Privacy Policy
General
Data privacy is of high importance for the Swedish non-profit organisation Stiftelsen H&M Foundation (‘the Foundation’) and we want to be open and transparent with our processing of your personal data. We therefore have a policy setting out how your personal data will be processed and protected.
Principles
The H&M Foundation manifests its commitment to privacy and data protection by embracing the following principles.
- H&M Foundation ensures that the personal data it holds is accurate
- H&M Foundation uses personal data lawfully, fairly and in a transparent manner.
- H&M Foundation collects no more personal data than necessary, and only for a legitimate purpose.
- H&M Foundation retains no more data than necessary or for a longer period than needed.
- H&M Foundation protects personal data with appropriate security measures.
Who is the controller of your personal data?
Stiftelsen H&M Foundation, is the controller and responsible for processing your personal data under applicable data protection law, in the following referred to as “The Foundation”, “we” or “us”.
Stiftelsen H&M Foundation
BOX 1421,
111 84 Stockholm
Sweden
Companies register: Bolagsverket/Swedish Companies Registration Office
Company registration number: 802425-8322
Where do we store your data?
The data that we collect from you is stored within the European Economic Area (“EEA”) but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your personal data will be carried out only to the extent necessary and in compliance with applicable laws. For transfers outside the EEA, the Foundation will use Standard Contractual Clauses whenever possible as safeguards for countries without adequacy decision from the European Commission.
Who access your data?
We never pass on, sell or swap your data for marketing purposes to third parties outside the Foundation. Data that is forwarded to third parties, is only used to provide you with our services. You will find what categories of third parties under every specific process below.
What is the legal ground for processing?
For every specific processing of personal data we collect from you we will inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to.
What are your rights?
Right to access:
You have the right to request information about the personal data we hold on you at any time. You can contact the Foundation that will provide you with your personal data via e-mail.
Right to portability:
Whenever the Foundation processes your personal data by automated means based on your consent or based on an agreement you have the right to get a copy of your data in a structured, commonly used and machine-readable format transferred to you or to another party. This only includes the personal data you have submitted to us.
Right to rectification:
You have the right to request rectification of your personal data if they are incorrect, including the right to have incomplete personal data completed.
Right to erasure:
You have the right to erase any personal data processed by the Foundation at any time except if personal data is processed for the following purposes:
- for exercising the right of freedom of expression and information
- to comply with a legal obligation
- for the establishment, exercise or defence of legal claims
Your right to object to processing based on legitimate interest:
You have the right to object to processing of your personal data that is based on the Foundation’s legitimate interest. The Foundation will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims.
Your right to object to direct marketing:
You have the right to object to direct marketing, including profiling analysis made for direct marketing purposes.
Right to restriction:
You have the right to request that the Foundation restricts the process of your personal data under the following circumstances:
- if you object to a processing based on the Foundation’s legitimate interest, the Foundation shall restrict all processing of such data pending the verification of the legitimate interest.
- if you have claimed that your personal data is incorrect, the Foundation must restrict all processing of such data pending the verification of the accuracy of the personal data.
- if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data.
- if the Foundation no longer needs the personal data but it is required for you to make or defend legal claims.
How can you exercise your rights?
We take data protection very seriously and you can always contact us at: [email protected].
Right to complain with a supervisory Authority:
If you consider the Foundation to process your personal data in an incorrect way you can contact us. You also have the right to turn in a complaint to the Swedish data protection supervisory authority.
Updates to our Privacy Notice:
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the Controller or your rights.
Partner Relations
Why do we use your personal data?
We will process your personal data necessary to fulfil our obligations directly or indirectly deriving from our business contracts, legal requirements, and our business relationships.
Therefore, we may collect and use your personal data for the following purposes:
- To evaluate and manage a dialogue with potential partners and existing stakeholders, as well as to keep track of historical requests.
- To establish and follow up on our programs/partnerships, including conducting due diligence, engaging in legal agreements, making payment and reporting schedules.
- To send out H&M Foundation annual reports.
- To oversee the entire contract lifecycle, including negotiating, signing, amending, and terminating agreements.
- To manage legal requirements on bookkeeping.
- To handle legal issues and disputes.
What types of personal data do we process?
