H&M GROUP PRIVACY NOTICE
Customer commitment to data protection and privacy
Protecting personal data and your privacy is of greatest concern for the H&M Group. In this Privacy Notice we want to give a clear, concise, and transparent communication on the collection, use, processing, storing, etc. of personal data relating to customers of the H&M Group.
The H&M Group consists of company affiliates of H & M Hennes & Mauritz AB and its brands; H&M, COS, Weekday, Monki, H&M HOME, & Other Stories, Arket and Afound.
Within the meaning of this Privacy Notice “customer of H&M Group” means former, current and potential customer or user of a product or service offered by an H&M Group affiliate or brand, visitors to one of our official websites or stores, member of a loyalty program or community.
The H&M Group manifests its commitment to privacy and data protection by embracing the following principles.
H&M uses personal data lawfully, fairly, correctly and in a transparent manner.
H&M collects no more personal data than necessary, and only for a legitimate purpose.
H&M retains no more data than necessary or for a longer period than needed.
H&M protects personal data with appropriate security measures.
Why do we process your data?
We use and process your personal data in connection with you, for example, buying our products online or in-store, visiting our website, or contacting Customer Service. Examples of personal data are full name, address, email address, telephone number, social security number, payment information, purchase, order and usage history, IP address, member ID, and other case-related information (e.g. information that you provide when contacting Customer Service).
Under each specific section of this Privacy Notice you will be informed of the purpose for each relevant processing of information.
Data Collected on Websites
This policy applies only to information collected on the websites. We collect two types of information from visitors to our websites: (1) Personal data and (2) Non-personal data. “Personal data” is information that identifies you personally and that you provide to us, such as your name, address, telephone number, email address, and sometimes your Internet Protocol (IP) address. We may collect this information when you create a profile on our websites, visit our websites, or complete a purchase. “Non-personal data” can be technical in nature. It does not identify you personally. Examples of non-personal data may include, but is not limited to, cookies, web beacons, and demographic information
Who is responsible for processing of your personal data?
The Swedish company, H & M Hennes & Mauritz GBC AB is responsible for the processing of personal data within the scope of this Privacy Notice. Under each specific section of this Privacy Notice you will be informed about the allocation of responsibilities and the modalities for the execution of rights.
Under each specific section of this Privacy Notice you will be informed about who is responsible for processing your personal data, the allocation of responsibilities and the modalities for the execution of rights.
The following entity will be Data Controllers in relation to you:
Identity of H&M Group controller(s):
H & M Hennes & Mauritz GBC AB
Address: Mäster Samuelsgatan 46
ZIP: 106 38 Stockholm
Companies register: Bolagsverket/Swedish Companies Registration Office
Authorised representative: Helena Helmersson
VAT registration number: VAT NO. SE556070171501
The named H&M Group controller(s) above are throughout this Privacy Notice individually or collectively referred to as “H&M”, “we” or “us”.
Under certain circumstances, the responsibility for data protection and your privacy is shared with third parties, such as banking and financial institutes, postal services, or electronic communication providers. More information can be found under each specific section of this Privacy Notice.
Where do we process your data?
The personal data that we collected from you is generally stored within a country of the European Union or the European Economic Area (“EU/EEA”) but may also, whenever necessary, be transferred to and processed in a country outside of the EU/EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws and without undermining your statutory rights.
From time to time we may transfers personal data from the EU/EEA to a third country not being approved by European commission as a safe country for such transfer (adequacy decision). Whenever applicable H&M will use Standard Contractual Clauses to ensure a similar level of protection as granted within the EU/EEA or other lawful grounds for transfer.
Who has access to your data?
Your personal data is available and accessible only by those who need the data to accomplish the intended processing purpose. To the extent necessary, your personal data may be shared between the companies and brands of the within the H&M Group, with suppliers and sub-contractors (processors and sub-processors) carrying out certain tasks on H&M’s behalf and with independent third-parties, including, but not limited to, using personal information you share with us or that we indirectly collect to verify your identity and for fraud prevention purposes.
In addition, we may also disclose personal data to third parties, if we have reason to believe that using or disclosing such information is necessary or advisable to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, including the prevention of fraud.
We reserve the right to transfer any personal data we have about you in the event that we merge with or are acquired by a third party, undergo another business transaction such as a reorganization, or should any such transaction be proposed.
What is the legal ground for processing?
H&M is not allowed to collect, process, use, store etc. personal data without a valid legal ground. Lawfulness may be derived from your consent, by contract, statutory obligations or from our legitimate interest as a business. For each every specific process purpose of processing of personal data we collect from you, we will inform you about which legal ground that will apply, and what rights you are entitled to exercise. whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.
Which rights do you have?
Right to access:
You have the right to request information about the personal data we hold on you at any time. You can contact H&M and we will provide you with your personal data via e-mail.
Right to portability:
Whenever H&M processes your personal data, by automated means based on your consent or based on an agreement, you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.
Right to rectification:
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
If you have an H&M account (H&M membership), you can edit your personal data under your account pages.
Right to erasure:
You have the right to erase your personal data processed by H&M at any time. Your request may be hindered if any of the following situation apply:
* you have an ongoing matter with Customer Service
* you have an open order which has not yet been shipped or partially shipped
* you have a balance with H&M, regardless of the payment method
Your right to object to processing based on legitimate interest:
You have the right to object to processing of your personal data that is based on H&M’s legitimate interest. H&M will not continue to process the personal data unless we can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.
Right to restriction:
You have the right to request that H&M restricts the process of your personal data under the following circumstances:
* if you object to a processing based H&M's legitimate interest, H&M shall restrict all processing of such data pending the verification of the legitimate interest.
* if you have claim that your personal data is incorrect, H&M must restrict all processing of such data pending the verification of the accuracy of the personal data.
* if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead
* if H&M no longer needs the personal data but it is required by you to defend legal claims.
How do you exercise your rights?
If you have an H&M Account or being a member of H&M Membership, you can exercise your right to access, portability and rectification under your account pages, where you also can delete your account.
California Privacy Rights
Visitors, users, and others who reside in the State of California are also subject to our California Privacy Notice, which can be accessed here.
Illinois Residents; Biometric Information Privacy Act:
We do not collect any personal data directly from individuals under the age of 13 on our websites. If we discover that any such information is in our possession, we will delete it.
Data Protection Officer:
We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer at email@example.com and write DPO as subject matter.
Right to complain with a supervisory authority:
If you have complaints about the way H&M Group processes and protects your personal data and privacy you have the right, at any time, to make a complaint to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY) or any other competent a supervisory authority in the country of residence.
Updates to our Privacy Notice:
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website.
The revision history is set out in section Changes of this Privacy Notice.