SUBSCRIBE FOR 10% OFF YOUR FIRST ORDER

Jump to text content

My bag 

Your bag is empty

Back to shop

    Alternative picture
    Content of the page

    HOME Customer Service Privacy Notice

    GENERAL PRIVACY NOTICE

    Who is the controller of your personal data?
    COS is a brand of the H&M Group. H & M Hennes & Mauritz GBC AB is the controller and responsible for the processing of personal data, unless otherwise explicitly stated in this Privacy Notice.

    H & M Hennes & Mauritz GBC AB
    Mäster Samuelsgatan 46
    106 38 Stockholm
    Sverige
    Companies register: Bolagsverket/Swedish Companies Registration Office
    Company registration number: 556070-1715
    Authorised representative: Helena Helmersson
    VAT registration number: VAT NO. SE556070171501

    The data that we collect from you is stored within the European Economic Area (“EEA”) but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws.

    For transfers outside the EEA, H&M will use Standard Contractual Clauses and EU-US Privacy Shield Framework as safeguards for countries without adequacy decisions from the European Commission.

    Who can access your data?
    Your data may be shared within the H&M Group (for details on the companies within the H&M Group, please refer to our annual report which may be found at https://hmgroup.com/investors/reports.html). Except as explicitly stated herein, we never pass on, sell or swap your data to any third parties.

    What is the legal ground for processing?
    For every specific process of personal data we collect from you, we will inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.

    What are your rights?

    Right to access:
    You have the right to request information about the personal data we hold on you at any time. You can contact COS and we will provide you with your personal data via e-mail.

    Right to portability:
    Whenever COS processes your personal data, by automated means based on your consent or based on an agreement, you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.

    Right to rectification:
    You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.

    Right to erasure:
    You have the right to erase any personal data processed by COS at any time except for the following situations:
    - You have an ongoing matter with Customer Service,
    - You have an open order which has not yet been shipped or partially shipped,
    - You have an unsettled debt with COS, regardless of the payment method,
    - If you are suspected or have misused our services within the last four years
    OR
    - If you have made any purchase, we will keep your personal data in connection to your transaction for book-keeping purposes and to comply with applicable consumer protection legislation.

    Right to restriction:
    You have the right to request that COS restricts the process of your personal data under the following circumstances:
    - If you object to a processing based on COS’s legitimate interest, COS shall restrict all processing of such data pending the verification of the legitimate interest.
    - If you have claim that your personal data is incorrect, COS must restrict all
    processing of such data pending the verification of the accuracy of the personal data.
    - If the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead.
    - If COS no longer needs the personal data but it is required by you to defend legal claims.

    Right to object to processing based on legitimate interest:
    You have the right to object to processing of your personal data that is based on COS’s legitimate interest. COS will not continue to process the personal data unless we can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.

    Right to complain with a supervisory authority:
    If you consider COS to process your personal data in an incorrect way you can contact us. You also have the right to raise a complaint to your local supervisory authority.

    How can you exercise your rights?
    We take data protection very seriously and therefore we have dedicated Customer Service personnel to handle your requests in relation to your rights stated above. You can always reach them at customerservice@cosstores.com.

    Data Protection Officer

    We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer at customerservice@cosstores.com and write DPO as subject matter.

    Updates to our Privacy Notice
    We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the Controller or your rights.

    Learn more about our privacy notice for
    - Cookies
    - Competitions
    - COS' social media pages
    - Customer service
    - Development & Improvement
    - Events
    - My COS account
    - Promotions
    - Purchase online & in store
    - Tax & Accounting
    - Security & Safety
    - WiFi in store
    - #YESCOS