With the rapid growth of technology in our lives, we are dedicated to safeguarding our customers’ personal information by using a number of data security policies and procedures as routine practice at Williams-Sonoma, Inc.  Our associates, as well as third parties who provide services on our behalf, are required by policy and practice, as well as by contract, if applicable, to treat customer information with care.

Data Protection

To protect our customers’ personal information and maintain the integrity of our internal systems, we use a series of technologies and practices to prevent data security breaches and to detect and respond to potential data security issues. We also utilize external independent audits, conducted at least once a year, for PCI compliance and third-party penetration tests.

Right to Access & Delete Data

Williams-Sonoma, Inc. complies with all data protection and privacy laws. Our brands support and adhere to the guidelines and practices adopted by the Direct Marking Association’s Privacy Promise to American Consumers. We have agreed to:

  • Provide customers with notice of their ability to opt out of information rental, “sale”, or exchange with other marketers
  • Honor customers’ requests not to share their contact information with other marketers
  • Honor customers’ requests not to receive mail, telephone, or other solicitations from Williams-Sonoma, Inc. Brands.

As a further commitment to transparency in the ever-growing security awareness culture, WSI monitors changes in laws and regulations and complies accordingly. For example, we comply with the California Consumer Privacy Act (“CCPA Rights”), which gives California consumers the right to access and delete data.

For international shipping orders, Williams-Sonoma, Inc. Brands partner with Borderfree, Inc. (“Borderfree”). We have contracted with Borderfree to assure that they will carefully process customer information consistent with WSI’s Privacy Policy.

Privacy Policy

WSI leaders are committed to protecting our customers’ privacy. Our Chief Technology Officer and Chief Information Security Officer are responsible for overseeing our data protection policy. This data protection policy governs all relevant businesses and subsidiaries. Our policy is designed to limit the collection of personal information.

Consent & Notification

We do not sell or transfer customer information to third parties in exchange for money. However, we do transfer personal information to certain third parties in order to operate our business (for example, to optimize search preferences). We respect our customers’ choices when it comes to handling their information, which is why we are transparent about this process, and provide the opportunity to opt-out of this practice.

In addition, when we do collect or share personal information for legitimate business purposes, we obtain consent from our customers, and our privacy policy dictates our terms for the use of personal information. We regularly work to review and enhance Standard Operating Procedures, policies and standards.  This is an example of WSI’s commitment to implementing the leading data security safeguards, which has reduced the threat and occurrence of data privacy incidents. However, in the event of a policy change or data breach, our policy requires that we notify data subjects in a timely manner.


WSI trains all management, associates, and contractors, on its data protection policy in order to create a compliance-minded awareness in our workforce. As a united front we work diligently to protect our customers’ personal information while creating a space to educate our associates and the surrounding community alike.

Related Stories, Statements & Policies

Image: West Elm Work