Privacy notice

PRIVACY NOTICE

Data privacy is very important for H&M, and we want to be open and transparent about our processing of your personal data.

We therefore have a policy that establishes how your personal data will be processed and protected.

Who controls your personal data?
The Swedish company, H & M Hennes & Mauritz GBC AB (“H&M”), controls the personal data you submit to us and is responsible for your personal data under applicable data protection law.

H & M Hennes & Mauritz GBC AB
Mäster Samuelsgatan 46
106 38 Stockholm
Sweden

Companies register: Bolagsverket/Swedish Companies Registration Office
Company registration number: 556070-1715
Authorised representative: Karl-Johan Persson
VAT registration number: VAT NO. SE556070171501

Where do we store your data?
The data that we collect from you is stored within the European Economic Area (“EEA”), but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws.

For transfers outside the EEA, H&M will use Standard Contractual Clauses and Privacy Shield as safeguards for countries without an adequacy decision from the European Commission.

Who has access to your data?
Your data may be shared within the H&M group (for details on the companies within the H&M group, please refer to our annual report which may be found at about.hm.com). The local H&M company will only act as the personal data processor and processes the personal data on behalf of the Swedish company.

We never pass on, sell or swap your data for marketing purposes to third parties outside the H&M group. Data that is forwarded to third parties, is only used to provide you with our services. You will find what categories of third parties under every specific process below.

What is the legal basis for processing personal data?
For every specific processing of personal data that we have collected from you, we will inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.

What are your rights?
Right to access:
You have the right to request information about the personal data we hold about you at any time. Contact H&M to receive your personal data via email.

Right to portability:
Whenever H&M processes your personal data by automated means based on your consent or based on an agreement you have the right to get a copy of your data in a structured, commonly used and machine-readable format transferred to you or to another party. This only includes the personal data you have submitted to us.

Right to rectification:
You have the right to request rectification of your personal data if it is incorrect, including the right to have incomplete personal data completed.

If you have a H&M account or Club membership, you can edit your personal data under your account and membership pages

Right to erasure:
You have the right to erase any personal data processed by H&M at any time, except for the following situations:

*you have an ongoing matter with Customer Service
*you have an open order which has not yet been shipped or partially shipped
*you have an unsettled debt with H&M, regardless of the payment method
*you are suspected of misuse of or have misused our services within the past four years
*your debt has been sold to a third party within the last three years or one year for deceased customers
*your credit application has been rejected within the last three months
*you have made any purchase, whereby we will keep your personal data in connection with your transaction in accordance with bookkeeping rules

Your right to object to processing based on legitimate interests:
You have the right to object to the processing of your personal data that is based on H&M:s's legitimate interests. H&M will not continue to process your personal data unless we can demonstrate a legitimate basis for the process which overrides your interests and rights or due to legal claims

Your right to object to direct marketing:
You have the right to object to direct marketing, including profiling analyses conducted for direct marketing purposes.

You can opt out of direct marketing by the following means:
* following the instructions in each marketing mails
* editing the settings of your H&M account

Right to restriction:
You have the right to request that H&M restricts the processing of your personal data under the following circumstances:

*if you object to the processing based on H&M:s's legitimate interests, H&M shall restrict all processing of such data pending the verification of the legitimate interests.
*if you claim that your personal data is incorrect, H&M must restrict all processing of such data pending the verification of the accuracy of the personal data.
*if the processing is unlawful, you can oppose the erasure of personal data and instead request the restriction of the use of your personal data.
*if H&M no longer needs the personal data but is required to keep it to defend legal claims.

How can you exercise your rights?
We take data protection very seriously and therefore we have dedicated customer service personnel who handle your requests in relation to your rights stated above. You can always reach them at dataprotection.ca@hm.com.

Data Protection Officer:
We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer at dataprotection.ca@hm.com and write DPO as subject matter.

Right to complain to a Supervisory Authority:
If you believe H&M has processed your personal data incorrectly, you can contact us. You also have the right to submit a complaint to a supervisory authority.

Updates to our Privacy Notice:
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the Controller or your rights.

Why do we use your personal data?
We will use your personal data to manage your purchase online at H&M by processing your orders and returns via our online services and send you notifications of delivery status or any problems with the delivery of your items.

We will use your personal data to manage your payments.

