Why do we use your personal data?
We use your personal data to provide you with the information, products and services that you request or purchase from us, either online and in stores. In this context, we use your personal data to be able to process your purchase order and payment transactions and to manage your deliveries, claims, returns and refunds in a secure and effective manner.

Purchase order and payment data collected for the purpose above will also be used, under certain conditions and limitations, for marketing, business development and analytics purpose and to detect fraud and thefts in connection with online and offline sales and to comply with applicable laws. 

How do we use your personal data?
The personal data we obtained directly from you when you are placing a purchase order, making a payment or using any other of our services will be used only to the extent necessary to process that order and to deliver the requested products and services.

Whenever you place a purchase order, make a payment, return a product or signing up for a financial service we use your personal data to verify your identity and your capacity to enter into a contract, that financial information you provide us is accurate, conduct fraud checks or prevent other illegal activity.

Who has access to your personal data?
We share your personal data within the H&M Group whenever necessary to fulfill the intended purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as order fulfillment and payment processing. H&M is always fully responsible for its suppliers. 

We may from time to time also share personal data with independent third parties, such as electronic communication providers, banks and financial service providers, and postal services. Please be aware that many of  these recipient have an independent right or obligation to process your personal data in their own rights.

Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties. 

What is the legal ground to process your personal data?
When making products and services available to you H&M will process your personal data necessary for concluding a contract with you and to fulfill any obligations derived from that contract, whether the contract refers to a purchase order and payment, or the use of other services provided by us or by third parties.

How long do we keep your personal data?
We will keep and process your personal data no more than necessary for us to perform our contractual obligations. 

However, we may continue to use and store your data for additional purposes.

Purchase order data will also be used for the purpose of Development and Improvement of products, services and supply chains. 

Purchase order data will also be used for the purpose of Security and Safety by fraud detection and loss prevention. 

If you are a user of an H&M Account or a member of H&M Membership we will continue to use your purchase order data to the extent necessary for us to deliver upon our promises and to distribute Ads & Promotions acccording to your expectations.  

In addition to the above, for the purpose of Compliance with Laws, we are compelled to continue to save and sometimes use your purchase order data to abide with applicable tax and accounting legislation and to protect consumer rights. 

You can read more about why and how the H&M Group re-use personal data under each section of this Privacy Notice. 

When making products and services available to you H&M will process your personal data necessary for concluding a contract with you and to fulfill any obligations derived from that contract, whether the contract refers to a purchase order and payment, or the use of other services provided by us or by third parties. For the purpose of identify and contact you when an item you have signed up to receive information regarding is available again for purchase, we use legitimate interest as a business as legal ground for processing.

Why do we use your personal data?
We will use your personal data to generate and send ads and promotions, including style and shopping recommendations, notifications, information, surveys and invitations through multiple communication channels.  

Ads, promotions and other direct marketing communication will be distributed according to your preferences through electronic mail, text messages, phone calls or postal mail as well as displayed in your mobile app, social media channels or web browser. 

To optimize online customer experience, we provide you with personalized ads and promotions resulting from algorithmic analysis and predictions of your preferences, interests and behaviour.   

To be more efficient in our marketing communication we collaborate with different social media, search engine and advertising network providers ("Advertising Partners").

Please read more about our Advertising Partners below. 

How do we use your personal data?
We only use data obtained directly from you, when you created your account, shopping with us, signing up for membership, subscribing to newsletters or engaging with us in any other way.    

We will never retreive, use, and store personal data from data brokers or other external sources nor having access to such data for pursuing a marketing purpose unless we explicitly say so.

H&M collaborates with advertising partners such as Facebook, Instagram, Snapchat, TikTok, Pinterest and YouTube for advertising on social networks and with Google for online advertising networks such as Google Ads and Google Marketing Platform.

Advertising partners use data provided by us and collected from cookies and other technologies in order to predict your preferences and interests, and take this into account when choosing the adverts on the advertising spaces mediated via their online advertising networks. This is standard industry practice commonly known as "retargeting". Retargeting allows us to run advertising campaigns which is as relevant to you as possible and to measure the efficiency and reach of the advertising materials, but also to measure the advertising partners’ performance and efficiency of campaigns. 

Advertising partners use cookies and similar technologies to trace your usage of our websites and services by accessing data stored on your device or in apps.

Read more about cookies and other tracing technologies in the Cookies' section of this Privacy Notice. 

