably expected by you, or for purposes allowed under the law. Generally, RH collects Sensitive Personal Data as follows:When included in gift registries, communications, or similar circumstances – with your explicit consent (indicated by you unilaterally deciding to provide us with such Personal Data) and to provide the services you would reasonably expect when engaging RH for such services;
When shared in connection with our cafes, restaurants, or catered events (e.g., any allergies or dietary requirements, which may be data concerning health) – with your explicit consent or as necessary to defend legal claims; and
When shared in relation to events we are hosting (e.g., any accessibility requirements, which may be data concerning health) – with your explicit consent or as necessary to defend legal claims.
When you use our store locator or other location-based features we may offer, we may collect your precise geolocation information from your device or browser, including with your permission as made available via your device or browser. You may turn off precise location information sharing through your device settings.
HOW WE COLLECT AND USE YOUR PERSONAL DATA
We collect, and may have collected in the 12-months preceding the effective date of this Notice, Personal Data from multiple sources, including:
- Directly from you, when you interact or transact with RH (including via service providers acting on our behalf), such as providing contact information for marketing purposes or scheduling shipments, sharing your financial information for processing payment, and when you otherwise provide us with information at an RH Physical Property, online at an RH Online Property, or over the phone.
- Indirectly from you, when you interact with RH Online Properties, such as your online interactions with our website, we use cookies, pixels, tags, session replay technologies, and similar technologies (collectively, “Online Tracking Technologies”), subject to your consent where required, to collect your internet or electronic data including browsing or search history and information regarding your interactions with our website, emails, or advertisements.
- Via third parties, such as data brokers, credit reporting agencies, and data aggregators who help us to enhance our customer records to improve our experiences, or to identify potential customers. Third-party products and services may control the information they collect and share about you. For information about how these third parties may use and disclose your information, please consult their respective privacy policies.
We may use the Personal Data set out above for the following purposes, on the following lawful bases.
| PURPOSE | DESCRIPTION | LAWFUL BASIS |
|---|---|---|
| To process in-person and online purchases, warrantees, and returns | This may include processing Personal Data for a number of activities, including facilitating your purchases and experiences, processing payments, fulfilling warrantees and returns, resolving problems or questions about products or services you have purchased, and engaging in related communications. | Performance of a contract (for fulfilling the purchase) Legal obligations (related to financial transactions, such as anti-money laundering compliance) |
| Services and Programs | This may include processing Personal Data for activities related to services we may offer, such as our design services, registries of which you are a registrant or co-registrant, trade programs, or customer service. | Consent (such as when you provide us with your marketing preferences) Performance of a contract (for fulfilling our obligations with each of our programs) |
| Marketing and Promotions | This may include processing Personal Data for activities such as contacting you via email, sending you our Sourcebooks, or otherwise communicating with you about products, services, and promotions which may interest you. | Consent, (when, where required, you have opted-in to these types of communications) Legitimate Interest (for marketing our products and services, and providing you with promotions that may be of interest to you when your consent is not required) |
| Analytics and Improvements | This may include processing Personal Data to evaluate and improve our services, such as Personal Data we collect to evaluate performance of our website, process feedback and surveys you provide regarding your experience and our customer service, or analyze trends, statistics, and customer preferences. | Consent (where necessary, e.g., when using cookies and other tracking technologies) Legitimate Interest (such as to improve the quality and relevance of our platforms and services) |
| Legal and Compliance | This may include processing Personal Data to protect our rights, our property, and for safety reasons. This includes processing Personal Data to protect our RH Online Properties and our business operations, comply with legal obligations, protect the security of our online and physical properties, and prevent, detect, and investigate actual or suspected fraud, abuse, illegal use, unauthorized or illegal activities and access and other misuse, and where we believe necessary to investigate, prevent, or take action regarding situations involving potential threats to the safety or legal rights of any person or third party. We may also process Personal Data as part of legal proceedings, to respond to legal process, and to comply with court orders, governmental requests, or applicable law. | Legal Obligations (such as complying with legal requirements relating to fraud) Legitimate Interest (such as protecting our legal interests) |
| Restaurants, Guesthouse, Café, and Other Similar Services | This may include processing Personal Data to arrange and honor reservations, facilitate events, process payments and handle related inquiries or requests. | Legitimate Interest (such as providing our services to you) Legal obligations (such as financial transactions and maintaining record-keeping) |
Note that you may have the right to withdraw consent at any time in certain limited instances where you both reside in a jurisdiction with such rights, such as the European Economic Area, and we are processing information on the basis of your express consent as opposed to another lawful basis. To do so, please contact us at Privacy@RH.com.
You are not required to provide us with any Personal Data. However, if you do not provide us with Personal Data that we need, we may be unable to provide you with our products and services.
Where allowed by applicable law, we may de-identify or anonymize your Personal Data. If we do so, we will maintain and use the de-identified data without attempting to re-identify it. De-identified data will not be subject to this Notice and may be used to the extent permissible under applicable law.
HOW WE DISCLOSE YOUR PERSONAL DATA
For the purposes of this Privacy Notice, disclosure includes transferring, sharing (both verbally and in writing), sending, or otherwise making your Personal Data available or accessible to another person or entity.
We may disclose, and may have disclosed in the 12-months preceding the effective date of this Notice, the categories of Personal Data identified above with the following categories of recipients for the following business purposes:
- Service Providers: Companies that process your Personal Data in accordance with our instructions, in order to provide us with services. For example, those that assist with website hosting, data storage, payment processing, order fulfillment, IT services, customer service, email delivery, credit card processing, auditing, and similar services.
- Affiliates: Our subsidiaries and affiliated entities for business purposes and to perform functions on our behalf. We may also disclose Personal Data to our affiliates and subsidiaries for marketing and commercial activities (with your consent, where required under applicable law).
- Promotional Partners: Selected third parties for their marketing and commercial purposes (with your consent, where required under applicable law).
- Marketing and Advertising Agencies: For advertising and promotional activities.
- Gift Registry Third Parties: In connection with any gift registry where you are a registrant or co-registrant.
- Message Recipients: To identify you to anyone you send messages to through our online properties.
- Business Transactions: In the event of a reorganization, merger, sale, joint venture, or transfer of our business or assets.
- Other Legal and Safety Reasons: As necessary to comply with applicable laws, respond to legal orders, government requests, or non-binding requests (where we determine it to be in our best interest), enforce our terms, protect our operations and rights, assist in fraud prevention or investigation (e.g., counterfeiting), obtain advice from our advisors, and pursue legal remedies.
- Other Purposes: We may also use your Personal Data in other ways, in which case we will provide specific notice at the time of collection and obtain your consent where required by applicable law.
Please also note that information you post on message boards, chat rooms, profile pages, and blogs becomes public and can be accessed by others. Please exercise caution when sharing Personal Data.
We do not sell, rent, or share mobile numbers, text messaging originator opt-in data, or consent with third parties or affiliates for their own direct marketing or promotional purposes. SMS consent and mobile numbers are used solely to send text messages and to operate our messaging programs. We may disclose such information to service providers who assist us in delivering and supporting our messaging programs, subject to contractual limits prohibiting any other use. For more information about our messaging practices, please review our RH Text Messaging Terms of Use.
