Klarna Privacy Policy
Klarna Privacy Policy
It is important to us that you feel protected when you pay with Klarna or use any of our other services. That is why we provide all information about how we use your personal data in this privacy statement.
1. Who is responsible for your personal data?
Klarna Bank AB (publ) is registered in the Swedish Companies Register under registration number 556737-0431 with its registered office at Sveavägen 46, 111 34 in Stockholm, Sweden, also operating through its branches. Klarna Bank AB ("Klarna, "we", "us") is the data controller of your personal data for the purposes of the EU General Data Protection Regulation "GDPR". If you have any questions regarding the processing of your personal data, you can contact our data protection team by writing to dataprotection@klarna.nl .
2. Your rights as a data subject in the field of data protection
Under the GDPR, you have the right to control over your personal data and to receive direct information from us about the way in which we process your personal data. You can read what your rights are below. If you want to know more or contact us to exercise your rights, the easiest way is to send us an email at dataprotection@klarna.nl .
If you wish to receive information about which personal data Klarna has access to through the so-called 'Subject access', or if you wish to have certain data deleted, you can send us a request by this form which is available on our homepage. For other types of questions, you can use the contact details in section 12.
Your rights
-
Right to have personal data erased (“Right to be forgotten”).
In some cases, you have the right to request the erasure of your personal data. For example, you can ask us to erase personal data that we (i) no longer need for the purpose for which it was collected, or (ii) process based on your consent and for which you withdraw your consent. However, in certain cases we cannot erase your personal data; for example, where the data is still necessary to be processed for the purpose for which it was collected, where Klarna’s interest in processing the data outweighs your interest in having it erased; or because we have a legal obligation to retain it. You can read more about our legal obligations to retain data in sections 4 and 9 below. The laws described there prevent us from immediately erasing certain data. You also have the right to object to the use of your personal data for certain purposes, such as direct marketing, which you can read more about in the list of rights below.
-
Right to be informed.
You have the right to be informed about the way we process your personal data. We do this through this privacy statement, through service-specific FAQs and by answering your questions.
-
Right to access your personal data (“Data Subject access”).
You have the right to know whether Klarna processes personal data about you and to receive a copy ("data extract") of such data, so-called data subject access. Through the data extract, you will receive information about what personal data Klarna stores about you and how we process it.
-
Right to access and request transfer of your personal data to another recipient ("Data Portability").
This right means that you can request a copy of the personal data that Klarna stores about you, which Klarna uses to enter into a contract with you, or based on your consent, in a machine-readable format. This allows you to use this data elsewhere, for example to transfer your personal data to another controller/recipient.
-
Right to rectification.
You have the right to request that incorrect information about you be corrected or that information that you believe is incorrect or incomplete be completed.
-
Right to restrict processing.
If you believe that your information is incorrect, that our processing is unlawful or that we do not need the information for a specific purpose, you can ask us to restrict the processing of such personal data. You can also ask us to stop processing your personal data while the request is being evaluated. If you objects If you object to our processing on the basis of the right described directly below, you may also ask us to restrict the processing of that personal data pending our assessment.
-
Right to object to the processing of your personal data.
You have the right to object to our processing of your personal data based on our legitimate interest (Art. 6 para. 1 lit. f GDPR), by referring to your personal circumstances. Furthermore, you can always object to the use of your personal data for direct marketing purposes. If you inform us that you no longer wish to receive direct marketing from us, we will disable the marketing option for you and no longer send you marketing.
-
Right to object to an automated decision that significantly affects you.
You have the right to object to an automated decision taken by Klarna if the decision has legal effects concerning you or significantly affects you in a similar manner. See point 6 for how Klarna uses automated decisions.
-
Right to withdraw your consent.
As described below in point 5, where we process your personal data based on your implicit or explicit consent, you have the right to withdraw that consent at any time. When you withdraw your consent, we will stop processing your data for those purposes.
-
Right to lodge a complaint .
If you have any complaints about Klarna's processing of your personal data, you can file a complaint with Integritetsskyddsmyndigheten, which is the Swedish supervisory authority for Klarna's processing of personal data. You can here You can also lodge a complaint with your national data protection authority, which you can contact here find again.
Settings in the Klarna App: In the Klarna App, Klarna gives you the opportunity to adjust your preferences for certain services, such as ongoing notifications.
3. What types of personal data do we collect?
In this section we describe the different personal data that we use. In point 4 we describe for what purposes we use this personal data.
-
Contact and identification details - Name, date of birth, citizen service number, title, profession, gender, billing and delivery address, email address, mobile phone number, nationality, age, sound recordings, photos and video recordings of you and your identity card, etc.
-
Information about goods/services - Information about the goods/services you have purchased or ordered, such as the type of item or the delivery tracking number.
-
Information about your financial capacity - Information about, for example, your income, any credits, a negative payment history and previous credit approvals.
-
Payment information - Credit and debit card details (card number, expiry date and CVV code), bank account number, bank name.
-
Information about your use of Klarna's services - What service(s) and what different features have you used in these services and how have you used them. This includes information about outstanding and past debts, your repayment history and your personal preferences.
-
Technical information generated by your use of Klarna's services - Technical data such as web page response times, download errors, date and time you used the service.
-
Information about your contacts with Klarna customer service - Recorded telephone conversations, chat conversations and email correspondence.
-
Your contacts with the stores you frequent - Information about your interactions with stores, e.g. whether you received the merchandise and what type of store you frequent.
-
Device information - Device ID, IP address, language settings, browser settings, time zone, operating system, platform, screen resolution and similar information about your device and your equipment settings/use.
-
Information from external PEP and sanctions lists - Sanctions lists and lists of politically exposed persons ("PEP") contain information such as the name, date of birth, place of birth, profession or position, and the reason for the person's inclusion on the list in question.
-
Sensitive personal data - Sensitive personal data is data from which a person's religious, political or philosophical beliefs, trade union membership, data concerning a person's health, sex life or sexual orientation can be inferred, as well as biometric data.
-
Service-specific personal data - In the context of our services through the Klarna Shopping Service, Klarna's savings and payment accounts, Auto-import/Magic import, and Personal Finances, we use additional personal data that does not fall under the categories mentioned below: Information about each service:
-
The Klarna mobile application (the “Klarna App”) and browser extension (under the Klarna Shopping Service): Any content you upload or submit (such as photos, receipts, or product and store reviews), location and geolocation data, and websites you visit in the App's browser or with the installed extension;
-
Klarna's savings and payment accounts: Information about your transactions and deposits, as well as information about where your money comes from or what it will be used for. Klarna will also process data about third parties (such as beneficiaries or payers) for this service;
-
Auto import/Magic import: Information from your affiliated email account that we pass to the Klarna App; this includes purchase history, product, price and quantity information, delivery tracking numbers and store information;
-
Personal finance: Information about your other bank accounts and other types of accounts (such as card accounts) that you choose to link to the Service, as well as information such as account number, bank, previous transactions from your linked accounts, balances and credits;
-
Membership Connect Service: Information from your added third party membership or loyalty card account such as membership information and details, status, levels and balance history.
-
-
Event registration via social media: Information about your social media account profile and company information such as your employer's name, address, and type of business.
Detailed information about the relevant personal data for each service can also be found in the terms and conditions that we here have listed.
4. Which personal data do we process, for what purpose and on what legal basis?
In the tables below we describe:
-
what we will use your personal data for (the purpose),
-
what types of personal data we use for this purpose, and whether the personal data comes directly from you or from another source. In cases where we have received your personal data from another source, we state the source in brackets,
-
what legal rights we have to process data about you under current data protection legislation, such as the GDPR, and
-
when Klarna stops using the personal data specifically for any purpose.