If you do not want us to share your contact details with Third Parties for this purpose, you can at any time withdraw your marketing consent by managing your consent in the Cookie Settings under the help-section at the bottom of the front page.

Advertising Partners
H&M collaborates with Advertising Partners, such as Facebook, Instagram, Snapchat, Pinterest and Google.

Our Advertising Partners enable us to identify and engage with the right target audience, to create and distribute personalised marketing content across platforms and services. To be able to choose the content that fits your interests, we can use information obtained from you when you signed-up for newsletter or created an account, membership or made a purchase with us. We may share this information and a customer identifier, e.g. an encrypted email address or device id, with third parties such as Facebook and Google. The purpose is to show relevant ads to you on third party websites and apps. In order to do this, your data is matched with the database of the third party. If a match is found, you will receive promotional and relevant content in your feed or search engine.  If no match is found your data is securely destroyed.  We take our responsibility to protect the personal data of our customers very seriously and would like to reassure you that this personal data is handled in a secure manner using a technique called hashing.  This ensures your data is scrambled in a manner that makes it unreadable to anyone other than the recipient for the explicit given purpose.

We may also link this data through the various devices you use, as well as process data about the ads for example, if you clicked on an ad and then made a purchase. The purpose is to measure the impact of the ad and to enable ad billing.

If you do not want us to share your details with Third Parties for this purpose, you can at any time withdraw your marketing consent by managing your consent in the Cookie Settings under help section at the bottom of the front page.

We also collaborate with Rakuten for affiliate (influencer) marketing and to drive traffic to our web sites.

Each Advertising Partner is responsible for their part of the processing as controllers, including (if any) transfers of personal data to non-EEA countries.

Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfil the intended processing purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks exclusively on our behalf, such as data analytics and marketing content creation. H&M is always fully responsible for its suppliers. 

We may from time to time also share personal data with independent third parties, such as Advertising Partners, media agencies and electronic communication providers. Please be aware that many of these recipients have an independent right or obligation to process your personal data as controllers. 

Except as explicitly stated herein, we never pass on, sell or swap your data with any third parties.

What is the legal ground to process your personal data?
We will obtain your consent before we send you newsletters through e-mail.

We will ask for your prior consent regarding marketing that is based on cookie data or other tracking technologies.

If you're a member, account holder or a subscriber you may hear from us in other channels, such as social media. For this processing we rely on our legitimate interest as business to promote our ads to you.

How to exercise your rights
You have the right to exercise your rights against H&M to such personal data vested in H&M's possession and control.   

Personal data in our possession is data obtained directly from you when shopping with us, creating an account or membership, subscribing on newsletters or when engaging with us by other means online or offline. 

You have, at any time, the right to withdraw your consent for marketing purpose, or object to it if the processing is based on our legitimate interest .

Your consent withdrawal or objection to further marketing communication means a ceasure of all future ads, promotions and other marketing messages originating from the H&M Group, including the underlying processing of personal data for this purpose. 

If you, however, continue to receive marketing communication from us displayed in your social media feed or web browser, this is a matter entirely between you and your platform provider. 

You can revoke your consent or object to further marketing communication by the following means:

* following the instruction in each marketing post
* by editing the settings of your H&M account
* configurate the privacy settings on your social media account or browser, or
* contact Customer Service
* disable your account and/​or membership

How long do we keep your data?
H&M will process your data no longer than necessary to provide you with ads, promotions and other direct marketing messages.

We will cease processing your data for marketing purpose once you have closed your customer account or membership, actively rejecting further marketing communication from us. 

Why do we use your personal data?
H&M will use your personal data in order to administrate your H&M account (“My Account”) including the collection of consents, identify and certify the identity of the user of the account, prevent unauthorized access and use, restrict usage by minors, communication of notices and notifications, take actions against misuse of the account, enforce violations of terms of use, and to manage withdrawals of consents.  We will also use your personal data to bring you a personalised online experience and to make your purchase information instantly available to you. 

We will use no more data than necessary for providing you with all the benefits associated with a H&M account. This means that we will only use personal data obtained directly from you when you signed-up for an account.  

In order to make the experience even more relevant to you we may personalise the content before we display it to you based on what we know (or perceive we know) about your interests and preferences. If you as a H&M account holder have signed-up to receive ads and promotions, your promotions and offers will be based on your profile data, shopping and web browsing history. Personalisation comes through analyzing and predicting aspects concerning your interests, preferences, behavior etc., by making use of a combination of personal data obtained from you or from third parties.

