SCOPE AND APPLICABILITY OF THIS POLICY
This Policy summarizes what type of Sensitive Personal Data or Information We collect about You, purpose of collection, storage and usage of such data or information, to whom such data or information may be disclosed/transferred and how We protect Your privacy.
TYPES OF SENSITIVE PERSONAL DATA OR INFORMATION WE COLLECT
The term "Sensitive Personal Data or Information" in this Policy refers to personal information which does and/or is capable of identifying You as an individual. The types of Sensitive Personal Data or Information that We collect consist of personal information relating to You:
a) name, gender, home address, permanent address, telephone number, date of birth, marital status, email address, any government issued identity/ age proof, emergency contacts or other contact information (including the gender, age, nationality and of any relatives and beneficiaries);
b) photographs;, nationality and passport information;
c) financial information such as bank account/ or other payment instrument details; taxpayer identification number;
d) work history, technical skills, educational background, professional certifications and registrations, language capabilities, training courses attended;
e) information captured on security systems, including CCTV and key card entry systems;
f) voicemails, e-mails, password, correspondence and other work product and communications created, stored or transmitted by an employee using H&M's computer or communications equipment;
g) date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment, performance assessment/appraisal;
h) the results of credit and criminal background checks, screening, information required to comply with laws, statutory obligations, the requests and directions of law enforcement authorities or court orders;
i) acknowledgements regarding H&M policies, including ethics and/or conflicts of interest policies and computer and other corporate resource usage policies;
j) any detail relating to the above clauses as provided to H&M; and
k) any of the information received under above clauses by H&M for collecting, receiving, possessing, using, processing, recording, storing, transferring, dealing, handling and disclosing under lawful contract or otherwise.
Most of the Sensitive Personal Data or Information We collect is the data or information that is wilfully and knowingly provided to us by You. However, in some instances, We collect Sensitive Personal Data or Information about You, based on our inferences about You, from other information provided to us by You or on our interactions with You or on such personal information about You that We receive from a third party with Your knowledge.
This Policy does not apply to any information that You may disclose publicly and which is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force and such information shall not be regarded as Sensitive Personal Data or Information for the purposes of this Policy. Further, the Sensitive Personal Data or Information of You shall not be disclosed to any third person unless the said third person is required to have the Sensitive Personal Data or Information of You to provide required services to You and/or with your permission and/or to help investigate, prevent or take action regarding unlawful and illegal activities, suspected fraud, potential threat to the safety or security of any person, or to defend against legal claims and special circumstances such as compliance with the rules of any stock exchange, subpoenas, court orders, requests/order from legal authorities or law enforcement agencies requiring such disclosure. We share your information with advertisers on an aggregate basis only.
We and/or the Third Party will obtain Your permission in writing through a letter or fax or email ("Consent") before collecting Your Sensitive Personal Data or Information with respect to the purpose of usage of such Sensitive Personal Data or Information.
If You give Your Consent, it means You have done so freely and voluntarily and agree to this Policy. You always have the right to refuse or withdraw Your Consent for the Sensitive Personal Data or Information sought to be collected or withdraw Your Consent given earlier to us. We will always respect such a refusal or withdrawal, but it might mean that We are unable to perform all arrangements or contracts with You and will have the option to discontinue the same. We will inform You of these inabilities, if they occur. However, We reserve the right to retain such Sensitive Personal Data or Information as may be necessary for Your continued employment and in accordance with this Policy.
We and all Third Party's will while collecting data or information directly from You take such reasonable steps to ensure that You are aware of the -
a) fact that the data or information is being collected;
b) purpose for which the data or information is being collected;
c) intended recipients of the data or information; and
d) name and address of the agency and/or Third Party that is collecting the data or information and retaining the data or information.
We respects Your privacy rights, therefore, H&M and all Third Party's will observe the following guidelines when collecting, receiving, possessing, using, processing, recording, storing, transferring, dealing, handling and disclosing Sensitive Personal Data or Information:
a) Data or information will be collected, received, possessed, used, processed, recorded, stored, transferred, dealt, handled and disclosed in compliance with the local laws/regulations in the territory where those activities occur including IT Act;
b) Data or information will be collected for specified, legal and legitimate purposes and shall be used for the purpose for which it has been collected;
c) Data or information will be relevant/necessary to/for the purposes for which it is collected and used;
d) Data or information will be current and accurate with reasonable steps taken to rectify or delete inaccurate Sensitive Personal Data or Information;
e) Data or information will be kept only as long as necessary for the purposes for which it was collected and processed; and
f) Appropriate measures will be taken to prevent unauthorized access or use, unlawful processing, and unauthorized or accidental loss, destruction, or damage to such data or information.
