Content of the page

CALIFORNIA, COLORADO, AND VIRGINIA PRIVACY RIGHTS
H&M Hennes & Mauritz GBC AB (“H&M Sweden”) and H&M Hennes & Mauritz L.P. (“H&M USA”) (collectively, “H&M,” “us,” “we,” and “our") provides this California, Virginia, and Colorado Privacy Notice (the “Supplemental State Privacy Policy”) for visitors, users, and others who reside in the States of California, Virginia, and Colorado. The Supplemental State Privacy Policy supplements the information contained in the Privacy Notice (available by clicking here) and applies solely to visitors, users, and others who reside in the States of California, Virginia, and Coloradp. To the extent any provision in this Supplemental State Privacy Policy conflicts with a provision of the Privacy Notice, the Supplemental State Privacy Policy shall govern with respect to visitors, users, and others who reside in the States of California, Virginia, and Colorado.

Collection of Personal Information:

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). In particular, we collect the following categories of personal information:

A. Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.
B. Categories of personal information described in Cal. Civ. Code § 1798.80(e), such as name, signature, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, or any other financial information.
C. Characteristics of protected classifications under state or federal law, such as age, citizenship, and sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions).
D. Commercial information, such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
F. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
G. Geolocation data.
H. Audio, electronic, visual, thermal, olfactory, or similar information.
I. Inferences drawn from other personal information to create a profile about a consumer reflecting a consumer’s preferences, characteristics, and trends.

Personal information does not include: publicly available information lawfully made available from government records, deidentified or aggregated consumer information, or information excluded from the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, or the Colorado Privacy Act.

Use of Personal Information:

We may use or disclose the personal information collected for one or more of the following business or commercial purposes:

- To fulfill or meet the reason for which the information is provided. For example, to create your personal account at hm.com or to process your orders.
- To provide you with information, products, or services that you request from us, including answering your queries and to notify winners in promotions.
- To provide you with phone calls, text message notifications, email alerts, and other notices concerning our products or services. For example, to notify you of delivery status, to be able to send you relevant marketing offers and information such as newsletters and our catalogues, to contact you in the event of a problem with delivery of your items, and to inform you of new or changed services.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection and managing your account by carrying our credit checks.
- To be able to analyze your personal data to provide you with relevant marketing offers and information.
- To be able to validate that you are of legal age for shopping online.
- To improve our website.
- Testing, research, analysis, and product and service development.
- As necessary or appropriate to protect the rights, property, or safety of us, our employees, our customers, or others.
- To respond to law enforcement requests and as required by applicable law, court order, or government regulations.
- As described to you when collecting your personal information.

Rights of California, Virginia, and Colorado Residents:

California, Virginia, and Colorado residents have the following rights:

1. Right to Know About Personal Information Collected, Disclosed, or Sold

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (instructions and description below), we will disclose to you:

- The categories of personal information we collected about you;
- The categories of sources for the personal information we collected about you;
- Our business or commercial purpose for collecting or selling that personal information;
- The categories of third parties with whom we share that personal information;
- The specific pieces of personal information we collected about you; and/or
- If we sold or disclosed your personal information for a business purpose, including lists of sales, identifying the categories of personal information that each category of recipient purchased or obtained.

We have collected the following categories of personal information from consumers within the last twelve (12) months:

A. Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.
B. Categories of personal information described in Cal. Civ. Code § 1798.80(e), such as name, signature, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, or any other financial information.
C. Characteristics of protected classifications under California, Virginia, and Colorado or federal law, such as age, race, color, ancestry, national origin, citizenship, marital status, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, and genetic information.
D. Commercial information, such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
F. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
G. Geolocation data.
H. Audio, electronic, visual, thermal, olfactory, or similar information.
I. Inferences drawn from other personal information to create a profile about a consumer reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We have obtained the categories of personal information listed above from the following categories of sources:

- Directly from you, the consumer;
- Indirectly from third parties and service providers, including partners and affiliates;
- Directly and indirectly from our website.

