Privacy Notice
General
Customer commitment to data protection and privacy
Protecting personal data and your privacy is of greatest concern for the H&M Group. In this Privacy Notice we want to give a clear, consise, and transparent communication on the collection, use, processing, storing etc. of personal data relating to customers of the H&M Group.
The H&M Group consists of company affiliates of H & M Hennes & Mauritz AB and its brands; H&M, COS, Weekday, Monki, H&M HOME, & Other Stories, Arket and Afound.
Within the meaning of this Privacy Notice “customer of H&M Group” means a former, current and potential customer or user of a product or service offered by an H&M Group affiliate and brand, a visitor to one of our official websites or stores.
Principles
H&M manifests its commitment to your right to privacy and data protection by embracing the following principles.
H&M uses personal data lawfully, fairly, correctly and in a transparent manner.
H&M collects no more personal data than necessary, and only for a legitimate purpose.
H&M retains no more data than necessary or for a longer period than needed.
H&M protects personal data with appropriate security measures.
Why do we process your data?
We use and process your personal data in connection with you for example, buying our products in store, visiting our website or contacting customer service. Examples of personal data are full name, address, e-mail address, telephone number, social security number, payment information, purchase, order and usage history, IP address and other case-related information (eg information that you provide when contacting our customer service).
Under each specific section of this Privacy Notice you will be informed of the purpose for each relevant processing of information.
Who is responsible for processing your personal data?
The H&M [Group Affiliate] is primary responsible for the processing of personal data within the scope of this Privacy Notice.
Under each specific section of this Privacy Notice you will be informed when instead the Swedish company, H & M Hennes & Mauritz GBC AB is responsible for processing your personal data, the allocation of responsibilities and the modalities for the execution of rights.
Identity of H&M Group controller(s):
You’ll find the information for local markets under Customer Service: Privacy Notice Contact.
H&M Hennes & Mauritz GBC AB (when applicable)
Address: Mäster Samuelsgatan 46
ZIP: 106 38 Stockholm
Sweden
Companies register: Bolagsverket/Swedish Companies Registration Office
Authorised representative: Helena Helmersson
VAT registration number: VAT NO. SE556070171501
The named H&M Group controller(s) above are throughout this Privacy Notice individually or collectively referred to as “H&M”, “we” or “us”.
Under certain circumstances the responsibility for data protection and your privacy is shared with third parties, such as banking and financial institutes, postal services or electronic comunication providers. More information can be found under each specific section of this Privacy Notice.
Where do we process your data?
The personal data that we collected from you is generally stored within a country of the European Union or the European Economic Area (“EU/EEA”) but may also, whenever necessary, be transferred to and processed in a country outside of the EU/EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws and without undermining your statutory rights.
From time to time we may transfer personal data from the EU/EEA to a third country not being approved by European commission as a safe country for such transfer (adequacy decision). Whenever applicable H&M will use Standard Contractual Clauses to ensure a similar level of protection as granted within the EU/EEA or other lawful grounds for transfer.
Who has access to your data?
Your personal data is available and accessible only by those who need the data to accomplish the intended processing purpose. To the extent necessary, your personal data may be shared between the companies and brands whitin the H&M Group, with suppliers and sub-contractors (processors and sub-processors) carrying out certain tasks on H&M’s behalf and with independent third-parties.
In addition, we may also disclose personal data to third parties, if we have reason to believe that using or disclosing such information is necessary or advisable to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, including the prevention of fraud.
We reserve the right to transfer any personal data we have about you in the event that we merge with or are acquired by a third party, undergo another business transaction such as a reorganization, or should any such transaction be proposed.
What is the legal ground for processing?
H&M is not allowed to collect, process, use, store etc. personal data without a valid legal ground. Lawfulness may be derived from your consent, by contract, statutory obligations or from our legitimate interest as a business. For each every specific process purpose of processing of personal data we collect from you, we will inform you about which legal ground that will apply, and what rights you are entitled to exercise, whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.
What are your rights?
Right to access:
You have the right to request information about the personal data we hold on you at any time. You can contact H&M and we will provide you with your personal data via e-mail.
Right to portability:
Whenever H&M processes your personal data, by automated means based on your consent or based on an agreement, you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.