We may also use personal data received from web cookies, pixels, plug-in or other web tracing technologies for the same objectives.

To find out more about the use of such technology, please read the specific section on Cookies in this Privacy Notice. 

How do we process your personal data?
We use no more data than necessary for providing you with all the benefits that comes with a H&M account. This means that we will only use personal data obtained directly from you when you signed-up for it. 

To make it even more relevant to you we personalise the content before we display it to you based on what we know (or perceive we know) about your interests and preferences. Personalisation comes through analyzing and predicting aspects concerning your interests, preferences, behavior etc., by making use of a combination of data derived from previous purchase orders and data retrieved through cookies and other tracing technologies. 

You can read more about Cookies in the specific section of this Privacy Notice. 

Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfill the intended processing purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as data analytics and marketing content creation. H&M is always fully responsible for its suppliers. 

We may from time to time also share personal data with independent third parties, such as electronic communication for sending messages and notifications or reaching out to you for any other reason, Please be aware that many of these recipient third parties have an independent right or obligation to process your personal data in their own names. 

Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.

What is the legal ground to process your personal data?
The processing of personal data for your account is based on your consent when you created your H&M account.

The processing of your personal data in order to provide you with a personalised online experience such as product recommendations is based on our legitimate interest. 

Your right to withdraw your consent:
You have, at any time, the right to terminate your account by withdrawing your consent. If you decide to withdraw your consent all processing of your personal data will immediately cease. You will no longer be able to gain the benefits of being a user of an H&M Account. 

How to withdraw you consent?
You can withdraw your consent either yourself by managing your account settings in My Account or contact our Customer Service at customerservice.us@hm.com.  

How long do we keep your data?
We will use your personal data no longer than necessary for making the account available to you.  

Personal data solely collected and used for the purpose of providing you with a H&M account will be erased upon termination.

We may however continue to keep and use your data if we have outstanding obligations to you or by any other reasons are prevented from erasure, for example if you have an open order or unsettled debt.

Your right to object to processing of your data:
You have the right to object to processing of your personal data that is based on H&M's legitimate interest by contacting dataprotection.us@hm.com. Your account will then be deleted and we will not be able to carry out our services to you.

Why do we use your personal data?
We use your personal data, such as your Member ID, to create and manage your H&M Membership account and to give you all the granted benefits and rewards. The H&M Membership is as further described in the Terms & Conditions and on our official website. 

We process your personal data to keep your membership account up-to-date and always current. By doing so we will be able to provide you with your shopping history, details about your orders, H&MxKlarna credit and your status as a member

Furthermore, we will use your personal data to serve you with personalized information, ads, promotions, recommendations, rating services etc. Any member will also receive invitations for upcoming events, competitions and customer surveys.  

Purchase order and payment data may be used to detect non-compliance with the H&M Membership Terms & Conditions, and to detect online loss and fraud.

How do we use your personal data?
We will only use personal data obtained directly from you when you signed-up for your membership, combined with information you share with us by using our services. For example when you add a product as your favourite or make a purchase and/or a return or claim. If acts of non-compliance to the H&M Membership Terms & Conditions or suspected fraudulent behaviour is detected, we will use your personal data, such as your email and Member id in order to contact you and take action.

To make the membership even more relevant to you we personalise the content before we display it based on what we know (or perceive we know) about your interests and preferences. Personalisation comes through analyzing and predicting aspects concerning your interests, preferences, behavior etc., by making use of a combination of data derived from previous purchase orders and data retreived through cookies and other tracing technologies.

You can read more about Cookies in the specific section of this Privacy Notice. 

We use e-mail communication to reach out to you but also, where applicable, send notifications to your mobile app, browser and/or through available social media messaging services. Customer Service may also use your telephone number as a means to contact you if needed.

Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfill the intended processing purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as data analytics and marketing content creation. H&M is always fully responsible for its suppliers. 

We may from time to time also share personal data with independent third parties, such as electronic communication for sending messages and notifications or reaching out to you for any other reason, Please be aware that many of these recipient third parties have an independent right or obligation to process your personal data in their own names. 

Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.

What is the legal ground to process your personal data?
The processing of your personal data to create and manage your membership account and to provide you with the personalised services of the H&M Membership is necessary to fulfil the H&M Membership agreement. 

The use of your personal data to email you offers, style updates, bonus vouchers, birthday offers and special invites to sales and events is based on your consent.

For any other purpose referred to herein, we process your personal data to on the basis of our legitimate interest as a business.

