H&M GROUP PRIVACY NOTICY
Customer commitment to data protection and privacy
Protecting personal data and your privacy is of greatest concern for the H&M Group. In this Privacy Notice we want to give a clear, concise, and transparent communication on the collection, use, processing, storing etc. of personal data relating to customers of the H&M Group.
The H&M Group consists of company affiliates of H & M Hennes & Mauritz AB and its brands; H&M, COS, Weekday, Monki, H&M HOME, & Other Stories, Arket and Afound.
Within the meaning of this Privacy Notice “customer of H&M Group” means a former, current, and potential customer or user of a product or service offered by an H&M Group affiliate and brand, a visitor to one of our official websites or stores.
H&M manifests its commitment to your right to privacy and data protection by embracing the following principles.
H&M uses personal data lawfully, fairly, correctly and in a transparent manner.
H&M collects no more personal data than necessary, and only for a legitimate purpose.
H&M retains no more data than necessary or for a longer period than needed.
H&M protects personal data with appropriate security measures.
Why do we process your data?
We use and process your personal data in connection with you for example, buying our products online or in store, visiting our website or contacting customer service. Examples of personal data are full name, address, e-mail address, telephone number, social security number, payment information, purchase, order and usage history, IP address, member id and other case-related information (eg information that you provide when contacting our customer service).
Under each specific section of this Privacy Notice you will be informed of the purpose for each relevant processing of information.
Who is responsible for processing your personal data?
The Swedish company, H & M Hennes & Mauritz GBC AB is primary responsible for the processing of personal data within the scope of this Privacy Notice.
Under each specific section of this Privacy Notice you will be informed who is responsible for processing your personal data, the allocation of responsibilities and the modalities for the execution of rights.
Identity of H&M Group controller(s):
H&M Hennes & Mauritz GBC AB (when applicable)
Address: Mäster Samuelsgatan 46
ZIP: 106 38 Stockholm
Companies register: Bolagsverket/Swedish Companies Registration Office
Authorised representative: Helena Helmersson
VAT registration number: VAT NO. SE556070171501
The named H&M Group controller(s) above are throughout this Privacy Notice individually or collectively referred to as Monki, “we” or “us”.
Under certain circumstances the responsibility for data protection and your privacy is shared with third parties, such as banking and financial institutes, postal services or electronic communication providers. More information can be found under each specific section of this Privacy Notice.
Where do we process your data?
The personal data that we collected from you is generally stored within a country of the European Union or the European Economic Area (“EU/EEA”) but may also, whenever necessary, be transferred to and processed in a country outside of the EU/EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws and without undermining your statutory rights.
From time to time we may transfer personal data from the EU/EEA to a third country not being approved by European commission as a safe country for such transfer (adequacy decision). Whenever applicable H&M will use Standard Contractual Clauses to ensure a similar level of protection as granted within the EU/EEA or other lawful grounds for transfer.
Who has access to your data?
Your personal data is available and accessible only by those who need the data to accomplish the intended processing purpose. To the extent necessary, your personal data may be shared between the companies and brands of the within the H&M Group, with suppliers and sub-contractors (processors and sub-processors) carrying out certain tasks on Monki’s behalf and with independent third-parties.
In addition, we may also disclose personal data to third parties, if we have reason to believe that using or disclosing such information is necessary or advisable to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, including the prevention of fraud.
We reserve the right to transfer any personal data we have about you in the event that we merge with or are acquired by a third party, undergo another business transaction such as a reorganization, or should any such transaction be proposed.
What is the legal ground for processing?
Monki is not allowed to collect, process, use, store etc. personal data without a valid legal ground. Lawfulness may be derived from your consent, by contract, statutory obligations or from our legitimate interest as a business. For each every specific process purpose of processing of personal data we collect from you, we will inform you about which legal ground that will apply, and what rights you are entitled to exercise. whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.
What are your rights?
Right to access:
You have the right to request information about the personal data we hold on you at any time. You can contact Customer Service and we will provide you with your personal data via e-mail.
Right to portability:
Whenever Monki processes your personal data, by automated means based on your consent or based on an agreement, you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.
Right to rectification:
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
If you have a Monki account, you can edit your personal data under your account pages.
Right to erasure:
You have the right to erase any personal data processed by Monki at any time except for the following situations:
*you have an ongoing matter with Customer Service
*you have an open order which has not yet been shipped or partially shipped
*you have an unsettled debt with Monki, regardless of the payment method
*if you are suspected or have misused our services within the last four years
*your debt has been sold to a third party within the last three years or one year for deceased customers
*if you have made any purchase, we will keep your personal data in connection to your transaction for book-keeping purposes
Your right to object to processing based on legitimate interest:
You have the right to object to processing of your personal data that is based on H&M Groups legitimate interest. Monki will not continue to process the personal data unless we can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.
Right to restriction:
You have the right to request that restricts the process of your personal data under the following circumstances:
* if you object to a processing based Monki's legitimate interest, Monki shall restrict all processing of such data pending the verification of the legitimate interest.
* if you have claim that your personal data is incorrect, Monki must restrict all processing of such data pending the verification of the accuracy of the personal data.
* if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead
* if Monki no longer needs the personal data but it is required by you to defend legal claims.
How do you exercise your rights?
We take data protection very seriously and therefore we have dedicated customer service personnel to handle your requests in relation to your rights stated above. You can always reach them at Customer service.
Data Protection Officer:
We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer by emailing customer service and including DPO as subject matter. You can find the email address for your region on our contact pages. Please write to us in English.
Right to complain with a supervisory authority:
If you have complaints about the way H&M Group processes and protects your personal data and privacy you have the right, at any time, to make a complaint to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY) or any other competent a supervisory authority in the country of residence.
Updates to our Privacy Notice:
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice.