Privacy Notice
Data privacy is of high importance for COS and we want
to be open and transparent with our processing of your personal data.
We therefore have a policy setting out how your personal data will be
processed and protected.
1. Who is the controller of your personal
data?
The Swedish company, H&M Hennes & Mauritz GBC AB
(“COS"), is the controller of the personal data you submit to us
and responsible for your personal data under applicable data
protection law.
2. Where do we store your data?
The data that we collect from you is stored within the
European Economic Area (“EEA”) but may also be transferred to and
processed in a country outside of the EEA. Any such transfer of your
personal data will be carried out in compliance with applicable laws.
For transfers outside the EEA, COS will use Standard Contractual
Clauses and Privacy Shield as safeguards for countries without
adequacy decision from the European Commission.
3. Who access your data?
Your data may be shared within the H&M group (for details
on the companies within the H&M group, please refer to our annual
report which may be found at about.hm.com). We never pass on, sell or
swap your data for marketing purposes to third parties outside the
H&M group. The local COS company will only act as the personal
data processor and processes the personal data on behalf of the
Swedish company. Data that is forwarded to third parties, is only used
to provide you with our services. You will find what categories of
third parties under every specific process below.
4.What is the legal ground for processing?
For every specific processing of personal data we collect from
you we will inform you whether the provision of personal data is
statutory or required to enter a contract and whether it is an
obligation to provide the personal data and possible consequences if
you choose not to.
5. What are your rights?
Right to access:
You have the right to request
information about the personal data we hold on you at any time. You
can contact COS that will provide you with your personal data via e-mail.
Right to portability:
Whenever COS process
your personal data by automated means based on your consent or based
on an agreement you have the right to get a copy of your data
transferred to you or to another party. This only includes the
personal data you have submitted to us.
Right to
rectification:
You have the right to request rectification of
your personal data if they are incorrect, including the right to have
incomplete personal data completed.
If you have a COS account
you can edit your personal data under your account and membership
pages.
Right to erasure:
You have the right to
erase any personal data processed by COS at any time except for the
following situations
- you have an ongoing matter with Customer
Service
- you have an open order which has not yet been shipped
or partially shipped
- you have an unsettled debt with COS,
regardless of the payment method
- if you are suspected or have
misused our services within the last four years
- if you have
made any purchase, we will keep your personal data in connection to
your transaction for bookkeeping rules
Your right to
object to processing based on legitimate interest:
You have the
right to object to processing of your personal data that is based on
COS legitimate interest. COS will not continue to process the personal
data unless we can demonstrate a legitimate ground for the process
which overrides your interest and rights or due to legal claims.
Your right to object to direct marketing:
You have the
right to object to direct marketing, including profiling analysis made
for direct marketing purposes.
You can opt out from
direct marketing by the following means:
- following the
instruction in each marketing mails
- by editing the settings of
your COS account
Right to restriction:
You have the
right to request that COS restricts the process of your personal data
under the following circumstances:
- if you object to a
processing based COS legitimate interest, COS shall restrict all
processing of such data pending the verification of the legitimate
interest.
- if you have claim that your personal data is
incorrect, COS must restrict all processing of such data pending the
verification of the accuracy of the personal data.
- if the
processing is unlawful you can oppose the erasure of personal data and
instead request the restriction of the use of your personal data
instead
- if COS no longer needs the personal data but it is
required for your to make of defending legal claims.
How can you exercise your rights?
We take data protection very seriously and therefore we have
dedicated customer service personnel who handles your requests in
relation to your rights stated above. You can always reach them at customerservice@cosstores.com
Data Protection Officer: We have appointed a Data Protection
Officer to ensure that we continuously process your personal data in
an open, accurate and legal manner. You can contact our Data
Protection Officer at customerservice@cosstores.com and write DPO as
subject matter.
Right to complain with a supervisory
Authority: If you consider COS to process your personal data in a
incorrect way you can contact us. You also have the right to turn in a
complaint to a supervisory authority.
Updates to our
Privacy Notice: We may need to update our Privacy Notice. The latest
version of the Privacy Notice is always available on our website. We
will communicate any material changes to the Privacy Notice, for
example the purpose of why we use your personal data, the identity of
the Controller or your rights.
Learn more about our
privacy notice for
- COS account
- Online purchase
- Cookies
- Direct marketing