COS works to ensure your privacy is protected when you are using our services online. We therefore have a policy setting out how your personal data will be processed and protected. Any changes we have made to this data policy can be found by visiting our website.
The Swedish parent company, H & M Hennes & Mauritz AB ( “H&M”), is the Controller of the personal data you disclose to us and therefore responsible for your personal data under the Swedish Data Protection Act (1998:204) and EU Directive 95/46/EC. The British company H&M Hennes Ltd is the personal data processor and processes the personal data on behalf of the parent company. Your personal data is stored in EU and might be disclosed to our subsidiaries within the H&M group. This means that your data, in a few cases, can be processed outside the EEA-area. In any event of transfer of your personal data to a Country outside the EEA-area, the involved H&M subsidiary will guarantee the application of the standard contractual clauses regarding data privacy process approved by the EU.
2. How do we use your personal data?
In providing your personal data, you consent to us using the data collected in order to meet our commitments to you and to provide you with the service you expect. We need your data for the following purposes:
– To create your personal account at COS (e.g. your name and email address)
– To process your orders via our online services (e.g. your name, address, date of birth and bank details)
– To send text message notifications of delivery status (e.g. your mobile phone number)
– To send you marketing offers such as newsletters and catalogues (e.g. your email address, your name and your postal address)
– To contact you in the event of any problems with the delivery of your items (e.g. telephone number, address)
– To answer your queries and to inform you of new or changed services (e.g. your email address)
– To notify the winners in competitions arranged online (e.g. your email address, name, home address and telephone number)
– To manage your account by carrying out credit checks (e.g. name, address, date of birth)
– To analyse your personal data to provide you with relevant marketing offers and information (e.g. name, buying habits)
– To be able to validate that you are of legal age for shopping online (e.g. date of birth)
We will only keep your data for as long as necessary to carry out our services to you or for as long as we are required by law. After this your personal data will be deleted. We cannot remove your data when there is a legal storage requirement, such as book-keeping rules or when there are other legal grounds to keep the data, such as an ongoing contractual relationship.
Find out more about Data Protection regarding Credit Reference and Fraud Prevention Agencies. Your rights under the Data Protection Act 1998 will not be affected.
3. What are your rights?
You have the right to request information about the personal data we hold on you. If your data is incorrect, incomplete or irrelevant, you can ask to have the information corrected or removed. Annually, you have the right to request written documentation on the personal information we have about you in our account files. To request this document please write to our customer service team. You can withdraw your consent to us using the data for marketing purposes (i.e. sending catalogues, newsletters or offers) at any time. You can contact us by sending an email to firstname.lastname@example.org or sending us a letter. Please find our full contact details below .
4. Who has access to the data?
We never pass on, sell or swap your data to third parties for marketing purposes outside the H&M group. Data that is forwarded to third parties, for example shipping agents in connection with the delivery of goods, is only used to meet COS commitments to you. COS may also supply your personal details to organisations such as credit reference or debt collection agencies for the purpose of credit rating checks, identity checks and debt collection.
5. How do we protect your data?
We have taken technical and organisational measures to protect your data from loss, manipulation, unauthorised access, etc. We continually adapt our security measures in line with technological progress and developments. At COS we protect your data using encryption. Secure Sockets Layer (SSL) is a function that encrypts all information sent between buyer and seller.
6. Card purchases
To make card purchases with us as secure as possible, all information is sent in encrypted form using SSL. This means that the information is passed through a secure connection and that your card details cannot be read by external parties. For card purchases we work with an authorised payment agent that helps us to check directly with your bank that the card is valid for purchases. Our payment agent processes your card details in the correct way according to the international security standard PCI DSS, which was developed by the card companies VISA, MasterCard, Diners, American Express and JCB. This means that your card details are processed with a very high level of security. When you pay by card, we reserve the right to carry out an identity check.
7. Invoice purchases
All invoice payments are dealt with by an external company, arvato Finance (or one of its subsidiaries, depending on your country). By selecting payment through invoice the customer gives consent for arvato Finance and its subsidiaries to perform identification control and credit check using external and internal databases. arvato are the controller of all personal data in relation to invoices.
– Germany and Austria
When choosing the invoice payment method your personal data will be transferred to BFS finance GmbH– Gütersloher Str.123 33415 Verl which will forward your personal data to contractually connected credit information agencies for the purposes of credit evaluation and identity verification. In the case of late payment/default BFS finance GmbH has the right to involve debt collection agencies and to eventually register customers as debtors into credit information agencies.
When choosing the invoice payment method Gothia BV will process the customers personal data in accordance with the Dutch Data Protection act (WBP). Personal data will be collected, stored and processed for the purpose of completing the customer’s order, identifying the customer, performing a credit check and for the prevention of default payment and indebtedness. The aforementioned processing of personal date is registered at the Dutch Data Authority (CPB). A customer is at all times entitled to access and/or correct processed personal data.
When choosing the invoice payment option arvato Finance A/S will process the customers personal data in accordance with the Danish Act on Processing Personal Data (Persondataloven). Personal data will be collected, stored and processed for the purpose of completing the customer’s order, identifying the customer perform a credit check and for statistical purposes.
When choosing the invoice payment option arvato Finance AB will process the customers personal data in accordance with the Swedish Personal Data Act (personuppgiftslagen). Personal data will be collected, stored and processed for the purpose of completing the customer’s order, identifying the customer perform a credit check and for statistical purposes.
When choosing the invoice payment method arvato Finance will process the customers personal data in accordance to the Finnish Personal Data Act (Henkilötietolaki or Personuppgiftslagen). Personal data will be collected, stored and processed for the purpose of completing the customer’s order, identifying the customer, perform a credit check and for statistical purposes.
There are two types of cookies: permanent and temporary (session cookies). Permanent cookies are stored as a file on your computer or mobile device for no longer than 12 months. Session cookies are stored temporarily and disappear when you close your browser session. We use permanent cookies to store your choice of start page and to store your details if you select “Remember me” when you log in. We use session cookies when you use the product filtration function, to check whether you are logged in or if you put an item in your shopping bag.
You can easily erase cookies from your computer or mobile device using your browser. For instructions on how to handle and delete cookies please look under “Help” in your browser. You can choose to disable cookies, or to receive a notification each time a new cookie is sent to your computer or mobile device. Please note that if you choose to disable cookies, you will not be able to take advantage of all our features.
Third-party cookies We use third-party cookies to collect statistics in aggregate form in analysis tools such as Google Analytics and Core Metrics. The cookies used are both permanent and temporary cookies (session cookies). The permanent cookies are stored on your computer or mobile device for no longer than 24 months.
The COS website may include links to other websites which do not fall under our supervision. We cannot accept any responsibility for the protection of privacy or the content of these websites, but we offer these links to make it easier for our visitors to find more information about specific subjects.
The content of this website is copyright-protected and is the property of H & M Hennes & Mauritz AB.
11. Controller of personal data
H & M Hennes & Mauritz AB
46 106 38 Stockholm
Telephone: +46 (0)8 796 55 00
Fax: +46 (0)8 24 80 78
Companies register: Bolagsverket/Swedish Companies Registration Office
Company registration number: 556070-1715
Authorised representative: Karl-Johan Persson
VAT registration number: VAT NO. SE556070171501