PURPOSES FOR COLLECTION, STORAGE AND/OR USE OF SENSITIVE PERSONAL DATA OR INFORMATION
The primary purposes for collection, storage and/or use of Sensitive Personal Data or Information is for:
a) evaluating and/or processing employment applications or other employment-related inquiries;
b) managing employee profiles and all aspects of an employee's employment relationship including but not limited to, recruitment and staff management training and professional development, performance assessment/appraisal, compensation planning, reorganization needs, finance and employee benefit administration (including payroll and benefits), succession planning, payment and deduction of tax, absence monitoring, maintaining sickness records and occupational health programmes, record keeping and other general administrative and human resource related processes;
c) our business processes, operations and management including but not limited to scheduling work assignments/deputations, entering into or performing any contract, managing company assets, conducting employee opinion surveys and administering employee recognition programs, maintaining internal intranet employee directories;
d) ensuring the safety and protection of employees assets, and resources ;
e) complying with applicable legal requirements including but not limited to governmental reporting, verifications of employment, salary information etc and fulfilling statutory/legal obligations as employer under applicable laws (e.g. health and safety), adhering to judicial or administrative orders regarding individual employees, compliance with employment laws;
f) while conducting daily business/operations such data or information may be provided to Third Party's for the purpose of processing such data or information for or on our behalf;
g) direct marketing and promotional purposes only for our business; and
h) in connection with the business of H&M.
DATA COLLECTION DEVICES
We also use logging systems on our internal network to register the use of our computer systems. This is done for the purpose of ensuring the performance, integrity and security of these systems. We may contract with third party to track and analyze anonymous usage and volume statistical information from our visitors and members for research purposes. Such information is shared externally only on an anonymous, aggregated basis. Such third party's use persistent cookies to help us to improve the visitor experience, to manage our website content, and to track visitor behavior. All data or information collected by such third party on our behalf is used solely by or on behalf of H&M and is shared externally only on an anonymous, aggregated basis.
We will make best efforts to do so but do not warrant that any of the websites or any affiliate site(s) or network system linked to our website is free of any operational errors nor do We warrant that our website will be free of any virus, computer contaminant, worm, or other harmful components. Our website contains links to other sites which are not owned or operated by H&M. H&M is not responsible and makes no guaranty for the privacy practices or the content of such websites. These links are provided only as a convenience to You. Neither, H&M nor any of its affiliates are responsible for the availability of such third party websites or their contents. H&M will not be liable for Your Sensitive Personal Data or Information transmitted over networks accessed by You of the sites, or otherwise connected with Your use of the services. You understand, acknowledges and agree that neither H&M nor any of its affiliates are responsible or liable, directly or indirectly, for any damage or loss of any sort caused in connection with your use of or reliance on any content of any such site or services available through any such site.
You acknowledge that the services, content, site and/ or any software are provided on an "as is" and "as available" basis, without warranties of any kind, either express or implied, including, without limitation, implied warranties of merchantability, fitness for a particular purpose. Although H&M has taken adequate safeguard and in case of any breach H&M shall take action to remedy such breach. In addition to taking all the reasonable precautions as required under law, H&M expressly disclaims any and all warranties, express or implied, including, without limitation that :(i)The services and/ or software will be free of all viruses and hacking.(ii)The software will work on all mobile phones, will be compatible with all mobile phone networks and/or will be available in all geographical areas. (iii) Any service will be uninterrupted, timely, secure or error-free for any reasons whatsoever including but not limited to overload / breakdown of receiving network, servers or applications; system failures out of the H&M’s control or due to heavy traffic on network ".
DISCLOSURES OR TRANSFER OF YOUR SENSITIVE PERSONAL DATA OR INFORMATION
If H&M wishes or is required to disclose the Sensitive Personal Data or Information collected from You to any Third Party, We will ask for Your prior Consent except when such disclosure has been agreed in the contract between H&M and You or it is necessary to comply with a legal obligation or it is to be shared with Government agencies or to be disclosed to any third party by an order under law. H&M or the Third Party will transfer, with Your Consent, the Sensitive Personal Data or Information to any other Third Party in India or overseas, that ensures the same level of data protection that is adhered to by H&M as setout herein for fulfilling any contractual obligation.
