Cookies and privacy policy

TJX Europe Privacy Statement and Cookies Policy

Effective Date: December 2022

The TJX Companies, Inc. and its affiliates (collectively, “TJX”, “we”, “us” or “our”) operate our stores, websites, and mobile apps. This Privacy Statement pertains to the personal information we collect or generate about our customers in our stores, on our websites, or via mobile apps. This Privacy Statement describes the types of information collected, and how your information is used, shared and protected. It also explains the choices you have relating to your information and how you can contact us.

The TJX entity responsible for processing your information (the “data controller”) will depend on where you are located. Refer to Appendix A for information about the data controllers. Please note that T.K. Maxx and HomeSense are trading names of the data controllers.

Information we collect

The categories of information about you that we may collect, use, disclose and otherwise handle may vary by country and applicable law. Typically, we will collect, store and process information about you if you use our websites to view or buy products, e-vouchers or gift cards, or if you voluntarily provide us with such information, for example when you subscribe to our mailing list, enroll in our loyalty programme, enter a promotion or competition, contribute content about yourself to our websites, whether by direct upload, posting such content to one of our social media pages or by using a hashtag or other identifier that we use to integrate social media content with our websites, or if you apply for a job or take part in inquiries or surveys. This information will be processed by electronic means and includes:

• contact details including name, e-mail, telephone number and address;
• login and account information, including screen name, password and unique user ID;
• personal details including gender and date of birth;
• payment or credit card information;
• personal preferences including your marketing and cookie preference;
• content you may provide via a form on our websites;
• your image and any personal information that you include in content that you contribute to our websites (such as comments, photos and videos) as well as the name of the social media account from which you contribute that information; and
• other personal information you provide to us on our websites, via mobile apps, on feedback forms, in our stores or when you interact with us in other ways, both online and offline.

Our website collects certain information by automated means when you visit us. You can learn more about this activity by visiting our TJX Europe Cookie Policy below.

Use of information

Subject to applicable law, we may collect, use, disclose or otherwise handle your information in pursuit of our legitimate business interests while maintaining appropriate technical and organizational measures to protect the information. These interests include to:

• enable the use of and make improvements to our websites;
• send direct marketing materials to you if you have agreed for us to do so;
• operate, evaluate and improve our business and websites;
• manage customer, supplier and vendor relationships;
• enroll you in and administer our loyalty and other rewards programs upon your request;
• improve merchandise selections and customer service;
• identify your product and service preferences;
• notify you about new products, services, features, promotions, events and special offerings relating to TJX that we think you will find valuable; and
• administer your participation in promotions, contests and sweepstakes.

Where we have a contract with you, we process your personal information as necessary for performance of the contract. This includes to:

• process business transactions and related activities; and
• supply our goods and services.

We also may use the personal information we collect to protect us against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal and regulatory requirements, industry standards, and our policies and terms. We use personal information for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by a law that applies to us. This includes to:

• verify your identity in certain instances (such as when you return merchandise or request a refund);
• meet any legal and regulatory requirements; and
• secure our operations and protect against, identify and help prevent fraud, unauthorized activity, claims and other liabilities and minimize risk.

If we plan to use the personal information that you provide to us for other purposes beyond those described above, we will provide you with information about that processing at the time of collection.

Sharing information with third parties

We do not sell, otherwise disclose, or share information we collect and hold about you, except as described in this Privacy Statement.

We share personal information with third parties who perform services on our behalf. We use third parties to host our websites or mobile apps, operate certain of its features, send e-mails, print or send mailings, run our sweepstakes, contests or other promotions, conduct customer research, authorize and process your payments, manage and analyze data and our advertising effectiveness, provide customer support, manage customer claims, prevent fraud, protect our assets and data, and fulfill orders. These third parties are not authorised by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. Any personal information shared with such third parties is protected as described below.

Subject to applicable law, we may also share the personal information we obtain with our affiliates, subsidiaries and other group companies for the purposes described in the prior paragraph. If we share your personal information with such entities, we will ensure that an adequate level of protection is in place to protect your personal information in accordance with applicable law.

We also may disclose information about you: (i) if we are required to do so by law, regulation or legal process (such as a court order or subpoena) including lawful requests by public authorities to meet national security or law enforcement requirements; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) for the purpose of or in connection with legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights; or (iv) when we believe disclosure is necessary or appropriate in connection with an investigation of suspected or actual illegal activity.

We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation), but only where we have first taken reasonable steps to ensure the security and confidentiality of your information.

How we protect your information

We maintain appropriate technical and organisational measures to protect personal information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. However, we cannot guarantee the effectiveness of these safeguards, and nothing in this notice shall be construed as an express or implied warranty against loss, misuse or unauthorized access, disclosure, alteration or destruction.