Right to rectification:
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
Right to erasure:
You have the right to erase any personal data processed by H&M at any time except for the following situations:
*you have an ongoing matter with Customer Service
*you have an open order which has not yet been shipped or partially shipped
*you have an unsettled debt with H&M, regardless of the payment method
*if you are suspected or have misused our services within the last four years
*your debt has been sold to a third party within the last three years or one year for deceased customers
*your credit application has been rejected within the last three months
*if you have made any purchase, we will keep your personal data in connection to your transaction for book-keeping purposes
Right to object to processing based on legitimate interest:
You have the right to object to processing of your personal data that is based on H&M’s legitimate interest. H&M will not continue to process the personal data unless we can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.
Right to restriction:
You have the right to request that H&M restricts the process of your personal data under the following circumstances:
* if you object to a processing based on H&M’s legitimate interest, H&M shall restrict all processing of such data pending the verification of the legitimate interest.
* if you have claim that your personal data is incorrect, H&M must restrict all processing of such data pending the verification of the accuracy of the personal data.
* if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data
* if H&M no longer needs the personal data but it is required by you to defend legal claims.
How do you exercise your rights?
We take data protection very seriously and therefore we have dedicated customer service personnel to handle your requests in relation to your rights stated above. You’ll find the information for local markets under Customer Service: Privacy Notice Contact.
Data Protection Officer:
We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You’ll find the information for local markets under Customer Service: Privacy Notice Contact.
Right to complain with a supervisory authority:
If you have complaints about the way H&M Group processes and protects your personal data and privacy you have the right, at any time, to make a complaint to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) or any other competent a supervisory authority in the country of residence.
Updates to our Privacy Notice:
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice.
In-store shopping
In-store shopping
Why do we use your personal data?
We use your personal data to be able to process your purchase and payment transactions and to manage your claims, returns and refunds in a secure and effective manner.
Payment data collected for the purpose above will also be used, under certain conditions and limitations, business development and analytics purpose and to detect fraud and thefts in connection with sales and to comply with applicable laws.
We offer WiFi access service in many of our stores for your convenience and for analytics purpose. You can find more information in the specific WiFi in store Privacy Notice.
In many of our stores we use cameras to detect and prevent thefts, fraud and enhance the security and safety of our visitors and staff.
How do we use your personal data?
The personal data we obtained from you when making a purchase will be used only to the extent necessary for completing the purchase.
Whenever you make a payment, return a product or sign up for a financial service we use your personal data to verify your identity and your capacity to enter into a contract, that financial information you provide us is accurate, check creditworthiness, conduct fraud checks or prevent other illegal activity.
Who has access to your personal data?
We share your personal data within the H&M Group whenever necessary to fulfil the intended purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as order fulfillment and payment processing. H&M is always fully responsible for its suppliers.
We may from time to time also share personal data with independent third parties, such as electronic communication providers, banks and postal services. Please be aware that many of these recipients have an independent right or obligation to process your personal data in their own rights.
Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.
What is the legal ground to process your personal data?
When making products and services available to you H&M will process your personal data necessary for concluding a contract with you and to fulfil any obligations derived from that contract, whether the contract refers to a purchase transaction, or the use of other services provided by us or by third parties.
How long do we keep your personal data?
We will keep and process your personal data no more than necessary for us to perform our contractual obligations.
However, we may continue to use and store your data for additional purposes.
Purchase order data will also be used for the purpose of Development and Improvement of products, services and supply chains.
Purchase order data will also be used for the purpose of Security and Safety by fraud detection and loss prevention.
We will keep images from our monitoring cameras for a maximum period of 30 days, unless we are obliged by law or public authority to keep and/or process data for a longer period.
In addition to the above, for the purpose of Compliance with Laws, we are compelled to continue to save and sometimes use your purchase order data to abide with applicable tax and accounting legislation and to protect consumer rights.
You can read more about why and how the H&M Group re-use personal data under each section of this Privacy Notice.
Automated credit assessments
Payment credit applications are usually processed automatically whereby decisions are made by computer algorithms and not humans. In case your credit application has been assessed by an computer algorithm and been denied you have the right to to express your point of view and to contest the decision.
Ads & Promotions
Ads and Promotions
We will use your personal data to generate and distribute ads, promotions and other direct marketing communication to you in your preferred channels, such as electronic mail, postal mail or by other means available in your market.
How do we use your personal data?
