Privacy Policy | Data Protection & Personal Info

PRIVACY NOTICE

This Privacy policy only concerns H&M customers and users of our online services. If you are applying for a position at H&M this policy is not applicable. The Privacy policy for applicants can be found on our career site.

H&M ensures that your privacy is protected when using our services. This Privacy Policy (“policy”) applies to information that is collected by H&M Hennes & Mauritz GBC AB. This policy applies only to information collected at hm.com, through any hm.com related mobile application, through a computerized device in U.S. stores, or any location where the policy is posted (collectively, the “Sites”). Any changes we have made to this Privacy policy can be found by visiting us online. When we do make changes, we will update the “Last Updated” date below. Where changes are viewed as more material, we may attempt to contact you or we will post a notice on this website that we have made changes to this policy.

The Swedish company - H & M Hennes & Mauritz GBC AB is responsible for your personal data under the Swedish Data Protection Act (1998:204) and EU Directive 95/46/EC and the applicable national data protection law. The US company H&M Hennes & Mauritz L.P is the personal data processor. Your personal data is stored and maintained in Sweden and processed within the H&M group in a few cases outside the EEA-area. By using the Sites, you consent to the transfer of your data overseas and across borders, and from your country or jurisdiction to other countries or jurisdictions around the world. The laws governing data in your home country may differ from those in the countries to which data is transferred. By accessing and using the Sites, you consent to the transfer of your data in this manner.

How do we use your data?

In providing your personal data you consent to H&M using the data collected in order to meet our commitments to you and to provide you with the service you expect. We need your personal data for the following purposes:

To create your personal account at hm.com (e.g. your name and email address)
To process your orders (e.g. your name, address, date of birth and bank details)
To be able to send text message notifications of delivery status (e.g. your mobile phone number)
To be able to send you marketing offers such as newsletters and our catalogues (e.g. your email address, your name and your postal address)
To be able to contact you in the event of any problem with the delivery of your items (e.g. telephone number, address)
To enable us to answer your queries and to inform you of new or changed services (e.g. your email address)
To notify the winners in promotions (e.g. your email address, name, home address and telephone number)
Managing your account by carrying out credit checks (e.g. name, address, date of birth)
To be able to analyse your personal data to provide you with relevant marketing offers and information (e.g. name, buying habits)
To be able to validate that your are of legal age for shopping online (e.g. date of birth)

We will only keep your data for as long as necessary to carry out our services to you or as long as we are required by law. After this your personal data will be deleted. We cannot remove your data when there is a legal storage requirement, such as book keeping rules or when there is a legal ground to keep the data, such as an on-going contractual relationship.

Non-personal data is used as described above and in other ways as permitted by applicable laws, including combining non-personal data with personal data.

What are your rights?

You have the right to request information about the personal data we hold on you. If your data is incorrect, incomplete or irrelevant you can ask to have the information corrected or removed. Annually, you also have the right to request written documentation, free of charge, on the personal information we have on you on our account files. To request this document please write in to H&M Customer Service. You can withdraw your consent to us using the data for marketing purposes at any time (i.e., sending catalogues, Newsletters or offers). If you have any questions, please contact us.

Who has access to the data?

We do not sell your information to third parties. We do, however, share data with third parties when necessary to fulfill a transaction, complete a service, for administrative purposes, or when required by law. Any data that is forwarded to third parties is used to meet H&M’s commitments to you. H&M may also supply your personal data to organizations such as credit reference or debt collection agencies for the purposes of credit checks, identity checks, monitoring credit rating and debt collection. Additionally, we will share your data if such sharing is required by law or to protect against potential or suspected fraud. Also, if H&M Hennes & Mauritz AB undergoes a merger, corporate reorganization, or all or part of our assets are sold or acquired by another party, your personal data may be shared. If you do not want us to share your personal data in these manners, please do not provide it to us.

How do we protect your data?

No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to us is done at your own risk. That said, once we receive your transmission, we have technical and organizational measures in place to help protect your data from loss, manipulation, unauthorised access, etc. We continually adapt our security measures in line with technological progress and developments. At H&M we protect your data using encryption using Secure Sockets Layer (SSL). SSL is a function that encrypts all information sent between buyer and seller, including card information, so that card details cannot be read by external parties.

For card purchases we work with an authorised payment agent that helps us to check directly with your bank that the card is valid for purchases. Our payment agent processes your card details in line with the PCI DSS requirements. When you pay by card we reserve the right to carry out an identity check.

Your Account Information

You can access your personal account to update your personal data. Please note, however, that your personal account information is protected by your user name and password. It is your responsibility to maintain the security of your username and password as any actions taken while logged into your account will be your responsibility.

