Privacy Policy

Who is the controller of your personal data?

The Swedish company, H & M Hennes & Mauritz GBC AB (“the H&M group”), is the controller and responsible for your personal data under applicable data protection law.

H & M Hennes & Mauritz GBC AB
Mäster Samuelsgatan 46
106 38 Stockholm
Sverige

Company registration number: 556023-1663
Authorised representative: Helena Helmersson
VAT registration number: VAT NO. SE556023166301

Where do we store your data?

The personal data that we collect from you is generally stored within a country of the European Union or the European Economic Area (“EU/EEA”) but may also, whenever necessary, be transferred to and processed in a country outside of the EU/EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws and without undermining your statutory rights.

From time to time we may transfer personal data from the EU/EEA to a third country not being approved by European commission as a safe country for such transfer (adequacy decision). Whenever applicable H&M will use Standard Contractual Clauses to ensure an equivalent level of protection as granted within the EU/EEA or other lawful grounds for transfer.

Who has access to your personal data?

Your personal data may be shared within the H&M group (for details on the companies within the H&M group, please refer to our annual report which may be found at about.hm.com). We never pass on, sell or swap your data for marketing purposes to third parties outside the H&M group.

The H&M group company will only act as the personal data processor and processes the personal data on behalf of the Swedish company.

Personal data that is forwarded to third parties, is only used to provide you with our services. You will find what categories of third parties there are under each specific process below.

What is the legal ground for processing?

For every specific processing of personal data we collect from you we will inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.

What are your rights?

Right to access:

You have the right to request information about the personal data we hold on you at any time. You can contact H&M Group that will provide you with your personal data via e-mail.

Right to portability:

Whenever H&M group process your personal data by automated means based on your consent or based on an agreement, you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.

Right to rectification:

You have the right to request rectification of your personal data if they are incorrect, including the right to have incomplete personal data completed

Right to erasure:

You have the right to erase any personal data processed by H&M Group at any time except for the following situations

  • for exercising the right of freedom of expression and information
  • to comply with a legal obligation
  • for the establishment, exercise or defense of legal claims

Your right to object to processing based on legitimate interest:

You have the right to object to processing of your personal data that is based on H&M Group’s legitimate interest. H&M Group will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims.

Your right to object to direct marketing:

You have the right to object to direct marketing, including profiling analysis made for direct marketing purposes. You can opt out from direct marketing by following the instruction in each marketing mail.

Right to restriction:

You have the right to request that H&M Group restricts the process of your personal data under the following circumstances:

  • if you object to a processing based on H&M group’s legitimate interest, H&M Group shall restrict all processing of such data pending the verification of the legitimate interest.
  • if you have claim that your personal data is incorrect, H&M Group must restrict all processing of such data pending the verification of the accuracy of the personal data.
  • if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data.
  • if H&M Group no longer needs the personal data but it is required for you to make or defend legal claims.

How can you exercise your rights?

We take data protection very seriously and therefore we have dedicated personnel to handle your requests in relation to your rights stated above. You can contact us at treadler@hm.com.

Data Protection Officer

We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer at  dataprotection.externalpartners@hm.com and write DPO as subject matter.

Right to complain with a supervisory authority:

If you consider the H&M group to process your personal data in an incorrect way you can contact us. You also have the right to turn in a complaint to a supervisory authority.

Updates to our Privacy Notice:

We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the Controller or your rights.

Media and communication

Why do we use your personal data?

We will use your personal data to send you newsletters through. We will also use your data to manage different types of events, including meetings and press conferences, we will process personal data of the invited people.

What types of personal data do we process?

We will process following categories of personal data

  • contact information such as name, e-mail address and telephone number
  • date of birth

What is the legal ground to process your personal data?

The processing of your personal data is based on your consent when you agree to direct marketing. The processing of your personal data for the following purposes are based on H&M Group’s legitimate interest:

  • manage press conferences and meetings
  • to manage send-outs (newsletter and invitations)
  • to manage requests
  • to manage events

How long do we keep your data?

We save your data if needed to fulfil the purpose for which it was collected to pursue our legitimate interests or until there is no longer any legal requirements or right for us to keep the data.

For the processing of personal data for the purposes based on consent we will keep the data until you withdraw your consent.

Your right to withdraw your consent

You have the right to withdraw your consent from the processing of your personal data at any time. When you do so we might not be able to provide you with the service based on the consent.

Your right to object to processing based on legitimate interest

You have the right to object to the processing of your personal data that is based on H&M’s legitimate interest. H&M group will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims.

Business Relations

Why do we use your personal data?

We will use your personal data to evaluate potential business partners and manage existing business relations including communication, procurement, contract signing and financial transactions.

We will process your personal data in order to achieve the purpose of the contract.

We will process your personal data in case of legal issues and disputes.