Service providers who might have access to your information in order to provide services on our behalf will be contractually obliged to keep such information in confidence, implement adequate data security measures, and may not use that data for any other purpose.

Links to other websites

Our websites may contain links to other third party websites for your convenience and information. These websites may operate independently from us. Linked websites may have their own privacy policies or notices, which we strongly suggest you review if you visit any linked website or applications. We are not responsible for the content, use or privacy practices of any website or applications that are not affiliated with us.

Retention of your information

We take reasonable steps to ensure that the information we process is reliable for its intended use, is accurate, up-to-date and complete, and is limited to the information required to carry out processing for the purposes described in this Privacy Statement. We retain your information for as long as necessary to fulfil the purposes for which we collect it, except if required otherwise by law.

Data transfers

We may transfer to and store the information we collect about you in countries other than the country in which the information was originally collected, including the United States and other destinations outside the European Economic Area (“EEA”), in accordance with applicable law. Those countries may not have the same data protection laws as the country in which you provided the information. When we transfer your information to other countries, we will protect the information as described in this Privacy Statement and comply with applicable legal requirements providing adequate protection for the transfer of information to countries outside the EEA. This includes by entering into the European Commission’s EU Standard Contractual Clauses with the data recipient or ensuring that the data recipient has implemented Binding Corporate Rules. To obtain a copy of the safeguards we have put in place, please contact us as indicated below.

Please note that individuals in Poland have the right to object to data transfers to other data controller entities within the TJX group.

Your rights

Subject to applicable law, you may have certain rights with respect to our processing of your information. You may have the right to request access to the information we hold about you, obtain confirmation as to whether or not information concerning you exists, be informed of the content and source of such information and check its accuracy. In addition, subject to applicable law, you have the right to correct, update, erase, restrict, or object to the use of, your information held by us.

Also subject to applicable law, you have the right to receive a copy of your personal information in a structured, commonly used, machine readable format, including a right to have that personal information transmitted to another organization.

If you change your mind and no longer wish to receive marketing communications from us, you have the right to request that we cease sending marketing communications, whether by e-mail or otherwise, to you. You can do this by:

• checking the applicable box(es) on any form we may use to collect information from you;
• clicking the unsubscribe link displayed in any of our marketing e-mails; or
• otherwise requesting that we do not process your information for marketing purposes.

You can withdraw any consent given to us at any time and free of charge, but you may no longer be able to benefit from our services if you do so.

To exercise these rights or to make a complaint or submit an inquiry about our privacy practices, please contact us by email at data_protection@tjxeurope.com or write to us at:

Data Protection Officer
TJX Europe
73 Clarendon Road
Watford
WD17 1TX
United Kingdom

To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information.

You also may lodge a complaint with the data protection authority in your country if you are not satisfied with our response.

Updates to our privacy statement

This Privacy Statement may be updated periodically and without prior notice to you to reflect changes in our processing of your information and privacy practices. We will post a prominent notice on each of the applicable websites to notify you of any significant changes to our Privacy Statement and indicate at the top of the Privacy Statement when it was most recently updated.

TJX Europe cookies policy

Effective Date: December 2022

The TJX Companies, Inc. and its affiliates (collectively, “TJX”, “we”, “us” or “our”) operate our stores, websites, and mobile apps. We collect certain information by automated means when you visit us, such as how many users visited our websites and the pages accessed. We collect this information through various means such as "cookies," "web beacons" and IP addresses, as described in this policy.

The TJX entity responsible for processing your information (the “data controller”) will depend on where you are located. Refer to Appendix A for information about the data controllers. Please note that T.K. Maxx and Homesense are trading names of the data controllers.

MANAGE MY COOKIES

Cookies

Like many companies, our websites may use "cookies." Cookies are bits of text that are placed on your computer's hard drive when you visit certain websites. We may use cookies to tell us, for example, whether you have visited us before or if you are a new visitor and to help us identify site features in which you may have the greatest interest. Cookies may enhance your online experience by saving your preferences while you are visiting a particular site.

Web beacons

Certain pages on our websites may contain "web beacons" (also known as Internet tags, pixel tags and clear GIFs). These web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party.

IP addresses

An IP address is a unique identifier that certain electronic devices use to identify and communicate with each other on the Internet. When you visit our websites, we may view the IP address of the device you use to connect to the Internet. We use this information to determine the general physical location of the device and understand from what geographic regions our website visitors come. We also may use this information to enhance our websites.

Categories of cookies and other automated technologies

Cookie list

Strictly necessary cookies.

These cookies are essential in order for our site to operate properly and enable you to use its features. Without these cookies, certain services (like shopping carts, etc.) cannot be provided.