Minors

We do not collect any personal data directly from individuals under the age of 13. If we discover that any such information is in our possession, we will delete it.

What data do we collect?

This policy applies only to information collected on the Sites. We collect two types of information from visitors to the Sites: (1) Personal data and (2) Non-personal data.

“Personal data” is information that identifies you personally, such as your name, address, telephone number, email address, and sometimes your Internet Protocol (IP) address. We may collect this information when you create a profile on our Sites, visit our Sites, or complete a purchase.

“Non-personal data” can be technical in nature. It does not identify you personally. Examples of non-personal data include the following:

Cookie -- A “cookie” is a small text file that is saved to and during subsequent visits, retrieved from, your computer or mobile device. H&M uses cookies to enhance and simplify your visit. We do not use cookies to disclose information to third parties. There are also third-party cookies on our Sites, which we use to collect statistics in aggregate form in analysis tools such as Google Analytics and Optimizely. Some of these cookies may track your behavior across multiple websites. There are two types of cookies persistent and temporary (session cookies). Persistent cookies are stored as a file on your computer or mobile device for a time period no longer than 24months. Session cookies are stored temporarily and disappear when you close your browser. We use persistent cookies to store your shipping country and shopping bag unless you log in. We use session cookies when to check whether you are logged in or not. You can easily erase cookies from your computer or mobile device using your browser. For instructions on how to handle and delete cookies please look under "Help" in your browser. You can choose to disable cookies, or to receive a notification each time a new cookie is sent to your computer or mobile device. However, please note that if you choose to disable cookies, you will not be able to take advantage of all features.
Web Beacons (also known as "clear gifs," "web bugs" or "pixel tags") -- "Web Beacons" are tiny graphics with a unique identifier, similar in function to cookies, and are used to allow us to count users who have visited certain pages of the Sites and to help determine the effectiveness of promotional or advertising campaigns. In contrast to cookies, which are stored on a user's computer hard drive, web beacons are embedded invisibly on web pages.
Demographic Information -- "Demographic Information" may be your gender, age, zip code, geolocation data and interests, which you voluntarily provide to us on and through the Sites. We use this information to provide you with personalized services and to analyze trends to ensure the information provided by the Sites meet your needs. Please note that we also consider aggregated information, which is not personally identifiable, to be non-personal data.

The above list provides an example of the non-personal data that is collected via the Sites

Online Tracking

Please note that our Sites do not support “Do Not Track” browser settings and do not currently participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal or non-personally identifiable information.

Links

The Sites may include links to other websites which don't fall under our supervision. We cannot accept any responsibility for the protection of the privacy or the content of these websites, but we offer these links to make it easier for our visitors to find more information about specific subjects.

E-mail Opt-out

We communicate with users who subscribe to our services on a regular basis via email. For example, we may use your email address to confirm your request, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature rather than promotional.

However, we provide you the opportunity to exercise an opt-out choice if you do not want to receive other types of communication from us, such as emails or updates from us regarding new services and products offered on the Sites. The opt-out choice may be exercised by ticking or un-ticking the appropriate box if such checkbox is available at the points where personal data is collected or by contacting us. We will process your unsubscribe as soon as possible, but please be aware that in some circumstances you may receive a few more messages until the unsubscribe is processed. You also may opt-out of receiving such emails by clicking on the "unsubscribe" link within the text of the email.

Text Messaging

By using the Sites and providing your mobile phone number, you hereby consent to receive autodialed and/or pre-recorded telemarketing calls and text messages from or on behalf of us at the mobile number that you provide at sign-up. You understand that consent to receiving messages on your mobile device is not a condition of purchase and understand that message and data rates may apply. Additionally, should you choose to stop receiving such messages, please contact us directly or reply STOP to a text messages once it is received. However, you hereby consent to receiving a confirmatory message in response to your STOP request.

California Privacy Rights

California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us.

Copyright

International Transfer of Data

You understand that the controller of personal data submitted through the Sites may be contacted at the information below:

Controller of personal data

H & M Hennes & Mauritz AB GBC
Mäster Samuelsgatan 46
106 38 Stockholm
Sweden

Telephone: +46 (0)8 796 55 00
Fax: +46 (0)8 24 80 78
E-mail: info@hm.com

Companies register: Bolagsverket/Swedish Companies Registration Office
Company registration number: 556070-1715
Authorised representative: Karl-Johan Persson
VAT registration number: VAT NO. SE556070171501

Why do we use your personal data?
We will use your personal data to manage your purchase online at H&M by processing your orders and returns via our online services and send you notifications of delivery status or in the event of any problems with the delivery of your items.