How long do we keep your data?
We keep and continue to process your personal data for as long as necessary to fulfill our contractual obligations, at the latest until the H&M Membership is terminated.  

You have the right to terminate your membership at any time. If you choose to do so, your membership will cease to exist, and your personal data will be deleted. 

We will keep your personal data for a longer period of time if there are any legal requirements or if there is an ongoing dispute.

Why do we use your personal data?
We will use your personal data to give you service and support and to improve the overall experience of the service, through email, chat function, telephone and social media. In this context we will use your personal data to manage your questions, handle complaints and warranty matters and to provide technical support as well as to improve customer experience. We will also analyze data on an aggregated level to gain insights in customer preferences, expectations and trends etc.

We may also contact you through email, telephone, social media, or any other means if there is a problem with your order or if we request your participation in a customer survey, which is voluntary.

How do we use your personal data?
We will only use such personal data necessary for providing the service to you in a secure and efficient way. We will use the personal data you provide us with when you contact us, such as contact details, birth date, and other necessary information. In order to resolve your case, we may also need to access and use transaction data, such as order, payment, and delivery information. 

Occasionally, we may listen in on your calls and conversations. This will take place to support employee training and development, opportunities to improve service only upon suspicion of bad quality of service, and for the purpose of technical troubleshooting.

Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfill the intended purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as externally operated call centers.

H&M is always fully responsible for its suppliers.

We may also share personal data with third parties, such as electronic communication providers, providers of messaging services, providers who support customer service contacts, and social media platforms for sending notifications or reaching out to you regarding a customer service matter. Please be aware that many of these third-party recipients have an independent right or obligation to process your personal data in their own names.

When engaging with us on social media pages, such as Facebook and Instagram pages, all text messages and pictures are shared with us and the named platform provider. You do this according to the platform's terms of use and privacy policy to which you have agreed when you signed-up as a user. H&M assumes no responsibility for the platform provider's processing of your personal data.    

Except as explicitly stated herein, we never pass on, sell, or swap your data to any third parties.

What is the legal ground to process your personal data?
In order to provide you with the best possible customer service, we must collect and use your personal data. This is justified in our legitimate interest as a business.

Regardless of purpose, we will not record any telephone conversations without your consent.

How long do we keep your data?
We will keep your data for as long as we need to handle your case. We may continue to keep and use your data if we have outstanding obligations to you or by any other reason are prevented from erasure.

Case logs are stored for a maximum period of one year after closure. 

Your right to object to processing based on legitimate interest:
You have the right to object to the processing of your personal data that is based on H&M's legitimate interest by contacting dataprotection.us@hm.com. 

Why do we use our data?
We will process your data when you enter our competitions online. Your personal data will be used  for H&M to contact contestants regarding the competition, before and after an event, to identity contestants, verify the age of contestants, to contact winners, deliver and follow up on prize deliveries.

What types of personal data do we process?
We will process following categories of personal data 

* contact information such as name, address, e-mail address and telephone number
* age
* information submitted in the contest

Who has access to your personal data?
Data that is forwarded to third parties, is only used to provide you with the services mentioned above, to shipping suppliers for delivery of prizes. 

What is the legal ground to process your personal data?
The processing of your personal data in order to make the competition available to you is based on the agreement, when accepting the terms and conditions for the competition, or on our legitimate interest when there are no specific terms and conditions connected to the competition.

How long do we save your data?
We will keep your personal data for 45 days after the competition has ended. 

Why do we use your personal data?
We always want to exceed the expectations of our customers and users. Only with the right offers and by providing the best user and shopping experience, we can stay relevant. For this reason, we may use your personal data to evaluate, develop and improve our products, services, systems, supply chain and store premises. 

This includes analysis to make our services more user-friendly, such as modifying the user interface to simplify the flow of information or to highlight features that are commonly used by our customers in our digital channels and to improve IT systems in order to increase the security for our visitors and customers in general.

The analysis is also used to develop and constantly improve the logistics flow of goods by forecasting purchases, stocks and deliveries as well as our resource capacity from a sustainability point of view by streamlining purchasing and scheduling of deliveries.

In addition we use the data to be able to plan new establishments of stores and warehouses and improve our product range. 

How do we use your personal data?
We will only use personal data for a development and improvement purpose if it is strictly necessary and cannot be achieve with less invasive means. This means that we will protect and secure your data to the extent reasonably possible, for example by appropriate pseudonymiszation and encryption techniques or by data anonymization.  

