Who is responsible for your personal data?
The Swedish company, H & M Hennes & Mauritz GBC AB (“Afound”), is the controller of the personal data you submit to us and responsible for your personal data under the Swedish Data Protection Act (1998:204), which implements the EU Data Protection Directive (95/46/EC).
Where is your personal data stored?
The data that we collect from you is stored within the European Economic Area (“EEA”) but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws.
What types of personal data do we collect?
We will collect personal data that you submit to us, for example, when you register online or in store, place orders, contact our customer service or participate in competitions. The personal data that you submit to us may for example include contact information, date of birth, and payment information. In addition we may collect certain personal data from external sources such as credit information and address updates.
How do we use your personal data?
- We may use your personal data for the following purposes:
- To create and manage your personal account at Afound
- To process your orders and returns via our online and store services
- To send text message notifications of delivery status
- To contact you in the event of any problems with the delivery of your items
- To answer your queries and to inform you of new or changed services
- To send marketing offers through e-mail, text messages and postal communication
- To notify the winners in competitions arranged online
- To manage your account by carrying out credit checks
- To make analyses in order to provide you with relevant marketing offers and information
- To validate that you are of legal age for shopping online
- To send you surveys in order to give you a possibility to influence our offer and services
- To test and improve our systems by which the services are provided
- To prevent misuse or improper use of our services
- To manage your account online and in store
- We will keep your data for as long as necessary to fulfil the purposes above or for as long as we are required by law. After this your personal data will be deleted
What are your rights?
You have the right to request information about the personal data we hold on you at any time (free of charge once a year). If your data is incorrect, incomplete or irrelevant, you can ask to have the information corrected or removed. We cannot remove your data when there is a legal storage requirement, such as book-keeping rules or when there are other legitimate grounds to keep the data, such as unsettled debts. You can withdraw your consent to us using the data for marketing purposes at any time. You can contact us at email@example.com.
Who has access to your personal data?
Your data may be shared within the H&M group (for details on the companies within the H&M group, please refer to our annual report which may be found at about.hm.com). We never pass on, sell or swap your data for marketing purposes to third parties outside the H&M group. When purchasing a product, we will provide the Seller(s) with your data necessary to fulfil the Seller(s) obligations connected to the order, such as your name, shipping and billing address and telephone number if applicable. Data that is forwarded to other third parties, is only used to provide you with the services mentioned above, for example media agencies for distribution of newsletters and payment service providers for processing of payments.
How do we protect your personal data?
We have taken technical and organisational measures to protect your data from loss, manipulation, unauthorised access. We continually adapt our security measures in line with technological progress and developments. To make card purchases with us as secure as possible, all information is sent in encrypted form. This means that the information is passed through a secure connection and that your personal data cannot be read by external parties. For card purchases we work with an authorised payment agent that helps us to check directly with your bank that the card is valid for purchases. Our payment agent processes your card details according to the international security standard PCI DSS, which was developed by the card companies VISA, MasterCard, Diners, American Express and JCB. This means that your card details are processed with a very high level of security. When you pay by card, we reserve the right to carry out an identity check.
Cookies and related tracking technologies
We use technology such as “cookies” to collect information and store your online preferences. Cookies are small pieces of information sent by a web server to a web browser, which allows the server to uniquely identify the browser on each page.
We use the following categories of cookies on our Website:
CATEGORY 1: STRICTLY NECESSARY COOKIES
Purpose: to enable you to move around the website and use its features, e.g. remembering your login details or shopping basket.
CATEGORY 2: PERFORMANCE COOKIES
Purpose: Collect anonymous information on how customers use our Website. For example, we will use Google Analytics cookies to understand how customers arrive at our site, browse or use our site. These cookies will also help us understand what areas to improve, e.g. navigation, shopping experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.
CATEGORY 3: FUNCTIONALITY COOKIES
Purpose: Help us track queries a customers do e.g. categories, brands, sizes, colours. This information will enable us to provide the customer a personalized and relevant experience on Afound.com. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
CATEGORY 4: TARGETING COOKIES OR ADVERTISING COOKIES
Purpose: Collect information about a customer’s browsing habits in order to create relevant advertising. They are also used to measure the effectiveness of an advertising campaign.
The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers in order to create personalised adverts on other websites.
CATEGORY 5 : SOCIAL MEDIA COOKIES
Purpose: These cookies allow you to share what you’ve been doing on the website on social media such as Facebook, Instagram and Twitter. These cookies are not within our control. Please see each respective privacy policies for how their cookies work.
You can easily erase cookies from your computer or mobile device using your browser. For instructions on how to handle and delete cookies please look under “Help” in your browser. You can choose to disable cookies, or to receive a notification each time a new cookie is sent to your computer or mobile device. Please note that if you choose to disable cookies, you will not be able to take advantage of all our features.
HOW TO DISABLE COOKIES
If you want to delete any cookies that are already on your computer, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies.
Information on deleting or controlling cookies is available at www.aboutcookies.org. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.
Afound uses the AdWords and Remarketing Lists features of Google Analytics for Display Advertisers. Afound and Google use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on your past visits to our Website. This means that vendors including Google will display Afounds promotional material on other sites you visit across the Internet.
You may opt-out of Google Analytics for Display Advertisers including AdWords and opt-out of customized Google Display Network ads by visiting the Google Ads Preferences Manager.
To opt out of other third party cookies relating to behavioral advertising, you can do that on www.youronlinechoices.eu. Opting out does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.
We (and other third parties acting on our behalf) may automatically track and collect information about the IP address, domain service, country location, time zone, language, the type of computer and web browser you are using and the pages you visit (including by using web beacons and other similar technology). If you access our Website via your mobile device, we may also collect information about your mobile provider and your mobile device. We use this information so that we can administer and improve our system, analyse trends, track users’ movements, gather broad demographic information for aggregate use and detect suspicious or fraudulent transactions.
If these automated processes reject your transaction on the basis that it is a suspicious or fraudulent, you may contact us and ask us to reconsider the decision within 21 days of receiving such notification. We are likely to use very similar criteria to review your transaction in person so there is no guarantee that the decision will be different.
Controller of personal data
H & M Hennes & Mauritz GBC AB
Mäster Samuelsgatan 46
106 38 Stockholm
Telephone: +46 (0)8 796 55 00
Fax: +46 (0)8 24 80 78
Companies register: Bolagsverket/Swedish Companies Registration Office
Company registration number: 556070-1715
Authorised representative: Karl-Johan Persson
VAT registration number: VAT NO. SE556070171501