We only use personal data obtained directly from you, when engaging with us in available sales and marketing channels. H&M also use cookies and other technologies to track your browsing, clicking, and searching on websites. Read more about web site tracking in Cookies section of this Privacy Notice.
We will never retreive, use, and store personal data from data brokers or other external sources nor having access to such data for pursuing a marketing purpose unless we explicitly say so.
Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfil the intended processing purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks exclusively on our behalf, such as data analytics and marketing content creation. H&M is always fully responsible for its suppliers.
We may from time to time also share personal data with independent third parties, such as media agencies and electronic communication providers. Please be aware that many of these recipients have an independent right or obligation to process your personal data as controllers.
Except as explicitly stated herein, we never pass on, sell or swap your data with any third parties.
What is the legal ground to process your personal data?
We will only send you fashion newsletters through e-mail if you first have given us your consent.
For postal marketing we rely on our legitimate interest as a business.
How to exercise your rights
You have the right to exercise your rights agianst H&M to such personal data vested in H&M’s posession and control.
You can revoke your consent or opt out from further marketing communication by the following means:
* following the instruction in each marketing post
* by editing the settings of your H&M account
* configurate the privacy settings on your social media account or browser, or
* contact Customer Service
How long do we keep your data?
H&M will process your data no longer than necessary to provide you with ads, promotions and other direct marketing messages.
We will cease processing your data for marketing purpose once you have rejected further marketing communication from us. Thereafter your data will be permanently erased.
Customer Service
Customer Service
Who is responsible for processing your personal data?
H&M Hennes & Mauritz GBC AB is responsible for processing your personal data for customer service purposes as set below.
Why do we use your personal data?
We will use your personal data to give you service and support and to improve the overall experience of the service, through email, chat function, telephone and social media. In this context we will use your personal data to manage your questions, handle complaints and warranty matters and to provide technical support. We will also analyze data on an aggregated level to gain insights in customer preferences, expectations and trends etc.
We may also contact you through email, telephone, social media or any other means if there is a problem with your order or request your participation in a customer survey, which is however voluntary.
How do we use your personal data?
We will only use such personal data necessary for providing the service to you in a secure and efficient way. We will use the personal data you provide us with when you contact us, such as contact details, birth date and other necessary information. In order to resolve your case, we may also need to access and use transaction data such as order, payment and delivery information.
Occasionally, we may co-listen your calls and conversation. This will take place to support training and development of employees, seek opportunities to improve service, only upon suspicion of bad quality of service and for the purpose of technical troubleshooting.
Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfil the intended purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as externally operated call centers.
H&M is always fully responsible for its suppliers.
We may from time to time also share personal data with third parties, such as electronic communication providers, providers of messaging services, providers who support customer service contacts, and social media platforms for sending notifications or reaching out to you regarding a customer service matter. Please be aware that many of these third party recipients have an independent right or obligation to process your personal data in their own names.
When engaging with us on social media pages, such as Facebook and Instagram pages, all text messages and pictures are shared with us and the named platform provider. You do this according to the platform’s terms of use and privacy policy to which you have agreed when you signed-up as a user. H&M assumes no responsibility for the platform provider’s processing of your personal data.
Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.
What is the legal ground to process your personal data?
In order to provide you with the best possible Customer Service, we must collect and use your personal data. This is justified on our legitimate interest as a business.
Regardless of purpose, we will not record any telephone conversations without your consent.
How long do we keep your data?
We will keep your data for as long as we need to handle your case. We may continue to keep and use your data if we have outstanding obligations to you or by any other reasons are prevented from erasure.
Case logs are stored for a maximum period of one year after closure.
Your right to object to processing based on legitimate interest:
You have the right to object to the processing of your personal data that is based on H&M’s legitimate interest by contacting us. You’ll find the information for local markets under Customer Service: Privacy Notice Contact.
Competitions
Competitions
Why do we use your personal data?
We will process your data when you enter our competitions. Your personal data will be used for H&M to contact contestants regarding the competition, before and after an event, to identity contestants, verify the age of contestants, to contact winners, deliver and follow up on prize deliveries.
What types of personal data do we process?
We will process following categories of personal data
* contact information such as name, address, e-mail address and telephone number
* age
* information submitted in the contest
Who has access to your personal data?