In no event we analyse data on a level where your identity is traceable. 

Any data used for the purpose of development and improvement of products, services and systems etc have usually been collected for different objectives. We may for example use your purchase data and contact information from the check-out to develop new features, functionality, performance and security of the ordering processing systems, and hence improving the overall shopping experience.

Notwithstanding the above, we may reach out to you to respond to enquieries and surveys. In such case, any personal data used and obtained from you will only be processed for the specific purpose described therein.

We may also use personal data received from web cookies, pixels, plug-in or other web tracing technologies for the same objectives.

To find out more about the use of such technology, please read the specific section on Cookies in this Privacy Notice. 

Who has access to your personal data?
Only pseudonymised personal data may be shared within H&M Group whenever sharing is necessary to fulfill the intended processing objectives. For the same reason, personal data may be shared also with suppliers carrying out certain tasks on our behalf, such as external web-analytics companies to analyze online behavior, software development or externally hosted development tools. H&M is always fully responsible for its suppliers. 

We will never use personal data to identify individuals. All analysis is carried out on an aggregated data level.

Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.

What is the legal ground to process your personal data?
The processing of your personal data for the purpose to develop and improve our services and products, is based on our legitimate interest as a business.

How long do we keep your personal data?
We will process your personal data no more than necessary for us to fulfill the purpose. Thereafter the data will be immediately erased for this type of use. 

Your right to object to the processing of your data:
You have the right to object to the processing of your personal data that is based on H&M's legitimate interest, by contacting dataprotection.us@hm.com.

How do we process your personal data?
We use your personal data to collect and verify accounting data to comply with our obligations. For this purpose we may keep your name, contact details, order history and other relevant transactional information. 

Which categories of personal data we must process depends on its purpose and is generally stipulated by applicable laws.

How do we process your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfill the intended purpose.  For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as provider of book-keeping systems or information storage.

We may from time to time also share personal data with independent third parties, such as external accountants, book-keeping service and competent public authorities. Please be aware that many of these third party recipients have an independent right or obligation to process your personal data in their own names.

Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.

Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfill the intended purpose.  For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as provider of book-keeping systems or information storage.

We may from time to time also share personal data with independent third parties, such as external accountants, book-keeping service and competent public authorities. Please be aware that many of these third party recipients have an independent right or obligation to process your personal data in their own names.

Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.

What is the legal ground to process your personal data?
The processing of your personal data is necessary for H&M to fulfill its legal obligations of the country of operation.

How long do we keep your personal data?
The data retention time will vary depending on the purpose, context and specific local legal requirements.

Why do we use your personal data?
In order to protect our customers, users, visitors, assets and business against violence, fraud, theft, misuse and other malicious activities, H&M has put in place a range of different security and safety measures. Some of these measures will require collection and processing of personal data.

How do we use your data?
How we process your data and what personal data we use differs from application and field of use. We may for instance use your order history, payment data and shopping behaviour to detect online loss or fraud.

We may use personal data received from web cookies, pixels, plug-in or other web tracing technologies for the same objectives.

You can read more about Cookies in the specific section of this Privacy Notice. 

In many of our stores we use surveillance cameras to detect and prevent thefts, fraud and enhance the security and safety of visitors and staff.  

Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfill the intended purpose. 

We may share your personal data also with third parties for security and safety purposes. For example, we will share your data with companies that help us detect and prevent potential fraud and thefts. 

We may share relevant information with insurance companies for claim handling and to law enforcement agencies in so far as we are compelled to do so by legal obligation. 

Such thrid party recipients have an independent right and/or duty to process your personal data in their own interest or by a legal obligation. 

What is the legal ground to process your personal data?
Unless there is a specific legal obligation, the processing of your personal data for security and safety purposes is based on our legitimate interest.

How long do we use and keep your personal data?
We will keep your personal data no more than necessary for each purpose.

We will keep images from our surveillance cameras for a maximum period of 30 days, unless we are obliged by law or public authority to keep and/or process data for a longer period.

Your right to object to the processing of your data:
You have the right to object to the processing of your personal data that is based on H&M's legitimate interest by contacting dataprotection.us@hm.com. 

Why do we use cookies?
The H&M Group uses cookies and other tracking technologies to give you the full functionality of the website, to customize your user experience, perform analytics and deliver personalized advertising on our websites, apps and newsletters across internet and via social media platforms.