Cookies and Similar Online Tracking Technologies
We may use Online Tracking Technologies to help us remember you and your preferences when you revisit our website. The information collected by these cookies and similar technologies may include your: IP address; unique cookie identifier and information obtained through cookies; unique device identifier and device type; domain, browser type and language, operating system, system settings, country and time zone; previously visited websites; information about your interaction with our RH Online Properties such as click behavior, purchases and indicated preferences; and access times and referring URLS. Depending on your country of residence, and where allowed by law, these Online Tracking Technologies may be enabled by default with the right to opt-out made available. Where required by law, we will obtain your prior consent before placing non-essential cookies and similar technologies.
We use Online Tracking Technologies to analyze and understand how you access, use, and interact with our RH Online Properties and our customers’ preferences (such as country and language choices), as well as to assess, secure, protect, optimize, and improve the performance of our RH Online Properties. This enables us to provide services to our customers and improve their online experience. We also use cookies and pixel tags to obtain aggregate data about site traffic and interaction, to conduct analytics, identify trends, and obtain statistics so we can improve our RH Online Properties, as well as to target advertising and content across our RH Online Properties and third-party sites and services.
We use the following categories of cookies to provide a personalized luxury experience:
- Strictly Necessary Cookies: These are essential for the core functionality of the RH Online Properties. They enable basic features, such as to secure and protect the performance of our RH Online Properties, and to allow you to add products to your shopping cart.
- Preference and Functionality Cookies: These cookies help enhance your experience by enabling additional functionality on the RH Online Properties. They handle and remember your country, currency and language preferences, and enable functions that improve the shopping experience.
- Analytics Cookies: We use these cookies to obtain aggregate data about site traffic and interaction, to conduct analytics, identify trends, and obtain statistics so we can improve our RH Online Properties.
- Advertising and Personalization Cookies: We use these cookies to allow us to understand how you interact with our RH Online Properties and your interests to deliver tailored marketing and advertising content to you. These cookies also help us measure the effectiveness of our advertising campaigns.
We may allow selected third parties to place cookies on our websites or applications to provide us with better insights into usage to provide relevant advertising to you. These third parties may collect information about your online activities over time and across different websites or online services. We may also permit third party service providers to place cookies through our website or applications to perform analytic or marketing functions. We use Google Analytics and its advertising products, such as Google Ads, that may collect usage data (using cookies, pixel tags and similar tools) about our RH Online Properties to provide us with reports and metrics that help us to evaluate usage of our RH Online Properties, improve performance and user experiences, and serve relevant advertising to you. We also use third-party technologies and services, such as reCAPTCHA, to support the security of our RH Online Properties and protect against fraud and abuse. For information about Google Analytics, see Google’s Privacy & Terms and for reCAPTCHA, see Google’s Privacy Policy. We may combine the data collected by Online Tracking Technologies with other information we maintain about you and use this data for marketing to you, including through other, non-website-based channels.
We also use session replay technology. Session replay tools use cookies and other technologies to collect data about how you interact with our website, including by recording and reconstructing your mouse movements, clicks/taps, and keystrokes. Our third-party service providers collect and store this information on our behalf in a pseudonymized user profile. We configure session replay technologies to avoid capturing sensitive fields, such as payment card data and passwords). Where required by law, we will obtain your consent before enabling session replay technologies. By continuing to use and access our RH Online Properties, you agree to the use of these technologies by us and our third-party service providers.
We make available several ways for you to manage your cookies within our RH Online Properties. Many of these are browser and device specific, which means that you need to set the preference for each browser and device you use to access the RH Online Properties. Additionally, if you delete or block cookies, you may need to reapply these preferences. Opting out of cookies and advertising as discussed below does not mean that you will no longer receive advertising content from us. You may continue to receive generic or contextual ads from us.
- Industry Ad Choice Programs. You may be able to control how participating third-party ad companies use the information that they collect about your visits to our sites, and those of third parties, in order to display more relevant advertising to you. If you are in the U.S., you can obtain more information and opt-out of receiving targeted ads from participating third-party ad networks via the Digital Advertising Alliance at aboutads.info/choices. Please note that opting out of participating ad networks does not opt you out of being served advertising. You may continue to receive generic or ‘contextual’ ads on our RH Online Properties. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.
- Browser Settings. For a comprehensive up-to-date summary of every third-party accessing your web browser (through the RH Online Properties or otherwise), we recommend installing a web browser plug-in built for this purpose. Your browser may offer choices to manage your cookies, including blocking all or third-party cookies. You may do this through your browser settings on each browser and device that you use. If you turn cookies off, you may not have access to many features that make our RH Online Properties more efficient and some of our services will not function properly.
Some web browsers offer a “Do Not Track” (DNT) setting that allows you to express your preference not to be tracked across websites. At this time, we do not respond to DNT signals.
Categories of Third Parties to Whom Personal Data Has Been Sold or Disclosed for a Business Purpose
We share, and in the 12 months preceding the effective date of this Notice may have shared, the following categories of Personal Data for monetary or other valuable consideration, for targeted advertising purposes, or for another business purpose. In certain jurisdictions, disclosures of Personal Data for monetary or other valuable consideration, or disclosures for cross-context behavioral advertising purposes, may constitute “sales” or “sharing” of Personal Data:
- Identifiers
- Internet or other electronic network activity information
- Commercial information
- Inferences
These categories of information have been and may be disclosed to our marketing and advertising partners, including platforms that enable or participate in targeted and cross-contextual behavioral advertising, entities that support our marketing to you through non-website-based channels, and other entities which may include data brokers and third-party cooperative databases.
Notice of Right to Opt-Out of “Sales” and “Sharing” of Personal Data
As described above, our disclosure of your Personal Data through Online Tracking Technologies to third party advertising platforms and analytics providers may be deemed a “sale” or “sharing” of Personal Data under certain privacy laws, and you may have the right to opt-out of such processing. To exercise your right to opt-out of “sales” or “sharing” of your Personal Data, please refer to the section below titled “Your Privacy Rights.” We do not have any actual knowledge that we sell or share Personal Information of consumers under 16 years of age.
Third Parties and Third-Party Sites
When you submit Personal Data to a third party—for example, through a third-party software application, service, or social media platform included in or linked from our website—the collection, use, and disclosure of your information is governed by those third parties’ own privacy notices.
We are not responsible for the data collection, use, or disclosure practices of any third parties, including our affiliates, third-party service providers, social media platforms, or any other website to which our site links. The inclusion of a link on our website does not imply endorsement of the linked site by us or our affiliates. You should review the privacy notice of such third parties before sharing your Personal Data with them.
SECURITY
We seek to use reasonable organizational, technical, and administrative measures to help protect the Personal Data under our control. While no system can guarantee absolute security, we work with reputable third-party cloud service providers that maintain robust security measures to protect your data. A username and password are needed to access certain areas of our website. It is your responsibility to protect your username and password. Personal Data may be accessed by people within our organization, or our third-party service providers, who require such access to carry out the purposes described in this Privacy Notice, or otherwise permitted or required by applicable law.
