Legal & Privacy

Privacy Notice

 

Data privacy is of high importance for H&M and we want to be open and transparent with our processing of your personal data. We therefore have a policy setting out how your personal data will be processed and protected.

Who is the controller of your personal data?

The Swedish company, H & M Hennes & Mauritz GBC AB (“H&M”), is the controller of the personal data you submit to us and responsible for your personal data under applicable data protection law.

H & M Hennes & Mauritz GBC AB
Mäster Samuelsgatan 46
106 38 Stockholm
Sweden
Telephone +46 (0)8 796 55 00
Fax +46 (0)8 24 80 78
Companies register: Bolagsverket/Swedish Companies Registration Office
Company registration number: 556042-7220
Authorised representative: Karl-Johan Persson
VAT registration number: VAT NO. SE556042722001

Where do we store your data?

The data that we collect from you is stored within the European Economic Area (“EEA”) but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws. For transfers outside the EEA, H&M will use Standard Contractual Clauses and Privacy Shield as safeguards for countries without adequacy decision from the European Commission.

Who access your data?

Your data may be shared within the H&M group (for details on the companies within the H&M group, please refer to our annual report which may be found at about.hm.com). The local H&M company will only act as the personal data processor and processes the personal data on behalf of the Swedish company. We never pass on, sell or swap your data for marketing purposes to third parties outside the H&M group. Data that is forwarded to third parties, is only used to provide you with our services. You will find what categories of third parties under every specific process below.

What is the legal ground for processing?

For every specific processing of personal data we collect from you we will inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.

What are your rights?

Right to access:

You have the right to request information about the personal data we hold on you at any time. You can contact H&M that will provide you with your personal data via e-mail.

Right to portability:

Whenever H&M process your personal data by automated means based on your consent or based on an agreement you have the right to get a copy of your data in a structured, commonly used and machine-readable format transferred to you or to another party. This only includes the personal data you have submitted to us.

Right to rectification:

You have the right to request rectification of your personal data if they are incorrect, including the right to have incomplete personal data completed. If you have a H&M account or Club membership you can edit your personal data under your account and membership pages.

Right to erasure:

You have the right to erase any personal data processed by H&M at any time except for the following situations:

  • you have an ongoing matter with Customer Service.
  • you have an open order which has not yet been shipped or partially shipped
  • you have an unsettled debt with H&M, regardless of the payment method
  • if you are suspected or have misused our services within the last four years
  • your debt has been sold to a third party within the last three years or one year for deceased customers
  • your credit application has been rejected within the last three months
  • if you have made any purchase, we will keep your personal data in connection to your transaction for bookkeeping rules

Your right to object to processing based on legitimate interest:

You have the right to object to processing of your personal data that is based on H&M's legitimate interest. H&M will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims.

Your right to object to direct marketing:

You have the right to object to direct marketing, including profiling analysis made for direct marketing purposes. You can opt out from direct marketing by the following means:

  • following the instruction in each marketing mails
  • by editing the settings of your H&M account

Right to restriction:

You have the right to request that H&M restricts the process of your personal data under the following circumstances:

  • if you object to a processing based on H&M's legitimate interest, H&M shall restrict all processing of such data pending the verification of the legitimate interest.
  • if you claim that your personal data is incorrect, H&M must restrict all processing of such data pending the verification of the accuracy of the personal data.
  • if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead
  • if H&M no longer needs the personal data but it is required for you to make of defending legal claims.

How can you exercise your rights?

We take data protection very seriously and therefore we have dedicated customer service personnel who handles your requests in relation to your rights stated above. You can always reach them at info.au@hm.com.

Data Protection Officer:

We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer at info.au@hm.com and write DPO as subject matter.

Right to complain with a supervisory Authority:

If you consider H&M to process your personal data in a incorrect way you can contact us. You also have the right to turn in a complaint to a supervisory authority.

Updates to our Privacy Notice:

We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the Controller or your rights.

