Privacy notice - for contact persons of Kivra’s partners

Here we have gathered information about Kivra's processing of personal data for contact persons of Kivra's partners. This information applies as of 2025-02-24.

General information about personal data To make it easier for you to find the sections that interest you, we have divided the page into a number of headings. You can click on the different headings in the list on the right to go directly to a specific section What is personal data? Personal data is all information that can be directly or indirectly linked to a living natural person. Examples of personal data are name, email address, telephone number. What is special about personal data? All personal data is linked to a specific person. Most of us want to be able to control who we share our personal data with and how it is used. For this reason, there are special laws and regulations on how companies and other actors may process personal data, so-called data protection legislation. Examples of such laws and regulations are the Data Protection Regulation (2016/679, GDPR) and the Data Protection Act (Act 2018:218 with supplementary provisions to the EU Data Protection Regulation). Data protection legislation governs how companies and other actors may process personal data and what rights individuals have when their personal data is processed. What does processing of personal data mean? Processing of personal data is basically anything that is done with personal data - for example, collecting, storing, analysing or deleting personal data. What does it mean to be a data controller? A data controller is the actor, such as a company or an authority, who decides for what purpose or purposes personal data shall be processed and how the processing shall be carried out. The data controller is obliged to ensure that the processing of your personal data takes place in accordance with data protection legislation. What does it mean to be a data processor? In certain situations, the data controller may engage a so-called data processor, who is assigned to process personal data on behalf of the data controller. A data processor may only process personal data in accordance with instructions from the data controller, and may not use the data for its own purposes. Kivra is the data controller The data controller for the processing of your personal data that takes place in connection with a collaboration, partnership or business relationship with Kivra is: Kivra Sverige AB, org. no. 556917-3544, (referred to in this information as “Kivra”, “we” or “us”) Klara Norra kyrkogata 33, 111 22 Stockholm, Sweden E-mail address: dataskydd@kivra.se What personal data does Kivra process, why and on what legal basis? When Kivra processes personal data about you, the processing always aims to establish or maintain a business relationship between the organization you represent and Kivra. In the table below you can find more detailed descriptions of the processing Kivra carries out, - What personal data about you that Kivra processes. - The source of the personal data, i.e. whether we have received the data from you or from some other source. - For which purpose(s) we use your personal data. - The so-called legal basis for processing your personal data for a specific purpose. A legal basis is a reason for using the data that is justified under data protection law.

If you represent a shipper, partner or supplier

Personal data

Source 

Purpose

Legal basis

Name, job title, email address, mobile phone number, direct number/extension Other information that you provide to Kivra in email correspondence.

You yourself or via the company/organization that you represent within the framework of an agreement entered into between Kivra and the company/organization or as part of a dialogue prior to such a possible agreement. Kivra may also check the company/organization's contact information against the Swedish Companies Registration Office's register in order to keep the contact information that we store about you updated and correct.

1. Communicate with you in accordance with the agreement or for dialogue prior to such a possible conclusion of an agreement.

2. The e-mail address is also used to send you information such as press releases, newsletters, invitations to events, etc. (you can choose to refuse these newsletters by notifying Kivra or unregistering through the link in the newsletter).

Balancing of interests (motivated by the fact that Kivra has a strong legitimate interest in being able to communicate with you in accordance with the agreement or with the organization you represent or in dialogue prior to the conclusion of such an agreement, as well as in keeping you informed about Kivra's services, inviting you to events, maintaining a good business relationship with you and the organization you represent).

Name, professional title, email address, mobile phone number, direct number/extension. Other information about you that you provide to Kivra in email correspondence.

You yourself, such as when you send us an email or contact us by phone

Communicate with you to establish or maintain a business relationship with you or the organization you represent. The email address is also used to send you information such as press releases, newsletters, invitations to events, etc. (you can choose to decline these newsletters by notifying Kivra or unsubscribing through the link in the newsletter).

Balancing of interests (motivated by Kivra having a strong legitimate interest in communicating with you, establishing or maintaining a business relationship with you, keeping you informed about Kivra's services and inviting you to events).

Name, professional title, email address, mobile phone number, direct number/extension

From external sources such as through Kivra's own searches for "contact person or function at company X"

Contact you to establish a business relationship.

The email address is also used to send you information such as press releases, newsletters, invitations to events, etc. (you can choose to decline these newsletters by notifying Kivra or unsubscribing via the link in the newsletter).