4.1 Purposes for which Klarna always uses your personal data, regardless of the service you use.
Purpose of processing – what we do and why. |
Types of personal data used for the purpose and where they come from (the source). See point 3 for more information on the different types of personal data. |
Legal basis for processing under the GDPR. |
When the purpose of using the personal data ends. See point 9 for information on when Klarna deletes the data. |
To manage the interaction with you as a customer as agreed, and this for each service you use. This includes creating and sending information in electronic format (no marketing). |
From you:
From other sources:
|
Data processing is necessary for Klarna to enter into a contract with you (Art. 6 para. 1 lit. b GDPR). If the service processes sensitive personal data (e.g. material that you wish to upload), this is done on the basis of your explicit consent (Article 9, paragraph 2, sub a, GDPR). |
When the agreement between you and Klarna ends. |
To be able to carry out customer satisfaction surveys and market research, to conduct consumer research, as well as to request reviews from you, via e-mail, SMS, telephone or other communication channels. If you do not want us to carry out this processing, please contact us to let us know. See point 2 for more information about your rights. See point 12 for our contact details. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In a balancing of interests, Klarna states that it has a legitimate interest in being able to process personal data, that the processing is necessary to achieve the specific purpose and that our interest outweighs your right to object. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
When the agreement between you and Klarna ends. |
To ensure the network and information security of Klarna's services. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In a balancing of interests, Klarna states that it has a legitimate interest in ensuring the security of the network and information, that the processing is necessary to achieve the specific purpose and that its interest outweighs your right to object. It is also in your interest as a customer that we ensure good information security. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
This processing lasts as long as you use a service. |
To be able to help you as a vulnerable customer (i.e. if you contact us for extra support due to special circumstances). This means that we can offer you special support, e.g. when you contact customer service. |
From you:
From other sources:
|
Based on your consent (Article 6, paragraph 1, subparagraph a) and (Article 9, paragraph 2, subparagraph a) GDPR). |
When you tell us that you are no longer a vulnerable customer or when you withdraw your consent. We will also stop this processing if and when you tell us that you no longer wish to be a Klarna customer. |
To be able to perform risk analysis, prevent fraud and carry out risk management. We carry out the processing to confirm your identity and to verify that the data you provide is correct, as well as to prevent criminal activity. This processing amounts to profiling and automated decision-making. We use automated decision-making for this purpose, to determine whether you are at risk of fraud. See point 6 for more information on profiling and automated decision-making. |
From you:
From other sources:
|
The processing is necessary for Klarna to conclude a contract with you (Art. 6 para. 1 lit. b GDPR). We are also legally obliged to verify the identity of our customers (Art. 6, paragraph 1, lit. c, GDPR). ( Swedish Act (2017:630) on Measures against Money Laundering and Terrorist Financing ). Sensitive personal data is processed on the basis of your explicit consent. |
This processing takes place while you use a Klarna service. However, if Klarna has identified a potential risk in the way you use Klarna, we will continue to use your information for this purpose and update our risk assessment on an ongoing basis for as long as there is a risk of fraud. This processing will continue for as long as we are legally obliged to retain your data. Please see section 9 for more information about our obligations and the right to retain information as required by law. |
To anonymize your personal data in order to improve our services and products and to analyze consumer behavior. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In this balancing of interests, Klarna has determined that it has a legitimate interest both in anonymizing your personal data for product development purposes and in analyzing consumer behavior to improve service and customer experience. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right not to have your data processed for this purpose. Anonymizing your information also ensures that we use as little personal data as possible. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
This processing continues for as long as Klarna needs to keep the information in its systems, for example to fulfil the agreement concluded with you or to comply with applicable law. See section 9 for more information about our obligations and the right to retain information as required by law. |
To perform data analysis for product development and testing, to improve our risk and credit models and to design and improve our services (where possible, we first anonymize the data, which means that no more personal data is processed afterwards). |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In balancing the interests, Klarna assumes that it has a legitimate interest in carrying out data analyses for product development and testing purposes. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. Furthermore, our customers benefit from the processing because it helps us to provide error-free and sustainable services. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
This processing continues for as long as Klarna needs to keep the information in its systems, for example to fulfil the agreement concluded with you or to comply with applicable law. See section 9 for more information about our obligations and the right to retain information as required by law. |
To perform data analysis to measure and improve our marketing and advertising channels (where possible, we first anonymize the data, which means that no more personal data is processed afterwards). |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In balancing the interests, Klarna assumes that it has a legitimate interest in carrying out data analyses to measure and improve our marketing and advertising channels. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right not to have your data processed for this purpose. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
This processing continues for as long as Klarna needs to keep the information in its systems, for example to fulfil the agreement concluded with you or to comply with applicable law. See section 9 for more information about our obligations and the right to retain information as required by law. |
To calculate payment commissions to suppliers (if possible, we anonymize the data first, which means that there is no subsequent processing of personal data). |
From other sources:
|
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). In the balancing of interests, Klarna has determined that we have a legitimate interest in calculating potential commissions. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information on how the assessment was made. See section 12 for our contact information. |
Processing takes place up to 90 days after use of the service. |
To compile statistics and reports for economic analyses or analyses of payment trends or volumes in certain regions or industries (where possible, we first anonymize the data, which means that no further processing of personal data takes place afterwards). |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In the balancing of interests, Klarna claims to have a legitimate interest in obtaining statistics and reports for this purpose. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
This processing continues for as long as Klarna needs to keep the information in its systems, for example to fulfil the agreement concluded with you or to comply with applicable law. See section 9 for more information about our obligations and the right to retain information as required by law. |
To check and verify your identity. |
From you:
|
Data processing is necessary for Klarna to enter into a contract with you (Art. 6 para. 1 lit. b GDPR). |
As long as you use one of Klarna's services. |
To share your personal data with the various recipients described in section 7.1 (suppliers and subcontractors, companies within the Klarna Group, those responsible for your financial transactions, authorities and purchasers of claims, companies or assets). |
|
Depending on the beneficiary (see point 7.1). |
This processing continues for as long as Klarna needs to keep the information in its systems, e.g. to fulfil the agreement concluded with you or to comply with applicable law. See point 9 for more information about our obligations and the right to retain information as required by law. |
To decide what kind of marketing we will offer you. If you do not want us to perform this processing, please contact us. We will then no longer use your data for marketing. Contact information can be found in point 12. The processing may include profiling. See point 6 for more information about your rights. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In balancing the interests, Klarna claims to have a legitimate interest in determining what type of marketing we should offer you. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. We have also taken into account that marketing is mentioned in the GDPR as an example of legitimate interest. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
When the agreement between you and Klarna ends, or when you let us know that you are not interested in this processing. |
To provide you with marketing materials and offers about other products and services from our portfolio that are similar to the ones you have already used and that are part of Klarna as a shopping platform. If you do not wish to receive marketing from us, please contact us to let us know. We will then stop processing your data for sending marketing. See point 12 for our contact information. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In balancing the interests, Klarna claims to have a legitimate interest in sending you marketing about our services and offers. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. We have also taken into account that marketing is mentioned in the GDPR as an example of legitimate interest. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
When the agreement between you and Klarna ends, or when you let us know that you are not interested in this processing. |
To provide you with direct marketing about offers, products, or services from Klarna and our stores/partners. |
From you:
From other sources:
|
The processing is based on your consent (Article 6(1)(a) GDPR). |
Either when you let us know that you wish to withdraw your consent, or when you let us know that you are not interested in this processing / opt-out. |
To protect Klarna against legal claims and to safeguard Klarna's legal rights. |
In the event of a dispute, Klarna may also collect other types of personal data about you if we need it to exercise our rights. |
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In balancing the interests, Klarna claims to have a legitimate interest in protecting itself from legal claims. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
This processing continues for as long as Klarna needs to keep the information in its systems, for example to fulfil the agreement concluded with you or to comply with applicable law. See section 9 for more information about our obligations and the right to retain information as required by law. |
4.2 Purposes for which your personal data is used when you use one of Klarna's payment methods in a store, or choose to pay with a debit or credit card at Klarna's checkout in a store.