We use payment card processors during payment processing. Your payment data is delivered directly from the browser to payment card processors, who handle your payment card data subject to industry standards regarding security. It is important for you to protect against unauthorized access to your account, purchase history, and devices.
When accessing our website—especially on public or unsecured networks—please exercise caution when submitting Personal Data. If you suspect that your account or interaction with our website has been compromised, you should notify us immediately. In such cases, we recommend placing orders by telephone or in person. For assistance, please refer to the “Contacting Us” section.
YOUR PRIVACY RIGHTS
Depending on the jurisdiction in which you are located, you may have certain rights regarding your Personal Data, subject to applicable law. We may ask you to verify your identity before fulfilling certain requests, in order to protect your Personal Data. In some jurisdictions, an authorized agent may submit a request on your behalf if they provide proof of authorization.
To exercise your rights, please submit a Privacy Request Form, unless another method is indicated below, or contact us directly at the phone numbers or addresses listed in the Contacting Us section. We will respond as requested by applicable law. We may deny a request if we cannot verify your identity or if the law otherwise permits.
| Your Right | Additional Information |
|---|---|
| Opt-out of Promotional Communications | You may be able to use the unsubscribe link provided in any promotional email or use our Unsubscribe Form. You may still receive essential transactional emails, such as order confirmations or service updates. |
| Opt-out of Catalogs/Sourcebooks | You may be able to submit a request by entering the contact information exactly as it appears on the mailing label by using our Cancel Sourcebook Delivery Form. This will apply to all future mailings; however, you may still receive any scheduled mailings which are already in process. |
| Opt-out of Sale, Share, and Targeted Advertising | You may be able to submit your request using our Do Not Sell Form or through the cookie controls available on our website. |
| Right to Know and Access | You may have the right to know what Personal Data we collect about you, and to access your Personal Data. Please use our Privacy Request Form or other contact methods listed under Contacting Us. |
| Right to Portability | You may have the legal right of portability, or the right to have us transfer your Personal Data to other persons or entities upon your request, subject to certain exceptions. Please use our Privacy Request Form or other contact methods listed under Contacting Us. |
| Right to Obtain a List of Categories of Third Parties with Whom Your Data Was Shared | You may have the right to obtain a list of the categories of third parties with whom your Personal Data was shared. Please use our Privacy Request Form or other contact methods listed under Contacting Us. |
| Right of Erasure or Deletion | You may have the right to request deletion of your Personal Data. Please note that we may be required to retain certain data for legal, tax, and warranty purposes. If deletion is denied, we will explain why. Please use our Privacy Request Form or other contact methods listed under Contacting Us. |
| Right to Correct, Update, or Rectify | You may have the right to update your Personal Data if it is inaccurate or incomplete. Please use our Privacy Request Form or other contact methods listed under Contacting Us. |
| Right to Restrict or Suspend Processing | This may apply in cases where data accuracy is disputed, processing is unlawful, or data is no longer needed. Please use the contact methods listed under Contacting Us. |
| Right to Object to Processing | You may have this right in instances where we process data based on our legitimate interest. We may still continue to process your Personal Data if there are compelling legitimate grounds to do so. Please use the contact methods listed under Contacting Us. |
| Right to Appoint an Authorized Agent | You may designate an authorized agent to make requests on your behalf, provided they have the appropriate authority. |
| Right to De-Indexation | You may have the right to request that we stop disseminating your Personal Data or deindex a hyperlink associated with your name that provides access to your information, if such dissemination causes harm or violates the law or a court order. Once we receive and confirm your privacy request, we will evaluate the circumstances and based on this evaluation inform you whether we will de-index, re-index, or delete the Personal Data. Please note we may not be able to de-index, re-index or delete your Personal Data entirely in some circumstances. |
| Lodge a Complaint with a Regulator | You may have the right to lodge a complaint with a data protection authority. In the EEA, a list of the national data protection authorities can be found here. In Switzerland, the responsible data protection authority is the Swiss Federal Data Protection and Information Commissioner (FDPIC), whose website can be found here. In the UK, the responsible data protection authority is the Information Commissioner’s Office (ICO), whose website can be found here. |
Applicable laws may also give you the right to appeal our decision regarding your Privacy Rights request. To do so, please use our Privacy Request Form or contact us at Privacy@rh.com. Residents of some US jurisdictions may have the right to submit complaints to their state’s attorney general using the online complaint mechanisms on the relevant attorney general’s website.
If you have any questions or would like to submit a complaint regarding RH's collection, use, or disclosure of your Personal Data, please contact us at Privacy@rh.com. You may also contact our Data Protection Officer (“DPO”) responsible for your country or region via DPO@rh.com. In your email header, please indicate the country from which you are contacting us.
We will not retaliate against you for exercising your Privacy Rights under applicable law.
HOW LONG WE RETAIN YOUR PERSONAL DATA
We will keep your Personal Data only for as long as we reasonably require to fulfill the purpose for which we collected it (including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements) and, in any event, only for as long as data protection laws and our internal retention policies permit.
We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
For more information, please contact our Privacy Team at Privacy@rh.com.
CHILDREN’S DATA
Individuals under the age of sixteen (16) are not generally permitted to make purchases, subscribe to our marketing communications or otherwise use the RH Online Properties. In some jurisdictions, the age threshold for valid consent may be lower than 16. Where applicable, we will comply with the local age of consent laws for data processing. It is important to us that we do not knowingly process Personal Data of any individuals under the applicable age. Therefore, you must not provide us with any Personal Data relating to any individual under the applicable age in your country, nor permit such individuals to subscribe to our communications, use the RH Online Properties, or provide us with their Personal Data.
LOCATION-SPECIFIC DISCLOSURES
EUROPEAN UNION AND UNITED KINGDOM
Under the General Data Protection Regulation, including as it applies in the UK pursuant to the European Union (Withdrawal) Act 2018 (collectively the “GDPR”), RH London Gallery Limited and RH Geneva Sarl respectively are the Data Controllers of your Personal Data.
We are a US-headquartered business and pride ourselves on providing the best possible global customer experience. We want to make sure that you get the same best-in-class service whenever and wherever you visit us – wherever in the world, virtually or in person. It is core to that customer experience that we centralize your Personal Data, and we underpin that global experience by storing Personal Data in the United States. Some of the data recipients with whom we share your Personal Data may be located in countries other than the country in which your Personal Data was originally collected. The laws in those countries may not provide the same level of data protection as compared to the country in which you initially provided your data. Nevertheless, when we transfer your Personal Data to recipients in other countries, including the US, we will protect that personal data as required by applicable law and as described in this Privacy Notice.
We take measures to comply with applicable legal requirements for transfers of Personal Data to recipients in countries outside of the European Economic Area (EEA), United Kingdom (UK) or Switzerland that do not provide an adequate level of data protection. We use a variety of measures to ensure that your Personal Data transferred to these countries receives adequate protection in accordance with data protection rules; including using EU Standard Contractual Clauses and the UK Addendum to the EU Contractual Clauses.