Depending on the context and purpose we may process different types data. We will however only process such data that you have submitted to us. As an example, we will process following categories of personal data:
- Contact details, such as name, e-mail address, telephone number
- Work related information, such as company, country of employment and work role
- Publicly available information related to your profession.
- Photo, audio, video related to partnership contacts and communication.
Who has access to your personal data?
Your data may be shared with external advisors and other external service providers. Your personal data that is forwarded to third parties is only used for the purposes mentioned above.
What is the legal ground to process your personal data?
The processing of your personal data for the following purposes are based on The Foundation’s legitimate interest:
- To managing partner relations
- To manage legal issues and disputes
- To send out H&M Foundation annual report
The processing of your personal data to achieve the purpose of the contract are necessary for fulfilment of contract.
The processing of your personal data for bookkeeping is based on Swedish bookkeeping act.
How long do we save your data?
We will keep your personal data no longer than necessary.
Your personal data will be saved for the specified purposes mentioned above for as long as we have business relationship with you, or as it is required by law.
In order to follow up and evaluate procurement and business partners, we will keep your data for the length of the agreement and time to preclude legal issues.
For legal disputes we will keep the data during the ongoing dispute and for a period after the dispute when the information is still relevant.
We will keep the data for bookkeeping purposes for 7 years in accordance to legal requirements.
Your right to object to processing based on legitimate interest:
You have the right to object to the processing of your personal data that is based on legitimate interest. The Foundation will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims.
Media and communication
Why do we use your personal data?
We actively engage and build relationship with key stakeholders across different platforms and events. To do this your personal data may be processed for the following purposes:
- To answer information requests and other enquiries.
- To create, facilitate and publish media content such as articles, interviews, and videos across our channels.
- To manage different types of seminars and events, meetings and press conferences, we will process personal data of the invited persons. Certain events may be photographed, video and sound recorded and transcribed.
- To archive media material such as press clips, images and photos, campaigns, press releases, videos, and audio recordings to preserve the organization’s history, your personal data will be stored if you appear in the material.
What types of personal data do we process?
We will process following categories of personal data:
- contact details such as name, e-mail address, telephone number
- nationality
- work related information, such as company, country of employment and work role
- photo and images
- video footage
- audio recording
- quotation and referral to authors name
- other information you share in email requests
What is the legal ground to process your personal data?
The processing of your personal data for the mentioned above purposes are based on The Foundation’s legitimate interest.
How long do we keep your data?
We save your data until the pursue for which it was collected is fulfilled or until there is no longer any right for us to keep the data.
Your right to object to processing based on legitimate interest:
You have the right to object to the processing of your personal data that is based on legitimate interest. The Foundation will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims.
Global Change Award
Why do we use your personal data?
We will use your personal data in order to manage the Global Change Award (GCA) application process, in particular to manage your entry to the Global Change Award challenge.
We will also use your personal data to manage the transfer of Grant and Accelerator program for the winners of the Global Change Award, including transports and accommodation and participation in alumni network.
Your personal data limited to contact details are used in order to provide visibility and validation of your idea to industry and investors.
What types of personal data do we collect?
We will process following categories of personal data when you register to GCA:
- contact information such as name, address, telephone number, e-mail address
- date of birth
- gender
- region and country
- work related information, such as company, country of employment and work role
- social media accounts
For winners of the GCA we will also process:
- passport number
- bank account details
For event participants we may also process:
- Food requirements
Who has access to your personal data?
Data that is forwarded to third parties, is only used to fulfil the purposes mentioned above. We use a third party for our application platform, reference groups to select winners and travel agency to book transport and accommodation for the winners of the Global Change Award. We further use services of financial company to do the grant transfer. In order to provide visibility and validation to industry and investors we share your personal data through Global Change Awards newsletter and website.
What is the legal ground to process your personal data?
The processing of your personal data for the purposes stated in this section is based on legitimate interest.
You have the right to object to processing of your personal data that is based on legitimate interest by contacting [email protected]. H&M Foundation will not continue to process the personal data unless we can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.
Processing of personal data for grant transfer is fulfilment of contract.
How long do we save your data?