We will also use your data to handle complaints and warranty matters for products.

Your personal data will be used to identify you, validate your legal age for shopping online and confirm your address with external partners.

We want to offer you different payment alternatives and will carry out an analysis to find out which payment alternatives are available to you. This analysis includes your payment history and credit checks.

What types of personal data do we process?
We will process following categories of personal data:

* contact information such as name, address, email address and telephone number
* payment information and payment history
* credit information
* order information

If you have an H&M account or are an H&M Club member, we will also process your personal data submitted in relation to the account or membership such as:

* account or membership ID
* shopping history

Who has access to your personal data?
Your personal data that is forwarded to third parties is only used to provide you with the services mentioned above: companies to validate your address, communication agencies to send you order confirmation, warehouse and distribution suppliers in connection with the delivery of your order, payment service providers for your payment, credit reference agencies for identity and credit checks and debt collection agencies.

Please be aware that many of these recipient companies have an independent right or obligation to process your personal data.

On what legal basis may we process personal data?
The processing of your personal data is necessary for H&M to fulfill the service of managing and delivering the order to you.

How long do we save your data?
We will keep your data as long as you are an active customer.

Automated assessment:
When you apply for credit as a method of payment, we will perform an automated assessment of your credit application. You have the right to express your point of view and contest the decision with a staff member.
Why do we use your personal data?
We will use your personal data to send you marketing offers, information surveys and invitations through emails, text messages, phone calls and mail.

In order to optimize your experience of H&M, we will provide you with relevant information, recommend products, send you reminders of products left in your shopping bag and send you personalized offers. All these great services are based on your previous purchases, what you have clicked on and information you have submitted to us.

What types of personal data do we process?
We will process the following categories of personal data:

* contact information such as email address, telephone number and zip code
* if you want updates for kids (if you choose to provide us with this information)
* gender (if you choose to provide us with this information)
* the products and offers you have clicked on

If you have an H&M account or are an H&M Club member, we will also process personal data submitted in relation to your account and membership such as:

* name
* address
* age
* shopping history
* how you navigated and clicked on the site

Who has access to your personal data?
Data that is forwarded to third parties is only used to provide you with the service mentioned above: for distribution of physical and digital direct marketing by media agencies and technical suppliers.

We never pass on, sell or swap your data for marketing purposes to/with third parties outside the H&M Group.

On what legal basis may we process personal data?
You consent to the processing of your personal data when you agree to direct marketing. The exception to this is marketing by mail, including catalogues, for which the processing is necessary for the purpose of our legitimate interests.

Your right to withdraw your consent:
You have the right to withdraw your consent for the processing of your personal data at any time and to object to direct marketing.

Upon doing so, H&M will not be able to send you any more direct marketing offers or information based on your consent.

You can opt out from direct marketing by the following means:

* following the instructions in each marketing post
* editing the settings of your H&M account

How long do we save your data?
We will keep your data for direct marketing until you withdraw your consent.

For email marketing, we will consider you an inactive customer if you have not opened an email within the past year.

After this period of time, your personal data will be deleted.
Why do we use your personal data?
We will use your personal data to create and manage your personal account in order to give you a personalized and relevant experience at H&M.

We will provide you with your order history and details related to your orders and enable you to manage your account settings (including marketing preferences). We will also provide you with easy ways to maintain accurate and updated information, such as contact details and payment information. Furthermore, we will enable you to save items in your shopping bag, offer you size recommendations and enable you to rate and review the products you have purchased from us.

In order to provide you with relevant product recommendations, H&M will process your navigation and browsing on our digital platforms (including website and app), your shopping history and product reviews as well as the data you submitted to us through your account.

What types of personal data do we collect?
We will always process your email address and password that you submit to us when you sign up for a H&M account.

We will process the following categories of personal data if you choose to provide them to us:

* contact information such as name, address, telephone number
* date of birth
* gender
* country
* account settings
* encrypted payment card information

We will process the following categories of personal data if you make a purchase:

* order history
* delivery information
* payment history

We will also process the following categories of personal data connected to your cookies:

* click history
* navigation and browsing history

Who has access to your personal data?
Data that is forwarded to third parties is only used to provide you with the services mentioned above: we use website agencies and analysis tools for product rating to optimize the website.

On what legal basis may we process personal data?
You consent to the processing of your personal data from your account when you create your H&M account.