Purpose of processing – what we do and why. |
Types of personal data used for the purpose, and where they come from (the source). See point 3 for more information about the different types of personal data. |
Legal basis for processing under the GDPR. |
When the purpose of using the personal data ends. See point 9 for information on when Klarna deletes the data. |
To transfer the store's right to payment for your purchase to Klarna ("factoring"). |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In the balancing of interests, Klarna states that it (and the store) has a legitimate interest to buy or sell your outstanding credit. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
When the purchase takes place. |
To share your personal data with the categories of recipients described in Article 7.2 (retailers, payment service providers and financial institutions, fraud prevention agencies and companies that provide identity information, Google, and Billie). |
From you:
From other sources:
|
Depending on the beneficiary (see art 7.2). |
Primarily when the purchase takes place, but also for the entire period that Klarna has the data in its systems, i.e. until the information is deleted. See point 9 for more details about our obligations and the right to retain information as provided by law. |
In a store that offers Klarna as a payment method or has Klarna checkout, we evaluate the order in which the different payment methods should be presented to you at the store's checkout. This processing does not affect which of Klarna's payment methods are available to you. If you do not want us to carry out this processing, please contact us to let us know. Contact information can be found in point 12. This processing creates profiling. See point 6 for more information on profiling. |
From you:
From other sources:
|
If you have accepted and used the so-called "Shopping Service" service, as described in more detail under the terms of the service you here If the processing is necessary, the legal basis for the processing is the performance of the contract (Art. 6 para. 1 lit. b GDPR). If, on the other hand, you have not concluded a "Shopping Service" agreement, the processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In the balancing of interests, Klarna claims to have a legitimate interest in examining the order in which the different payment options will be presented to you at the checkout in the store. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
When the payment methods are shown at checkout. |
Prevent Klarna’s activities from being used for money laundering or terrorist financing by verifying your identity, monitoring and evaluating transactions. Klarna also carries out ongoing risk assessments and creates risk models to prevent money laundering and terrorist financing. This processing amounts to profiling and automated decision-making. See point 6 for more information on profiling and automated decision-making. |
From you:
From other sources:
|
To comply with the law (Art. 6, paragraph 1, lit. c, GDPR). ( Swedish Act (2017:630) on Measures against Money Laundering and Terrorist Financing ). The basis for the processing of sensitive personal data is that it is necessary for reasons of public interest (Article 9, paragraph 2, point (g), GDPR). |
When the agreement between you and Klarna is terminated. See point 9 for more information about our obligations and the right to retain information as required by law. |
To conduct a fraud prevention assessment before accepting a purchase. This processing amounts to profiling and automated decision-making. We use automated decision-making for this purpose, to determine whether you are at risk of fraud. See point 6 for more information on profiling and automated decision-making. Please also see section 7.2.3 regarding our use of fraud prevention agencies to whom your data may be disclosed, and our legal basis for such disclosure. If we identify possible fraudulent transactions, we will also report this to our fraud prevention agencies as set out in section 7.2.3. |
From you:
From other sources:
In addition to the above, Klarna receives information from fraud prevention agencies about whether your information indicates attempted fraud. |
To enter into and perform the agreement (Art. 6, paragraph 1, letter b, GDPR). |
When the credit evaluation is performed. |
To maintain the accounting and administrative processing as determined in the accounting legislation, and to retain them in compliance with the applicable legislation. |
From you:
From other sources:
|
To comply with the law (Article 6, paragraph 1, lit. c, GDPR). ( The Swedish Accounting Act (1999:1078) ) |
During the accounting period, and up to 7 years after the end of the year in which the information was registered. See point 9 for more information about our obligations and the right to retain information as required by law. |
To perform calculations in accordance with the rules on capital adequacy requirements. |
From you:
From other sources:
|
To comply with the law (Article 6, paragraph 1, letter c, GDPR). ( Capital Adequacy Regulation 575/2013 , and Capital Adequacy Directive 2013/36 ). |
Seven years after the end of the year in which the information was registered. See point 9 for more information about our obligations and the right to retain information as required by law. |
4.3 Purposes for which your personal data is processed when you use one of Klarna's payment methods that provide credit, or when you use the Klarna Card or the One-Time Card Shopping Service.
The table below describes the services that can provide credit to you: “Pay Later” (invoice), “Pay Now” (for payment via Direct Debit), “Financing” (payment in installments), as well as the Klarna Card and the One-Time Card Shopping Service (both of which are offered in the Klarna App or browser extension).
Purpose of processing – what we do and why. |
Types of personal data used for the purpose and where they come from (the source). See point 3 for further information on the different types of personal data. |
Legal basis under the GDPR. |
When the purpose of using the personal data ends. See point 9 for information on when Klarna deletes the data. |
To carry out a credit assessment before granting credit. This involves profiling and the decision to approve or reject credit involves an "automated decision" in. See point 6 for more information about profiling and automated decisions. Please also see section 7.3.1 regarding our use of fraud prevention agencies to which your data may be transferred, and our legal basis for such transfers. |
From you:
From other sources:
|
To enter into and execute the credit agreement (Art. 6 para. 1 lit. b GDPR). |
When the credit evaluation is performed. |
To share your personal data with the various recipients described in point 7.3 (credit agencies, debt collection agencies and other purchasers of outstanding debts, as well as VISA, debt-assigning parties and digital wallet providers). |
From you:
From other sources:
|
Depending on the beneficiary (see point 7.3). |
Primarily when the purchase takes place, but also as long as Klarna stores the data in its systems, i.e. until it is deleted. See point 9 for more information about our obligations and the right to retain information as provided by law. |
To exercise Klarna's right to transfer the payment for your purchase to a new beneficiary ("factoring"). |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In the balancing of interests, Klarna states that it has a legitimate interest to sell outstanding credits as part of its business policy. We assure you that the processing is necessary to pursue this interest and that our interest prevails over your right to object. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
The processing can be carried out even if the debt is unpaid (you will be notified if the debt is transferred). |
Providing debt collection services, i.e. collecting and selling overdue debts. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In the balancing of interests, Klarna states that it has a legitimate interest in collecting and selling debts. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
When the debt is paid. |
To prevent Klarna's activities from being used for money laundering or terrorist financing by verifying your identity, monitoring and evaluating transactions, performing risk assessments and creating risk models. This processing involves profiling, and a decision that you are at risk of money laundering is an "automated decision". For more information about profiling and automated decisions, see point 6. |
From you:
From other sources:
|
To comply with the law (art.6, paragraph 1, letter c, GDPR). ( Swedish Act (2017:630) on Measures against Money Laundering and Terrorist Financing ). The condition for the processing of sensitive personal data is that it is necessary for reasons of public interest (Article 9, paragraph 2, letter g, GDPR). |
Up to five years after the termination of the agreement or after the termination of the customer relationship (up to ten years in cases where law enforcement authorities so request). See point 9 for more information about our obligations and the right to retain information as required by law. |
Archiving and accounting in accordance with accounting legislation. |
From you:
From other sources:
|
To comply with the law (Article 6, paragraph 1, lit. c, GDPR). ( The Swedish Accounting Act (1999:1078) ) |
Seven years after the end of the year in which the information was registered. See point 9 for more information about our obligations and the right to retain information as required by law. |
4.4 Use of your personal data (and that of third parties) to give you access to the Klarna account service (savings and payment accounts).
