Privacy Notice External Partners

Our commitment to data protection and privacy 

Protecting personal data and your privacy is of greatest concern for the H&M Group.
The H&M Group consists of company affiliate of H & M Hennes & Mauritz AB and its brands; H&M, COS, Weekday, Monki, H&M HOME, & Other Stories, Arket and Afound.  

Principles 
The H&M Group manifests its commitment to privacy and data protection by embracing the following principles.

  • H&M uses personal data lawfully, fairly, correctly and in a transparent manner.
  • H&M collects no more personal data than necessary, and only for a legitimate purpose.
  • H&M retains no more data than necessary or for a longer period than needed.
  • H&M protects personal data with appropriate security measures.

 About this Privacy Notice
This Privacy Notice intends to establish a clear, concise and transparent communication on the collection, use, processing, storing etc. of personal data necessary to establish and manage external partner relationships.

Within the meaning of this Privacy Notice “external partner” means any former, current and potential business partner, agent, franchise, supplier, sub-contractor, network or ecosystem, or shareholder, visitor (to our premises or websites) or other stakeholder with whom we engage with, unless you are a customer or staff of the H&M Group.

Who is responsible for processing of your personal data?

The Swedish company, H & M Hennes & Mauritz GBC AB is primary responsible for the processing of personal data within the scope of this Privacy Notice. Under certain circumstances the responsibility for data protection and your privacy is shared with one or several other legal entities, either being an H&M Group affiliate or a third party.

Under each specific section of this Privacy Notice you will be informed about who is responsible for processing your personal data, the allocation of responsibilities and the modalities for the execution of rights.

Identity of H&M Group controller 

H & M Hennes & Mauritz GBC AB
Address: Mäster Samuelsgatan 46
ZIP: 106 38 Stockholm
Sweden

Companies register: Bolagsverket/Swedish Companies Registration Office
Authorised representative: Helena Helmersson
VAT registration number: VAT NO. SE556070171501

The named H&M Group controller above are throughout this Privacy Notice individually or collectively referred to as “H&M”, “we” or “us”.

Where do we store your data?
The personal data that we collected from you is generally stored within a country of the European Union or the European Economic Area (“EU/EEA”) but may also, whenever necessary, be transferred to and processed in a country outside of the EU/EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws and without undermining your statutory rights.

From time to time we may transfers personal data from the EU/EEA to a third country not being approved by European commission as a safe country for such transfer (adequacy decision). Whenever applicable H&M will use Standard Contractual Clauses to ensure a similar level of protection as granted within the EU/EEA or other lawful grounds for transfer.

Who has access to your data?
Your personal data is available and accessible only by those who need the data to accomplish the intended processing purpose. To the extent necessary, your personal data may be shared between the companies and brands of the within the H&M Group, with suppliers and sub-contractors (processors and sub-processors) carrying out certain tasks on H&M’s behalf and with independent third-parties.

In addition, we may also disclose personal data to third parties, if we have reason to believe that using or disclosing such information is necessary or advisable to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, including the prevention of fraud.

We reserve the right to transfer any personal data  we have about you in the event that we merge with or are acquired by a third party, undergo another business transaction such as a reorganization, or should any such transaction be proposed.

What is the legal ground for processing?
H&M is not allowed to collect, process, use, store etc. personal data without a valid legal ground. Lawfulness may be derived from your consent, by contract, statutory obligations or from our legitimate interest as a business. For each specific process purpose of processing of personal data we collect from you, we will inform you about which legal ground that will apply, and what rights you are entitled to exercise. whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.

What are your rights?

Right to access:
You have the right to request information about the personal data we hold on you at any time. You can contact H&M group that will provide you with your personal data via e-mail.

Right to portability: 
Whenever H&M group process your personal data by automated means based on your consent or based on an agreement you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.

Right to rectification:
You have the right to request rectification of your personal data if they are incorrect, including the right to have incomplete personal data completed.

Right to erasure:
You have the right to erase any personal data processed by H&M Group at any time except for the following situations 

  • for exercising the right of freedom of expression and information 
  • to comply with a legal obligation
  • for the establishment, exercise or defense of legal claims 

Your right to object to processing based on legitimate interest: 
You have the right to object to processing of your personal data that is based on H&M group’s legitimate interest. H&M group will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims. 