Balancing of interests (motivated by Kivra having a strong legitimate interest in establishing or maintaining a business relationship with you or the organization you represent, keeping you informed about Kivra's services and inviting you to events).

Company name, email address, telephone number, name and other information needed to be able to handle your matters at Kivras Sender Support.

The sender themselves or from the partner through whom the sender has chosen to integrate with Kivra.

Company name, email address, telephone number and name are processed for the purpose of Kivra being able to provide you with support to fulfill the agreement with you, report any incidents and otherwise provide you with support when using Kivra's services.

Balancing of interests (motivated by Kivra having a strong legitimate interest in being able to provide Sender support). Kivra's legal obligation under the Data Protection Regulation (when the support concerns the fulfillment of Kivra's obligations under the Data Protection Regulation).

Company name and corporate registration number (in cases where the Sender is a sole proprietorship)

The sender themselves or from the partner through whom the sender has chosen to integrate with Kivra.

Kivra processes company names and corporate registration numbers in order to fulfill the agreement with the Sender, to inform Users that the Sender sends shipments in Kivra, to carry out invoicing, to provide support, to keep updated records of Kivra's senders, to produce reports on behalf of the sender and to be able to produce statistics regarding the use of Kivra's services.

Your agreement with Kivra regarding the purposes of contract fulfillment and invoicing.

Balancing of interests for the other purposes mentioned (motivated by the fact that Kivra has a strong legitimate interest in keeping updated records in order to effectively maintain and administer contractual relationships and to be able to provide senders with relevant and updated information, and so that Kivra can best adapt its services to the senders represented in the service).

Name and email address

The sender

Name and email address are processed for secure identification of the sender's representative when the sender uses Kivra's service Kivra Campaign.

Balancing of interests (motivated by Kivra having a strong legitimate interest in being able to identify the sender when using Kivra's service Kivra Campaign).

Name and email address

The sender

Name and email address are processed for secure identification of the sender's representative when the sender uses Kivra's service Sender Portal.

Balancing of interests (motivated by Kivra having a strong legitimate interest in being able to identify the sender when using Kivra's Sender Portal service).

If you represent a controller

Purpose

Categories of personal data and the source of the data

Legal basis

How long is the personal data used for this purpose?

Verify your identity when you use Mobile BankID, for example when you log in to Kivra's verification service.

Personal identification number (Controller's representative) Information about your activity with BankID (Finansiell ID-Teknik BID AB)

Balancing of interests motivated by Kivra's legitimate interest in verifying your identity when you use the verification service.

During the time you are logged in to the verification service.

Through tracking technology, we collect information that is necessary for our websites to function properly. See here which tracking technology is considered necessary.

Information about the digital device (e.g. mobile phone or computer) you use

(User)

Information about your choices, settings and interactions with the verification service

(User)

Balancing of interests motivated by Kivra's legitimate interest in providing a secure and functioning service.

For information about how long we store the information we have collected through tracking technology, see here.

Analysis and logging that is done for security reasons, e.g. to detect, manage and investigate possible intrusions and cyberattacks.

Personal identification number

(Controller's representative)

Information about your activity with BankID

(Finansiell ID-Teknik BID AB)

Information about the digital device (e.g. mobile phone or computer) that you use

(Controller's representative)

Information about your choices, settings and interactions with the verification service

(Controller's representative)

Balancing of interests motivated by Kivra's legitimate interest in monitoring that the verification service is functioning correctly and in being able to detect, follow up, manage and remedy any security incidents.

Up to 5 years from the event being logged.

Logging is done to ensure that Kivra's website and verification service are working as intended, and to investigate errors that are detected (so-called application logs).

Personal identification number

(Controller's representative)

Information about your activity with BankID

(Finansiell ID-Teknik BID AB)

Information about the digital device (e.g. mobile phone or computer) that you use

(Controller's representative)

Information about your choices, settings and interactions with the verification service

(Controller's representative)

Balancing of interests motivated by Kivra's legitimate interest in monitoring that the verification service is functioning correctly and in being able to detect, monitor, manage and correct any errors.

45 days from the event being logged.

Troubleshoot and investigate suspected security incidents.

All categories of personal data that Kivra processes may be used, depending on the error/incident in question.