The processing of your personal data with the aim of providing you with relevant product information is based on our legitimate interests.

Your right to withdraw your consent:
You have the right to withdraw your consent for the processing of your personal data at any time. Upon doing so, your account will cease to exist and H&M will not be able to provide you with the services mentioned above.

How long do we save your data?
We will keep your data for as long as you have an active H&M account.

You have the right to terminate your account at any time. If you choose to do so, your account will cease to exist and you will be considered inactive. We will keep your personal data if required to do so by law and if there is an open dispute.

After your account has been terminated, your data will be deleted.

Your right to object to the processing of your data:
You have the right to object to the processing of your personal data that is based on H&M:s's legitimate interests by contacting dataprotection.ca@hm.com. Your account will then be deleted and we will not be able to carry out our services to you.

Why do we use your personal data?
We will use your personal data to manage your questions and handle complaints and warranty matters for products and technical support matters through email, our chat function, telephone and social media.

We may also contact you if there is a problem with your order.

What types of personal data do we process?
We will process any data you provide us with, including the following categories:

* contact information such as name, address, email address and telephone number
* date of birth
* payment information and payment history
* credit information
* order information
* account or member number
* all correspondence in a specific matter

Who has access to your personal data?
Data that is forwarded to third parties, is only used to provide you with the services mentioned above. If you are a customer within the Asian region your data will be transferred to a our external customer service agency.

On what legal basis may we process personal data?
The processing of your personal data is based on H&M's legitimate interests.

How long do we keep your data?
We will keep your data for 100 days for telephone and email logs and correspondence and twelve months for case management.

For in-store complaints, your personal data will be saved for two years, except for the US where it is saved for five years.

Your right to object to processing based on legitimate interests:
You have the right to object to the processing of your personal data that is based on H&M:s's legitimate interests. H&M will not continue to process your personal data unless we can demonstrate a legitimate basis for the process which overrides your interest and rights or due to legal claims.
Why do we use your personal data?
We will process your data when you enter our competitions. Your personal data will be used for H&M to contact contestants regarding the competition before and after an event, identify contestants, verify the age of contestants, contact winners, and deliver and follow up on prize deliveries.

What types of personal data do we process?
We will process the following categories of personal data:

* contact information such as name, address, email address and telephone number
* age
* information submitted in the contest

Who has access to your personal data?
Data that is forwarded to third parties is only used to provide you with the services mentioned above: for delivery of prizes by shipping suppliers.

On what legal basis may we process personal data?
You consent to the processing of your personal data when you choose to enter a competition.

Your right to withdraw your consent:
You have the right to withdraw your consent for the processing of your personal data at any time. Upon doing so, H&M will not be able to provide you with the services mentioned above.

How long do we save your data?
We will keep your personal data for 45 days after the competition has ended.
Why do we use your personal data?
We will use data to evaluate, develop and improve our services, products and systems for all of our customers. For this purpose we will not analyze your data on an individual level, all processing will be done on pseudonymized data.

This includes analysis to make our services more user-friendly, such as modifying the user interface to simplify the flow of information or to highlight features that are commonly used by our customers in our digital channels and to improve IT systems in order to increase the security for our visitors and customers in general.

The analysis is also used to develop and constantly improve the logistics flow of goods by forecasting purchases, stocks and deliveries as well as our resource capacity from a sustainability point of view by streamlining purchasing and scheduling of deliveries.

In addition we use the data to be able to plan new establishments of stores and warehouses and improve our product range.

What types of personal data do we process?
We will process following categories of personal data if you have chosen to provide it to us:
* customer number
* date of birth
* gender
* country
* account settings

We will process the following categories of personal data if you have made a purchase:
* order history
* delivery information
* payment history

We will also process the following categories of personal data connected to cookies:
* click history
* navigation and browsing history

Who has access to your personal data?
Data that is forwarded to third parties, is only used to provide you with the services mentioned above. We use web-analysis companies to analyze our customer online behaviour on a general level.

What is the legal ground to process your personal data?
The processing of your personal data, to develop and improve our services and products, is based on our legitimate interest.

How long do we save your data?
We will keep your data for as long as you have an active H&M account or Club membership.

After your account or membership has been terminated your data will be deleted.