Your right to object to direct marketing:
You have the right to object to direct marketing, including profiling analysis made for direct marketing purposes. You can opt out from direct marketing by following the instruction in each marketing mail. 

Right to restriction:
You have the right to request that H&M group restricts the process of your personal data under the following circumstances:
*if you object to a processing based on H&M Group’s legitimate interest, H&M Group shall restrict all processing of such data pending the verification of the legitimate interest.
*if you have claim that your personal data is incorrect, H&M Group must restrict all processing of such data pending the verification of the accuracy of the personal data.
*if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead
*if H&M group no longer needs the personal data but it is required for you to make or defend legal claims. 

How can you exercise your rights?
We take data protection very seriously and you can exercise your rights by contacting your point of contact with H&M group. If you do not have a point of contact or do not get a prompt response, you can direct your request to dataprotection.externalpartners@hm.com

Data Protection Officer:
We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer by email at dataprivacy@hm.com

Right to complain with a supervisory Authority: 
If you consider the H&M group to process your personal data in an incorrect way you can contact us. You also have the right to turn in a complaint to a supervisory authority. 

Updates to our Privacy Notice:
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the controller or your rights. 

Business Relations

Why do we use your personal data?
We will use your personal data to evaluate potential business partners and manage existing business relations including communication, procurement, contract signing and financial transactions. 

  • We will process your personal data in order to achieve the purpose of the contract.
  • We will also use personal data to provide business partners with access to H&M Group´s systems.
  • We will use personal data to manage legal requirements for financial trading information.
  • We will process your personal data in case of legal issues and disputes. 

What types of personal data do we process?
We will process following categories of personal data: 

  • contact details such as name, e-mail address and telephone number 
  • date of birth 
  • social security ID 
  • user name´s 
  • gender 
  • bank account 
  • nationality 
  • work related information, such as company, department and work role 
  • photo and images 

Who has access to your personal data?
Your personal data that is forwarded to third parties is only used for the purposes mentioned above.
We share your personal data with external advisors, IT service providers and other external service providers.

What is the legal ground to process your personal data?
The processing of your personal data for the following purposes are based on H&M Group’s legitimate interest: 

  • to manage business relations 
  • to provide business partners access to our systems 
  • to manage legal requirements for financial trading 
  • to manage legal issues and disputes 

The processing of your personal data to achieve the purpose of the contract are necessary for fulfillment of contract. 

The processing of your personal data for financial trading information is based on legal obligations. 

How long do we save your data?
We will keep your data for follow up and to evaluate procurement and business partners, for the length of the agreement and time to preclude legal issues. 

For legal disputes we will keep the data during the ongoing dispute and for a period of time after the dispute when the information is still relevant. 

We will keep the data for financial trading information for 5 years in accordance to legal requirements. 

Media and Communication

Why do we use your personal data?
When we create media content such as articles, interviews, videos and pods for all our channels we will process your personal data if you appear in such content. We also use personal data to prepare, facilitate, follow up on interviews and media coverage. 

When we archive media material such as press clips, images and photos, campaigns, press releases, videos and recordings to preserve the company’s history your personal data will be processed if you appear in the material. 

To manage different types of events, including meetings and press conferences, we will process personal data of the invited persons. Certain events may be recorded and transcribed. 

We will use your personal data to send out financial reporting and other company information to recipients based on legitimate interest or if you have signed up to receive such information. 

We will use your personal data to manage use of press samples. 

If you contact us for information requests we will process your personal data. 

What types of personal data do we process?
We will process following categories of personal data: 

  • contact details such as name, e-mail address and telephone number
  • date of birth 
  • user name 
  • gender 
  • nationality 
  • work related information, such as company, country of employment and work role 
  • size information 
  • photo and images 
  • video footage 
  • audio recording
     

What is the legal ground to process your personal data?
The processing of your personal data for the following purposes are based on H&M Group’s legitimate interest: 

  • managing content, including produce, administrate, archive and distribute media content 
  • manage press conferences and meetings 
  • to analyze media coverage, including social media 
  • manage press samples 
  • to manage requests
  • to manage events 

The processing of your personal data for teleconference is based on your consent. If you have signed up to receive company information the processing of your personal data is based on your consent. 