Purpose of processing – what we do and why. |
Types of personal data used for the purpose and where they come from (the source). See point 3 for further information on the different types of personal data. |
Legal basis under the GDPR. |
When the purpose of using the personal data ends. See point 9 for further information on when the data is erased. |
To offer Klarna's savings and payment accounts. |
From you:
From other sources:
|
Data processing is necessary for Klarna to enter into a contract with you (Art. 6 para. 1 lit. b GDPR). Information about third parties (such as the payment recipient or payer) is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In the balancing of interests, Klarna has stated that both we and you (as well as the payment recipient/payer) have a legitimate interest in processing this data in order to carry out the transactions in question. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
When the agreement between you and Klarna ends. |
To transfer your personal data to the categories of recipients described in point 7.4 (credit institutions and other financial institutions). |
From you:
From other sources:
|
Data processing is necessary for Klarna to enter into a contract with you (Art. 6 para. 1 lit. b GDPR). The terms of service are here available. |
When the agreement between you and Klarna ends. |
To prevent Klarna's activities from being used for money laundering or terrorist financing by verifying your identity, monitoring and evaluating transactions, performing risk assessments and creating risk models. This processing involves profiling, and a decision that you are at risk of money laundering will be an automated decision. For more information on profiling and automated decisions, see point 6. |
From you:
From other sources:
|
To comply with the law (Art. 6, paragraph 1, lit. c, GDPR). ( Swedish Act (2017:630) on Measures against Money Laundering and Terrorist Financing ). The condition for the processing of sensitive personal data is that it is necessary for reasons of public interest (Article 9, paragraph 2, letter g, GDPR). |
Up to five years after the termination of the agreement or customer relationship (up to ten years in cases where law enforcement authorities so request). See point 9 for more information about our obligations and the right to retain information as required by law. |
Archiving and accounting in accordance with accounting legislation. |
From you:
From other sources:
|
To comply with the law (Article 6, paragraph 1, lit. c, GDPR). ( The Swedish Accounting Act (1999:1078) ) |
Seven years after the end of the year in which the information was registered. See point 9 for more information about our obligations and the right to retain information as required by law. |
To perform calculations in accordance with the rules on capital adequacy requirements. |
From you:
From other sources:
|
To comply with the law (Article 6, paragraph 1, sub c, GDPR) ( Capital Adequacy Regulation 575/2013, and Capital Adequacy Directive 2013/36 ). |
Seven years after the end of the year in which the information was registered. See point 9 for more information about our obligations and the right to retain information as required by law. |
4.5 Use of your personal data when you use Klarna's Shopping Service.
When you use Klarna's Shopping Service, Klarna will process your personal data for the purposes described in the table below. The terms of the Shopping Service and the description of the functions that are part of it are here available.
Purpose of processing – what we do and why. |
Types of personal data used for the purpose and where they come from (the source). See point 3 for further information on the different types of personal data. |
Legal basis under the GDPR. |
When the purpose of using the personal data ends. See point 9 for further information on when the data is erased. |
To provide Klarna's Shopping Service and the functions included therein. The service involves your profiling to personalize the content of the Klarna App and Klarna's checkout. |
|
Data processing is necessary for Klarna to enter into a contract with you (terms of use for the grocery service (Art. 6 para. 1 lit. b GDPR). If the shopping service also processes sensitive personal data (if you have uploaded this data, e.g. via receipts for certain purchases/memberships, via product and store reviews, or if you have otherwise given us access to this data), we process this data on the basis of your express consent (Art. 9 para. 2 lit. a GDPR). For more information on this type of personal data, see point 3. |
When the agreement between you and Klarna ends. |
You decide whether or not to share your location and geolocation data with us. We use this information to find and suggest stores and offers near you in the Klarna mobile application. You can disable the sharing of location and geolocation data on your device at any time. |
From you:
|
Data processing is necessary for Klarna to enter into a contract with you (terms of use for the grocery service (Art. 6 para. 1 lit. b GDPR). |
When the agreement between you and Klarna ends. |
To provide you with a browser via the Klarna App that allows you to visit e.g. stores' websites. Klarna will collect information about how you use the browser to customize its mobile application. |
From you:
|
Data processing is necessary for Klarna to enter into a contract with you (terms of use for the grocery service (Art. 6 para. 1 lit. b GDPR). If the service processes sensitive personal data (e.g. from pages you visit), this is done on the basis of your express consent (Art. 9 para. 2 lit. a GDPR). However, this sensitive information will not be used for any other purpose than to show you the current website in the browser. |
When the agreement between you and Klarna ends. |
To prevent fraud when using the Klarna Shopping Service. This processing constitutes profiling and automated decision-making. We use automated decision-making for this purpose to determine whether you pose a fraud risk. See point 6 for more information on profiling and automated decision-making. Please also see section 7.5.6 regarding our use of fraud prevention agencies to whom your data may be shared, and our legal basis for such sharing. |
From you:
From other sources:
In addition to the above, Klarna receives information from fraud prevention agencies about whether your information indicates attempted fraud. |
The processing is necessary for Klarna to perform a contract (Shopping Service Terms) with you (Article 6, paragraph 1, letter b) GDPR). |
When the fraud assessment is performed. |
To pass on your personal data to the categories of recipients described in point 7.5 (affiliate networks, Google, partners within the framework of the Personal Finance service and the Offer and Benefit Program, as well as logistics and transport companies, advertising services, third-party apps and services (for SIWK), fraud prevention agencies and companies that carry out identity checks). |
From you:
From other sources:
|
Depending on the beneficiary (see point 7.5). |
When the agreement between you and Klarna ends. |
To show you relevant advertisements via advertising services from third parties outside the Klarna App and to assess the relevance of such advertisements. This is based on your user behavior and Klarna profile. You may receive such relevant advertisements delivered to you by this advertising services from third parties, see when you are on other websites and apps. See section 7.5.5. for information about this data sharing. The processing may include profiling, intended to tailor marketing based on what we think you may be interested in. You can read more about profiling in section 6. |
From you:
From other sources:
|
This is done on the basis of the consent you have given (pursuant to Art. 6, paragraph 1, sub a, GDPR). |
Either when you inform us that you wish to withdraw your consent, or when you let us know that you are not interested in this processing. We will also stop processing your data if and when you inform us that you no longer wish to be a Klarna customer. |
If you choose to register with Klarna (via “SIWK”) in a third party application or service, Klarna will share your personal data with that store or online service |
From you:
From other sources:
|
The processing is necessary for Klarna to perform a contract (general terms and conditions for the store service) with you (Article 6, paragraph 1, letter b GDPR). |
When the agreement between you and Klarna ends. We will also stop processing if and when you let us know that you no longer wish to use this specific functionality. |
4.6 Additional services that you can use, for example via the Klarna mobile application or via Klarna's browser extension.
Purpose of processing – what we do and why. |
Types of personal data used for the purpose and where they come from (the source). See point 3 for further information on the different types of personal data. |
Legal basis under the GDPR. |
When the purpose of using the personal data ends. See point 9 for further information on when the data is erased. |
If you have connected your email account to Klarna's Auto-import, Klarna will regularly connect to your email account(s) to obtain information about your purchases. You can terminate this service at any time and thereby stop Klarna's access to your email account. |
From other sources:
|
Data processing is necessary for Klarna to enter into a contract with you (terms of use for the grocery service (Art. 6 para. 1 lit. b GDPR). If the service processes sensitive personal data (from your transactions), this is done based on your explicit consent (Art. 9, paragraph 2, sub a, GDPR). See point 3 for more information. |
When the agreement between you and Klarna ends. |
If you have linked your bank accounts to the Personal Finance service, Klarna will provide you with tools to help you take control of your finances using needs specifically tailored to you. With this processing we do profiling, with which we want to adapt the content of the service to what we think interests you. More information about profiling can be found in point 6. If you wish to use the offers and benefits that Klarna provides within the framework of this service, we will share your personal data with the partner who provides these (see point 7.5.3). |
From other sources:
|
Data processing is necessary for Klarna to enter into a contract with you (terms of use for the grocery service (Art. 6 para. 1 lit. b GDPR). If the service processes sensitive personal data (from your transactions), this is done based on your explicit consent (Art. 9, paragraph 2, sub a, GDPR). See point 3 for more information. |
When the agreement between you and Klarna ends. |
When you use our browser extension, Klarna processes your data to provide the service, including processing information about which websites/web domains you visit: Klarna processes information about the e-commerce websites/web domains you visit to identify deals, offer cashback and make you customized offers in the Klarna extension and mobile application. This processing is also done to enable you to create one-time cards directly in your browser on websites where this service is enabled. Information about visited non- ecommerce websites/web domains is not stored by Klarna. Read more about how your personal data is used in the extension FAQ. |
From you:
From other sources:
|
The processing is necessary for Klarna to conclude a contract (General Terms and Conditions for the Klarna Shopping Service) with you (Art. 6 para. 1 lit. b GDPR). If the service processes information that constitutes sensitive personal data (i.e. this kind of data about the websites/web domains you visit), our processing will be based on your explicit consent (Art. 9 para. 2 lit. a GDPR). For more information on this kind of personal data, please see point 3. |
When the agreement between you and Klarna ends. |
If you have added a third party membership or customer card account to Klarna's Membership Connect Service, Klarna will process your data to provide the service. This means that Klarna will regularly connect to your third-party card account to import membership points, levels and balance history.
