Privacy notice

Purpose

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Verify your identity in connection with using Mobile BankID, e.g. when you log into the Service or sign a payment. 

Social security number

(From you)

Information about your activity with BankID 

(Financial ID-Teknik BID AB)

The processing is necessary to fulfill your contract with Kivra. 

Up to 20 days after you terminate the Service.

Finansiell ID Teknik BID AB, which provides BankID in the role of personal data controller, read more here.

Create and provide your account with Kivra, to allow you to use Kivra's Services.

Name

Social security number

Email address

Telephone number

(From you)

Information about your activity with BankID (Financial ID-Teknik BID AB)

User ID (Kivra)

The processing is necessary to fulfill your contract with Kivra. 

Up to 20 days from when you terminated the Service.

Finansiell ID Teknik BID AB, which provides BankID in the role of personal data controller, read more here.

Notify the Sender which Users can receive E-mails in Kivra - in cases where Kivra provides the Sender with contact and identification details for all Users. Email shipments to.

As can be seen from section 2 above, in some cases it is the Sender, and not Kivra, who is responsible for the processing of personal data to check whether you can receive e-mails in Kivra. 

Social security number

Email address

Telephone number

(From you)

The processing is necessary to fulfill your contract with Kivra. 

Up to 20 days after you terminate the Service.

Sender who sends e-mails to you in the role of personal data controller.

Notify the Danish Agency for Digital Administration (DIGG) if you have chosen to receive (or chose not to receive) e-mails from different senders in Kivra.

Social security number

(From you)

The processing is necessary to fulfill your contract with Kivra. 

Up to 20 days after you terminate the Service.

The authority for digital management (DIGG) which provides the Brokerage Address Register (FaR) in the role of personal data controller, read more here. 

Carry out daily checks against the State's personal address register (SPAR) of your contact and identification details, in order to ensure that the details are updated and correct.

Name

Social security number

(From you)

The processing is necessary to fulfill Kivra's legal obligations to only process correct data according to the data protection regulation. 

Up to 20 days after you terminate the Service.

Creditsafe i Sverige AB, which collects data from the State's Personal Address Register (SPAR) in the role of personal data controller, read more here. 

If you are a minor:

Obtain the guardian's approval before you enter into an agreement with Kivra. 

Name

Social security number (From you)

Details of your guardians (SPAR)

The processing of information about the minor is necessary in order to enter into an agreement with the minor.

We will save the guardian's consent until the earlier of i) up to 20 days after you terminate your agreement with Kivra; and ii) 12 months after you turn 18. 

Your guardians 

Creditsafe i Sverige AB, which collects data from the State's Personal Address Register (SPAR) in the role of personal data controller, read more here. 

Finansiell ID Teknik BID AB, which provides BankID in the role of personal data controller, read more here. 

If you are a guardian: 

Obtain and save your approval of the minor entering into an agreement with Kivra.

Social security number

(From you)

Information about your activity with Mobile BankID (Financial ID-Teknik BID AB)

The processing of information about guardians is based on a Balance of Interest. It is motivated by Kivra's legitimate interest in ensuring that minors who acquire Kivra have the consent of their guardians. 

We will save the guardian's consent until the earlier of i) up to 20 days after you terminate your agreement with Kivra; and ii) 12 months after you turn 18. 

Finansiell ID Teknik BID AB, which provides BankID in the role of personal data controller, read more here.

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Notify the Sender if you can receive digital receipts in Kivra - in cases where Kivra provides the Sender with contact and identification details to all Users.

Social security number

Email address

Telephone number

 (From you)

User ID

(Squeal)

Information about your payment card (From you and the Sender)

The processing is necessary to fulfill your contract with Kivra. 

Up to 20 days after you terminate the Service.

The sender

Storebox Aps, which provides a platform for handling digital receipts in the EU/EEA in the role of personal data processor.

Delete information about an expired payment card. 

User ID

(Squeal)

Information about your payment card (From you)

Balance of interests justified by Kivra's legitimate interest in deleting redundant and outdated personal data and continuing to provide a functioning service. 

Saved as long as the payment card is registered in the Service.

Storebox Aps, which provides a platform for handling digital receipts in the EU/EEA in the role of personal data processor.

Validate your payment card details 

Information about your payment card (From you)

The processing is necessary to fulfill your contract with Kivra. 

Deleted immediately after validation. 

Obtain information about the Users' civil registration address.

Social security number

(From you)

Address

(SPAR)

Balance of interests motivated by Kivra's legitimate interest in making it possible for Users to take part in Offers in their immediate area. 

Up to 20 days after you terminate the Service.

Creditsafe i Sverige AB, which collects data from the State's Personal Address Register (SPAR) in the role of personal data controller, read more here. 

Show which Offers are available in the Users' vicinity.

Social security number (From you)

Address 

(SPAR)

Coordinates based on address

(Squeal)

Balance of interests motivated by Kivra's legitimate interest in making it possible for Users to take part in Offers in their immediate area. 

As long as the Offer is available.

Google Cloud EMEA Limited which provides a cloud-based API service for geocoding (transformation of addresses into geographic coordinates) in the EU/EEA in the role of data processor.

Create aggregated and anonymized information about how many Users have opened a certain Offer from the Sender. This is done in order to invoice the Senders for Kivra's service.

Information about your choices, settings and interactions with the Service (From you)

Balancing of interests motivated by Kivra's legitimate interest in charging Senders for their services. 

Up to 20 days after you terminate the Service.

Google Cloud EMEA Limited which provides infrastructure for data storage and analysis in the EU/EEA in the role of personal data processor. Hex Technologies Inc. which provides a service for analysis and visualization within the EU/EEA in the role of Kivra's personal data assistant. Tableau Ireland providing an analysis and visualization service in the EU/EEA in the role of Kivra's data controller.