UNITED STATES
NOTICE OF FINANCIAL INCENTIVE AND NOTICE OF BONA FIDE LOYALTY PROGRAM
The RH Members Program (“Program”) provides customers with the opportunity to obtain exclusive benefits, including discounted member pricing on purchases, complimentary access with respect to certain goods and services, access to preferred financing, and priority mailings of Sourcebook Catalogs. Because our Program involves the collection of Personal Data and offering of certain benefits, it might be interpreted as a “financial incentive” program under California law or a “bona fide loyalty program” under Colorado law.
Opting-In to the Program. You may join the Program online at https://rh.com/us/en/membership. The Program Terms and Conditions are available at: https://rh.com/us/en/our-company/members-program-terms-and-conditions.
Categories of Personal Data We Collect. To enroll you in the program, RH collects the following categories of Personal Data:
- Identifiers, such as name, email address, billing and mailing postal addresses, telephone number, and date of birth
- Commercial Information, such as shopping and purchase history and payment information
- Internet/Network Activity, such as IP address, activity logs, and browsing history
- Geolocation Data
We also collect information you choose to provide in your RH member profile, as well as information about your marketing preferences. This includes how you prefer to be contacted by RH as well as what types of information you are interested in hearing about.
Because your Personal Data is necessary for you to participate in the Program, you understand that you will be unable to participate in the Program in the event you submit to use a Request to Delete all your Personal Data.
Because the sale of Personal Data or the processing of your Personal Data for targeted advertising is not needed to participate in the Program, we will continue to provide you the benefits of the Program if you exercise your right to opt out of the sale of Personal Data or the processing of Personal Data for targeted advertising.
Value of Consumer’s Data. Under California law, the value of your Personal Data is related to the value of the free or discounted products or services, or other benefits that you obtain or receive as a Program participant, less the expenses related to offering those products, services, and benefits to Program participants.
Withdrawing from the Program. You may withdraw from participating in the Program at any time by cancelling your membership. You may cancel your membership by logging into your RH account, selecting “My Account” and adjusting the relevant settings, or by calling 888.889.4739.
CALIFORNIA
Under California law, California residents may opt-out of or request information about our sharing their Personal Data with other parties for their direct marketing purposes. If you are a California resident and would like to exercise your rights under California’s Shine the Light law, please submit your request to Privacy@rh.com.
Categories of Personal Data We Collect from California Residents
We may collect, and may have collected in the 12 months preceding the effective date of this Notice, the information described above in “Personal Data We Collect,” which includes:
- Identifiers, including online identifiers
- Characteristics of protected classifications under California or federal law
- Categories of personal information described in Cal. Civ. Code § 1798.80
- Commercial information (e.g., products or services purchased or other purchasing or consuming histories or tendencies)
- Internet and other electronic activity information
- Inferences drawn from your activity
- Geolocation data
- Sensory data, including audio, electronic, and visual information
- Professional or employment-related information
- Other categories described in California law
- Sensitive personal information
- Inferences drawn from any of the categories of information above to create a profile about an individual reflecting their preferences, characteristics, or predispositions
CANADA
This portion of the Privacy Notice applies to our customers, clients, sub-contractors, and others residing in Canada, and is intended to comply with the Personal Information Protection and Electronic Documents Act SC 2000 c-5 (“PIPEDA”) and relevant provincial laws: British Columbia's Personal Information Protection Act SBC 2003, 63 (“BC PIPA”) and Alberta's Personal Information Protection Act SA 2003, c P-6.5, (“Alberta PIPA”), collectively referred to as PIPA. Special provisions specific to residents of Quebec that are intended to ensure compliance with Quebec's Act Respecting the Protection of Personal Information in the Private Sector, CQLR c P-39.1 (the “Quebec Act”) can be found below. Except where specified, terms used in this section have the same definitions as in applicable Canadian law. If there is a conflict between this section and the Privacy Notice generally, this addendum takes precedence.
BY SUBMITTING PERSONAL DATA TO THE COMPANY, AND/OR BY ACCESSING AND USING THE WEBSITE, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF SUCH PERSONAL DATA IN ACCORDANCE WITH THIS PRIVACY NOTICE, EXCEPT IN LIMITED CIRCUMSTANCES AS PERMITTED OR REQUIRED BY LAW. UNLESS WE HEAR OTHERWISE, YOUR RECEIPT OF OUR PRIVACY NOTICE INDICATES YOUR CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AS DESCRIBED.
Transfers of Personal Data
If you are a resident of Quebec, we may transfer your Personal Data with our subsidiaries and affiliates, service providers, and other third parties who may be located outside of Quebec, including in the United States, for the purposes identified in “How We Disclose Your Personal Data.”
Data Storage, Cross-Border Transfers, and Protection
We may store your Personal Data on servers and systems under our control or on servers and system that we license. To carry out the purposes described in our Privacy Notice, your Personal Data may be transferred and stored outside of Canada, including in the United States. If you are a resident of Quebec, please note that your Personal Data may be transferred and stored outside of Quebec, including in the United States, for these purposes. This means your data may be subject to the laws of other jurisdictions, which may not provide the same level of protection as in your province or in Canada generally. U.S. government or law enforcement agencies may access your data in accordance with U.S. law.
When we transfer Personal Data across borders to a third party, we will take reasonable steps to protect the data from unauthorized use and disclosure. We will only engage third-party processors that have adequate security measures, policies, and staff training in place to safeguard Personal Data. We will proceed with a Privacy Impact Assessment as defined in the Quebec Privacy Act when required to ensure the safety of your Personal Data. We may audit and inspect the third party’s data handling and storage practices when necessary to ensure compliance with these protective measures.
CONTACTING US
If you have any questions about this Privacy Notice, please contact us at Privacy@RH.com.
You may also contact our Data Protection Officer (“DPO”) responsible for your country or region via DPO@rh.com. In your email header, please indicate the country from which you are contacting us.
Please note that email communications are not always secure, so we request that you not include credit card information or other sensitive information in your email messages to us.
You may also contact us by phone or postal mail using the information below.
EUROPEAN UNION
You may write to us at:
Atten: RH Privacy
RH Geneva Sarl
C/O Intertrust (Suisse) SA
Place de Alpes 4
Geneva 1201
UNITED KINGDOM
You may write to us at:
Attn: RH Privacy
RH London Gallery Limited
Aynho Park
Aynho
Banbury
Oxfordshire OX17 3BQ
United Kingdom
NORTH AMERICA
You may call our Client Service team at 1-844-910-1289, or write to us at:
Attn: RH Privacy
RH
2900 North MacArthur Drive
Suite 100
Tracy, CA 95376
RH Privacy Notice
Last Updated: 9 OCT 2023
1. WHEN DOES THIS POLICY APPLY?
RH London Gallery Limited, RH Geneva Sarl, and all of our group companies ("RH" or "we") value our customers and respect your privacy, and we want you to be familiar with how we collect, use and disclose your “Personal Information” (see “Personal Information” below).