|
From other sources:
|
The processing is necessary for Klarna to perform a contract (store service terms) with you (Article 6, paragraph 1, letter b GDPR). |
When the contract between you and Klarna ends. |
4.7 Offers and invitations to events posted on social media, and your interaction with us through social media.
Purpose of processing – what we do and why. |
Types of personal data used for the purpose and where they come from (the source). See point 3 for further information on the different types of personal data. |
Legal basis for processing under the GDPR. |
When the purpose of using the personal data ends. See point 9 for further information on when the data is erased. |
If you register for an event via social media, we process your personal data in order to provide the requested service. You can always unsubscribe from this by contacting us. See point 12 for our contact details. |
From you:
|
Klarna must process your data in order to conclude a contract with you (regarding participation in an event) (Art. 6 para. 1 lit. b GDPR). You can contact us if you want more information about how this decision was made. See point 12 for our contact details. |
When the event is over |
4.8 Klarna's processing when you contact its customer service.
Purpose of processing – what we do and why. |
Types of personal data used for the purpose and where they come from (the source). See point 3 for further information on the different types of personal data. |
Legal basis for processing under the GDPR. |
When the purpose of using the personal data ends. See point 9 for further information on when the data is erased. |
To handle all matters received by Klarna's customer service. This involves keeping various forms of written conversations to document customer issues, as well as for security and fraud prevention purposes. |
From you:
From other sources:
|
Performance of contracts (Article 6, paragraph 1, point (b), GDPR). |
Up to ten years, based on the statute of limitations. See point 9 for more information on our obligations and the right to retain information as provided by law. |
Quality and service improvement (to ensure satisfactory service). We may record telephone conversations and screen sharing sessions between you and our staff for quality purposes, in order to provide better products and services. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In balancing interests, Klarna has determined that it has a legitimate interest in improving its services, internal training and quality control. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. As a customer, you also have an interest in good interaction quality with Klarna. You can contact us if you want more information about how this decision was made. You can find the contact information in point 12. |
We process recordings of telephone calls for up to 90 days and screen sharing sessions for up to 30 days for quality assurance purposes. |
We record what is said when you speak to our customer service (to ensure we have a record of what has been agreed or discussed). We use the recorded telephone conversations between you and our staff and both handwritten and automated notes to know what has been said. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In balancing the interests, Klarna has determined that it has a legitimate interest in documenting the communication with its customer service. It guarantees that the specific processing this entails is necessary to achieve that purpose, and that its interest outweighs your right not to have your data processed for this purpose. As a customer, you also have an interest in the discussion being documented in an impartial manner. You can contact us for more information on how the determination was made. See the contact information in point 12. |
90 days from the day the recording was made. |
If you contact us via social media such as Facebook or Twitter, your personal data will also be collected and processed by these companies in accordance with their privacy policies. The same applies to the answer you receive from us. Klarna processes this information in order to be able to answer your questions. |
From you:
From other sources:
|
Performance of contracts (Article 6, paragraph 1, point (b), GDPR). |
Once we have answered your question. |
To handle voluntary blocking of the use of Klarna's services, i.e. if you contact us and ask us to prevent you from using our services. Your voluntary blocking can be lifted by you at any time by contacting us again. |
From you:
|
Based on your consent (Article 6, paragraph 1, under a). |
When you let us know that you no longer want to be blocked from using our services or withdraw your consent. We will also stop this processing if and when you let us know that you no longer want to be a Klarna customer at all. |
5. How can you withdraw your consent?
When Klarna processes your personal data based on your consent, you can withdraw this consent at any time. You can do this by sending an email to dataprotection@klarna.nl or via the contact details you will find in point 12.
You can also delete uploaded information from the Klarna App, or terminate the service where personal data is processed. We will then delete that information. If you withdraw your consent or delete the uploaded information, you may no longer be able to use the service in cases where Klarna's personal data processing is based on your consent.
Finally, as described in point 2 above, you also have the right to object to certain processing of personal data (for example, you can disable marketing). You also have the right to have certain personal data erased, which is also described in point 2.
6. Klarna's profiling and automated decision-making that has significant consequences for you.
6.1 Klarna's profiling of you as a customer.
"Profiling" means an automated processing of personal data to evaluate certain personal aspects, e.g. by analyzing or predicting your personal preferences, such as your purchasing behavior. At the same time, we compare your data with what our other customers, with a similar use of our services, prefer.
The purpose of Klarna's profiling and the different types of personal data used for each occasion and for each profiling are described in detail in point 4 above. Profiling for these purposes does not have any significant consequences for you as a customer.
We use profiling for the following purposes:
-
to provide you with tailored services that adapt based on what we think is most interesting or relevant to you (this applies to the Klarna App, its different features, when you have a conversation with the customer service chatbot and the order in which the different payment methods are shown in Klarna's checkout), and
-
to provide you with personalized marketing through our own and third-party platforms and services.
Our services use machine learning and artificial intelligence models to provide you with the most relevant content possible.
If you have any questions about how the profiling process works, you can contact us. Contact details can be found in point 12. You can object to our marketing profiling at any time by contacting us (we will then stop profiling for marketing purposes). You can also stop our profiling for our services by stopping the service.
6.2 Klarna's automated decisions that have significant consequences for you.
Certain decisions in our services are fully automated, without the involvement of our employees, such as automated decisions with legal consequences, or automated decisions that have a similarly significant effect on you. These decisions have a significant impact on you as a consumer, comparable to legal consequences. By making such decisions automatically, Klarna increases its objectivity and transparency in decision-making in order to offer you these services. At the same time, you have the right to object to these decisions at any time. You can read how to object to these decisions at the end of this section 6.2.
Automated decisions that significantly affect you also involve profiling based on your data before the decision is made. This profiling is done to evaluate your financial situation (before deciding to grant credit) or to determine whether your use of our services poses a risk of fraud or money laundering. We profile your user behavior and financial capacity and compare this data with behavioral patterns and circumstances with different risk levels.
Different user behavior and conditions are evaluated and weighed in our automated decision models to arrive at an overall score, which then results in either an acceptance or rejection of your use of our Services.
We may also decide to ask for further identification from you if we are not sure who you are.
When does Klarna make automated decisions that significantly affect you?
We use this type of automated decision-making when we:
-
decide to approve your application to use a credit service.
-
decide on your application to use a credit service not to approve.
These automated credit decisions are based on information you provide to us, information from external sources such as credit agencies, credit reports and Klarna's own internal information about you if we have lent you money for this purpose. In addition to the information about you, Klarna's credit model includes many other factors, such as Klarna's internal credit risk levels and our general repayment rates (based on e.g. current product category).
-
decide whether there is a risk of fraud, whether your processing shows possible fraudulent behavior, whether your behavior is inconsistent with previous use of our services, or whether you have attempted to disguise your true identity. Automated decisions where we determine whether you pose a risk of fraud based on information provided by you, data from fraud prevention agencies (see section 7.2.3 for details of who we use) as well as Klarna's own internal information. Klarna continuously develops its fraud models to keep its services safe, and to closely monitor how fraudsters operate in different markets (for example which categories of goods or services are most likely to be targeted by fraud attempts).
-
decide whether there is a risk of money laundering, if our processing shows that your behavior is indicative of money laundering. In relevant cases, Klarna investigates whether certain customers are listed on sanctions lists.
The different types of personal data used in each decision are described in Section 4. Please see Section 7 for more information on the categories with whom we share information relating to profiling during automated decision-making.
If you are not approved in the context of the automated decisions described above, you will not be able to access Klarna's services, such as our payment options. Klarna has several safeguards in place to ensure that the decisions are correct and fair. These include permanent checks on our selection models and random samples in individual cases. If you have any concerns about the outcome, you can always contact us and we will check whether the procedure was carried out correctly. You can also object using the following instructions.
