Build-A-Bear Workshop Global Privacy Policy - effective September 26, 2017

Scope: This Privacy Policy applies to websites and retail stores operated by or on behalf of Build-A-Bear Workshop and its Affiliates worldwide. Except for the Build-A-Bear “Play” website, which is intended for all ages, the Build-A-Bear websites, including but not limited to the “Shop” website, are not intended for children under 13 years of age and are for adults only. Build-A-Bear does not sell products for purchase by children. We sell children’s products for purchase by adults. If you are under 18, you may use our websites only with the involvement of a parent or guardian (except for the Build-A-Bear “Play” website, which can be used by people of all ages).

Personal Information:

  • We collect the information you provide to us, such as your name, your postal or email address.
  • We collect non-personal information such as browser type and web pages visited to help manage our websites and to improve your overall experience.
  • We use cookies and web beacons to manage our email programs and websites. We do NOT use these technologies to collect or to store personal information.
  • Click here for more information.

Uses:

  • We use the information you provide to register Build-A-Bear Workshop products in our Find-A-Bear® ID system.
  • We use the information you provide to create certificates for Build-A-Bear Workshop products.
  • We use the information you provide to place orders or book parties on our websites.
  • If you tell us to, we will send you information about promotions and other marketing events via mail and email.
  • We do NOT share your information with unrelated third parties for their marketing purposes.
  • We use personal information consistent with the purpose you provided it to us.
  • Click here for more information.

Your Choices:

  • You may request to be removed from our system by contacting us.
  • You may request access and revisions to the personal information you submitted by contacting us.
  • For country specific information, click here .
  • Click here for more information about your choices.

Important Information:

  • Build-A-Bear Workshop respects your privacy, and we will do our best to earn and keep your trust.
  • Build-A-Bear Workshop complies with country data protection laws.
  • Build-A-Bear Workshop complies with COPPA requirements.
  • Click here for more information about COPPA.
  • For more information about our Global Privacy Policy, click here.

Build-A-Bear Workshop Global Privacy Policy - effective September 26, 2017

The Build-A-Bear Workshop family of companies respects your privacy, and we will do our best to earn and keep your trust. All Personal Information that you share with us is treated with the utmost care. Build-A-Bear Workshop has created this Privacy Policy in order to demonstrate our firm commitment to the privacy of all our guests from all over the world. This Privacy Policy identifies what Personal Information we collect when you visit our stores or use our websites or other online services, what choices you can make about your Personal Information, how we use this data, and how we protect your Personal Information, and applies to all Personal Information provided to us in our stores or through our websites or other online services. We may, but shall not be required to, also process Personal Information our customers submit relating to individuals in the European Union (the “EU”) via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

Except for the Build-A-Bear “Play” website, which is intended for all ages, the Build-A-Bear websites, including but not limited to the “Shop” website, are not intended for children under 13 years of age and are for adults only. Build-A-Bear does not sell products for purchase by children. We sell children’s products for purchase by adults. If you are under 18, you may use our websites only with the involvement of a parent or guardian (except for the Build-A-Bear “Play” website, which can be used by people of all ages).

CONTENTS

What is Covered by This Policy?
Personal Information We Collect
How We Use Your Personal Information
Your Choices and Access to Your Personal Information
Children’s Privacy
Sharing Personal Information with Third Parties
Personal Information Security
Passive Data Collection - Cookies
Changes to This Privacy Policy
Country and State Specific Personal Information
Contact Us

What is Covered by This Policy?

This Privacy Policy applies to websites and retail stores operated by or on behalf of Build-A-Bear Workshop and its Affiliates (as defined below) worldwide. The purpose of this policy is to tell guests what information we collect, how it is used, where it is used, and how to contact Build‑A‑Bear Workshop with privacy inquiries. Some Build-A-Bear Workshop websites may contain links to websites not owned or operated by Build-A-Bear Workshop. Build-A-Bear Workshop is not responsible for the content, privacy policies, or practices of those websites. We recommend that you review the privacy policies of each site you visit.

Personal Information We Collect

Build-A-Bear Workshop collects information, including Personal Information, that you provide to us when you visit us in our retail locations or website. “Personal Information” includes information that can identify you, such as your full name, your email or postal address, payment details, product preferences, and purchasing history. Some web browsers may transmit “do not track” signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them. As a result, at this time we do not take steps to respond to such signals.