How long do we keep your data?
We save your data if needed to fulfil the purpose for which it was collected to pursue our legitimate interests or until there is no longer any legal requirements or right for us to keep the data.
For the processing of personal data for the purposes based on consent we will keep the data untill you withdraw your consent. 

Your right to object to processing based on legitimate interest
You have the right to object to the processing of your personal data that is based on H&M’s legitimate interest. H&M group will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims. 

Your right to withdraw your consent
You have the right to withdraw your consent from the processing of your personal data at any time. When you do so we might not be able to provide you with the service based on the consent. 

Annual General Meeting

Why do we use your personal data?
We will use your personal data to manage H&M Group’s Annual General Meeting, including sending out invitations, managing registration of participants record and transcript of the Annual General Meeting. We will also use personal data to manage power of attorneys and corporate registration certificates for attendance to the annual general meeting. 

What types of personal data do we process?
We will process following categories of personal data 

  • contact details such as name and e-mail address 
  • date of birth 
  • social security ID 
  • company 
  • photo and images 
  • financial information, such as amount of shares 

Who has access to your personal data?
Your personal data that is forwarded to third parties, is only used to provide you with the services mentioned above. 

We will share personal data with mail distribution companies for our annual report, e-mail service companies to distribute invitations, with central securities depository to manage shareholders and power of attorneys.
We share your data with production agencies for the production of the annual report. 

What is the legal ground to process your personal data?
The processing of personal data to register for the meeting, to record and transcribe the meeting is based on H&M group’s legitimate interest.
The processing of personal data to register shareholders’ presence at the meeting is based on a legal obligation. 

How long do we save your data?
We will keep your data for registration and for attendance to the meeting and list of legal representatives for 39 months. 

IT & Security

Why do we use your personal data?
We will process personal data to manage, register and resolve IT and information security incidents. We will also use personal data to handle incidents and accidents. 

We will also process your data to investigate a breach or non-compliance with regulations or H&M Group’s policies and requirements. 

We will use your personal data for camera monitoring in our facilities such as stores, offices and warehouses for security reasons and for follow up on incidents and accidents. 

In order to be compliant with payment card industry regulations, your personal data will be processed through visitor logs and audit reports for audit reasons.
We will also process your personal data related to your key card and the use of it, including follow ups on incidents and accidents. 

In the event of investigation of non-compliance with our policies and in whistleblowing related matters we process personal data. 

What type of data do we process?
We will process the following categories: 

  • contact information such as name, home address, e-mail address and telephone number 
  • date of birth 
  • work information such as company name and work role 
  • logs such as for key cards 
  • employment information such as user ID number 
  • IP number 
  • video surveillance footage 
  • photo 
  • other necessary information for investigations 

Who has access to your personal data?
Data that is forwarded to third parties is only used to perform the services mentioned above. We will share your personal data with security companies, auditors and legal advisors to handle security issues and administration. We will also share your personal data with video surveillance companies for video footage. 

What is the legal ground to process your personal data?
The processing of your personal data is based on H&M Group our legitimate interest in order for us to manage incidents and security breaches. 

How long do we save your data?
We will keep your data for the time we need to prevent and/or report potential fraud and other offenses. 

Video footage will be saved in compliance with local legislation but maximum for 30 days. 

Social Media Measurement

Why do we process your personal data?
H&M Group processes your personal data when monitoring social media channels across internet for mentions of our brands, competitors, product, and more. Only with insights about what customers say about us we can improve as a business, brand and employer. Monitoring and measuring the buzz in social media is a crucial component of customer audience research and for cultivating our customer and public relations. 

How is personal data processed?
Personal data are collected from social media platforms and structured in a database controlled by Brandwatch, a third-party service provider. H&M Group is granted remote access to data in order to track, analyse and respond to the results.  

Read here to find out how Brandwatch processes your personal data and your rights 

What personal data is processed?
Personal data consists of identifying information such as your name, username, device in combination of information relating to the published content (e.g. comments, expressions, opinions, posts, etc.), your profile picture or other images or videos that you post or interact with, your job title or profession, your interests and gender, and your location. 