Data that is forwarded to third parties, is only used to provide you with the services mentioned above, to shipping suppliers for delivery of prizes.
What is the legal ground to process your personal data?
The processing of your personal data is based on your consent when you choose to enter a competition.
Your right to withdraw your consent:
You have the right to withdraw your consent for the processing of your personal data at any time. When you do so H&M, will not be able to provide you with the services mentioned above.
How long do we save your data?
We will keep your personal data for 45 days after the competition has ended.
Development & Improvement
Development and Improvement
Who is responsible for processing your personal data?
H&M Hennes & Mauritz GBC AB is responsible and controller for processing your personal data for development and improvement purposes as set bleow.
Why do we use your personal data?
We always want to exceed the expectations of our customers and users. Only with the right offers and by providing the best user and shopping experience, we can stay relevant. For this reason, we may use your personal data to evaluate, develop and improve our products, services, systems and supply chains.
This includes analysis to make our services more user-friendly, such as modifying the user interface to simplify the flow of information or to highlight features that are commonly used by our customers in our digital channels and to improve IT systems in order to increase the security for our visitors and customers in general.
The analysis is also used to develop and constantly improve the logistics flow of goods by forecasting purchases, stocks and deliveries as well as our resource capacity from a sustainability point of view by streamlining purchasing and scheduling of deliveries.
In addition we use the data to be able to plan new establishments of stores and warehouses and improve our product range.
How do we use your personal data?
We will only use personal data for a development and improvement purpose if it is strictly necessary and cannot be achieve with less invasive means. This means that we will protect and secure your data to the extent reasonably possible, for example by appropriate pseudonymiszation and encryption techniques or by data anonymization.
In no event we analyse data on a level where your identity is traceable.
Any data used for the purpose of development and improvement of products, services and systems etc have been collected for different objectives. We may for example use your purchase data and contact information from the check-out to develop new features, functionality, performance and security of the ordering processing systems, and hence improving the overall shopping experience.
Notwithstanding the above, we may reach out to you to respond to enquieries and surveys. In such case, any personal data used and obtained from you will only be processed for the specific purpose described therin.
We may also use personal data received from web cookies, pixels, plug-in or other web tracing technologies for the same objectives.
To find out more about the use of such technology, please read the specific section on Cookies in this Privacy Notice.
Who has access to your personal data?
Only pseudonymised personal data may be shared within H&M Group whenever sharing is necessary to fulfil the intended processing objectives. For the same reason, personal data may be shared also with suppliers carrying out certain tasks on our behalf, such as external web-analytics companies to analyze online behavior, software development or externally hosted development tools. H&M is always fully responsible for its suppliers.
We will never use personal data to identify individuals. All analysis is carried out on an aggregated data level.
Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.
What is the legal ground to process your personal data?
The processing of your personal data for the purpose to develop and improve our services and products, is based on our legitimate interest as a business.
How long do we keep your personal data?
We will process your personal data no more than necessary for us to fulfill the purpose. Thereafter the data will be immediately erased for this type of use.
Your right to object to the processing of your data:
You have the right to object to the processing of your personal data that is based on H&M’s legitimate interest.
You’ll find the email adress for local markets under Customer Service: Privacy Notice Contact.
Compliance with Laws
Compliance with Laws
Why do we use your personal data?
In order to comply with certain legal obligations, we are compelled to process personal data on our customers.
Such obligations may vary from country to country stipulated in for example tax and accounting legislations or applicable consumer protection legislation.
How do we process your personal data?
We use your personal data to collect and verify accounting data to comply with our obligations. For this purpose we may keep your name, contact details, order history and other relevant transactional information.
Which categories of personal data we must process depends on its purpose and is generally stipulated by applicable laws.
Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfil the intended purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as provider of book-keeping systems or information storage.
We may from time to time also share personal data with independent third parties, such as external accountants, book-keeping service and competent public authorities. Please be aware that many of these third party recipients have an independent right or obligation to process your personal data in their own names.
Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.
What is the legal ground to process your personal data?
The processing of your personal data is necessary for H&M to fulfil its legal obligations of the country of operation.
How long do we keep your personal data?
The data retention time will vary depending on the purpose, context and specific legal requirements in your country.
Security & Safety
Security and Safety
Why do we use your personal data?