This Privacy Notice describes our practices in connection with Personal Information in relation to our UK:
UK website at www.rh.com/gb, part of the “RH Online Properties”;
EU website(s) at www.rh.com/de and www.rh.com/be, all being part of the “RH Online Properties”;
electronic and postal marketing and mailings;
Aynho Park premises, as well as RH’s UK and EU galleries, restaurants, cafés, barista bars, wine vaults, call centres and distribution centres, which are collectively known as “RH Physical Properties”;
providing our products and services to customers; and
other communications you may have with us from time to time,
in each case, including where your Personal Information is processed because you are an employee or end customer of a Trade customer or supplier.
We have prepared this Privacy Notice in accordance with our obligations under UK, EU and Swiss data protection, privacy and electronic communications laws, including the UK GDPR, EU GDPR, and the Swiss Federal Data Protection Act (the “Data Protection Laws”). We set out your rights under the Data Protection Laws at “Your Privacy Rights” below.
We encourage you to read this Privacy Notice before using the RH Online Properties, visiting RH Physical Properties, or otherwise providing any Personal Information to us. A copy of this Privacy Notice is available at RH Physical Properties on request.
IF YOU PROVIDE US WITH PERSONAL INFORMATION RELATING TO ANYONE OTHER THAN YOURSELF YOU REPRESENT THAT YOU HAVE DIRECTED THEM TO THIS PRIVACY NOTICE. If your Personal Information has been provided to us by one of our Trade customers or suppliers, such as in connection with the performance of a contract between you and them or them and us, they are responsible for ensuring that they can lawfully provide your Personal Information to us for the purposes below (including obtaining any relevant consents from you, and directing you to this Privacy Notice).
2. UPDATES TO THIS NOTICE
We may change this Privacy Notice at any time. Please take a look at the "Last Updated" legend at the top of this page to see when this Privacy Notice was last revised. Any changes to this Privacy Notice will become effective on the "Last Updated" date. We recommend that you regularly revisit this Privacy Notice to understand how we continue to process your Personal Information. We will notify material changes to you by email if we have your email address.
3. TRANSFERS TO THE UNITED STATES
We are a US-headquartered business and pride ourselves on providing the best possible global customer experience. We want to make sure that you get the same best-in-class service whenever and wherever you visit us – wherever in the world, virtually or in person. It is core to that customer experience that we centralise your Personal Information and we underpin that global experience by transferring all Personal Information for analysis by our US Head Office and storage in our systems in the US.
We would like you to know that any Personal Information provided to our UK, EU or Swiss business is transferred to RH US (and our US-based service providers) pursuant to:
for ex-UK transfers, the UK Addendum to the EU Standard Contractual Clauses;
for ex-EU transfers, the EU Standard Contractual Clauses; and
for ex-Switzerland transfers, the EU Standard Contractual Clauses with such changes as are required by Swiss laws (respectively).
Where Personal Information is transferred within the RH Group, including to our Waterworks group companies, they are made pursuant to our intra-group data transfer agreement incorporating copies of the above.
4. PERSONAL INFORMATION AND THE “CONTROLLERS” OF YOUR PERSONAL INFORMATION
For the purposes of this Privacy Notice, “Personal Information” means information relating to an identified or identifiable individual.
For the purposes of Data Protection Laws, we will be the “Controllers” of your Personal Information.
5. PERSONAL INFORMATION WE COLLECT
We collect the following Personal Information. Some of this Personal Information directly identifies you as a specific individual (for example, your name and email address) but it also includes other Personal Information that does not obviously identify you, such as by being linked to your name or email address, but otherwise might identify you, such as a unique cookie ID, or customer or order number.
PERSONAL INFORMATION YOU PROVIDE TO US
RH Marketing Communications
When you subscribe to receive our digital email marketing, you will provide us with the following Personal Information:
- Name
- Country (by reference to which RH Online Property you were using at the time)
When you receive our direct email marketing, we may also collect certain information about how you engage with our communications using the Salesforce tracking pixel embedded in those emails. You can disable these by turning off the images in the email using your email application.
When you subscribe to receive our Source Books, you will provide us with the following Personal Information:
- Name
- Postal address
- Postal code
- Country
- Phone number (at your election)
RH Purchases
When you make a purchase with us, you will provide us with the following Personal Information:
- Name
- Postal addresses (billing and shipping addresses)
- Telephone number
- Email address
- Payment details (debit/credit card numbers, bank account information)
RH Account
When you create an RH Account, you will provide us with the following Personal Information:
- Name
- Email address
- A password of your choice (we do not store passwords in plain text)
RH Members Program
When you subscribe to the RH Members Program, you will provide us with the following Personal Information:
- Name
- Postal addresses (billing and shipping addresses)
- Telephone number
- Email address
- Payment details (debit/credit card numbers, bank account information)
Other information collected via the RH Online Properties
When you visit the RH Online Properties, we and our third-party service providers will collect Personal Information via cookies and similar technologies.
Other information collected via the RH Physical Properties
When you visit the RH Physical Properties, we may also collect the following further Personal Information:
- CCTV images and, if you attend an event at an RH Physical Property, images of you in attendance
- Information you expressly provide to one of our Associates while visiting – such as in connection with making an appointment with a Designer, requesting design services or another form of follow-up
PERSONAL INFORMATION PROVIDED TO US BY THIRD PARTIES
In addition to the Personal Information you provide to us, we also receive Personal Information from carefully selected third parties for the purposes set out in this Privacy Notice. (Please see the categories below.) Please know that we will only use and disclose Personal Information in accordance with this Privacy Notice.
Financial institutions
Some financial institutions, including your credit card company and your bank, provide us with personal information related to your account with them and your usual purchase behaviour for processing your purchases and fraud detection.
We and our third party payment service providers may request, and may receive from any of your payment card issuers or any payment card network, updated payment card information, such as cancellation of any payment card account, or updated payment card numbers or expiration dates. If such updated information is provided to us and/or any of our third party payment service providers, we may use that information to process any payment that you have authorised us to charge to such payment card, including payment for any outstanding balances owed by you on any purchase. Your payment card issuer may allow you to opt out of providing updated card information. For more information, please contact your payment card issuer.
Postal and source book marketing and advertising agencies, partners, networks, and co-operatives
We partner with postal marketing co-operatives, networks and partners who provide us with Personal Information and aggregated insights, and to whom we provide Personal Information to:
- help us keep your Personal Information up-to-date (in accordance with our obligations under Data Protection Laws) – such as helping us (a) make sure we send your Source Book to the right address, (b) combine or delete duplicate copies of your information and (c) choose the most appropriate means of delivering your Source Book
- provide us with names and postal addresses of prospective RH customers for us to conduct postal direct marketing (including delivery of our Source Books) to those individuals
- provide us with insights on how we can improve our customer experience, including what our customers buy from us and other businesses
- combine your Personal Information with aggregated (e.g. demographic) or household information so that we can send you more relevant direct postal mailings and Source Books. (When this aggregated or non-identifiable information is linked to your RH customer record, it may also constitute your Personal Information.)
Please see more information at “Promotional Partners” below.
Services providers
Our fraud-checking service providers provide us with services that help us check whether a transaction is fraudulent.
Our trade customers and suppliers
Where you are an employee of one of our trade customers or suppliers, they may provide us with your Personal Information so that we and they can administer our business relationship.
Where you have engaged one of our trade customers to provide services or products to you, they may procure our products and services and provide us with your name and address for processing and delivering your purchases and suggesting other suitable products.