Balancing of interests motivated by Kivra's legitimate interest in monitoring that the verification service is functioning correctly and in being able to detect, monitor, manage and remedy any errors and security incidents.

During the investigation of the error/incident.

Comply with your rights under the Data Protection Regulation, such as providing you with a register extract.

All categories of personal data that Kivra processes may be used, depending on which right you invoke.

The processing is necessary to fulfill Kivra's legal obligations under the General Data Protection Regulation.

The copy of your registry extract will be saved for 3 months to accommodate any questions you may have.

Information proving when you requested a registry extract and when you received a response will be saved for 10 years.

How long do we process your personal data? Kivra has clear internal screening procedures that mean that personal data is not stored longer than is necessary to fulfill the purposes of the processing of personal data described in the table above. Agreement Kivra processes personal data processed with an agreement as a legal basis for as long as such an agreement exists and thereafter for a maximum of one (1) year after the contractual relationship has ended (or earlier if you have been replaced by another contact person/representative or otherwise notified that you no longer want us to process your personal data). When the agreement ends or when we otherwise decide that your personal data should no longer be stored for the purposes above, they will be deleted (or anonymized), except for such data that we are legally obliged to store for a longer period of time (for example, according to the Accounting Act). After your personal data has been screened out as described above, your name and contact details may continue to appear in archived agreements and related documentation. Legitimate interest For personal data that is stored with a balancing of interests as a legal basis, Kivra has concluded that a maximum of one (1) year is a reasonable time to fulfill the stated purposes as above. However, we will delete (or anonymize) your personal data at an earlier point in time if you inform us that you have been replaced by another contact person/representative of the organization you represent or otherwise notify us that you no longer want us to process your personal data. Where is your personal data processed? Kivra's processing of your personal data generally takes place only in Sweden. However, there may be certain situations where your personal data is processed in another country within the EU/EEA and, in exceptional cases, also in a country outside the EU/EEA. In the event that Kivra at any time needs to use a supplier established in a country outside the EU/EEA, Kivra will take all appropriate legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection comparable to and at the same level as the protection offered within the EU/EEA. Who has access to your personal data? Kivra's suppliers and subcontractors We share information about you with our suppliers who provide services and functionality to Kivra, for example in the form of software, data storage and business consultants. The suppliers may in turn disclose such information to their subcontractors. The suppliers and their subcontractors are personal data processors to Kivra. We share your information with Kivra's suppliers because we need to access services and functionality from other companies, which we ourselves are unable to provide. We share your information with our suppliers when we assess that we have a legitimate interest in accessing a supplier's service. We ensure that the processing involved is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. Authorities If an authority requests information about you, and Kivra is required by law to provide the information, we will do so. Kivra also shares information about you with authorities if we consider that we have a legitimate interest in doing so, such as for Kivra to be able to establish, exercise or defend its legal claims. We ensure that the processing involved is necessary to pursue that interest, and that our interest outweighs your right not to have your data processed for this purpose. Statens personadressregister (SPAR) Kivra may check your personal data against the Statens personadressregister (SPAR) in order to keep the personal data we store about you up to date and accurate. What rights do you have? Under the various subheadings below, you can read about the rights you have when Kivra processes your personal data. Right to information Every time Kivra collects personal data about you, you have the right to specific information about how we will process your personal data. You also have the right to receive specific information if we plan to process your personal data for any purpose other than that for which the data was first collected. We provide you with the information you are entitled to, and other information that we believe is important to you, through this data protection information. We also provide you with information about how we process your personal data by answering any questions you may ask us. You can read more about what information you are entitled to receive from us, what requirements there are for how the information should be provided, etc. on the website of the Swedish Data Protection Authority. Right to access your personal data You have the right to receive confirmation as to whether Kivra processes personal data about you, and in such cases, access to the personal data we process, together with certain information about the processing. You gain access to your personal data by providing you with a copy of the personal data we process, a so-called register extract. It is free of charge for you to receive a copy of your register extract. For any additional copies that you request, Kivra may charge a reasonable fee that covers our administrative costs. As a general rule, we provide you with your register extract in Kivra's service, if you are a Kivra user. It can also be sent encrypted via email, or to your population registration address, if you prefer. You can read more about what information you are entitled to receive from us in connection with requesting a register