Who is responsible for cookies?
H & M Hennes & Mauritz GBC AB and the named publisher, listed in the cookie subgroup below, are both responsible for setting cookies on your device when you access any of our official websites and for the access and collection of data from the same device.  

What is a cookie?
A "cookie" is a small text file that is downloaded onto your device such as computer or smartphone when you access our websites. 

We use cookies and other similar technologies in order to make our website work efficiently and securely and to improve personalized user experience. 

When referring to cookies we include:
first- and third party cookies, 
tracking pixels and plug-ins, including technologies those from third party publishers,
other tracing technologies.

All cookies have a publisher which tells you who the cookie belongs to. The publisher is the owner of the domain specified in the cookie. Whenever you visit our website, we place cookies onto your device for different reasons. Such cookies are called “first-party” cookies, whereas cookies set by a third-party company, such as a social media platforms or ad network/ad tech providers, are called “third party” cookies.

Below you will find more detailed information about our cookies and the reason for using them.

How to withdraw your cookie consent?
You can at anytime disable your non-essential cookie by withdrawing your consent. You manage your cookie consents in Cookie Settings at the bottom of this website.

In addition to your consent withdrawal, you can easily stop your browser from accepting cookies by configuring your browser’s cookie settings.

All commercial web browsers are featured with cookie management functionality.

Please check your web browser to find out more how to delete or disable cookies etc.

If you choose to disable cookies, you may face limitation on functionality and a deteriorated user experience.  

What types of cookies do we use and why?

Why do we use your personal data?
We want to share and inspire you and others about different ways of wearing our products and to give you the chance to show the world your cool style. 

H&MxMe  is a service created for you and your audience and a platform for customer engaged marketing.

To read more about the HMxMe terms of use click here.

How do we use your personal data?
Photos and/or videos of yourself are regarded as personal data. Such personal data will be published on our official website, and/or on our social media pages and other promotional channels. To be able to do this we need your photo and/or video and in return we will link your photo to your Instagram account. 

Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfill the intended processing purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as IT, data analytics and media agencies. H&M is always fully responsible for its suppliers. 

Please note, by hash-tagging your picture or video clip you voluntarily share the content and other personal data with Instagram or other social media platforms. This relationship is outside of H&M's control and a matter between you and the social media service provider.  

Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.

What is the legal ground to process your personal data?
We will collect, use and share your username, photos and/or videos to the extent necessary for us to perform the service and meet your expectations when using HMxME and other user generated content services.

How long do we keep your data?
We will keep your username and generated content for 24 months  from the date of posting.

If you want to remove Photos or Moving Content, please visit the Photo or the Moving Content were its placed on hm.com and press "report photo" or contact customer service. 

Why do we use your personal data?
When you connect to our free WiFi service, we will collect personal data from your device (MAC address) in order to be able to provide the WiFi service to you. When you login and use the WiFi service, we will also use your personal data to verify your compliance with the Terms & Conditions of the service. By using anonymization techniques, we might also turn personal data into anonymized (non-personal data) for statistical purposes.

Anonymized personal data might be used for the purpose of creating statistics on movements, behaviors and flows in our store premise. Statistics will help us gain better insights on how to operate our stores in a more efficient way by optimized assortment, floor space and staff utilization. Any data used for this purpose is anonymized and not retraceable to you as an individual.

What types of personal data do we process?
When you connect to the WiFi service, we will collect the MAC (Media Access Control) address, a unique identifier assigned to your device and related information referring to device hostname, geographic location and time. 

Who has access to your personal data?
We may use third parties when providing the WiFi services to you, for this reason, we share personal data with such third parties. We also share data with an internet service provider when granting you access to the internet via the WiFi service. When creating statistics out of anonymized data, we may also share this with other companies of the H&M Group.

What is the legal ground to process your personal data?
When you connect to our free WiFi service, you permit us to collect and use you the personal data necessary to provide the requested WiFi service (fulfillment of a contract) and, by using anonymization techniques, turn personal data into anonymized (non-personal data) for statistical purpose (legitimate interest).

How long do we save your data?
We will keep your personal data as long as necessary for us to provide the WiFi service, in accordance with the agreed Terms & Conditions and to ensure your compliance with these. The retention period will be up to 14 months from when you last connected to the WiFi network.

Personal data used for statistical purpose is anonymized by technical means after collection. Once your data is anonymized, your personal data is irreversibly erased.   