Other information collected from publicly available sources
We may also process certain Personal Information where you have made such Personal Information public (such as through public social media or business contact information sites).
6. HOW WE USE PERSONAL INFORMATION
We may use the Personal Information set out above for the following purposes, on the following lawful bases. If you do not provide any of the Personal Information set out in this table, we may not be able to perform the relevant “Use” set out below. For example, if you do not provide any of the Personal Information required for us to enter into a contract with you, we will be unable to perform that contract.
| USE/PURPOSE | DATA | LAWFUL BASIS |
| To send you direct marketing emails to which you have subscribed | Name Email address |
Consent |
| Postal direct marketing where you have provided an indirect “opt-out” (via e.g. the UK Mail Preference Service) but have provided your explicit consent to us sending you such postal marketing. | Name Postal address |
Consent |
| To send you emails about third party products and services we think you’ll enjoy where you have subscribed to those emails | Name Email address |
Consent |
| To use cookies on the RH Online Properties | As applicable to the relevant cookie(s) | Legitimate Interests or Consent |
| To store your payment information for future purchases (You may withdraw your consent permitting RH to store your payment information by adjusting your settings in "My Account".) | Payment information (including debit/credit card information) | Consent |
| To take preparatory steps prior to your order with us (e.g. to carry out and tailor your design consultations with our designers) | Name Telephone number Email address Postal address (billing and delivery) Design requirements |
To take steps at your request prior to entering into a contract with us |
| To administer and fulfil the terms of our promotions, special offers and competitions. (Please note that certain promotions may have additional rules or policies, which could contain different or additional information about how we use and disclose your Personal Information in connection with that promotion. Please read any such rules or policies carefully − in the event of a conflict between such rules or policies and this Privacy Notice, such rules or policies will govern) | Name Email address Postal address Telephone number |
Performance of a contract |
| To fulfil your purchases and associated services, such as confirming your order, sending you service communications about your order, confirming your payment details (including with your bank and other third parties), delivering your products, processing returns and refunds and fulfilling warranty claims | Name Telephone number Postal address (billing and delivery) Email address Order/project description Financial/payment details Purchase history |
Performance of a contract |
| To provide you with your RH Member Program benefits | Name Email address Postal address (including billing and shipping addresses) Telephone number Payment details (including debit/credit card numbers) |
Performance of a contract |
| Enforcing the terms and conditions of our contracts with you | Name Address Your purchase information (where relevant) Such other Personal Information as is required by the relevant contract |
Performance of a contract |
| Protecting the rights, privacy and security of our employees, other customers and other visitors to our RH Online Properties and RH Physical Properties | Name |
Compliance with our legal obligations where applicable, such as:
|
| To send you important information regarding changes to our marketing practices or terms (e.g. updates to this Privacy Notice and our terms of sale or service) | Name Contact information Records relating to these communications |
Performance of a contract Compliance with our legal obligations, such as the UK Consumer Rights Act |
| To comply with our other legal obligations (e.g. in accordance with our obligations under Data Protection Laws to keep personal data secure) | All Personal Information set out in this Privacy Notice | Compliance with our legal obligations |
| To comply with legal process, including responding to requests from judicial, public and government authorities, including those outside your country of residence, to protect our operations or those of any of our Affiliates | Such Personal Information as is required by the relevant request. | Compliance with our legal obligations |
| The purposes set out below | The Personal Information set out below | Legitimate Interests (as set out below) |
Where we rely on “legitimate interests”:
| USE/PURPOSE | DATA | LEGITIMATE INTEREST |
| To respond to your inquiries and fulfil your requests, and to contact you if necessary | Name Email address Preferred means of communication |
To service our customers and prospective customers |
| Maintain and update your customer record, including your order history and preferences | Orders, purchases, exchanges and returns Wish lists Gender Date of Birth Information regarding major events such as weddings, child births and the purchase of a new home Demographic information, such as: your town/city, county, postcode |
To service our customers and analyse and improve our products and services |
| Send you direct marketing emails where RH relies on the “soft opt-in” – i.e. you have previously purchased products from us and have not opted out of receiving marketing messages. | Name Email address Purchase History |
To publicise our products and services to our existing customers |
| To carry out telephone direct marketing | Name Telephone number |
To publicise our products and services to our existing customers |
| To improve our customers’ experience, including by learning more about your preferences and personalising the direct marketing and other communications we send you. | All Personal Information set out in this Privacy Notice | To personalise and promote more relevant products and services to our customers and prospective customers |
| To analyse trends and statistics in connection with our RH businesses, RH Online Properties and RH Physical Properties, electronic direct marketing and source book mailings, including to measure the success of marketing campaigns and to compile statistics about usage, conversion and response rates. | All Personal Information set out in this Privacy Notice | To enhance our business offering and improve our customers’ experience |
| Deploy CCTV at our RH Physical Properties | Images collected via CCTV deployed at RH Physical Properties | To protect our business, and the safety and privacy of our employees, customers and other visitors to our RH Physical Properties |
| Deploy those cookies that are necessary to secure our RH Online Properties and provide you with the services you request | Strictly necessary cookies | To protect our business, and the safety and privacy of our employees, customers and other visitors to our RH Physical Properties, and to provide you with the services you request |
| To collate and enrich our business relationship management systems, to identify new business or corporate leads and recognise when a business contact moves company | Business contact information, such as name, role, business email address Other publicly available information Information contained in RH administrative systems (e.g. emails with the relevant individual) |
To publicise our corporate business |
| To administer our Trade Sales and Contract Sales arrangements where you are an employee of the relevant corporate customer | Business contact information (e.g. Name, role, business email address) | To provide our products and services to our corporate clients |
| Share Personal Information with our Promotional Partners (see more detail at “Postal and source book marketing and advertising agencies, partners, networks, and co-operative” above, and “Promotional Partners” below) | Name Postal address Purchase History |
Our legitimate interests in enhancing our direct marketing services and customer experience offering.The legitimate interests of our data partners and the other members of the relevant data co-operatives in enhancing their direct marketing services and customer experience offering. |
| To enforce our legal rights, to enforce our terms and conditions, to protect our systems from criminal damage or access | Such Personal Information set out in this Policy as required on a case-by-case basis | To enforce our legal rights and pursue available remedies or limit the damages that we may sustain |
| To transfer your Personal Information to our head office and central systems located in the US | All Personal Information | To enhance our customer experience, improve our business processes and operations and secure and de-duplicate Personal Information |
| Share your Personal Information with and receive your Personal Information from our other group companies, including the Waterworks group.Please see the Waterworks privacy policy available here: https://www.waterworks.com/us_en/privacy-policy | All Personal Information | To enhance our customer experience, improve our business processes and operations and secure, send postal direct marketing to our group companies’ customers (and for our group companies to send postal marketing to our customers) and updates and de-duplicate Personal Information |
| Where you are a business contact at a trade customer, to send your business information by email, postal mail, telephone and other means about our and our group companies’ products, services, and other promotions | Name Email address Preferred means of communication |
To service our trade customers and prospective customers |
| Where you are a business contact at a trade customer or supplier, to carry out the processes above for which we would otherwise have relied on “consent” or “performance of a contract” were you a consumer | As set out above | To service our trade customers/suppliers and prospective customers/suppliers, and carry out our trade business |
| Use of CCTV in our buildings | Name CCTV footage Cookies |
Protecting the rights, privacy and security of our employees, other customers and other visitors to our RH Online Properties and RH Physical Properties |
SPECIAL CATEGORY PERSONAL INFORMATION AND PERSONAL INFORMATION RELATING TO CRIMINAL OFFENCES AND PROCEEDINGS
Under Data Protection Laws we have greater obligations in relation to processing:
- special categories of Personal Information – such as information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, health or sex life or sexual orientation; and
- Personal Information relating to criminal offences and proceedings.