Provider	Cookie	Function	Duration	First/Third Party
Drupal	SSESS###########	This cookie is used by Drupal to link a user to a session so that information about their visit can be stored on the server as they move from one page to the next. This cookie also helps avoid session highjacking.	Session	First Party
Drupal	SSESS0dee5d4ab0c72846ecf90666eb2a38ef	This cookie is used by Drupal to link a user to a session so that information about their visit can be stored on the server as they move from one page to the next. This cookie also helps avoid session highjacking.	Session	First Party
Drupal	has_js	Most commonly associated with the Drupal content management system. Drupal uses this cookie to indicate whether or not the visitors browser has JavaScript enabled.	Session	First Party
Gigya	gmid	Used to identify the logged in user. If declined, the user cannot login to the system.	Session	First Party
Gigya	hasGmid	Internal cookie for the Web SDK. If declined, user may be intermittently logged out.	13 Months	First Party
Gigya	ucid	Unique computer identifier used for generating reports, and used by the Web SDK to get saved response.	13 Months	First Party
Gigya	gig_bootstrap_3_	Internal cookie for the Web SDK.	365 Days	Third Party
Gigya	gig_canary	Indicates whether the client is using the canary version of the Web SDK.	365 Days	First Party
Gigya	gig_canary_ver	The version name of the Web SDK's canary version.	Session	First Party
Gigya	apiDomain_3_gTNlxQv0D4i6o5nlOJLSgDkZgGWYS5VJtUeCmzxa2_t9A2lV0LgVSBcEbHvUiBcW	The shared domain API calls for all sites in a group should be sent to.	365 Days	Third Party
Gigya	gig_canary_3_gTNlxQv0D4i6o5nlOJLSgDkZgGWYS5VJtUeCmzxa2_t9A2lV0LgVSBcEbHvUiBcW	Used to indicate whether the user is using the canary version of the Web SDK.	365 Days	First Party
Gigya	gig_canary_ver_3_gTNlxQv0D4i6o5nlOJLSgDkZgGWYS5VJtUeCmzxa2_t9A2lV0LgVSBcEbHvUiBcW	Used to indicate whether the user is using the canary version of the Web SDK.	Session	First Party
Gigya	apiDomain_XXXXXX	The shared domain that the Gigya identity management API calls for all sites in a group should be sent to.If declined, SSO will not function.	365 Days	Third Party
Gigya	_gig_lt	Used for authentication to the site.	365 Days	First Party
Gigya	gig_toggles	This value is sent to SAP Customer Data Cloud in order to identify toggles that the back-end behavior depends on to process the specified toggle. Required for SDK defined toggles to function.	365 Days	First Party
Gigya	glt_3_ueOG1Roxo1kudtUh_CFamduClcEbERv09l5gKthMqk66DO5bBSaxeb5KEt94sB66	Used for authentication to the site.	365 Days	First Party
Gigya	gltexp_3_ueOG1Roxo1kudtUh_CFamduClcEbERv09l5gKthMqk66DO5bBSaxeb5KEt94sB66	Used to control the expiration of login tokens.	365 Days	First Party
Gigya	glt_xxxxxx	Used as a security measure to ensure only a designated user can log into their account.	365 Days	First Party
Gigya	gltexp_XXXXXX	Used to control the expiration of login tokens.	Dynamic	First Party
Google	uvisited	Set by our custom module which confirms that the lightbox banner popup on the homepage has been displayed and there’s no need to display it again on the next page view	Session	First Party
Google	popupOrder	This cookie stores the lightbox banner popup on the homepage order values.	30 days	First Party
Google	popupOrderShow	This cookie store a 1 or 2 value (if the user visited for the first time the value will be 1 and will appear the popup no 1, if the user visited second time the value will be 2 and the popup showed will be the 2nd one).	Session	First Party
OneTrust	eupubconsent	Used to store the user's consent to the data collection purposes. The cookie holds an encrypted consent string that vendors participating in the IAB framework can read and determine the user's consent.	365 Days	First Party
OneTrust	OptanonAlertBoxClosed	Used to identify users who are shown the site information notice and in some cases only when they have actively closed the notice down. It enables the site not to show the message more than once to a user.	365 Days	First Party
OneTrust	OptanonConsent	Used to store information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given.	365 Days	First Party

Targeting cookies

These cookies are used to deliver adverts more relevant to users based on their interests. They can also be used to limit the number of times users see an advertisement as well as help measure the effectiveness of an advertising campaign. They can be placed on a device by us or by a third party with our consent. For example, where you choose to link to various social networks (such as Facebook, Twitter and Pinterest) via our website, these social network sites may place cookies on your device and use these to target advertising to you on their or other websites.