Your right to object to automated decisions
You always have the right to object to an automated decision which produces legal effects or which otherwise may significantly affect you (together with the relevant profiling). In that case, you can send an e-mail to dataprotectie@klarna.nl . A Klarna employee will then review the decision, taking into account any additional information and circumstances you provide us with.
7. With whom do we share your personal data?
When we share your personal data, we ensure that the recipient processes it in line with this notice, for example by concluding data transfer or data processing agreements with the recipients. These agreements include all reasonable contractual, legal, technical and organizational measures to ensure that all your information is processed with an adequate level of protection and in accordance with applicable law.
7.1 Categories of recipients with whom Klarna will always share your personal data, regardless of the service you use.
7.1.1 Suppliers and subcontractors.
Receiver Description: Suppliers and subcontractors are companies that are only entitled to process the personal data they receive from Klarna on behalf of Klarna, i.e. data processors. Examples of such suppliers and subcontractors are software and data storage providers, payment service providers, business consultants, machine learning/artificial intelligence providers and companies in the Klarna Group.
Purpose and legal basis: Klarna needs access to services and functionalities from other companies where it cannot perform them itself. Klarna has a legitimate interest in having access to these services and functionalities (Art. 6 para. 1 lit. f GDPR). We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest overrides your right to object. You have the right to object to this processing due to circumstances in your particular case. Please see point 2 for more information about your rights.
7.1.2 Klarna Group
Receiver Description: Companies in the Klarna Group.
Purpose and legal basis: This is necessary to enable Klarna to provide you with its services and functionalities. Klarna has a legitimate interest in having access to and providing these services and functionalities (Art. 6 para. 1 lit. f GDPR). We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest overrides your right to object. You have the right to object to this processing due to circumstances in your particular case. Please see point 2 for more information about your rights.
When you shop at a foreign store (i.e. a store located outside the EU/EEA area) that has an agreement with another company within the Klarna Group, the disclosure of your personal data between the Klarna companies is required to enable both to manage your payment and the foreign store to administer your purchase. The legal basis for this processing is the performance of a contract (Art. 6 para. 1 lit. b GDPR).
The receiving company in the Klarna Group will handle your personal data in accordance with the privacy notice applicable in your country (see list). You can read more about how Klarna protects your personal data when it is transferred outside the EU/EEA in section 8.
7.1.3 A person who has power of attorney for your financial affairs.
Receiver Description: Klarna may share your personal data with a person who has the right to access it under power of attorney.
Purpose and legal basis: This processing is carried out to facilitate your contact with us (via agents) and is based on your consent (Art. 6 para. 1 lit. a GDPR).
7.1.4 Authorities.
Receiver Description: Klarna may provide information to authorities such as the police, financial institutions, tax authorities or other authorities and courts.
Purpose and legal basis: Personal data will be shared with authorities if we are legally obliged to do so, if you ask us to do so, or if necessary for tax purposes or to combat crime. An example of a legal obligation to provide information is when it is necessary to take measures against money laundering and terrorist financing. Depending on the authority and purpose, Klarna's legal basis is the obligation to comply with the law (Art. 6 para. 1 lit. c GDPR), to fulfill its agreement with you (Art. 6 para. 1 lit. b GDPR), and to legitimately protect itself against crime (Art. 6 para. 1 lit. f GDPR).
7.1.5 Divestment of businesses or assets.
Receiver Description: In the event that Klarna sells any business or assets, it may transfer your personal data to the prospective buyer of such business or assets. If Klarna or a substantial part of Klarna's assets is acquired by a third party, Klarna may also share its customers' personal data.
Purpose and legal basis: Klarna has a legitimate interest in being able to carry out these transactions (Art. 6 para. 1 lit. f GDPR). We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest overrides your right to object. You have the right to object to this processing due to circumstances in your particular case. Please see section 2 for more information about your rights.
7.2 Categories of recipients with whom Klarna shares your personal data when you use its payment methods in a store, or choose to pay with a debit or credit card at Klarna's checkout in a store.
7.2.1 Shops.
Receiver Description: By stores we mean the stores you visit or shop at (including the store's affiliated companies, if you have been informed of this by the store).
Objective and legal basis: To enable the store to process and manage your purchase and your interaction with the store or its affiliates, e.g. by confirming your identity, sending you goods, handling questions and disputes, preventing fraud and possibly sending you relevant marketing. The store’s privacy policy applies to the processing of your personal data shared with the store and processed by the store. You will normally find a link to the store’s privacy policy on the store’s website. The legal basis for sharing data with stores is partly the performance of a contract between you and the store (Art. 6 para. 1 lit. b GDPR) insofar as the sharing takes place within the framework of this contract, and partly based on the legitimate interest of Klarna and the store (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR). We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. You have the right to object to this processing due to circumstances in your particular case. See point 2 for more information about your rights.
7.2.2 Payment service providers and financial institutions.
Receiver Description: Payment service providers and financial institutions provide services to you, the stores and Klarna to make and manage electronic payments through a variety of payment methods, such as credit cards and bank payment methods such as direct debit and bank transfer.
Purpose and legal basis: Some stores use payment service providers with whom they share your data to manage your payment. This sharing takes place in accordance with the stores’ own privacy policies. The store may also allow Klarna to share your data with the payment service provider they use to process your payment. Some payment service providers also collect and use your information independently, in accordance with their own privacy policies. This is the case, for example, for providers of electronic wallets. In addition, Klarna may also share your information with other financial institutions when conducting transactions with your account to complete the transactions. The sharing with payment service providers and financial institutions takes place to execute a transaction initiated by you as agreed with you (Art. 6 para. 1 lit. b GDPR).
7.2.3 Fraud prevention agencies and companies that carry out identity checks.
Receiver Description: Your personal data will be shared with fraud prevention agencies and companies that perform identity checks.
Objective and legal basis: Klarna shares your information to verify your identity and the accuracy of the data you have provided to us, and to prevent misleading and criminal activity. The companies we work with are responsible for: here listed. Please note that these companies process your data in accordance with their own privacy policies.
Klarna shares your information and information about whether a particular transaction may constitute fraud based on its legitimate interest in conducting its business (Art. 6 para. 1 lit. f GDPR), as fraud prevention agencies and identity check companies have information about fraudulent activities and identity confirmation, which is important for Klarna to reduce the number of fraudulent transactions. It is also in your interest that this information is shared as it helps prevent your information from being used for fraudulent purchases. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest overrides your right to object. You have the right to object to this processing due to circumstances in your particular case. Please see point 2 for more information about your rights. You can also contact the organisations mentioned in the link above to exercise your rights as set out in point 2, including against these organisations.
7.2.4 Google.
Receiver Description: If you use Google Maps at checkout or in the Klarna App (for example by looking up your address in the address bar, viewing “stores near me” or requesting information about offers and promotions in the area), your personal data will be shared with Google. Google will process your data in accordance with the general terms and conditions and the privacy policy from Google Maps/Google Earth.
Purpose and legal basis: Klarna shares this information based on its legitimate interest in conducting its business (Art. 6 para. 1 lit. f GDPR), as Google Maps enables us to find the address functionality at checkout and to show maps and deals in the Klarna App that are relevant to your current location. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest overrides your right to object. You have the right to object to this processing due to circumstances in your particular case. Please see section 2 for more information about your rights.
7.2.5 Billie, if you pay with Billie
Receiver Description: When you choose to pay with Billie in Klarna's checkout, Klarna shares information about the ongoing payment and contact and identification data with Billie. Billie will process your data in accordance with its own data protection policy.
Purpose and legal basis: Klarna shares information about your Billie payment with Billie because Billie manages the payments to Klarna. Data is passed on to Billie to execute a Billie payment initiated by you (Article 6 (1) (b) GDPR).
7.3 Categories of recipients Klarna shares your data with when you use one of Klarna's payment methods that provide credit or when you use the Klarna Card or the One-Time Card Shopping Service.