Your right to object to processing of your data:
You have the right to object to processing of your personal data that is based on H&M's legitimate interest by contacting dataprotection.ca@hm.com. Your account will then be deleted and we will not be able to carry out our services to you.
Why do we use your personal data?
We will use your personal data to comply with obligations in laws, court rulings and decisions from authorites.

This includes to use your personal data to collect and verify accounting data to comply with bookkeeping rules.

What types of personal data do we process?
We will process following categories of personal data
* customer number
* order number
* name
* postal address
* transaction amount
* transaction date

Who has access to your personal data?
Your data will be shared within the H&M group (for details on the companies within the H&M group, please refer to our annual report which may be found at about.hm.com).

We will share your personal data with IT companies that provides bookkeeping system solutions.

What is the legal ground to process your personal data?
The processing of your personal data is necessary for H&M to fulfill its legal obligation.

How long do we save your data?
We will save your data in compliance with the bookkeeping rules in your country.
Why do we use your personal data?
We will use your personal data for loss prevention management by securing that terms and conditions are being followed and to detect and prevent misuse of our services.

We will also use your personal data by video surveliance, for security reasons to be able to follow up on incidents and to prevent and report criminal offenses in our stores.

Your personal data will be used to prevent and investigate abuse of our services online, losses and fraud, by analzing online shopping behaviour.

What types of personal data do we process?
We will process following categories of personal data:
* contact information such as name, address, telephone number and e-mail address
* club membership ID
* customer number
* video footage
* order history
* delivery information
* payment history

Who has access to your personal data?
Your personal data that is forwarded to third parties, is only used for purposes mentioned above. We will share your data with companies for exception based reporting.

Incidents and fraud may be shared with insurance companies, legal authorities or local and global law enforcements to complete investigations. Please be aware that such recipients will have an independent right or obligation to process your personal data.

What is the legal ground to process your personal data?
The processing of your personal data to prevent misuse of our services is based on our legitimate interest.

How long do we save your data?
We will keep your data for the time we need to prevent and/or report potentional fraud and other offenses.

Video footage will be saved in compliance with local legislation but maximum for 30 days.

Your right to object to processing of your data:
You have the right to object to processing of your personal data that is based on H&M's legitimate interest by contacting dataprotection.ca@hm.com. Your account will then be deleted and we will not be able to carry out our services to you.
A cookie is a small text file that is saved on and, during subsequent visits, retrieved from your computer or mobile device. If you use our services, we will assume that you agree to the use of such cookies.

How do we use cookies?
We use permanent cookies to store your choice of start page as well as your details if you selected "Remember me" when you logged in.

We will use cookies to save your favourite products.

We use session cookies, for example when you use the product filtration function, to check whether you are logged in or if you put an item in your shopping bag.

We use both first- and third-party cookies to collect statistics and user data in aggregate and individual forms in analysis tools to optimize our site and present you with relevant marketing material.

Some third-party cookies are set by services that appear on our pages and are not in our control. They are set by social media providers such as Twitter, Facebook and Vimeo and relate to the ability of users to share content on this site, as indicated by their respective icon.

We also use third-party cookies, which perform cross-site tracking in order to offer you marketing in other sites/channels.

What types of personal data do we process?
We will only connect your cookie ID to your personal data submitted and gathered in relation to your account or Club membership if you are logged in to your account or H&M Club.

Who has access to your personal data?
Data that is forwarded to third parties is only used to provide you with the services mentioned above: analysis tools to collect statistics to optimize our site and present you with relevant material.

On what legal basis may we process personal data?
We will only connect your cookies to your personal data if you are logged in to your H&M account or the H&M Club.

If you are logged in to your account, the legal basis is our legitimate interests.

If you are logged in to H&M Club, the legal basis is fulfilment of H&M Club terms and conditions.

How long do we save your data?
H&M does not save your personal data. You can easily erase cookies from your computer or mobile device through your browser. For instructions on how to handle and delete cookies, please look under "Help" in your browser. You can choose to disable cookies or receive a notification each time a new cookie is sent to your computer or mobile device. Please note that if you choose to disable cookies, you will not be able to take advantage of all our features.

16/5/2018

PRIVACY NOTICE

Online Purchase

Direct Marketing

H&M Account

Customer Service

Competition

Development and Improvement

Fullfilment of legal obligations

Prevention of missuse and crime

Cookies