We will only ever process any such Personal Information in very limited circumstances, such as set out below. It is important to us that we only hold this information where necessary or you have provided it to us so that we can enhance your customer experience. Please know that we take our responsibilities in relation to such sensitive data very seriously and will only retain it for as long as strictly necessary and then delete such information. If you do not provide any of the Personal Information set out in this table, we may not be able to perform the relevant “Use” set out below.
Please do take care not to provide to us any special categories of Personal Information or any Personal Information relating to criminal offences and proceedings relating to any other person.
| PURPOSE | DATA | LAWFUL BASIS/ES |
| Where you are celebrating some exciting personal news or a religious festival or other celebration at an RH Physical Property | Information concerning health Information relating to religious or philosophical beliefs Information concerning sex life or sexual orientation |
Consent Information manifestly made public |
| Where you have some exciting personal news or are celebrating a religious festival which means you may be unavailable for a while | Information concerning health Information relating to religious or philosophical beliefs Information concerning sex life or sexual orientation |
Consent Information manifestly made public |
| Where you choose to provide us with this information because cannot make an appointment with us because you or another person is unwell, or are taking an extended leave of absence | Information concerning health | Consent |
| Where you choose to provide us with this information so that we can make sure that you’re comfortable at RH Physical Properties (e.g. you need us to make certain adjustments to our premises accommodate an allergy) | Information concerning health | Consent |
| Where If you or another person falls ill at our RH Physical Premises (and you are unable to provide your consent) and we need to provide your health information to a third party (e.g. a healthcare professional) | Information concerning health | Necessary to protect the vital interests of you or of another individual where you are incapable of giving consent |
| If you are a beneficiary of our employees’ benefits or pensions arrangements and the information collected in relation to those arrangements reveals information about you. (Please note that that employee should provide you with a copy of this Privacy Notice and their Associate Privacy Notice.) | Information concerning sex life or sexual orientation Information concerning health Information relating to religious or philosophical beliefs Information relating to racial or ethnic origin |
Necessary for carrying out our obligations and exercising our rights in the field of employment and social security law Substantial public interests (occupational pensions) |
| Where necessary for us to establish or exercise our legal rights or defend a legal claim or ensure a safe workplace for our employees (e.g. if you, an employee or another person makes a complaint involving these types of Personal Information against another customer, us or an employee) | All special categories of Personal Information | Necessary for the establishment, exercise or defence of legal claims Necessary for carrying out our obligations and exercising our rights in the field of employment and social security law |
| Where we believe you may have committed a crime, such as fraud, or breached our terms of purchase, or booking terms or are suspected of committing a crime on the RH Online Properties or in the RH Physical Properties, and we need to provide that information to law enforcement or use it to establish, exercise or defend a legal claim | Personal Information relating to criminal offences | Our legitimate interests in protecting our business, employees and other customers Compliance with our legal obligations Processing is necessary to protect the vital interests of another person Substantial public interests (preventing or detecting unlawful acts) Making a legal claim |
COMBINING PERSONAL INFORMATION AND PROFILING
To provide you with the best customer experience, wherever possible, we combine the information we collect through your different interactions with us into your one RH customer record. We also combine this information with the Personal Information and aggregated information we receive from third parties (please see above). We use this information to tailor your experience with us, so that you always get the same impeccable customer experience however you choose to interact with us.
HOW PERSONAL INFORMATION IS DISCLOSED
We may disclose Personal Information:
- To our third-party service providers, who provide services such as website hosting, data storage, data analysis, payment processing, order fulfilment, IT services and infrastructure, customer service, email delivery and administration, credit card processing, Source Book delivery and administration, auditing and other similar services, to enable them to provide their services to us and so that we can provide our services and products to you.
- To our RH subsidiaries and affiliated entities (collectively, our "Affiliates") for the purposes set out in this Privacy Notice.
- Where you have subscribed to receive third party sponsored promotions or we or they have a legitimate interest in doing so, to those third-party sponsors
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceeding)
- Where required by law or to effect or comply with our legal rights and obligations, to judicial, public or law enforcement authorities and our professional advisers.
- Where you have subscribed to receive third party marketing or where it is in our or their legitimate interests to do so (see above), to selected third parties ("Promotional Partners"), to permit them to send to you marketing communications, or to enhance their own marketing communications, products and services (see the section on “Promotional Partners” below).
7. THIRD PARTIES AND THIRD-PARTY SITES
WHERE YOU SUBMIT PERSONAL INFORMATION TO A THIRD PARTY
To the extent that you submit any Personal Information to any third party (for example, via a third-party software application or service – including any social media service – that is included in, available through or linked to from the RH Online Properties), such third party’s collection, use and disclosure of such information may be governed by its privacy notice, and not by our Privacy Notice. We recommend that you familiarize yourself with the privacy policies and practices of any such third parties.
PROMOTIONAL PARTNERS
We provide Personal Information to our direct marketing partners for their own legitimate business purposes (and those of their other clients), such as creating market reports and matching purchasers across purchases made with other clients. Please note that where we provide your Personal Information to these third parties, they will act as an independent “controller” of your Personal Information. We use the following Promotional Partners:
Experian
Your personal data is shared with Experian Ltd for the purposes of managing a service called Club Canvasse, a home shopping and direct retailer data co-operative of which we are members. By sharing information on what customers buy and pooling that with contributions from other members of the co-operative, the service allows us to better understand our customers and to communicate with you more effectively. Please note, your Personal Information is not shared directly with other members of the co-operative, and only aggregated data on the number and value of purchases is provided to members e.g. we will receive a report which states how many customers who have bought from us in the last 0-12mths, and who have also bought from other members of the co-operative in the last 0-12mths.
We also receive names and postal addresses from Experian Ltd in relation to the Experian ConsumerView database to identify and send postal mailings to other individuals who might enjoy our products or services.
For more information, to opt out of marketing by other members of ConsumerView or remove your details from ConsumerView and Club Canvasse please see the Experian Consumer Privacy Policy and Consumer Information Portal. You may also contact us via the details at “Contacting Us” below. To understand more about Experian please visit Experian’s website.
Epsilon
We are a member of the Abacus Alliance of companies managed by Epsilon International UK Ltd. Participating retailers share information on what their customers buy so that we and they can send postal marketing to new prospective customers who might like our and their products. Epsilon also analyses this pooled information to understand consumers’ wider buying patterns. For more information, to opt out of marketing by other members of the Alliance or remove your details from the Alliance please see the Epsilon Services Privacy Policy. You may also contact us via the details at “Contacting Us” below.