We collected the categories of personal information listed above for the following business or commercial purposes:

- To fulfill or meet the reason for which the information is provided. For example, to create your personal account at hm.com or to process your orders;
- To provide you with information, products, or services that you request from us, including answering your queries and to notify winners in promotions;
- To provide you with phone calls, text message notifications, email alerts, and other notices concerning our products or services. For example, to notify you of delivery status, to be able to send you relevant marketing offers and information such as newsletters and our catalogues, to contact you in the event of a problem with delivery of your items, and to inform you of new or changed services;
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection and managing your account by carrying our credit checks;
- To be able to analyze your personal data to provide you with relevant marketing offers and information;
- To be able to validate that you are of legal age for shopping online;
- To improve our website;
- Testing, research, analysis, and product and service development;
- As necessary or appropriate to protect the rights, property, or safety of us, our employees, our customers, or others;
- To respond to law enforcement requests and as required by applicable law, court order, or government regulations; and/or
- As described to you when collecting your personal information.

We shared the categories of personal information listed above with the following categories of third parties:

- Affiliates, including H&M USA;
- Service providers;
- Third parties to which consumers authorized us to disclose personal information in connection with products or services provided to consumers.

2. Right to Request Deletion of Personal Information

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (instructions and description below), we will delete, and direct our service providers to delete, your personal information from our records, unless an exception applies.

We may deny your request to delete your personal information if retaining the information is necessary for us or our service providers, subject to certain exemptions based on your state of residence.

3. Right to Opt Out of the Sale of Your Information

You have the right to opt-out of sharing your personal information with third parties for some purposes, including sharing that may be defined as a sale under applicable laws. You can opt-out of this sharing by clicking HERE or clicking on the “Do Not Sell My Information” link at the bottom of our homepage and submitting a request via the authorized methods.

What Personal Information Do I Provide to Verify My Identity?

We take the privacy of your personal information seriously and want to ensure that we provide only you or your authorized agent with your personal information. Applicable law also requires that we verify the identity of each person who makes a request to know what personal information we have about you or to delete the personal information we have about you. To verify your identity, we ask you to provide your:

- First name*
- Last name*
- Middle initial
- Email address
- Phone number
- Order number
- *required field

How Do You Verify My Identity?

We may verify your identity in a few different ways in order to balance the requirements of state law and our obligation to keep your information private. When you make your request, you will be asked to answer a few questions about yourself to help us validate your identity. This is a two step process using information unique to you, such as an order number, a product in an order, an address or email address, etc. If you chose to make the request online, it can be made by logging into your account, going to “My Account,” then “Settings” and then “Leave H&M.” Depending on your cache settings, device and operating system, you may have to enter your password a second time.

In some instances, we may ask you to provide other documentation to verify your identity. If this happens, we will reach out to you directly with this request.

What If You Can’t Verify My Identity?

If we can’t verify your identity, we will not be able to process your request to know what personal information we have about you or to delete the personal information we have about you. If we are unable to verify your identity with a high degree of certainty, we will only be able to provide a report with category-level information and we may not be able to delete some of your information.

How to Submit a Request Using an Authorized Agent

An authorized agent is a person or business who has authorization to request to know what personal information we have about you, to delete the personal information we have about you, or to opt out of the sale of personal information on behalf of a California, Virginia, or Colorado resident. Authorized agents use the same links described above to submit requests.

If you are submitting a request on behalf of another person, we require a valid power of attorney or other documentation demonstrating your authority to submit this request. This can be a letter or other documentation signed by the California, Virginia, or Colorado resident authorizing you to submit this request. You can download a sample letter from the request form.

How Do I Send You My Documentation?

If you submit a request via email at dataprotection.us@hm.com, you must include the appropriate above listed documentation in order for us to act on your request. If you submit your request over the phone by calling us at 855-HNM-SHOP [855-466-7467 (Toll-free)], you will also be asked to email your forms to dataprotection.us@hm.com.

Response Timing and Format

We will confirm receipt of a request within 10 days and provide information about how we will process the request. We endeavor to substantively respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosure we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If you wish to appeal our decision, please submit your appeal to the above contact information. Please clearly denote that it is an appeal.

4. Right to Non-Discrimination

We will not discriminate against you for exercising any of your rights under the California Consumer Protection Act. Unless permitted by the California Consumer Privacy Act, we will not:

- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California Shine the Light Law:

California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact Customer Service.

Online Tracking:

Please note that our Sites do not support “Do Not Track” browser settings and do not currently participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal or non-personally identifiable information.

Last Updated: December 2021