We will disclose or transfer Your Sensitive Personal Data or Information in accordance with this Policy and all applicable legal requirements.
Your Sensitive Personal Data or Information will be disclosed or transferred, as may be required from time to time, as follows:
a) For Business And Employment Purposes: to (i) the human resources staff/department and other appropriate staff/employees/persons in our offices; (ii) our affiliates/group companies; (iii) from one office within H&M to another office in India or overseas in accordance with the IT Act; (iv) to any third party, in the event of a proposed or actual business transfer; and (v) in connection with our business.
b) To Third Parties: working with us or on our behalf in different industries and categories of business. We will disclose, share, transfer Your Sensitive Personal Data or Information to any Third Party or provide Your Sensitive Personal Data or Information to any Third Party in connection with our business requirements or Your employment or for the purposes indicated herein. Such Third Party's are required to process Your Sensitive Personal Data or Information they receive from us in a lawful, safe and responsible manner in accordance with this Policy and the prevailing laws and take all appropriate security and confidentiality measures such that they do not use Your Sensitive Personal Data or Information for their own purposes or disclose Your Sensitive Personal Data or Information to others. Neither H&M nor any Third Party will publish Your Sensitive Personal Data or Information.
c) For Legal Requirement: to any court of law and/or government agencies/entity as may be required under law and/or statutory authority, Reserve Bank of India and Credit Information Bureau India Ltd ("CIBIL") or in response to a legal process, for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences and/or to any third party by an order under the applicable law or if We determine it is necessary or desirable to comply with any applicable law regulation, legal process or enforceable governmental request or to protect or defend our rights or property including compliance with accounting and tax rules and regulations or to investigate detect, prevent, or take action regarding illegal activities, suspected fraud, security or technical issues or situations involving potential threats to the physical safety of any person.
d) For Centralized Data Processing Activities: We have centralized certain aspects of our data processing and human resources administration in order to allow us to better manage our business. Such centralization may result in the transfer of Your Sensitive Personal Data or Information: (i) from one country to another; (ii) to human resources staff of the affiliates/group companies of H&M in other locations etc. However, whenever Your Sensitive Personal Data or Information is transferred within H&M, it will be processed in accordance with the terms and conditions of this Policy.
REASONABLE SECURITY PRACTICES AND PROCEDURES AND AUDITS
We seek to ensure compliance with the requirements of the IT Act to ensure the protection and preservation of Your privacy, therefore We take appropriate security measures to protect Your Sensitive Personal Data or Information against unauthorized access, alteration, disclosure or destruction. We have a number of physical, electronic, and procedural safeguards/measures in place to actively protect the confidentiality, security, and integrity of Your Sensitive Personal Data or Information, including a comprehensively documented information security programme and a strict security policy that contains managerial, technical, operational and physical security control measures for protecting such data or information. We have implemented code of best practices for data or information protection.
We limit access to Your Sensitive Personal Data or Information to members of our team/employees of H&M/Third Party's who We believe reasonably need to come into contact with that information for the purpose of performing their job duties. We have strict confidentiality obligations that apply to such members/employees of H&M/Third Party's. Failure to meet these obligations may result in disciplinary and other actions, including dissolution of a contract, termination of employment and criminal prosecution.
We conduct training to authorized users regarding the lawful and intended purposes of processing Your Sensitive Personal Data or Information, the need to protect and keep information accurate and up-to-date and the need to maintain the confidentiality of the data or information to which such authorized users have access. Authorized users will comply with this Policy, and We will take appropriate disciplinary actions, in accordance with applicable laws, if Your Sensitive Personal Data or Information is accessed, processed, or used in any way that is inconsistent with the requirements of this Policy.
To further ensure enforcement of this Policy, code of best practices will be audited for compliance with this Policy and IT Act. For this purpose, We engage an independent auditor duly approved by the Central Government, to conduct the audit at least once a year or when We undertake significant upgradation of our process and computer resources and take such corrective action if necessary to address any issues or problems that such audit reveals.
