Privacy Policy

Data Controller Identity

This website is managed by MASTRO CASHMERE ITALY OF MASTRIZZI FABRIZIO, with headquarters in Via San Marino 114 - 10137 Turin. The Data Controller guarantees the security, confidentiality and protection of personal data in their possession, at any stage of data processing. The personal data collected are used in compliance with Legislative Decree 196/2003 and subsequent amendments and integrations of EU Regulation 679/2016.

Data processing purposes

The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implied in the use of Internet Communication Protocols. This is information that is not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the Uniform Resource Identifier (URI) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response issued by the server (successful, error, etc.) and other parameters related to the operating system and the user computing environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website.

Legal basis for data processing

The use of technical cookies is a processing carried out in the legitimate interest of the Data Controller; the use of analytical cookies is carried out with the consent of the data subject.

Data recipients

The Data Controller does not communicate any personal identification data or information to third parties unless, as necessary and as strictly necessary, to those who act as suppliers for the provision of services relating to the management of the Internet site and for the consequent management of the contractual relationship and related administrative obligations.

Data transfer

The Data Controller does not transfer personal data to third countries or to international organizations.

Data retention

The Data Controller retains the data for the time necessary to obtain anonymous statistical information on the use of the website and to check its correct functioning. The data is deleted immediately after processing.

Rights of the data subject

With reference to Article 7 Legislative Decree 196/2003 and subsequent amendments and integrations and to Articles 15 - right of access, 16 - right of rectification, 17 - right of erasure, 18 - right to restriction of processing, 20 - right to data portability, 21 - right to object, 22 right to oppose the automated decision-making process of EU Regulation 679/2016, the data subject exercises his/her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his/her request, the right that he/she intends to exercise and attaching a photocopy of an identity document attesting the legitimacy of the request.

Withdrawal of consent

With reference to Article 23 Legislative Decree 196/2003 and subsequent amendments and integrations and to Article 6 of the GDPR 679/16, the data subject can withdraw the consent at any time.

Lodging a complaint

The data subject has the right to lodge a complaint with the supervisory authority of the state of residence.

Refusal to provide data

The data subject can refuse to give the Data Controller his/her navigation data. To do this, you must disable cookies by following the instructions provided by your browser. Disabling cookies may make navigation and use of the website features worse.

Automated decision-making processes
The Data Controller does not perform processing consisting of automated decision-making processes.


Why do we use personal data?
We use the user personal data to manage online purchases, process orders and returns via online services and send notifications about the status of the shipment or in case of problems with the delivery of the items.
We use personal data for addressing complaints and product warranties.

What kind of personal data do we process?
We process the following categories of personal data
- contact details such as name, address, e-mail address and telephone number
- payment details and payment history
- credit information
- order information

What is the legal basis for processing personal data?

The processing of personal data is necessary for H&M to perform the order management and delivery service.

How long are personal data stored?

We retain personal data until the user is an active customer.