 

Online Purchase

Why do we use your personal data?

We will use your personal data to manage your purchase online at H&M by processing your orders and returns via our online services and send you notifications of delivery statuses. We will use your personal data to manage your payments. We will also use your data to handle complaints and warranty matters for products. Your personal data will be used for identification, to validate your legal age for shopping online and to confirm your address with external partners. We want to offer you different payment methods and will carry out an analysis to find out which payment methods are available to you. This analysis includes your payment history and credit checks.

What types of personal data do we process?

We will process the following categories of personal data:

  • contact information such as name, address, email address and telephone number
  • payment information and payment history
  • credit information
  • order information

If you have an H&M account or are an H&M Club member, we will also process your personal data submitted in relation to the account or membership such as:

  • account or membership ID
  • shopping history

Who has access to your personal data?

Your personal data that is forwarded to third parties is only used to provide you with the services mentioned above: companies to validate your address, communication agencies to send you order confirmation, warehouse and distribution suppliers in connection with the delivery of your order, payment service providers for your payment, credit reference agencies for identity and credit checks and debt collection agencies. Please be aware that many of these recipient companies have an independent right or obligation to process your personal data.

What is the legal ground to process your personal data?

The processing of your personal data is necessary for H&M to fulfill the service of managing and delivering the order to you.

How long do we save your data?

We will keep your data as long as you are an active customer.

Automated decision making:

When you apply for credit as a method of payment we will perform an automated decision-making regarding your credit application. You have the right to to express your point of view and to contest the decision with a member of staff.

 

Direct Marketing

Why do we use your personal data?

We will use your personal data to send you marketing offers, information surveys and invitations through emails, text messages, phone calls and mail. In order to optimize your experience at H&M, we will provide you with relevant information, recommend products, send you reminders of products left in your shopping bag and send you personalized offers. All these great services are based on your previous purchases, what you have clicked on and the information you have submitted to us.

What types of personal data do we process?

We will process the following categories of personal data:

  • contact information such as email address, telephone number and zip code
  • if you want updates for kids (if you choose to provide us with this information)
  • gender (if you choose to provide us with this information)
  • the products and offers you have clicked on

If you have an H&M account or are an H&M Club member, we will also process personal data submitted in relation to your account and membership such as:

  • name
  • address
  • age
  • shopping history
  • how you navigated and clicked on the site

Who has access to your personal data?

Data that is forwarded to third parties is only used to provide you with the service mentioned above: for distribution of physical and digital direct marketing by media agencies and technical suppliers. We never pass on, sell or swap your data for marketing purposes to/with third parties outside the H&M Group.

On what legal basis may we process personal data?

You consent to the processing of your personal data when you agree to receive direct marketing. The exception to this is marketing by mail, including catalogs, for which the processing is necessary for the purpose of our legitimate interests.

Your right to withdraw your consent:

You have the right to withdraw your consent for the processing of your personal data at any time and to opt out from direct marketing. Upon doing so, H&M will not be able to send you any more direct marketing offers or information based on your consent. You can opt out from direct marketing by the following means:

  • following the instructions in each marketing post
  • editing the settings of your H&M account

How long do we save your data?

We will keep your data for direct marketing until you withdraw your consent. For email marketing, we will consider you an inactive customer if you have not opened an email within the past year. After this period of time, your personal data will be deleted.

 

H&M Account

Why do we use your personal data?

We will use your personal data to create and manage your personal account in order to give you a personalized and relevant experience at H&M. We will provide you with your order history and details related to your orders and enable you to manage your account settings (including marketing preferences). We will also provide you with easy ways to maintain accurate and updated information, such as contact details and payment information. Furthermore, we will enable you to save items in your shopping bag, offer you size recommendations and enable you to rate and review the products you have purchased from us. In order to provide you with relevant product recommendations, H&M will process your navigation and browsing on our digital platforms (including website and app), your shopping history and product reviews as well as the data you submitted to us through your account.