How We Use Your Personal Information

Build-A-Bear Workshop collects and uses your Personal Information to:

  • Conduct business with you
  • Improve your experience with us
  • Register your Build-A-Bear Workshop product in our Find-A-Bear® ID system
  • Book a party
  • Make an in store or online purchase
  • Create a wish list
  • Process, fulfill, and follow up on online purchases
  • Create and maintain accounts
  • Register for our Build-A-Bear Bonus Club® program
  • Handle guest service requests
  • Maintain our Loyalty Program
  • Send friends and families emails and e-cards on your behalf
  • Send surveys
  • Help you receive email and direct mail
  • Help you register for contests, sweepstakes, promotions, lotteries, loyalty programs and competitions
  • Help you send us testimonials, guest submissions, or other communications
  • Help you submit a book review
  • Permit you to apply for a job

We process Personal Information submitted by customers for the purpose of providing the above-referenced services (collectively, the “Services”) to customers. To fulfill these purposes, we may access Personal Information to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of a customer who submitted the Personal Information, or in response to contractual requirements with our customers and service providers. Build-A-Bear Workshop certifies that it collects Personal Information solely to the extent such Personal Information is relevant in providing the Services. For our record keeping purposes, we may retain certain Personal Information that you submit in conjunction with commercial transactions; however, we will retain such Personal Information only so long as it serves the purpose of providing the Services.

Your Choices and Access to Your Personal Information

Our email, website, and other interactive programs allow you to choose to receive or to stop receiving communications from us. You can choose to receive email and/or postal mail from a specific Build-A-Bear Workshop brand or to receive offers from other Build-A-Bear Workshop brands. Build-A-Bear Workshop honors a “once out – always out” policy. Once you opt out, you are opted out of that type of communication and that brand until we are explicitly told in writing to opt you back in. You may opt out of email programs at any time by following the opt-out instructions provided in the email you receive. You also have the right to opt out of us using your Personal Information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. You have the right to access, amend, or delete any Personal Information we hold about you, be removed from Build-A-Bear Workshop programs you enrolled in, stop receiving postal mail and other communications, and prevent any further use of your Personal Information by Build‑A‑Bear Workshop, by contacting us; click here to select your country and be linked to the correct address or email address to use to contact us. Build-A-Bear Workshop will respond to reasonable requests in an appropriate timeframe as determined by the respective authority.

Children’s Privacy

Build-A-Bear Workshop is committed to protecting children’s privacy on the Internet. No one under age 13 may provide any Personal Information to or on the websites. Build-A-Bear Workshop does not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on our websites, make any purchases through our websites, use any of the interactive or public comment features of our websites or provide any information about yourself or others to us, including your/others’ name, address, telephone number, email address, or any screen name or user name you/others may use. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from a child under 13, please contact us at privacy@buildabear.com or privacy@buildabear.co.uk.

What Personal Information is collected online from children under 13 and how is it used?

Build-A-Bear Workshop does not knowingly collect, use, or disclose Personal Information (including online contact information) of children under the age of 13. We may collect information about visits to our websites without a user actively submitting such information. For information about such passive data collection, click here. Is my child’s Personal Information required for participation in online activities? No.

Is my child’s Personal Information required to receive certificates in the store?
No. Personal Information is not required to create a certificate at the Name Me® station in the store.

Is my child’s Personal Information shared with unrelated third parties?
No.

What Personal Information did my child share while attending a party?

Parental supervision is always recommended; however, parents often do not attend a party with their child. Children attending a party may create a certificate at the Name Me® station. A certificate can be created with just the animal’s name and the child’s first name, gender and date of birth.

Sharing Personal Information with Third Parties

We employ other companies (“Agents”) and people to perform tasks on our behalf and need to share, and may internationally transfer, your information with them to provide products or services to you; for example, ExactTarget (SalesForce). Other types of Agents with which we may share Personal Information include organizations providing services to support Build-A-Bear Workshop functions, such as our mail and email processing companies, payment processing companies, and market research firms. We also transfer Personal Information to Agents for email marketing purposes.

We may also disclose information (including Personal Information) collected from guests outside of the U.S. to affiliated companies or Affiliates in the U.S. and elsewhere. For purposes of this Privacy Policy, “Affiliates” means any person or entity which directly or indirectly controls, is controlled by or is under common control with Build-A-Bear Workshop, Inc., whether by ownership or otherwise. Any Personal Information relating to you that we provide to our Affiliates will be treated by those Affiliates in accordance with the terms of this Privacy Policy. We train our employees and those of our Affiliates about the importance of privacy and how to handle and manage customer Personal Information appropriately and securely. We may share your information (including Personal Information) with franchisees of Build-A-Bear Workshop, but only where we indicate to you at time of Personal Information collection that such Personal Information will be provided to a franchisee, or if we otherwise obtain your permission.

In addition to disclosures to third party providers and Affiliates as described above, we may disclose or transfer Personal Information in connection with, or during negotiations of, any merger, sale of company assets, product lines or divisions, or any financing or acquisition. We may also disclose Personal Information to prevent damage or harm to us, our Services, or any person or property, or if we believe that disclosure is required by law (including to meet national security or law enforcement requirements), or in response to a lawful request by public authorities. Except as described in this Privacy Policy, we will not otherwise disclose Personal Information to third parties unless you have been provided with an opportunity to opt in to such disclosure.