We save your data until the pursue for which it was collected is fulfilled or until there is no longer any right for us to keep the data. Personal data for Global Change Award applicants who didn’t become winners is kept for no longer than 3 years.
We will keep your personal data as long as there are any legal requirements and if there is an open dispute.
Personal data related to grant transfers to winners of the Global Change Award is kept until the agreement or the user rights are not valid.
Sponsored content, newsletters and press release subscription
Why do we use your personal data?
We will use your personal data to send you newsletters, press release and surveys through e-mails about the H&M Foundation’s work and the Global Change Award.
We will also use your personal data to be able to generate and distribute targeted content in our Social Media channels. Advertising partners use data collected from cookies and other tracking technologies to predict your preferences and interests and take this into account when creating your personalized content. The purpose is to show relevant sponsored content to you on third party websites and apps. In order to do this, your data is matched with the database of the Advertising partner. If a match is found, you may receive relevant sponsored content in your feed or search engine. If no match is found your data is securely destroyed. The purpose is also to measure the advertising partners’ performance and efficiency of sponsored content. Advertising partners use cookies and similar technologies to trace your usage of our websites and services by accessing such data as for example IP-address, device type stored on your device or in apps. Our Advertising Partners enable us to identify and engage with the right target audience, to create and distribute personalized content across platforms and services.
What types of personal data do we process?
We will process following personal data:
- e-mail address (newsletter and press release subscription)
- name (newsletter and press release subscription)
- IP-adress
- Behavioural data on site
- Time for visit
- Device type
Who has access to your personal data?
Personal data that is forwarded to media agencies and technical suppliers for distribution of digital newsletters. To be more efficient in our marketing we collaborate with Meta, Linked In and TikTok as our advertising partner. Your personal data is handled in a secure manner using a technique called hashing. This ensures your data is scrambled in a manner that makes it unreadable to anyone other than the recipient for the explicit given purpose.
Personal data that is forwarded to third parties is only transferred to provide you with the service mentioned above.
What is the legal ground to process your personal data?
The processing of your personal data is based on your consent when you sign up for newsletter or press release.
We will also ask for your consent regarding marketing that is based on cookie data or other tracking technologies.
You may hear from us in social media channels when you have signed up for a newsletter or when you have interacted with an H&M Foundation sponsored content. For this processing we rely on our legitimate interest as business to promote our marketing to you.
Your right to withdraw your consent:
You have the right to withdraw your consent for the processing of your personal data at any time following the instructions in each e-mail post.
When you do so the Foundation won’t be able to send you any further information based on your consent.
Your right to object to processing based on legitimate interest:
You have the right to object to the processing of your personal data that is based on legitimate interest. The H&M Foundation will not continue to process the personal data unless we can demonstrate a legitimate ground for the process which overrides your interest and rights or due to legal claims.
How long do we save your data?
We will process your data no longer than necessary to provide you with sponsored content.
We will cease processing your data for once you have actively rejected further sponsored content from us, newsletters or press release updates from us.
IT & security
Why do we use your personal data?
We will process personal data to manage, register and resolve IT and information security incidents. We will also use personal data to handle incidents and accidents. We will also process your data to investigate a breach or non-compliance with regulations or the Foundation’s policies and requirements.
We will use your personal data for camera monitoring in our facilities such as offices for security reasons and for follow up on incidents and accidents.
In the event of investigation of non-compliance with our policies we process personal data.
What type of data do we process?
We will process the following categories:
- contact information such as name, home address, e-mail address and telephone number
- date of birth
- work information such as company name and work role
- IP number
- video surveillance footage where applicable
- other necessary information for investigations
Who has access to your personal data?
Data that is forwarded to third parties is only used to reach purposes mentioned above. We will share your personal data with security companies, auditors and legal advisors to handle security issues and administration. We will also share your personal data with video surveillance companies for video footage.
What is the legal ground to process your personal data?
The processing of your personal data is based on our legitimate interest in order for us to manage incidents and security breaches.
How long do we save your data?
We will keep your data for the time we need to prevent and/or report potential fraud and other offenses.
Video footage will be saved in compliance with local legislation but maximum for 30 days.
Specific information for H&M Foundation’s websites
Cookies
What is a cookie?