What types of personal data do we process?

We will process following categories of personal data:

  • contact details such as name, e-mail address and telephone number
  • work related information, such as company, department and work role

Who has access to your personal data?

Your personal data that is forwarded to third parties is only used for the purposes mentioned above.

We share your personal data with external advisors, IT service providers and other external service providers.

What is the legal ground to process your personal data?

The processing of your personal data for the following purposes are based on H&M Group’s legitimate interest:

  • to manage business relations
  • to provide business partners access to our systems
  • to manage legal requirements for financial trading
  • to manage legal issues and disputes

The processing of your personal data to achieve the purpose of the contract are necessary for fulfillment of contract.

The processing of your personal data for financial trading information is based on legal obligations.

How long do we save your data?

We will keep your data for follow up and to evaluate procurement and business partners, for the length of the agreement and time to preclude legal issues.

For legal disputes we will keep the data during the ongoing dispute and for a period of time after the dispute when the information is still relevant.

We will keep the data for financial trading information for 5 years in accordance to legal requirements.

To manage different types of events, including meetings and press conferences, we will process personal data of the invited persons. Certain events may be recorded and transcribed.

Cookies

Why do we use cookies?
The H&M Group uses cookies and other tracking technologies to give you the full functionality of the website, to customize your user experience, perform analytics and deliver personalized advertising on our websites, apps and newsletters across internet and via social media platforms.

Who is responsible for cookies?
H & M Hennes & Mauritz GBC AB and the named publisher are both responsible for setting cookies on your device when you access any of our official websites and for the access and collection of data from the same device.

What is a cookie?
A “cookie” is a small text file that is downloaded onto your device such as computer or smartphone when you access our websites.

We use cookies and other similar technologies in order to make our website work efficiently and secure and to improve the user experience.

When referring to cookies we include: first- and third party cookies,
tracking pixels and plug-ins, including technologies those from third party publishers,
other tracing technologies.

All cookies have a publisher which tells you who the cookie belongs to. The publisher is the owner of the domain specified in the cookie. Whenever you visit our website, we place cookies onto your device for different reasons. Such cookies are called “first-party” cookies, whereas cookies set by a third-party company, such as a social media platforms or ad network/ad tech providers, are called “third party” cookies.

Below you will find more detailed information about our cookies and the reason for using them.

How to withdraw your cookie consent?
You can at any time disable your non-essential cookies by withdrawing your consent. You manage your cookie consent at the bottom of this website.

In addition to your consent withdrawal, you can easily stop your browser from accepting cookies by configuring your browser’s cookie settings.

All commercial web browsers are featured with cookie management functionality.

Please check your web browser to find out more how to delete or disable cookies etc.

If you choose to disable cookies, you may face limitation on functionality and user experience.

What types of cookies do we use and why?

The cookies we set are grouped into for categories, each one reflecting a specific purpose:

Strictly necessary cookies 
Some cookies are strictly necessary for you to be able to experience the full functionality of our site and for us to deliver upon our promises. For example, these cookies allow you to use the website and log-in to your account as intended. Without these cookies, some parts of our site and services just won’t work as they should. We also use cookies to direct you to the right website based on geography and language and to detect and prevent security threats and malicious behavior.

Performance cookies
Performance cookies (analytics cookies) tell us about how you use the site and they help us to make it better. For example, these cookies count the number of visitors to our website and see how visitors move around when they are using it. This helps us to improve the way our site works, for example, by ensuring that users find what they are looking for easily.

 Functional cookies
Functional cookies allow our website to remember your preferences, helping you to customize your content on our website. This type of cookie enables us to highlight products and services we believe is of interest and relevance to you. This way we can remember you when you return to our site and to give you best possible user experience. We do not use these types of cookies.

 Marketing cookies
These cookies may be set through our site by our advertising partners to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but can identify your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Who has access to cookie information?
Information obtained from cookies is shared within the H&M Group to the extent necessary to fulfill its purpose. Information obtained from third party cookies is also available to the third party provider placing the cookie on our site. We will not share first-party cookie information with third parties nor sell swap or otherwise disclose such information with anyone outside the H&M Group.

How long are cookies stored in your browser or on your device?
Cookies can be stored for varying lengths of time on your browser or device.

Persistent cookies
Persistent cookies (permanent cookies) will be stored in one of your web browser’s subfolders until you delete them manually, either by consent withdrawal or by your changing your web browser settings. If you do nothing, placed cookies will be deleted from your browser when the duration period is expired. Their duration depends on the date of expiry written in them.

Session cookies
Session cookies are immediately deleted when you close your browser. When you restart your browser and go back to the site that created the cookie, the website will not recognize you.

Other tracing technologies
Information gathered through other tracing technologies such as tags and pixels may be saved for 24 months.