extract, what requirements there are for how the information should be provided, etc. on the Swedish Data Protection Authority's website. Right to rectification You have the right to request that we correct incorrect information about you, and that we supplement incomplete information about you. You can read more about the right to rectification, examples of when it is actualized and how you can exercise it on the Swedish Data Protection Authority's website. Right to have your personal data erased Under certain circumstances, you have the right to have the personal data that Kivra processes about you erased. This is, for example, the case if it is no longer necessary for Kivra to process the data for the purpose for which the data was collected, if you withdraw your consent, if you have objected to the processing and there are no legitimate, overriding reasons for the processing. Your right to have your personal data erased is not absolute, but applies when the conditions for erasure are met. Examples of situations where those conditions are not met, and when we therefore do not comply with your request, are if the data is still necessary to be processed for the lawful purpose for which it was collected, or if there is a legal requirement for us to retain the data. You can read more about under which circumstances you have the right to have your personal data erased, in which cases Kivra has the right to refuse your request for erasure, etc. on the Swedish Data Protection Authority website. Right to object to processing You have the right, for reasons relating to your particular situation, to object at any time to processing of your personal data by Kivra based on a balancing of interests. If you object to such processing, Kivra may no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can read more about your right to object to processing of personal data on the website of the Swedish Data Protection Authority. Right to restriction of processing You have the right to request that we restrict our processing of your personal data if you believe that the data we hold about you is inaccurate, that our processing is unlawful (but you object to the erasure of the data), that we no longer need the data for the purposes for which it was processed (but you need it to establish, exercise or defend legal claims), or if you have exercised your right to object to our processing of your personal data. If the processing of your personal data has been restricted, Kivra will, with the exception of storage, only process the data with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person, or for reasons of important public interest. You can read more about the right to restriction of processing and find examples of when it may be relevant on the website of the Swedish Data Protection Authority. Right to transfer your personal data to another recipient (“Right to data portability”) You have the right to receive certain personal data concerning you in a structured, commonly used and machine-readable format, so-called data portability. You have the right to transfer such data to another recipient. If it is technically possible, as determined by Kivra, you also have the right to request that Kivra transfer the data to the other recipient. The right to data portability covers personal data concerning you, which you have provided to Kivra, which Kivra processes automatically, and which you have consented to provide to Kivra or which you have provided to Kivra in connection with an agreement. You can read more about the right to data portability on the Swedish Data Protection Authority’s website. Right to withdraw consent In cases where we process your personal data based on your consent, you have the right to withdraw your consent at any time. When you withdraw your consent, we will stop the processing. The withdrawal of consent does not affect the lawfulness of the processing that was based on your consent before it was withdrawn. Right to lodge a complaint If you have a complaint about Kivra's processing of personal data, you can contact the Swedish Data Protection Authority, which is the supervisory authority for Kivra's processing of personal data. More information about how to lodge a complaint with the Swedish Data Protection Authority can be found on the authority's website. Where do you turn if you want to exercise your rights? You can read more about your rights, how to exercise them and how to file a complaint on the website of the Swedish Data Protection Authority. If you want to contact Kivra to exercise your rights under the Data Protection Regulation, you can reach us by email: dataskydd@kivra.se or telephone: 077-045 70 00. If you want to exercise any of your rights, we will inform you of the measures we have taken in response to your request within one month at the latest. This period may be extended by a further two months, if necessary in view of the complexity of the request or the number of requests received. We will inform you of such an extension and the reasons for the extension within one month of receiving your request. It is free of charge for you to exercise your rights, unless your requests are manifestly unfounded or unreasonable. In the latter case, we may charge a reasonable fee to cover our administrative costs of complying with your request, or to oppose your request. If we do not take action on your request, we will, within one month of receiving it, inform you of the reason for not taking action and of the possibility of filing a complaint with the Swedish Data Protection Authority and seeking a judicial remedy. Where do you turn if you have questions? All Kivra employees receive training and information on data protection, and we have a dedicated team to answer your questions about data protection, receive comments and allow you to exercise your rights. Kivra also has a Data Protection Officer (DPO) who checks that we comply with the General Data Protection Regulation. You are always welcome to contact Kivra by email: dataskydd@kivra.se or telephone: 077-045 70 00 if you have any questions or if you have any comments on how we handle your data. Kivra's data protection team and DPO can be reached via email: dataskydd@kivra.se. If you would like to contact the DPO directly, please include “DPO” in the subject line.