RETENTION OF YOUR SENSITIVE PERSONAL DATA OR INFORMATION
We are aware of the importance of timely destruction of Sensitive Personal Data or Information. We ensure that Your Sensitive Personal Data or Information is not stored/retained for a longer period than necessary for the purpose for which it was collected, used or processed or as provided in our contracts except when there is a legal obligation to do so under any law. It is our practice to destroy Your Sensitive Personal Data or Information as soon as possible after it is no longer necessary for the purpose for which it was collected, used or processed save and except as stated hereinabove.
UPDATING OR REVIEWING YOUR SENSITIVE PERSONAL DATA OR INFORMATION/ QUESTIONS OR COMPLAINTS
You may by a written request review the Sensitive Personal Data or Information provided by You. We will ensure that any Sensitive Personal Data or Information about You which is found to be inaccurate or deficient shall be corrected or amended as may be feasible.
You expressly state that Sensitive Personal Data or Information provided by You to us or to the Third Party is correct and complete in all respects and does not contain any false, distorted, manipulated, fraudulent or misleading facts. We expressly disclaim any liability arising out of the said data or information provided by You to us or to the Third Party. Further, You expressly agree that We are not responsible for the accuracy and authenticity of such data or information provided by You to us and You agree to indemnify H&M for all losses incurred by H&M due to any false, distorted, manipulated, defamatory, libelous, vulgar, obscene, fraudulent or misleading facts made by You to H&M.
In case of any discrepancies or grievances with regard to the processing of Your Sensitive Personal Data or Information, please contact:
In case of H&M Hennes & Mauritz Retail Private Limited:-
Hitesh Yadav (the "Data Privacy Officer") at
Phone: +91 011 66786883
Mobile :- 9643401391
In case of H&M Hennes & Mauritz India Private Limited:-
Manmeet Kaur Tandon (the “Data Privacy Officer”) at
Phone : +91 80 7107 1300
Further on receipt of any concerns or complaints the Data Privacy Officer will employ all commercially reasonable efforts to address the same within one (1) month of receipt of same.
All H&M subsidiary companies will ensure that this Policy is observed. All employees of H&M and Third Party's who have access to Sensitive Personal Data or Information are required to comply with this Policy. In some countries, violations of data protection regulations may lead to penalties and/or claims for damages from the individuals who are adversely affected.
All Third Party's shall only process the Sensitive Personal Data or Information in accordance with H&M's instructions or make decisions regarding such data or information as part of the delivery of their services. In either instance, H&M will select reliable Third Party's who undertake, by contract or other legally binding and permissible means, to put in place appropriate technical and organizational security measures to ensure an adequate level of protection of such data or information. H&M will require Third Party's to comply with this Policy or to guarantee the same levels of data protection that is adhered to by H&M when handling/processing such data or information. Such selected Third Party's will have access to such data or information solely for the purposes of performing the services specified in the applicable service contract and are legally and contractually bound to maintain the privacy of such data or information shared with them and will not disclose it further. If H&M concludes that a Third Party is not complying with these obligations, it will promptly take appropriate actions to remedy such non-compliance or implement necessary sanctions.
Additionally, our team members/employees are bound by internal confidentiality policies. Any team member/employee found to have violated this Policy or any other policies will be subject to disciplinary action, up to and including termination of employment including penalties under applicable laws.
All Third Parties and our team members/employees/staff do hereby specifically agree that he/she/it shall, at all times, comply with the requirements of the IT Act, while collecting, receiving, possessing, using, processing, recording, storing, transferring, dealing, handling and disclosing Sensitive Personal Data or Information. The said Third Parties and team members/employees/staff do further unequivocally declare that in case he/she/it violates any provisions of the IT Act, he/she/it shall alone be responsible for all his/her/it acts, deeds and things and that he/she/it alone shall be liable for civil and criminal liability there under or under any other law for the time being in force.
MODIFICATIONS TO THE POLICY
H&M reserves the right to update, change or modify this Policy, from time to time, without prior notification. The policy shall come into effect from the date of such update, change or modification.
We will inform You regarding any such changes by updating this Policy and will post all changes to the Policy on relevant internal and external websites.
Effective with the implementation of this Policy, all existing intra-group agreements and applicable H&M privacy guidelines or practices relating to the processing of Sensitive Personal Data or Information will be superseded by the terms of this Policy and modified accordingly. All parties to any such agreements will be notified of the effective date of implementation of the Policy.
If any of the terms or definitions used in this Policy are ambiguous, the definitions established under the IT Act shall apply.