We will use your personal data to manage your payments.

We will also use your data in order to handle complaints and warranty matters for products.

Your personal data is being used to identify you and to validate your legal age for shopping online and to confirm your address with external partners.

We want to offer you different payment alternatives and will carry out analysis in order to find out what payment alternatives are available to you, including your payment history and credit checks.

What types of personal data do we process?
We will process following categories of personal data

* contact information such as name, address, e-mail address and telephone number
* payment information and payment history
* credit information
* order information

If you have a H&M account or are a H&M Club member we will also process your personal data submitted in relation to the account or membership such as

* account or membership ID
* shopping history

Who has access to your personal data?
Your personal data that is forwarded to third parties, is only used to provide you with the services mentioned above, companies to validate your address, communication agencies to send you order confirmation, warehouse and distribution suppliers in connection with the delivery of your order. Payment service providers for your payment. Credit reference agencies for identity and credit checks and debt collection agencies.

Please be aware that many of these recipient companies have an independent right or obligation to process your personal data.

What is the legal ground to process your personal data?
The processing of your personal data is necessary for H&M to fulfil the service of manage and deliver the order to you.

How long do we save your data?
We will keep your data as long as you are an active customer.

For customers with an account or Club membership we will keep your personal data for 36 months after your latest purchase.

For customers with a guest checkout we will keep your personal data for 6 months after your latest purchase.

Automated decision making:
When you apply for credit as a method of payment we will perform an automated decision-making regarding your credit application. You have the right to to express your point of view and to contest the decision with a member of staff.
Why do we use your personal data?
We will use your personal data to send you marketing offers, information surveys and invitations through e-mails, text messages, phone calls and postal mail.

In order to optimize your experience of H&M we will provide you with relevant information, recommend products, send you reminders of products left in your shopping bag and send you personalized offers. All these great services are based on your previous purchases, what you have clicked on and information you have submitted to us.

What types of personal data do we process?
We will process following categories of personal data

* contact information such as e-mail address, telephone number and postal code
* if you want updates for kids (if you choose to provide that to us)
* gender (if you choose to provide that to us)
* what products and offers you have clicked on

If you have a H&M account or are a H&M Club member we will also process your personal data submitted in relation to the account and membership such as

* name
* address
* age
* shopping history
* how you navigated and clicked on the site

Who has access to your personal data?
Data that is forwarded to third parties is only used to provide you with the service mentioned above, to media agencies and technical suppliers for distribution of physical and digital direct marketing.

We never pass on, sell or swap your data for marketing purposes to third parties outside the H&M group.

What is the legal ground to process your personal data?
The processing of your personal data is based on your consent when you agree to direct marketing. Except for postal marketing, including catalogues, that will be sent to you based on our legitimate interest.

Your right to withdraw your consent:
You have the right to withdraw your consent for the processing of your personal data at any time and object to direct marketing.

When you do so H&M won't be able to send you any further direct marketing offers or information based on your consent.

You can opt out from direct marketing by the following means:

* following the instruction in each marketing post
* by editing the settings of your H&M account
* contacting customer service at info@hm.com

How long do we save your data?
We will keep your data for direct marketing until you withdraw your consent.

For e-mail marketing we will consider you an inactive customer if you haven't opened an e-mail for within the last year.

After this time period your personal data will be deleted.
Why do we use your personal data?
We will use your personal data to create and manage your personal account in order to give you a personalized and relevant experience at H&M.

We will provide you with your order history and details around your orders and enable you to handle your account settings (including marketing preferences). We will also provide you with easy ways to maintain accurate and updated information such as contact details and payment information. Further we will enable you to save items in your shopping bag, offer you size recommendations and enable you to rate and review the products you've purchased from us.

In order to provide you with relevant product recomendations H&M will process your navigation and browsing on our digtal platforms (including website and app), your shopping history and product reviews as well as the data you submitted to us through your account.

What types of personal data do we collect?
We will always process your e-mail address and password that you submit to us when you sign up for H&M account.

We will process following categories of personal data if you choose to provide it to us:

* contact information such as name, address, telephone number
* date of birth
* gender
* country
* account settings
* encrypted payment card information

We will process the following categories of personal data if you make a purchase
* order history
* delivery information
* payment history

We will also process the following categories of personal data connected to your cookies

* click history
* navigation and browsing history

Who has access to your personal data?
Data that is forwarded to third parties, is only used to provide you with the services mentioned above, to optimize the website we use website agencies and analysis tools for product rating.