Provider	Cookie	Function	Duration	First/Third Party
AddToAny	__cfduid	This domain is owned by AddToAny. The main business activity is: These cookies are for the purpose of sharing pages and content that interests you on our site through third party social networking or other websites.	365 Days	Third Party
Facebook	_fbp	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers	90 Days	Third Party
Facebook	fr	Contains browser and user unique ID combination for targerted advertising purposes.	90 Days	Third Party
Flashtalking.com	flashtalkingad1	Set by flashtalking.com. Used to register what ads the user has seen.	2 Years	Third Party
Google	_gat_gtag_xxxxxxxxxxxxxxxxxxxxxxxxxxx	Used to throttle the request rate - limiting the collection of data on high traffic sites.	10 minutes	First Party
Google	IDE	This cookie is set by Google and is activated when a user plays videos that are embedded on our website from Youtube.	365 Days	Third Party
Google	test_cookie	This cookie is set by Google to enable advertising to be displayed to the visitor	15 minutes	Third Party
YouTube	CONSENT	Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website.	2 years	Third Party
YouTube	GPS	Detecting a unique ID on mobile devices to enable tracking based on geographic GPS location.	Session	Third Party
YouTube	VISITOR_INFO1_LIVE	This cookie is used as a unique identifier to track viewing of videos	Session	Third Party
YouTube	YSC	Tracking views of embedded videos.	Session	Third Party

Performance/Analytics cookies

These cookies collect information about how visitors interact with our websites, such as what pages are visited and what errors may have occurred. The information collected is used to improve how our websites work.

Provider	Cookie	Function	Duration	First/Third Party
Google	_ga	Used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in the site and used to calculate visitor, session and campaign data for the sites analytics reports.	2 years	First Party
Google	_gat	Used to throttle the request rate - limiting the collection of data on high traffic sites.	10 minutes	First Party
Google	_gid	Used to store and update a unique value for each page visited.	24 hours	First Party
New Relic	JSESSIONID	The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. The cookie value is generated by Jetty	Session	Third Party

Your choices

Cookies are used with your consent in accordance with applicable law. To manage your preferences related to cookies and other automated technologies on our website, access our cookies preference centre below. Please note, Strictly Necessary cookies cannot be turned off as they are required for our site to function properly.

MANAGE MY COOKIES

In addition to the cookie preference centre, you can also manage certain third party cookies by visiting aboutads.info/choices/ and youronlinechoices.eu/.

Contact us

If you have any questions about our information practices, please contact our Data Protection Officer by email at data_protection@tjxeurope.com or write to:

Data Protection Officer
TJX Europe
73 Clarendon Road
Watford
WD17 1TX
United Kingdom

Appendix A

TJX Entities

1. TJX UK, incorporated and registered in England and Wales with company number 03094828 and registered office at 73 Clarendon Road Watford WD17 1TX, UK.
2. TJX IRELAND UNLIMITED COMPANY, incorporated and registered in Ireland with company number 316341 and registered office at 12 Northbrook Road, Ranelagh, Dublin 6, Ireland.
3. TJX DISTRIBUTION LTD. & CO. KG, incorporated and registered in Germany with company number HRA 23488 and registered office at Peter-Mueller-Strasse18, 40468 Duesseldorf, Germany.
4. TJX DEUTSCHLAND LTD & CO KG, incorporated and registered in Germany with company number HRA 19118 and registered office at Peter-Mueller-Strasse18, 40468 Duesseldorf, Germany.
5. TJX EUROPEAN DISTRIBUTION SP. Z.O.O., incorporated in Poland and registered in the District Court for Warsaw, XII Commercial Division of the National Court Registry with KRS 0000329221, NIP: 7010180875, REGON 141840956, BDO 000104218, share capital: 8 050 000 PLN and registered office at Chmielna 19, 00-021 Warsaw, Poland.
6. TJX POLAND SP Z.O.O, incorporated in Poland and registered in the District Court for Warsaw, XII Commercial Division of the National Court Registry with KRS: 0000329191, NIP: 7010180987, REGON 141840908, BDO 000010230, share capital: 35 000 000 PLN and registered office at Chmielna 19, 00-021 Warsaw, Poland.
7. TJX EUROPE BUYING GROUP LIMITED, incorporated and registered in England and Wales with company number 06846443 and registered office at 73 Clarendon Road Watford WD17 1TX, UK.
8. TJX ITALY MERCHANTS S.R.L., incorporated and registered in Italy with company number 05956200488 and whose office address is at Via Vespasiano da Bisticci 4/6, 50136 Florence, Italy and whose registered agent’s address is at Lungarno Guicciardini n. 21, 50100 Florence, Italy.
9. TJX NEDERLAND B.V., incorporated and registered in The Netherlands with company number 62425102 and whose registered office at Hogehilweg 17, 4^th floor, 1101CB Amsterdam, The Netherlands (“TJX Netherlands”).
10. TJX OESTERREICH LTD. & CO. KG, incorporated and registered in Austria with company number FN 417129 a. and whose registered office is at Mariahilfer Str. 77-79, 1060 Wien, Handelsgericht Wien, Austria (“TJX Austria”).