7.3.1 Credit reference agencies.
Receiver Description: If you apply for a Klarna service where we provide credit (see point 4.3 on which Klarna services imply credit), we will share your personal data with credit reference agencies. Exchange does not take place in the case of small amounts or when we already have sufficient information.
Objective and legal basis: Your personal information is shared with credit agencies to evaluate your creditworthiness, to confirm your identity and contact information, and to protect you and other customers from fraud. Sharing this information produces a credit report.
In the Netherlands, Klarna sends the credit bureau your name, address and phone number to get a lookup on you. This credit investigation does not affect your creditworthiness.
The credit bureaus will process your information in accordance with their own privacy policies and you can here find out who we work with.
Furthermore, if you have applied for financing, the following applies: Klarna will share your name, date of birth, address and possibly your email address, as well as information about your financing debt and the repayments on that debt (including late repayments), with the Dutch debt register (Bureau Krediet Registratie-BKR), in accordance with Dutch credit legislation. The information shared with the debt register may affect your future creditworthiness and ability to obtain credit.
Klarna shares your information based on its legitimate interest to conduct its business (Art. 6 para. 1 lit. f GDPR), where the credit reference agencies have information about your financial standing which is important for Klarna to ensure a proper credit assessment and not to grant credit to consumers who are unable to repay it. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have this information processed for this purpose. You have the right to object to this processing on the grounds of circumstances in your particular case. Please see section 2 for more information about your rights. You can also contact the organisations mentioned in the link above to exercise your rights as set out in section 2, including against these organisations.
Klarna stores the credit information about you that we have received from a credit reference agency only in a script data format. If you want a readable version, we recommend that you contact the credit agency that informed you that Klarna has requested a credit report directly.
7.3.2 Collection agencies (for debts that are overdue).
Receiver Description: Klarna may be required to share your information if we sell or outsource the collection of unpaid overdue debts to a third party, such as a debt collection agency.
Objective and legal basis: This data is shared to collect your overdue debts. Debt collectors process personal data in accordance with their own privacy policies or solely on Klarna’s behalf in their capacity as Klarna’s data processors. Debt collectors may report your unpaid debts to credit reference agencies or authorities, which may affect your creditworthiness and ability to apply for credit in the future. This data is shared based on our legitimate interest in collecting and selling debts (Art. 6 para. 1 lit. f GDPR). In balancing the interests, Klarna claims to have a legitimate interest in collecting and selling debts. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object. You have the right to object to this processing on the grounds of circumstances in your particular case. Please see section 2 for more information about your rights.
7.3.3. VISA and digital wallet providers.
Receiver Description: We share information about you and your purchases when you use the Klarna card with VISA and with members of the VISA card network. If you also add the Klarna card to your digital wallet, we may need to share your information with the provider of that wallet. In that case, the information will be processed in accordance with the privacy policy of that provider.
Objective and legal basis: Sharing takes place to the extent necessary to carry out card transactions, prevent fraud and comply with the rules for the VISA card network. If you renew your Klarna card or receive a new card, we will pass this information on to VISA so that VISA can inform third parties with whom you previously stored your card details (e.g. for recurring transactions). Sharing takes place in agreement with you (Art. 6 para. 1 lit. b GDPR).
7.3.4 Debt buyers (for outstanding debts).
Receiver Description: Klarna can transfer your outstanding debts to debt buyers.
Objective and legal basis: When transferring your debt to an acquirer and for the entire period until you have paid off the debt, Klarna will share your contact and identification information (name, date of birth, social security number, address and telephone number), information about your financial status (such as remaining balance, repayments and any negative payment history in relation to the current debt), as well as information about the goods or services related to the debt. The acquirer will process your personal data in accordance with its own privacy policy, which you will receive information about once the debt is transferred.
Sharing personal data with different buyers is based on our legitimate interest to sell outstanding debts as part of our business operations (Art. 6 para. 1 lit. f GDPR). We assure you that the personal data processing this entails is necessary to pursue that interest, and that our interest prevails over your right to object. You have the right to object to this processing due to circumstances in your specific case. Please see point 2 for more information about your rights.
7.4 Categories of recipients when using the Klarna accounts service (savings and payment accounts).
7.4.1 Credit institutions and other financial institutions.
Receiver Description: We share your information with credit institutions and other financial institutions (such as other banks) when you make transactions or payments to other accounts.
Objective and legal basis: If you have made payments to a Klarna account, Klarna processes the information we receive from the bank you used for the transaction, such as contact and identification data and payment information. If you make transactions or payments to accounts at other banks, Klarna also passes on your contact and identification data and payment information to both the recipient and the credit or financial institution of the recipient. The sharing takes place in agreement with you (Art. 6 para. 1 lit. b GDPR).
7.5 Categories of recipients with whom Klarna shares your personal data when you use Klarna's Shopping Service .
You can read the terms and conditions for the Klarna Shopping Service here find.
7.5.1 Branch networks.
Receiver Description: If you click on a sponsored link in the Klarna App or on our website that refers to a store, product or service, you will be redirected to the website of another company via a third party, the so-called affiliate network. Here you can see which branches Klarna cooperates with (presented in the left column). The branch networks will process your device information in accordance with their own privacy policies (you can find their privacy statements in the right column via the same link as referred to above). The store you visit via a sponsored link determines which branch network processes your information. Typically, a store only works with one specific branch network. You can find out more about which network that is by contacting us (or the store).
Objective and legal basis: The store network may place tracking technology on your device that contains information about the fact that you clicked on that link in the Klarna App, which is then used to document your visit to the store in order to calculate a potential commission for Klarna.
The processing is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR). In the balancing of interests, Klarna claims to have a legitimate interest in offering you sponsored links to promote stores in the Klarna App and website. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object.
You have the right to object to this processing due to circumstances in your particular case. See point 2 for more information about your rights.
7.5.2 Google.
7.5.2.1 reCAPTCHA
Receiver Description: When you use the Klarna App (including via our web portal), Google will collect your device information via Google's reCAPTCHA service implemented there, possibly together with additional information you choose to enter into the reCAPTCHA service, and Klarna will share the phone number used for verification.
Purpose and legal basis : Klarna processes this information based on its legitimate interest in conducting its business (Art. 6 para. 1 lit. f GDPR), as the reCAPTCHA service prevents misuse of our services (e.g. by preventing bots from trying to log in, or fraud via SMS). Google will process your data in accordance with the general terms and conditions and It privacy policy . We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest prevails over your right to object.
You have the right to object to this processing due to circumstances in your particular case. See point 2 for more information about your rights.
7.5.2.2 Google Maps
Recipient description : In order to show where your package will be delivered on an integrated map in the Klarna mobile app, we share your delivery address with Google. Google will process your data in accordance with the terms of service and the privacy policy from Google Maps/Google Earth.
Purpose and legal basis : Klarna shares this information based on Klarna's legitimate interest in conducting its business (Art. 6 para. 1 lit. f GDPR). By using Google Maps, we can show you the delivery address on an integrated map in the Klarna mobile app. We ensure that this processing is necessary to pursue that interest, and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing on grounds relating to the circumstances of your particular case. Please see section 2 for more information about your rights and how to exercise them.
7.5.3 Partners in the context of the Personal Finance service and the Offer and Benefit Program.
Receiver Description: Partners within the framework of the Personal Finance service and the Offer and Benefit Program.
Purpose and legal basis: If you choose to take advantage of Klarna’s offers and benefits within the Personal Finance service or the Offers and Benefits program, Klarna will share the personal data necessary to take advantage of the offer with our business partners (including the fact that you are a Klarna customer). Each offer states the data that will be shared. Data is shared within the scope of the agreement between you and Klarna (Art. 6 (1) (b) GDPR).
7.5.4 Logistics and transport companies.
Receiver Description: Logistics and transport companies.
Objective and legal basis: Klarna shares your personal data with logistics and transport companies that deliver the goods you order, if you have signed up for parcel tracking. Examples of information we share are contact and identification details and tracking numbers.
We point out that these companies process your data in accordance with their own privacy policy. The sharing is done in agreement with you (Art. 6, paragraph 1, sub b, GDPR).