Build-A-Bear Workshop does not release the Personal Information it collects from you to any unrelated third parties so that they may send you commercial promotions or offers for products or services. We do, however, share anonymous, aggregate information concerning the demographic makeup of our customers to unrelated third parties, and share Personal Information as described below:

When Build-A-Bear Workshop transfers Personal Information to countries other than the country where it was provided, we do so in compliance with applicable data protection laws. All Personal Information is transmitted to World Bearquarters in St. Louis, Missouri daily. Copies of the Personal Information at the point of origin are deleted on a regular basis. We may transfer Personal Information from guests outside the U.S. to Affiliates located either in the U.S. or otherwise.

Personal Information Security

Build-A-Bear Workshop maintains reasonable and appropriate security measures, such as firewall, limited access, and SSL encryption technology, designed to help protect against loss, misuse, and alteration of Personal Information collected by Build-A-Bear Workshop. All Personal Information collected via our websites is stored on secured servers located our Build-A-Bear Workshop World Bearquarters in St. Louis, Missouri.

Passive Data Collection – Cookies and Web Beacons

Our Build-A-Bear Workshop website may also collect Personal Information passively, through the use of cookies. A cookie is a small text file that writes to your hard drive. The cookie file contains your computer’s IP address and a user ID. The user ID links any orders you have placed on our site to your Personal Information. A user ID has no personally identifiable information attached to it unless you place an order on our site. Our website uses cookies to enhance the guests’ experience and help us improve our services. For example, we may use cookies to keep track of your basket or shopping cart while you are shopping on our site or to track your activity. Build-A-Bear Workshop uses web beacons in emails to track traffic from the email to specific pages on our websites. You may be able to adjust your browser so that your computer either does not accept cookies, or notifies you when a website tries to deposit a cookie into your computer. Our cookies do not contain confidential Personal Information such as your home address, telephone number, or credit card information. We do not exchange cookies with any third parties.

Changes to This Privacy Policy

We may amend this Privacy Policy at any time. If we make any changes in the way we collect, use, and/or share your Personal Information, we will notify you by sending you an email at the last email address that you provided us, or by prominently posting notice of the changes on the web sites covered by this Privacy Policy.

Country and State Specific Information

Canada

Build-A-Bear Workshop complies with Canadian Federal and Provincial privacy laws and regulations including the Personal Information Protection and Electronic Documents Act. Build-A-Bear Workshop, Inc. will only use your Personal Information for the purposes intended and as detailed in the Privacy Policy unless we have obtained your consent to use it for other purposes.

United Kingdom

Your Personal Information is protected in the United Kingdom by the Data Protection Act 1998. Under this Act we will only process your Personal Information in a lawful and fair manner. We will secure your Personal Information to prevent unauthorized access by third parties. Our Affiliates operating in the United Kingdom, named Amsbra Limited (“Amsbra”) and The Bear Factory Limited (“Bear Factory”) are incorporated in England and are registered Data Controllers under the Data Protection Act. All Personal Information collection and processing in the United Kingdom by Build-A-Bear Workshop will be undertaken by either Amsbra or Bear Factory. These Affiliates may transfer your Personal Information to other Affiliates, such as Build-A-Bear Workshop, Inc. in the United States. In order to provide for adequate protection of your Personal Information, we have in place contractual arrangements with such Affiliates. Build-A-Bear Workshop is committed to working with guests to obtain a fair resolution of any complaint or concern about privacy. We cooperate with country data protection authorities if they believe that a privacy problem has occurred. Upon your request and within 40 days we will inform you about the type of Personal Information we hold about you, the purposes for which we hold it and the possible recipients or types of recipients. Upon written request and within a reasonable period of time we will also correct, delete and/or block Personal Information from further processing if that Personal Information proves to be factually inaccurate, incomplete, or irrelevant to the purpose(s) of the processing. You may be asked to provide verifiable identifying Personal Information to Build-A-Bear Workshop before your request will be honored.

United States

Build-A-Bear Workshop complies with the U.S. Federal and State privacy laws, including the Children’s Online Privacy Protection Act. California

Beginning January 1, 2005, under California’s “Shine the Light” law, California residents who provide Personal Information for uses identified above are entitled to request and obtain from us once a calendar year information about the customer Personal Information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared Personal Information for the immediately prior calendar year (e.g., requests made in 2016 will receive information regarding 2015 sharing activities).

* * * *

Contact Us

If you have questions or concerns regarding your privacy, please contact Build-A-Bear Workshop directly. Please feel free to use your native language when sending your questions or comments.

In the US and Canada:

Privacy Officer
Build-A-Bear Workshop
1954 Innerbelt Business Center Drive
St. Louis, MO 63114-5760
Email: privacy@buildabear.com
Telephone: 1-877-789-BEAR (2327)

In the United Kingdom:

Privacy Officer
Build-A-Bear Workshop UK & Eire
2nd Floor, Aquasulis House
10 - 14 Bath Road
Slough, Berkshire SL1 3SA
Email: privacy@buildabear.co.uk
Telephone: 0870 2245130

We are committed and required to respond to any of your inquiries on this issue within forty-five (45) days of receiving the complaint.