Who is responsible for the processing of personal data?
The responsibility for the processing of personal data is divided between H&M and Brandwatch.  

H&M is responsible for processing of personal data in the scope of tracking, analyzing and responding to conversations whereas Brandwatch is responsible for collecting (through crawling and indexing), structuring, compiling and storing personal data in the service.  

Each party is independent controller for its own processing step. So is any social media service provider making the personal data publicly available on their platform.  

Sharing of data
H&M receives personal data form Brandwatch and may share it within the H&M Group. We may also let independent PR and media agencies access the data and act upon it on our behalf.

Legal basis
H&M’s data processing activities taken place within the context of social media listening is based on our legitimate interest to make customer audience research, improve customer and public relations and build a stronger company and brand.  

Exercise of rights
You should turn to Brandwatch to exercise your rights to request access, update, restriction, rectification and erasure of such personal data Brandwatch holds about you.  

You may also exercise your rights against the social media service provider who made the personal data publicly available. 

The right to object
You have the right to object to H&M’s processing by contacting dataprivacy@hm.com 

Cookie information for H&M Group's websites

Why do we use cookies?
The H&M Group uses cookies and other tracking technologies to give you the full functionality of the website, to customize your user experience, perform analytics and deliver personalized advertising on our websites, apps and newsletters across internet and via social media platforms.

Who is responsible for cookies?
H & M Hennes & Mauritz GBC AB and the named publisher are both responsible for setting cookies on your device when you access any of our official websites and for the access and collection of data from the same device.  

 What is a cookie?
A “cookie” is a small text file that is downloaded onto your device such as computer or smartphone when you access our websites.  

We use cookies and other similar technologies in order to make our website work efficiently and secure and to improve perosnalised user experience. 

When referring to cookies we include: first- and third party cookies,
tracking pixels and plug-ins, including technologies those from third party publishers,
other tracing technologies.

All cookies have a publisher which tells you who the cookie belongs to. The publisher is the owner of the domain specified in the cookie. Whenever you visit our website, we place cookies onto your device for different reasons. Such cookies are called “first-party” cookies, whereas cookies set by a third-party company, such as a social media platforms or ad network/ad tech providers, are called “third party” cookies. 

 Below you will find more detailed information about our cookies and the reason for using them. 

How to disable cookies?
You can easily stop your browser from accepting cookies by configuring your browser’s cookie settings.
All commercial web browsers are featured with cookie management functionality.
Please check your web browser to find out more how to delete or disable cookies etc.
If you choose to disable cookies, you may face limitation on functionality and a deteriorated user experience.   

You can easily erase cookies from your computer or mobile device using your browser. For instructions on how to handle and delete cookies please look under “Help” in your browser. Using your browser can choose to disable cookies, or to receive a notification each time a new cookie is sent to your computer. 

Read more about how you can opt out here: https://tools.google.com/dlpage/gaoptout/. 

We also use Hotjar cookies to collect information to better understand our visitors. Neither Hotjar or the H&M group sell the collected data or information to other parties. The collected information will be anonymized wherever possible, all information collected is non-personal information and not traceable. 

Hotjar can provide information to third parties if they are required by law, or if third parties process the information on behalf of Hotjar. 

Read more about how you can opt out cookies from Hotjar here: https://www.hotjar.com/opt-out 

Please note that if you choose to disable cookies, you will not be able to take advantage of all features on the site. 

 What types of cookies do we use and why? 

 The cookies we set are grouped into for categories, each one reflecting a specific purpose: 

 Strictly necessary cookies 
Some cookies are strictly necessary for you to be able to experience the full functionality of our site and for us to deliver upon our promises. For example, these cookies allow you to use the website and log-in to your account as intended. Without these cookies, some parts of our site and services just won’t work as they should. We also use cookies to direct you to the right website based on geography and language and to detect and prevent security threats and malicious behaviour. 

 Performance cookies
Performance cookies (analytics cookies) tell us about how you use the site and they help us to make it better. For example, these cookies count the number of visitors to our website and see how visitors move around when they are using it. This helps us to improve the way our site works, for example, by ensuring that users find what they are looking for easily. 