What types of personal data do we collect?

We will always process your email address and password that you submit to us when you sign up for a H&M account. We will process the following categories of personal data if you choose to provide them to us:

  • contact information such as name, address, telephone number
  • date of birth
  • gender
  • country
  • account settings
  • encrypted payment card information

We will process the following categories of personal data if you make a purchase:

  • order history
  • delivery information
  • payment history

We will also process the following categories of personal data connected to your cookies:

  • click history
  • navigation and browsing history

Who has access to your personal data?

Data that is forwarded to third parties is only used to provide you with the services mentioned above: we use website agencies and analysis tools for product rating to optimize the website.

On what legal basis may we process personal data?

You consent to the processing of your personal data from your account when you create your H&M account. The processing of your personal data with the aim of providing you with relevant product information is based on our legitimate interests.

Your right to withdraw your consent:

You have the right to withdraw your consent for the processing of your personal data at any time. Upon doing so, your account will cease to exist and H&M will not be able to provide you with the services mentioned above.

How long do we save your data?

We will keep your data for as long as you have an active H&M account. You have the right to terminate your account at any time. If you choose to do so, your account will cease to exist and you will be considered inactive. We will keep your personal data if required to do so by law and if there is an open dispute. After your account has been terminated, your data will be deleted.

Your right to object to the processing of your data:

You have the right to object to the processing of your personal data that is based on H&M:s's legitimate interests by contacting info.au@hm.com. Your account will then be deleted and we will not be able to carry out our services to you.

 

H&M Club

Why do we use your personal data?

We will use your personal data to create and manage your Club membership and give you a personalized and relevant experience at H&M Club. We will register and manage your points based on your purchases and send you information regarding your points and rewards such as discounts and Club events. We will also use your personal data for invitations to events and competitions and H&M Club member discounts and additional services. We will provide you with your order history and details related to your orders and enable you to manage your account settings (including marketing preferences). We will also provide you with easy ways to maintain accurate and updated information, such as contact details and payment information. Furthermore, we will enable you to save items in your shopping bag and rate and review the products you have purchased from us. In order to provide you with relevant product recommendations, H&M Club will process your navigation and browsing on our digital platforms (including website and app), your shopping history and product reviews as well as the data you submitted to us through your account. If you have not opted out of direct marketing, we will use your personal data to send you marketing offers, information surveys and invitations through emails, text messages, phone calls and mail.

What types of personal data do we collect?

We will process the following categories of personal data that you submit to us when you sign up for H&M Club:

  • identification data such as email address and password
  • contact information such as name, zip code, email address
  • date of birth
  • gender
  • Club membership ID
  • telephone number (if you choose to provide us with it)
  • address (if you choose to provide us with it)
  • account settings
  • encrypted payment card information

We will process the following categories of personal data if you make a purchase:

  • order history
  • delivery information
  • payment history

We will also process the following categories of personal data connected to your cookies:

  • click history
  • navigation and browsing history

Who has access to your personal data?

Data that is forwarded to third parties is only used to provide you with the services mentioned above: event booking tools for event booking and website agencies to optimize the website, analysis tools and moderating and publishing agencies for product rating, and communication and marketing distribution suppliers to distribute marketing.

On what legal basis may we process personal data?

The processing of your personal data is necessary to fulfill the service of the H&M Club. Collecting your personal data to create and manage your H&M Club membership is a requirement if we are to fulfill our commitments according to the membership agreement. If you do not submit your personal data, we will not be able to provide you with the membership or the services of the H&M Club.

How long do we keep your data?

We will keep your data for as long as you have an active Club membership. You have the right to terminate your membership at any time. If you choose to do so, your membership will cease to exist. After your membership has been terminated, your data will be deleted. We will keep your personal data if required to do so by law and if there is an open dispute.

Your right to object to direct marketing:

You have the right to object to direct marketing, including the profiling analysis made for direct marketing purposes. If you object to direct marketing, we will stop processing your personal data for that purpose and stop sending you marketing material based on the H&M Club membership. If you have signed up for newsletters, you will still receive direct marketing that is based on your consent.