7.5.5. Advertising Services.
Receiver Description: Advertising Services from third parties
Purpose and legal basis : Klarna shares your personal data with external parties advertising services to show you more relevant ads outside of the Klarna App, based on your interactions with Klarna's products and services and your Klarna profiles. Klarna will also share this data to assess the relevance of some third party advertising services. Some advertising services Third parties use your information for their own purposes and in accordance with their own privacy policies, which are available here . You may also obtain more information about this sharing or how to exercise your rights in relation to these companies by contacting us.
This processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time in the Tracking Technology settings in the Klarna App. You can also object to this processing – with the same effect as the withdrawal of your consent. Please see section 2 for more information about your rights.
This processing may include profiling to tailor the content of the marketing based on what we think may interest you. You can read more about profiling in point 6.
7.5.6 SIWK third party applications and services
Receiver Description: When you sign up with Klarna (via “SIWK”) in a third party application store or service, Klarna will share your personal data with the third party application or service.
Purpose and legal basis: In order to perform the agreement with you (Article 6(1)(b) GDPR).
7.5.7 Fraud prevention agencies and companies that carry out identity checks.
Receiver Description: Your personal data will be shared with fraud prevention agencies and companies that perform identity checks.
Objective and legal basis: Klarna shares your information to verify your identity and the accuracy of the data you have provided to us, and to prevent misleading and criminal activity. The companies we work with are responsible for: here listed. Please note that these companies process your data in accordance with their own privacy policies.
Klarna shares your information and information about whether a particular transaction may constitute fraud based on its legitimate interest in conducting its business (Art. 6 para. 1 lit. f GDPR), as fraud prevention agencies and identity check companies have information about fraudulent activities and identity confirmation, which is important for Klarna to reduce the number of fraudulent transactions. It is also in your interest that this information is shared as it helps prevent your information from being used for fraudulent purchases. We assure you that the specific processing this entails is necessary to achieve the purpose in question, and that our interest overrides your right to object. You have the right to object to this processing due to circumstances in your particular case. Please see point 2 for more information about your rights. You can also contact the organisations mentioned in the link above to exercise your rights as set out in point 2, including against these organisations.
7.6 Categories of recipients with whom Klarna shares your personal data when you contact our customer service via social media.
7.6.1 Social media.
Receiver Description: Social media companies such as Facebook, Instagram or Twitter.
Objective and legal basis: If you contact us via social media such as Facebook or Twitter, your personal data will also be collected and processed by these companies in accordance with their privacy policy. The sharing takes place in agreement with you (Art. 6 para. 1 lit. b GDPR).
8. When can we transfer your personal data outside the EU/EEA, and how do we protect it?
We always strive to process your personal data within the EU/EEA area. However, in certain situations, e.g. when we share your data within the Klarna Group or with a supplier, subcontractor or store operating outside the EU/EEA, your personal data may also be transferred outside the EU/EEA. Klarna always ensures that the same high level of protection applies to your personal data under the GDPR, even when the data is transferred outside the EU/EEA. Your rights in relation to your personal data (described in detail in section 2) remain unaffected when data is transferred outside the EU/EEA. More information about the recipients Klarna shares your data with can be found in section 7.
When you make a purchase from a store in a country outside the EU/EEA area, sharing your personal data with that store will mean that your personal data will be transferred to that country outside the EU/EEA area.
Certain of Klarna's suppliers use internal corporate rules or "binding corporate rules" (BCR) when they transfer personal data within their own group of companies outside the EU/EEA. Such BCR have been approved by an EU data protection authority and ensure that the same high level of protection applies to your personal data when it is transferred.
If you would like more information about our security measures, you can always contact us. You can find our contact details in point 12. More information about which countries are considered to have an “adequate level of protection” can be found on the website of the European Commission . Here you can read more about the European Commission's standard clauses and here about “binding corporate rules” (BCR).
Security measures Klarna takes when transferring personal data outside the EU/EEA.
Countries outside the EU/EEA may have laws permitting public authorities to request access to personal data stored there for the purposes of combating crime or safeguarding national security. Whether we or one of our suppliers process your personal data, we will ensure that a high level of protection is maintained when transferring that data and that appropriate safeguards are in place, in accordance with applicable data protection requirements (such as the GDPR). Such appropriate safeguards include, but are not limited to, ensuring that
-
if the European Commission has decided that the country outside the EU/EEA to which your personal data is transferred provides an adequate level of protection corresponding to that provided by the GDPR. This means, for example, that the personal data is still protected against unauthorised disclosure, and that you can still exercise your rights in relation to your personal data, or
-
the European Commission's standard clauses have been concluded between Klarna and the recipient of the personal data outside the EU/EEA. This means that the recipient guarantees that the level of protection of your personal data provided by the GDPR still applies, and that your rights are still protected. In these cases, we also check whether there are laws in the recipient country that have an impact on the protection of your personal data. Where necessary, we will take technical and organisational measures to ensure that your data remains protected during the transfer to the relevant country outside the EU/EEA.
Notwithstanding what is set out above, if the store you are shopping with is located in a country outside the EU/EEA, the data sharing with that store (and with the Klarna entity that the store has a contract with) will mean that your personal data will be transferred to and processed outside the EU/EEA in this country. Click here to access the privacy notices of other Klarna entities of the Klarna Group. Otherwise it would not be possible to administer your purchase. Klarna primarily relies on the European Commission's standard clauses to ensure the protection of your personal data for such data transfers, but as explained above, countries where the foreign store is located may have laws that prevent the effective protection of the standard clauses. Even if this is the case, your personal data will still be transferred to the foreign store (or to the local Klarna entity of the foreign store) as long as the data transfer is necessary to administer your specific purchase.
9. How long do we retain your personal data?
How long Klarna stores your personal data depends on the purposes for which Klarna uses the personal data:
-
Personal data used for the contractual relationship between you and Klarna will generally be stored for the duration of the contractual relationship and thereafter for up to 10 years based on statutes of limitations.
-
Personal data that Klarna is required to retain under a legal obligation, for example under anti-money laundering or accounting laws, will generally be retained for 5 and 7 years respectively.
-
Personal data that is not used for your contractual relationship with Klarna or for which Klarna has no legal obligation to retain it, will only be stored for as long as necessary to achieve the respective purpose of our data processing (usually 3 months). Further information can be found in the table under point 4.
In a limited number of cases, personal data may need to be retained for longer periods due to capital adequacy legislation that Klarna must comply with.
The legal obligations mentioned above mean that Klarna cannot delete your personal data, even upon your request as described in point 2. If we have no legal obligation to retain the personal data, we must instead assess whether we may need the personal data to protect Klarna from legal claims.
Please note that even though we have a legal obligation to store your personal data, this does not mean that we may use this data for other purposes. Klarna will make an assessment for each specific purpose of how long we may use your personal data. You can read more about this in point 4.
10. How do we use cookies and similar tracking technologies?
To provide a tailored and smooth experience, Klarna uses cookies and similar tracking technologies in our different interfaces, such as our website, the Klarna App and at the checkout of stores that cooperate with Klarna. You can find information about the tracking technology Klarna uses, as well as information about how to accept or refuse the tracking technology, in each interface.
11. Updates to this Privacy Policy.
We are constantly working to improve our service offerings to provide you with an even better user experience. This may include changes to existing and future services. If such improvement requires notice or consent in accordance with applicable law, you will be notified or given the opportunity to give your consent. It is also important that you read this Privacy Statement each time you use one of our services, as the processing of your personal data may have changed since your previous use of the service in question.
12. Klarna's contact details.
Klarna Bank AB (publ) is registered with the Swedish Companies Registration Office under number 556737-0431 and has its registered office at Sveavägen 46, 111 34 Stockholm.
Klarna has a Data Protection Officer and a team of data protection specialists. We also have a number of customer service teams who deal with data protection issues. You can reach all of these people at dataprotectie@klarna.nl . If you would like to contact Klarna's data protection officer specifically, please include this in the subject line.
Klarna Bank AB (publ) complies with Swedish data protection legislation. Go to www.klarna.nl for more information about Klarna.