Legal & Privacy
The Swedish parent company, H & M Hennes & Mauritz AB ( “H&M”), is the Controller of the personal data you disclose to us and therefore responsible for your personal data under the Swedish Data Protection Act (1998:204) and EU Directive 95/46/EC. The British company H&M Hennes Ltd is the personal data processor and processes the personal data on behalf of the parent company. Your personal data is stored in EU and might be disclosed to our subsidiaries within the H&M group. This means that your data, in a few cases, can be processed outside the EEA-area. In any event of transfer of your personal data to a Country outside the EEA-area, the involved H&M subsidiary will guarantee the application of the standard contractual clauses regarding data privacy process approved by the EU.
How do we use your personal data?
In providing your personal details, you consent to us using the data collected in order to meet our commitments to you and to provide you with the service you expect. We need your data for the following purposes:
- To create your personal account at H&M (e.g. your name and email address)
- To process your orders via our online services (e.g. your name, address, date of birth and bank details)
- To send text message notifications of delivery status (e.g. your mobile phone number)
- To send you marketing offers such as newsletters and catalogues (e.g. your email address, your name and your postal address)
- To contact you in the event of any problems with the delivery of your items (e.g. telephone number, address)
- To answer your queries and to inform you of new or changed services (e.g. your email address)
- To notify the winners in competitions arranged online (e.g. your email address, name, home address and telephone number)
- To manage your account by carrying out credit checks (e.g. name, address, date of birth)
- To analyse your personal data to provide you with relevant marketing offers and information (e.g. name, buying habits)
- To validate that you are of legal age for shopping online (e.g. date of birth)
We will only keep your data for as long as necessary to carry out our services to you or for as long as we are required by law. After this your personal data will be deleted. We cannot remove your data when there is a legal storage requirement, such as book-keeping rules or when there are other legal grounds to keep the data, such as an ongoing contractual relationship.
Find out more about Data protection regarding Credit Reference and Fraud Prevention Agencies
Your rights under the Data Protection Act 1998 will not be affected.
What are your rights?
You have the right to request information about the personal data we hold on you. If your data is incorrect, incomplete or irrelevant, you can ask to have the information corrected or removed. Annually, you have the right to request written documentation on the personal information we have about you in our account files. To request this document please write to H&M Customer service. You can withdraw your consent to us using the data for marketing purposes (i.e. sending catalogues, newsletters or offers) at any time. You can contact us either by sending a letter to H&M Customer Service, PO Box 24005, Edinburgh, EH1 9AG or by sending an email to email@example.com.
Who has access to the data?
We never pass on, sell or swap your data to third parties for marketing purposes outside the H&M Group. Data that is forwarded to third parties, for example shipping agents in connection with the delivery of goods, is only used to meet H&M’s commitments to you. H&M may also supply your personal details to organisations such as credit reference or debt collection agencies for the purpose of credit rating checks, identity checks and debt collection.
How do we protect your data?
We have taken technical and organisational measures to protect your data from loss, manipulation, unauthorised access, etc. We continually adapt our security measures in line with technological progress and developments. At H&M we protect your data using encryption. Secure Sockets Layer (SSL) is a function that encrypts all information sent between buyer and seller.
To make card purchases with us as secure as possible, all information is sent in encrypted form using SSL. This means that the information is passed through a secure connection and that your card details cannot be read by external parties.
For card purchases we work with an authorised payment agent that helps us to check directly with your bank that the card is valid for purchases. Our payment agent processes your card details in the correct way according to the international security standard PCI DSS, which was developed by the card companies VISA, MasterCard, Diners, American Express and JCB. This means that your card details are processed with a very high level of security.
When you pay by card, we reserve the right to carry out an identity check.
We take responsibility for all the personal data that we receive during recruitment or in competitions. These details are processed within the country organisation where you submit your application, while the data is stored in the Netherlands. Your country organisation is also the party responsible for your personal data under the data protection act of that specific jurisdiction. If you have any questions regarding your application and your personal details, please find contact information for your country’s H&M organisation under “Contact Us”.
If you submit an application to us, you allow us to process your personal data as part of our recruitment process. We only keep your details with your consent. It is H&M’s policy not to ask job applicants for sensitive information online. Do not therefore give us any sensitive information (e.g. race, ethnicity, political views, religion or membership of a trade union). We will try to respond to your job application as quickly as possible.
Please note that if you choose to disable cookies, you will not be able to take advantage of all our features.
We use third-party cookies to collect statistics in aggregate form in analysis tools such as Google Analytics and Core Metrics. The cookies used are both permanent and temporary cookies (session cookies). The permanent cookies are stored on your computer or mobile device for no longer than 24 months.
Hm.com and the H&M app may include links to other websites which do not fall under our supervision. We cannot accept any responsibility for the protection of privacy or the content of these websites, but we offer these links to make it easier for our visitors to find more information about specific subjects.
The content of this site is copyright-protected and is the property of H & M Hennes & Mauritz AB.
Controller of personal data
H & M Hennes & Mauritz AB
Mäster Samuelsgatan 46
106 38 Stockholm
Telephone: +46 (0)8 796 55 00
Fax: +46 (0)8 24 80 78
Companies register: Bolagsverket/Swedish Companies Registration Office
Company registration number: 556042-7220
Authorised representative: Karl-Johan Persson
VAT registration number: VAT NO. SE556042722001