Whenever you visit our website, we place cookies onto your device for different reasons. A cookie is a small text-based file that is downloaded and stored on your computer, mobile or similar device and contains information about your navigation on the website. They can for example, be used to keep track of which pages you visit on the website, to save the information you entered, or your preferences remembered, such as language settings.
Why do we use them?
We use cookies to give you the full functionality of the website, to customise your user experience, perform analytics and improve our services. Cookies are also used to deliver personalised advertising on our websites, apps, and newsletters across internet and via social media platforms, to get insights regarding for example how many people click on a Social Media ad from us to visit a page on our website. The information is used to measure and optimise advertising in social media.
Who is responsible for placing cookies on our website?
All cookies have a publisher which tells you who the cookie belongs to. Some cookies are placed on the websites by us, such cookies are called “first party cookies”, others are placed on the website by another organisation, with our permission. Such cookies are called “third party cookies”.
Stiftelsen H&M Foundation, BOX 1421,111 84 Stockholm, and the named publisher, listed in the cookie subgroup in the cookie list below, are both responsible for setting cookies on your device when you access any of our official websites and for the access and collection of data from the same device.
For how long are cookies stored?
Cookies can be stored for varying lengths of time on your browser or device. Temporary cookies, so-called session cookies, are stored in your device until you close your browser. Permanent cookies have an expiration date and when this date has passed, the cookie is deleted when you return to the website that created it.
What types of cookies do we use?
We use four categories of cookies, strictly necessary, performance, functional and marketing. Only the last three categories listed require user consent. For strictly necessary cookies, user consent is not required as these cookies provide complete and continuous display of the content of the website so that you can access the website and receive an appropriate digital browsing and online experience.
How to accept or withdraw your cookie consent in “Cookie settings”?
You manage your cookie consents in “Cookie Settings” at the bottom of this website. You can accept all three categories of cookies or only one of them if you prefer. By agreeing to a category of cookies, you consent to all cookies in this category (see detailed cookie list below). You can change your preferences and refuse cookies at any time in Cookie Settings. Below you will find more detailed information about our categories of cookies as well as a list of all cookies used in that category.
If you prefer not to use cookies on your device, you can manage your cookie preferences by ticking it in the list of cookie categories in “Cookie Settings”. Please note that the changes/choices may affect the functionality of the website and may not be available to you personalised offers or advertisements.
In addition to your consent withdrawal, you can easily stop your browser from accepting cookies by configuring your browser’s cookie settings. All commercial web browsers are featured with cookie management functionality. Please check your web browser to find out more how to delete or disable cookies etc.
If you choose to “Accept All Cookies”, you accept all cookie categories, and agree that we share this information with third parties, such as our advertising partners. This may in some cases mean your data will be processed outside the EU/EEA. If you choose “Only required cookies” no other cookies than the ones categorised as “strictly necessary” will be placed on your device. You can at any time disable cookies that are not categorised as strictly necessary for the site to function by withdrawing your consent.
Questions?
If you have questions about the processing of personal data, we invite you to familiarise yourself with our privacy notice where you will also find our contact information.
Cookie category list
Strictly necessary cookies
These cookies are necessary to maintain our services and cannot be switched off. They are usually only set in response to actions made by you, such as creating an account or saving a wish list for later. You can set your browser to block or alert you about these cookies, but that can make some parts of the site not work. These cookies do not store any personally identifiable information.
Performance cookies
These cookies allow us to count visits and traffic so we can collect insights like which pages are the most popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore, anonymous. If you do not allow these cookies, we will not be able to provide you with a tailored experience.
Functional cookies
These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.
Marketing cookies
When you accept marketing cookies, you give us your consent to place cookies on your device to provide you with relevant content that fits your interests. These cookies may be set through our site by our advertising partners or by us to build a profile of your interests and show you relevant content.
To deliver content that fits your interests on our site, we will use your interactions together with the personal information you have provided to us. To present you with relevant content on third-party sites, we will share this information and a customer identifier such as an encrypted email address or device ID with third parties, such as advertising platforms and social networks. To make the content as interesting as possible, we may link this data across the different devices you use. If you choose not to accept marketing cookies, we will not place such cookies on your device and you may experience less relevant content from us.