In order to protect our customers, users, visitors, assets and business against violence, fraud, theft, misuse and other malicious activities, H&M has put in place a range of different security and safety measures. Some of these measures will require collection and processing of personal data.
How do we use your data?
How we process your data and what personal data we use differs from application and field of use. We may for instance use your payment data and shopping behaviour to detect online loss or fraud.
We may use personal data received from web cookies, pixels, plug-in or other web tracing technologies for the same objectives.
You can read more about Cookies in the specific section of this Privacy Notice.
Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfil the intended purpose.
We may share your personal data also with third parties for security and safety purposes. For example, we will share your data with companies that help us detect and prevent potential fraud and thefts.
We may share relevant information with insurance companies for claim handling and to law enforcement agencies in so far as we are compelled to do so by legal obligation.
Such thrid party recipients have an independent right and/or duty to process your personal data in their own interest or by a legal obligation.
What is the legal ground to process your personal data?
Unless there is a specific legal obligation, the processing of your personal data for security and safety purposes is based on our legitimate interest as a business.
How long do we use and keep your personal data?
We will keep your personal data no more than necessary for each purpose.
Your right to object to the processing of your data:
You have the right to object to the processing of your personal data that is based on H&M’s legitimate interest.
You’ll find the email adress for local markets under Customer Service: Privacy Notice Contact.
Customer Generated Content
Customer Generated Content
Why do we use your personal data?
We want to share and inspire you and others about different ways of wearing our products and to give you the chance to show the world your cool style.
H&MxMe is a service created for you and your audience and a platform for customer engaged marketing.
How do we use your personal data?
Photos and/or videos of yourself are regarded as personal data. Such personal data will be published on our official website, and/or on our social media pages and other promotional channels. To be able to do this we need your photo and/or video and in return we will link your photo to your Instagram account.
Who has access to your personal data?
We may share your personal data within the H&M Group whenever necessary to fulfil the intended processing purpose. For the same reason, personal data is also shared with suppliers carrying out certain tasks on our behalf, such as IT, data analytics and media agencies. H&M is always fully responsible for its suppliers.
Please note, by hash-tagging your picture or video clip you voluntarily share the content and other personal data with Instagram or other social media platforms. This relationship is outside of H&M’s control and a matter between you and the social media service provider.
Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.
What is the legal ground to process your personal data?
We will collect, use and share your username, photos and/or videos to the extent necessary for us to perform the service and meet your expectations when using HMxME and other user generated content services. The legal basis for processing your personal data is our legitimate interest as a business.
How long do we keep your data?
We will keep your username and generated content for 24 months from the date of posting.
If you want to remove Photos or Moving Content, please visit the Photo or the Moving Content where its placed on hm.com and press “report photo” or contact customer service.
Cookies
Cookies
Why do we use cookies?
The H&M Group uses cookies and other tracking technologies to give you the full functionality of the website, to customize your user experience, perform analytics and deliver personalized advertising on our websites, apps and newsletters across internet and via social media platforms.
Who is responsible for cookies?
H & M Hennes & Mauritz GBC AB and the named publisher are both responsible for setting cookies on your device when you access any of our official websites and for the access and collection of data from the same device.
What is a cookie?
A “cookie” is a small text file that is downloaded onto your device such as computer or smartphone when you access our websites.
We use cookies and other similar technologies in order to make our website work efficiently and secure and to improve perosnalised user experience.
When referring to cookies we include:
first- and third party cookies,
tracking pixels and plug-ins, including technologies those from third party publishers,
other tracing technologies.
All cookies have a publisher which tells you who the cookie belongs to. The publisher is the owner of the domain specified in the cookie. Whenever you visit our website, we place cookies onto your device for different reasons. Such cookies are called “first-party” cookies, whereas cookies set by a third-party company, such as a social media platforms or ad network/ad tech providers, are called “third party” cookies.
Below you will find more detailed information about our cookies and the reason for using them.
How to withdraw your cookie consent?
You can at anytime disable your non-essential cookie by withdrawing your consent. You manage your cookie consents in Cookie Settings at the bottom of this website.
In addition to your consent withdrawal, you can easily stop your browser from accepting cookies by configuring your browser’s cookie settings.
All commercial web browsers are featured with cookie management functionality.
Please check your web browser to find out more how to delete or disable cookies etc.
If you choose to disable cookies, you may face limitation on functionality and a deteriorated user experience.