H&M Hennes & Mauritz GBC AB (“H&M Sweden”) and H&M Hennes & Mauritz L.P. (“H&M USA”) (collectively, “H&M,” “us,” “we,” and “our") provides this California, Virginia, and Colorado Privacy Notice (the “Supplemental State Privacy Policy”) for visitors, users, and others who reside in the States of California, Virginia, and Colorado.  The Supplemental State Privacy Policy supplements the information contained in the Privacy Notice (available by clicking here) and applies solely to visitors, users, and others who reside in the States of California, Virginia, and Coloradp.  To the extent any provision in this Supplemental State Privacy Policy conflicts with a provision of the Privacy Notice, the Supplemental State Privacy Policy shall govern with respect to visitors, users, and others who reside in the States of California, Virginia, and Colorado. 

Collection of Personal Information:

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”).  In particular, we collect the following categories of personal information:

A.      Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.
B.      Categories of personal information described in Cal. Civ. Code § 1798.80(e), such as name, signature, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, or any other financial information.
C.      Characteristics of protected classifications under state or federal law, such as age, citizenship, and sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions).
D.      Commercial information, such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E.       Biometric information.
F.       Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement. 
G.      Geolocation data.
H.      Audio, electronic, visual, thermal, olfactory, or similar information.
I.        Inferences drawn from other personal information to create a profile about a consumer reflecting a consumer’s preferences, characteristics, and trends.

Personal information does not include: publicly available information lawfully made available from government records, deidentified or aggregated consumer information, or information excluded from the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, or the Colorado Privacy Act.

Use of Personal Information:

We may use or disclose the personal information collected for one or more of the following business or commercial purposes:

• To fulfill or meet the reason for which the information is provided.  For example, to create your personal account at hm.com or to process your orders.
• To provide you with information, products, or services that you request from us, including answering your queries and to notify winners in promotions.
• To provide you with phone calls, text message notifications, email alerts, and other notices concerning our products or services.  For example, to notify you of delivery status, to be able to send you relevant marketing offers and information such as newsletters and our catalogues, to contact you in the event of a problem with delivery of your items, and to inform you of new or changed services.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection and managing your account by carrying our credit checks.
• To be able to analyze your personal data to provide you with relevant marketing offers and information.
• To be able to validate that you are of legal age for shopping online.
• To improve our website.
• Testing, research, analysis, and product and service development.
• As necessary or appropriate to protect the rights, property, or safety of us, our employees, our customers, or others.
• To respond to law enforcement requests and as required by applicable law, court order, or government regulations.
• As described to you when collecting your personal information.

Rights of California, Virginia, and Colorado Residents:

California, Virginia, and Colorado residents have the following rights:

1. Right to Know About Personal Information Collected, Disclosed, or Sold

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.  Once we receive and confirm your verifiable consumer request (instructions and description below), we will disclose to you:

• The categories of personal information we collected about you;
• The categories of sources for the personal information we collected about you;
• Our business or commercial purpose for collecting or selling that personal information;
• The categories of third parties with whom we share that personal information;
• The specific pieces of personal information we collected about you; and/or
• If we sold or disclosed your personal information for a business purpose, including lists of sales, identifying the categories of personal information that each category of recipient purchased or obtained.

We have collected the following categories of personal information from consumers within the last twelve (12) months:

A.      Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.
B.      Categories of personal information described in Cal. Civ. Code § 1798.80(e), such as name, signature, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, or any other financial information.
C.      Characteristics of protected classifications under California, Virginia, and Colorado or federal law, such as age, race, color, ancestry, national origin, citizenship, marital status, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, and genetic information.
D.      Commercial information, such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E.       Biometric information.
F.       Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
G.      Geolocation data.
H.      Audio, electronic, visual, thermal, olfactory, or similar information.
I.        Inferences drawn from other personal information to create a profile about a consumer reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We have obtained the categories of personal information listed above from the following categories of sources:

• Directly from you, the consumer;
• Indirectly from third parties and service providers, including partners and affiliates;
• Directly and indirectly from our website.

We collected the categories of personal information listed above for the following business or commercial purposes:

• To fulfill or meet the reason for which the information is provided.  For example, to create your personal account at hm.com or to process your orders;
• To provide you with information, products, or services that you request from us, including answering your queries and to notify winners in promotions;
• To provide you with phone calls, text message notifications, email alerts, and other notices concerning our products or services.  For example, to notify you of delivery status, to be able to send you relevant marketing offers and information such as newsletters and our catalogues, to contact you in the event of a problem with delivery of your items, and to inform you of new or changed services;
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection and managing your account by carrying our credit checks;
• To be able to analyze your personal data to provide you with relevant marketing offers and information;
• To be able to validate that you are of legal age for shopping online;
• To improve our website;
• Testing, research, analysis, and product and service development;
• As necessary or appropriate to protect the rights, property, or safety of us, our employees, our customers, or others;
• To respond to law enforcement requests and as required by applicable law, court order, or government regulations; and/or
• As described to you when collecting your personal information.