 

Customer Service

Why do we use your personal data?

We will use your personal data to manage your questions and handle complaints and warranty matters for products and technical support matters through email, our chat function, telephone and social media. We may also contact you if there is a problem with your order.

What types of personal data do we process?

We will process any data you provide us with, including the following categories:

  • contact information such as name, address, email address and telephone number
  • date of birth
  • payment information and payment history
  • credit information
  • order information
  • account or member number
  • all correspondence in a specific matter

Who has access to your personal data?

Data that is forwarded to third parties is only used to provide you with the services mentioned above: customer service agencies for the Asian region.

On what legal basis may we process personal data?

The processing of your personal data is based on H&M:s's legitimate interests.

How long do we keep your data?

We will keep your data for 100 days for telephone and email logs and correspondence and twelve months for case management. For in-store complaints, your personal data will be saved for two years, except for the US where it is saved for five years.

Your right to object to processing based on legitimate interests:

You have the right to object to the processing of your personal data that is based on H&M:s's legitimate interests. H&M will not continue to process your personal data unless we can demonstrate a legitimate basis for the process which overrides your interests and rights or due to legal claims.

 

Competition

Why do we use your personal data?

We will process your data when you enter our competitions. Your personal data will be used for H&M to contact contestants regarding the competition before and after an event, identify contestants, verify the age of contestants, contact winners, and deliver and follow up on prize deliveries.

What types of personal data do we process?

We will process the following categories of personal data:

  • contact information such as name, address, email address and telephone number
  • age
  • information submitted in the contest

Who has access to your personal data?

Data that is forwarded to third parties is only used to provide you with the services mentioned above: for delivery of prizes by shipping suppliers.

On what legal basis may we process personal data?

You consent to the processing of your personal data when you choose to enter a competition.

Your right to withdraw your consent:

You have the right to withdraw your consent for the processing of your personal data at any time. Upon doing so, H&M will not be able to provide you with the services mentioned above.

How long do we save your data?

We will keep your personal data for 45 days after the competition has ended.

 

Development and Improvement

Why do we use your personal data?

We will use data to evaluate, develop and improve our services, products and systems for all of our customers. For this purpose we will not analyse your data on an individual level, all processing will be done on pseudonymized data. This includes analysis to make our services more user-friendly, such as modifying the user interface to simplify the flow of information or to highlight features that are commonly used by our customers in our digital channels and to improve IT systems in order to increase the security for our visitors and customers in general. The analysis is also used to develop and constantly improve the logistics flow of goods by forecasting purchases, stocks and deliveries as well as our resource capacity from a sustainability point of view by streamlining purchasing and scheduling of deliveries. In addition we use the data to be able to plan new establishments of stores and warehouses and improve our product range.

What types of personal data do we process?

We will process following categories of personal data if you have chosen to provide it to us:

  • customer number
  • date of birth
  • gender
  • country
  • account settings

We will process the following categories of personal data if you have made a purchase:

  • order history
  • delivery information
  • payment history

We will also process the following categories of personal data connected to cookies:

  • click history
  • navigation and browsing history

Who has access to your personal data?

Data that is forwarded to third parties, is only used to provide you with the services mentioned above. We use web-analysis companies to analyse our customer online behaviour on a general level.

What is the legal ground to process your personal data?

The processing of your personal data, to develop and improve our services and products, is based on our legitimate interest.

How long do we save your data?

We will keep your data for as long as you have an active H&M account or Club membership. After your account or membership has been terminated your data will be deleted.

Your right to object to processing of your data:

You have the right to object to processing of your personal data that is based on H&M:s legitimate interest by contacting info.au@hm.com. Your account will then be deleted and we will not be able to carry out our services to you.

Fullfilment of legal obligations

Why do we use your personal data?