What is the legal ground to process your personal data?
The processing of your personal data to for your account is based on your consent when you create your H&M account.

The processing of your personal data to provide you with relevant product information is based on our legitimate interest.

How long do we keep your data?
We will keep your data for as long as you have an active H&M account.

You have the right to terminate your account at any time. If you choose to do so your account will cease to exist and you are being considered inactive. We will keep your personal data in there are any legal requirements and if there is an open dispute.

We will consider you an inactive account owner if you haven't

*opened an e-mail within 1 year,
*not placed any orders within 3 years or
*not logged in within 2 years
*made any club activites within 3 years

After your account has been terminated your data will be deleted.

Your right to object to processing of your data:
You have the right to object to processing of your personal data that is based on H&M:s legitimate interest by contacting info@hm.com. Your account will then be deleted and we will not be able to carry out our services to you.

Why do we use your personal data?
We will use your personal data to manage your queries, to handle complaints and warranty matters for products and technical support matters through e-mail, our chat function, telephone and through social media.

We may also contact you if there is a problem with your order.

What types of personal data do we process?
We will process any data you provide to us, including the following categories

* contact information such as name, address, e-mail address and telephone number
* birth date
* payment information and payment history
* credit information
* order information
* account or member number
* all correspondance in the matter

Who has access to your personal data?
Data that is forwarded to third parties, is only used to provide you with the services mentioned above, to customer service agency for the Asian region.

What is the legal ground to process your personal data?
The processing of your personal data is based on H&M legitimate interest.

How long do we keep your data?
We will keep your data for 100 days for telephone and e-mails logs and correspondence for 12 months for case management.

For in store complaints your personal data will be saved for 2 years, except for the US where it is saved for 5 years.

Your right to object to processing based on legitimate interest:
You have the right to object to processing of your personal data that is based on H&M legitimite interest. H&M will not continue to process the personal data unless we can demostrate a legitimate ground for the process which overrides your interest and rights or due to legal claims.
Why do we use our data?
We will process your data when you enter our competitions online. Your personal data will be used for H&M to contact contestants regarding the competition, before and after an event, to identity contestants, verify the age of contestants, to contact winners, deliver and follow up on prize deliveries.

What types of personal data do we process?
We will process following categories of personal data

* contact information such as name, address, e-mail address and telephone number
* age
* information submitted in the contest

Who has access to your personal data?
Data that is forwarded to third parties, is only used to provide you with the services mentioned above, to shipping suppliers for delivery of prizes.

What is the legal ground to process your personal data?
The processing of your personal data is based on your consent when you choose to enter a competition.

Your right to withdraw your consent:
You have the right to withdraw your consent for the processing of your personal data at any time. When you do so H&M will not be able to provide you with the services mentioned above.

How long do we save your data?
We will keep your personal data for 45 days after the competition has ended.
A cookie is a small text file that is saved to, and, during subsequent visits, retrieved from your computer or mobile device. If you use our services, we will assume that you agree to the use of such cookie.

How do we use cookies?
We use permanent cookies to store your choice of start page and to store your details if you select "Remember me" when you log in.

We will use cookies to save your favourite products.

We use session cookies for example when you use the product filtration function, to check whether you are logged in or if you put an item in your shopping bag.

We use both first- and third-party cookies to collect statistics and user data in aggregate and individual form in analysis tools to optimize our site and to present you with relevant marketing material.

Some third-party cookies are set by services that appear on our pages and are not in our control. They are set by social media providers such as Twitter, Facebook and Vimeo and relate to the ability of users to share content on this site, as indicated by their respective icon.

We also use third-party cookies which performs cross-site tracking in order for us to give you marketing in other sites/channels.

What types of personal data do we process?
We will only connect your cookie ID to your personal data submitted and gathered in relation to your account or club membership, if you are logged in to your account or the H&M Club.

Who has access to your personal data?
Data that is forwarded to third parties, is only used to provide you with the services mentioned above, analysis tool in order to collect statistics to optimize our site and present you with relevant material.

What is the legal ground to process your personal data?
We will only connect your cookies to your personal data if you are logged in to H&M account or the H&M Club.

If you are logged in to your account the legal ground based on our legitimate interest.

If you are logged in to H&M Club the legal ground is fulfilment of the H&M Club terms and conditions.

How long do we save your data?
H&M does not save your personal data. You can easily erase cookies from your computer or mobile device using your browser. For instructions on how to handle and delete cookies please look under "Help" in your browser. You can choose to disable cookies, or to receive a notification each time a new cookie is sent to your computer or mobile device. Please note that if you choose to disable cookies, you will not be able to take advantage of all our features.

20/4/2018