 Functional cookies
Functional cookies allow our website to remember your preferences, helping you to customize your content on our website. This type of cookie enables us to highlight products and services we believe is of interest and relevance to you. This way we can remember you when you return to our site and to give you best possible user experience. 

What is the legal ground to use cookies? 
By accepting cookies, in full or in part, you give us your consent to use cookies for the specified purposes above. You cannot accept strictly necessary cookies as these are default.

Who has access to cookie information?
Information obtained from cookies is shared within the H&M Group to the extent necessary to fulfill its purpose. Information obtained from third party cookies is also available to the third party provider placing the cookie on our site. We will not share first-party cookie information  with third parties nor sell swap or otherwise disclose such information with anyone outside the H&M Group.  

How long are cookies stored in your browser or on your device?
Cookies can be stored for varying lengths of time on your browser or device.  

Persistent cookies
Persistent cookies (permanent cookies) will be stored in one of your web browser’s subfolders until you delete them manually, either by consent withdrawal or by your changing your web browser settings. If you do nothing, placed cookies will be deleted from your browser when the duration period is expired. Their duration depends on the date of expiry written in them. 

Session cookies
Session cookies are immediately deleted when you close your browser. When you restart your browser and go back to the site that created the cookie, the website will not recognize you.  

Other tracing technologies
Information gathered through other tracing technologies such as tags and pixels are saved for 24 months. 

Specific information for hmgroup.com

Cookies
A cookie is a small text file that is saved to, and during subsequent visits on hmgroup.com retrieved from, your computer. H&M Group uses cookies to enhance and simplify your visit on hmgroup.com. We do not use cookies to store personal information, or to disclose information to third parties.

There are two types of cookies; permanent and temporary (session cookies). Permanent cookies are stored as a file on your computer for some time. Session cookies are stored temporarily in your computer’s memory and disappear when you close your browser.

We also use cookies to keep track of that you have accepted the terms of download an which currency you have selected. These cookies are called hmgroup-gallery-terms and hmgroup-curr are stored on your computer for 7 days.

We use Google Analytics Advertising features for demographics and interest reporting, to better understand our visitors. The report shows age, gender and interests. No personally identifiable information will be kept or shown and we cannot connect the information to specific users.


Third-Party Cookies
We use third-party cookies to collect statistics in aggregate form in analysis tools such as Google Analytics. We also use Google Analytics Advertising Features. The cookies used are both permanent and temporary cookies (session cookies).

You can easily erase cookies from your computer or mobile device using your browser. For instructions on how to handle and delete cookies please look under “Help” in your browser. Using your browser can choose to disable cookies, or to receive a notification each time a new cookie is sent to your computer.

Read more about how you can opt out here: https://tools.google.com/dlpage/gaoptout/.

We also use Hotjar cookies to collect information to better understand our visitors. Neither Hotjar or the H&M group sell the collected data or information to other parties. The collected information will be anonymized wherever possible, all information collected is non-personal information and not traceable.

Hotjar can provide information to third parties if they are required by law, or if third parties process the information on behalf of Hotjar.

Read more about how you can opt out cookies from Hotjar here: https://www.hotjar.com/opt-out

Please note that if you choose to disable cookies, you will not be able to take advantage of all features on the site.


Links

hmgroup.com may contain links to other websites beyond our control. We cannot be held liable for breaches of integrity or content on these websites – we simply provide the links to make it easier for people visiting our site to find more information within specific areas.

Copyright
The content on this site are copyrighted and belong to H & M Hennes & Mauritz AB.

Colours
We cannot guarantee that the shown on the website exactly reproduce the of the actual garments. This partly depends on the reproduction on your computer.

 

H & M Hennes & Mauritz AB
Mäster Samuelsgatan 46A
106 38 Stockholm
Sweden

Telephone: +46 (0)8 796 55 00
Fax: +46 (0)8 20 99 19
E-mail:
info@hm.com

Companies register: Bolagsverket/Swedish Companies Registration Office
Company registration number: 556042-7220
Authorised representative: Helena Helmersson
VAT registration number: VAT NO. SE556042722001

Menu