We will use your personal data to comply with obligations in laws, court rulings and decisions from authorites. This includes to use your personal data to collect and verify accounting data to comply with bookeeping rules.

What types of personal data do we process?

We will process following categories of personal data:

  • customer number
  • order number
  • name
  • postal address
  • transaction amount
  • transaction date

Who has access to your personal data?

Your data will be shared within the H&M group (for details on the companies within the H&M group, please refer to our annual report which may be found at about.hm.com). We will share your personal data with IT companies that provides bookeeping system solutions.

What is the legal ground to process your personal data?

The processing of your personal data is necessary for H&M to fulfil its legal obligation.

How long do we save your data?

We will save your data in compliance with the bookkeeping rules in your country.

 

Prevention of missuse and crime

Why do we use your personal data?

We will use your personal data for loss prevention management by seccuring that terms and conditions are being followed and to detect and prevent misuse of our services. We will also use your personal data by video surveliance, for security reasons to be able to follow up on incidents and to prevent and report criminal offences in our stores. Your personal data will be used to prevent and investigate abuse of our services online, losses and fraud, by analzing online shopping behavior.

What types of personal data do we process?

We will process following categories of personal data:

  • contact information such as name, address, telephone number and e-mail address
  • club membership ID
  • customer number
  • video footage
  • order history
  • delivery information
  • payment history

Who has access to your personal data?

Your personal data that is forwarded to third parties, is only used for purposes mentioned above. We will share your data with companies for exception based reporting. Incidents and fraud may be shared with insurance companies, legal authorities or local and global law enforcements to complete investigations. Please be aware that such recipients will have an independent right or obligation to process your personal data.

What is the legal ground to process your personal data?

The processing of your personal data to prevent misuse of our services is based on our legitimate interest.

How long do we save your data?

We will keep your data for the time we need to prevent and/or report potentional fraud and other offenses. Video footage will be saved in compliance with local legislation but maximum for 30 days.

Your right to object to processing of your data:

You have the right to object to processing of your personal data that is based on H&M:s legitimate interest by contacting info.au@hm.com. Your account will then be deleted and we will not be able to carry out our services to you.

 

 

Cookies

A cookie is a small text file that is saved on and, during subsequent visits, retrieved from your computer or mobile device. If you use our services, we will assume that you agree to the use of such cookies.

How do we use cookies?

We use permanent cookies to store your preferred homepage as well as your details if you selected "Remember me" when you logged in. We will use cookies to save your favorite products. We use session cookies, for example when you use the product filtration function, to check whether you are logged in or if you put an item in your shopping bag. We use both first- and third-party cookies to collect statistics and user data in aggregate and individual forms in analysis tools to optimize our site and present you with relevant marketing material. Some third-party cookies are set by services that appear on our pages and are not in our control. They are set by social media providers such as Twitter, Facebook and Vimeo and relate to the ability of users to share content on this site, as indicated by their respective icon. We also use third-party cookies, which perform cross-site tracking in order to offer you marketing in other sites/channels.

What types of personal data do we process?

We will only connect your cookie ID to your personal data submitted and gathered in relation to your account or club membership if you are logged in to your account or H&M Club.

Who has access to your personal data?

Data that is forwarded to third parties is only used to provide you with the services mentioned above: analysis tools to collect statistics to optimize our site and present you with relevant material.

On what legal basis may we process personal data?

We will only connect your cookies to your personal data if you are logged in to your H&M account or the H&M Club. If you are logged in to your account, the legal basis is our legitimate interests. If you are logged in to H&M Club, the legal basis is fulfilment of H&M Club terms and conditions.

How long do we save your data?

H&M does not save your personal data. You can easily erase cookies from your computer or mobile device through your browser. For instructions on how to handle and delete cookies, please look under "Help" in your browser. You can choose to disable cookies or receive a notification each time a new cookie is sent to your computer or mobile device. Please note that if you choose to disable cookies, you will not be able to take advantage of all our features.

23.05.2018