Choreograph
We receive names and postal addresses from Choreograph SAS in order to send postal marketing to new prospective customers. Please see the IBehavior Privacy Policy for more information on Choreograph’s practices and to opt out of their use of your Personal Information. You may also contact us via the details at “Contacting Us” below.
TwentyCi
We receive names and postal addresses, and non-identifiable household information from TwentyCi Limited. TwentyCi provide this to us as an independent controller – therefore please visit their privacy policy here: Data Privacy Policy. You may also contact us via the details at “Contacting Us” below.
8. SECURITY
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information under our control. For example, we seek to use Secure Sockets Layer ("SSL") technology for the placement of orders. Unfortunately, no data storage system or data transmission over the Internet can be guaranteed to be 100% secure.
Please exercise caution in submitting Personal Information via the RH Online Properties, especially if you are accessing the RH Online Properties using a WiFi hotspot or public network. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account that you might have with us has been compromised, or if you are unable to utilize our SSL technology in connection with the RH Online Properties), please immediately notify us of the problem and place any orders with us over the telephone or in person, instead of using the RH Online Properties. You may contact us in such circumstances in accordance with the "Contacting Us" section below.
9. YOUR PRIVACY RIGHTS
You have certain rights under Data Protection Laws regarding our use and disclosure of your Personal Information, regardless of whether such information is collected by us through the RH Online Properties or otherwise.
Marketing communications
You have the following rights in relation to receiving RH promotional materials.
- Receiving promotional catalogs/Source Books from us:
If you no longer want to receive promotional catalogs/Source Books from us, you can object to receiving such communications, at any time, by contacting us in accordance with the "Contacting Us" section below. In each case, please specify that you wish to unsubscribe and include your full name and postal address. - Receiving promotional emails from us:
If you no longer want to receive promotional emails (such as information about new products, special offers and sales events) from us, you can withdraw your consent to, or object to, receiving such communications, at any time, by:- clicking the "unsubscribe" link in any promotional email; or
- contacting us in accordance with the "Contacting Us" section below, specifying the types of marketing communications from which you want to unsubscribe and including your full name and email address.
Please note that if you do withdraw your consent to or opt-out of receiving marketing-related messages from us, we may still send important administrative messages to you, and you cannot opt-out from receiving such administrative messages. For example, when you place an order, we will continue to confirm your order and shipment status by email. We may also need to contact you via telephone, email or postal mail with information or questions regarding your order.
Your other rights
- Our sharing of your Personal Information with Affiliates, Promotional Partners and other third parties for their marketing and analytics purposes and other legitimate interests: If you no longer want us to share your Personal Information on a going-forward basis with our Affiliates, Promotional Partners and other third parties for their own purposes you may submit a request to opt-out of such sharing by using our online Opt-Out Privacy Request form. In contacting us, please include your full name and the contact information that you no longer wish to be shared.
- Deletion of Personal Information where there is no longer a legitimate reason for us to keep it: If you no longer want us to retain your Personal Information, you may submit a request to delete your Personal Information. In contacting us, please include your full name and the Personal Information that you wish to be deleted. Please Note: There are some instances in which RH will retain your Personal Data even if you make a deletion request. Generally, we retain information to comply with legal obligations or to protect or defend our legal rights. For example, we may need to retain your purchase history so that we can fulfil our warranty and tax obligations to you and public authorities. If we decline to delete data after you have requested deletion, we will respond to you with our reasons.
- Changing your Personal Information:
We welcome your request to update any Personal Information we hold about you that is incorrect. You may submit a request to update your Personal Information, specifying the information that is incorrect and how it should be corrected. - Accessing your Personal Information:
You may request a copy of the Personal Information we hold about you. You may also request a copy of your Personal Information that you have provided to us in a portable format where we rely on consent or process that Personal Information using automated means, and (where technically feasible) for that information to be transferred to another controller. - Withdraw your Consent:
Where we rely on “consent” as the lawful basis to process your Personal Information (see above), you have the right to withdraw that consent at any time. - Restriction of use:
You have the right to request that we restrict use of your Personal Information where one of the following applies:- You contest the accuracy of the information, for a period enabling the controller to verify the accuracy of the personal data;
- You believe our use is unlawful and oppose the deletion of the Personal Information;
- You believe we no longer need the Personal Information for our purposes, but you need it to establish, exercise or defend a legal claim; or
- Where we rely on “legitimate interests” to use the Personal Information in a certain way but you object to that use, pending a verification of whether our legitimate grounds override yours.
Please note that we may still have the right to use that Personal Information where you make such a request, however, we will notify you if that is the case.
- Objection:
You may object on grounds relating to your situation to our use of your Personal Information where we rely on “legitimate interests”, including profiling. For example, you can object to our use of your Personal Information for direct marketing purposes at any time. Complaints to a regulator:
If you are unhappy in any way with how we process your personal data, please do let us know first by contacting us on the details below so that we have the chance to put it right. However, please know that you also have the right to complain to the supervisory data protection authority located in your jurisdiction:In the UK, the data protection regulator is the Information Commissioner’s Office: https://ico.org.uk/
A list of National Data Protection Authorities in the EU can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
In Switzerland, the data protection regulator is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home.html.
Except where otherwise set out above, you can submit a request in relation to these rights by using our online Privacy Request form at https://preferences.restorationhardware.com/privacy, by emailing us at Privacy@RH.com or calling our UK customer service team on +44 800 279 3707, or our EU and Swiss customer service team on +49 211 5401389200 (Germany) or +32 800 38291 (Belgium).
Please note that, in each case, we may need to ask for additional information in order to confirm your identity and/or ensure that the Personal Information relating to your request actually relates to you and not some other person. We will try to comply with your request(s) as soon as possible and in accordance with the time frames set out in the Data Protection Laws.
10. HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
We will keep your Personal Information for as long as we reasonably require and, in any event, only for as long as Data Protection Laws and our internal retention policies permit.
11. MINORS
Individuals under the age of sixteen (16) are not permitted to make purchases, subscribe to our marketing communications or otherwise use the RH Online Properties. It is important to us that we do not process information about any individuals under the age of sixteen (16). Therefore you must not provide us with any Personal Information relating to any individuals under the age of sixteen (16) (or permit any such individuals to subscribe to our communications, use the RH Online Properties or provide us with their Personal Information).
12. CONTACTING US
If you have any questions about this Privacy Notice, please contact our Privacy Team at Privacy@RH.com.
Please note that email communications are not always secure, so we request that you not include credit card information or other sensitive information in your email messages to us.
You may also contact us by calling our:
- UK customer service team on +44 800 279 3707, or writing to us at:
RH Privacy
RH London Gallery Limited
Aynho Park
Aynho
Banbury
Oxfordshire OX17 3BQ
United Kingdom
or
- our EU and Swiss customer service team on +49 211 5401389200 or +32 800 38291, or writing to us at:
RH Privacy
RH Geneva Sarl
C/O Intertrust (Suisse) SA
Place de Alpes 4
Geneva 1201
Switzerland