We shared the categories of personal information listed above with the following categories of third parties:

• Affiliates, including H&M USA;
• Service providers;
• Third parties to which consumers authorized us to disclose personal information in connection with products or services provided to consumers.

2. Right to Request Deletion of Personal Information

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (instructions and description below), we will delete, and direct our service providers to delete, your personal information from our records, unless an exception applies.

We may deny your request to delete your personal information if retaining the information is necessary for us or our service providers, subject to certain exemptions based on your state of residence.

3. Right to Opt Out of the Sale of Your Information

You have the right to opt-out of sharing your personal information with third parties for some purposes, including sharing that may be defined as a sale under applicable laws.  You can opt-out of this sharing by clicking HERE or clicking on the “Do Not Sell My Information” link at the bottom of our homepage and submitting a request via the authorized methods.  

What Personal Information Do I Provide to Verify My Identity?

We take the privacy of your personal information seriously and want to ensure that we provide only you or your authorized agent with your personal information. Applicable law also requires that we verify the identity of each person who makes a request to know what personal information we have about you or to delete the personal information we have about you.  To verify your identity, we ask you to provide your:

• First name*
• Last name*
• Middle initial
• Email address
• Phone number
• Order number
• *required field

How Do You Verify My Identity?

We may verify your identity in a few different ways in order to balance the requirements of state law and our obligation to keep your information private.  When you make your request, you will be asked to answer a few questions about yourself to help us validate your identity. This is a two step process using information unique to you, such as an order number, a product in an order, an address or email address, etc. If you chose to make the request online, it can be made by logging into your account, going to “My Account,” then “Settings” and then “Leave H&M.”  Depending on your cache settings, device and operating system, you may have to enter your password a second time.

In some instances, we may ask you to provide other documentation to verify your identity. If this happens, we will reach out to you directly with this request.

What If You Can’t Verify My Identity?

If we can’t verify your identity, we will not be able to process your request to know what personal information we have about you or to delete the personal information we have about you. If we are unable to verify your identity with a high degree of certainty, we will only be able to provide a report with category-level information and we may not be able to delete some of your information.

How to Submit a Request Using an Authorized Agent

An authorized agent is a person or business who has authorization to request to know what personal information we have about you, to delete the personal information we have about you, or to opt out of the sale of personal information on behalf of a California, Virginia, or Colorado resident. Authorized agents use the same links described above to submit requests.

If you are submitting a request on behalf of another person, we require a valid power of attorney or other documentation demonstrating your authority to submit this request. This can be a letter or other documentation signed by the California, Virginia, or Colorado resident authorizing you to submit this request. You can download a sample letter from the request form.

How Do I Send You My Documentation?

If you submit a request via email at dataprotection.us@hm.com, you must include the appropriate above listed documentation in order for us to act on your request. If you submit your request over the phone by calling us at 855-HNM-SHOP [855-466-7467 (Toll-free)], you will also be asked to email your forms to dataprotection.us@hm.com.

Response Timing and Format

We will confirm receipt of a request within 10 days and provide information about how we will process the request. We endeavor to substantively respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosure we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If you wish to appeal our decision, please submit your appeal to the above contact information.  Please clearly denote that it is an appeal. 

4. Right to Non-Discrimination

We will not discriminate against you for exercising any of your rights under the California Consumer Protection Act.  Unless permitted by the California Consumer Privacy Act, we will not:

• Deny you goods or services;
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
• Provide you a different level or quality of goods or services; or
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California Shine the Light Law:

California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact Customer Service.

Last Updated: February 2022

This Privacy Notice was last updated:
25/4/2022

Effectuated Changes to previous version

The section "H&M Membership" has been updated with new information on the processing of personal data in order to detect non-compliance with the H&M Membership Terms & Conditions, and to detect online losses and fraud.

Previous changes:
17/2/2022
1/12/2021
28/10/2021
28/7/2021
2/6/2021
27/4/2021
18/3/2021
11/3/2021
2/11/2020