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Communicate with you in the Service (eg give you news or tips about Kivra's Service).

In some cases, the treatment may constitute profiling in order to adapt the content of the communication and make it more relevant to you. You can object to the profiling at any time by contacting us.

User ID (Squeal) 

Information about the digital device (eg mobile phone or computer) that you use  (From you)

Information about your e-mails (The Sender)

Information about your choices, settings and interactions with the Service (From you) 

Balance of interests motivated by Kivra's legitimate interest in providing you with relevant information about Kivra's Service.

Up to 20 days after you terminate the Service.

Braze, Ltd. which provides a service for customer communication in the EU/EEA in the role of Kivra's personal data assistant.

Send E-mails to you in Kivra when Kivra is the Sender.

Social security number

(From you)

Personal data appearing in the e-mail

(Squeal)

Information about your e-mails (Squeal)

Balance of interests motivated by Kivra's legitimate interest in providing you with relevant information about Kivra's Service.

The mediation takes place immediately.

Send marketing messages, surveys and questions about Kivra's Service. You can choose to decline such mailings through settings in the Service or by unregistering via the link in the mailing. 

If you decline the mailings, Kivra needs to save information about you in a blocking list to avoid further mailings being made to you. 

Name

Social security number

Email address

 (From you)

For sending: Balance of interests motivated by Kivra's legitimate interest in informing you about news related to Kivra's Service and sending you questions (e.g. a survey or survey regarding Kivra or Kivra's Service). 

For blacklisting: Legal obligation not to send to you if you have refused. 

Up to 20 days after you terminate the Service.

Braze, Ltd. which provides a service for customer communication in the EU/EEA in the role of Kivra's personal data assistant.

Through tracking technology, we collect information about you in order to send you notifications or show you relevant messages. This is to be able to give you a more personal experience of our websites and apps. See here what tracking technology is used for personal adaptation.

Information about the digital device (eg mobile phone or computer) that you use

(From you).

Information about your choices, settings and interactions with the Service

(From you).

Your consent.

For information on how long we save the information we collect through tracking technology, see here

Braze, Ltd. which provides a service for customer communication in the EU/EEA in the role of Kivra's personal data assistant.

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Process your personal data and use it for so-called business intelligence and business development, i.e. to understand how our Services are used so that we can make appropriate business and product development decisions. 

Information about your Content (From you and the Sender)

Information about your choices, settings and interactions with the Service (Squeal)

Information about the digital device (eg mobile phone or computer) that you use (From you)

Balancing of interests motivated by Kivra's legitimate interest in making appropriate business and product development decisions.

The data is anonymized 45 days after processing. If you have terminated the Service, the data will be deleted 45 days after you have terminated the Service.

Google Cloud EMEA Limited which provides infrastructure for data storage and analysis in the EU/EEA in the role of personal data processor.

Hex Technologies Inc. which provides a service for analysis and visualization within the EU/EEA in the role of Kivra's personal data assistant.

Tableau Ireland providing an analysis and visualization service in the EU/EEA in the role of Kivra's data controller.

Create aggregated and anonymized information for the Sender about the type of e-mails Kivra has delivered to the Sender. This is done in order to be able to invoice the Senders for Kivra's mediation of E-mails. 

Information about your e-mail shipments . (The Sender)

Information about your choices, settings and interactions with the Service

(From you)

Balancing of interests motivated by Kivra's legitimate interest in charging Senders for their services. 

Up to 20 days after you terminate the Service.

Google Cloud EMEA Limited which provides infrastructure for data storage and analysis in the EU/EEA in the role of personal data processor.

Create aggregated and anonymized information for Senders, to provide them with insights into the services Kivra provides them, e.g. how many e-mails have been delivered to the Sender and the average open rate.  

Information about your e-mail shipments  (The Sender)

Information about your choices, settings and interactions with the Service

(From you)

Information about the digital device (eg mobile phone or computer) that you use. 

(From you)

Balance of interests motivated by Kivra's legitimate interest in providing the Sender with insights into Kivra's services to the Sender.

Up to 20 days after you terminate the Service.

Through tracking technology, we collect information that is necessary for our websites and apps to function properly. See here which tracking technology is to be considered as necessary.

Information about the digital device (eg mobile phone or computer) that you use 

(From you)

Information about your choices, settings and interactions with the Service

(From you)

Balance of interests justified by Kivra's legitimate interest in providing a secure and functional service.

For information on how long we save the information we collect through tracking technology, see here.

Google Cloud EMEA Limited which provides a service for analyzing errors and crashes as well as for notifications in the EU/EEA in the role of Kivra's personal data assistant.

Braze, Ltd. which provides a service for customer communication in the EU/EEA in the role of Kivra's personal data assistant.

Through tracking technology, we collect information about how you use our websites and apps to analyze and improve, on an aggregated level, the user experience of our Services. See here which tracking technology is used for analysis.

Information about the digital device (eg mobile phone or computer) that you use

(From you).

Information about your choices, settings and interactions with the Service

 (From you).

Your consent for analysis of our app.

Balance of interests for analyzing our web pages motivated by Kivra's legitimate interest in improving the user experience of our Services.

For information on how long we save the information we collect through tracking technology, see here.

Amplitude, Inc. which provides analysis tools in Kivra's apps in the EU/EEA in the role of Kivra's personal data assistant.

Plausible Insights OÜ, which provides analysis tools on Kivra's web pages in the EU/EEA in the role of Kivra's personal data assistant.

Troubleshooting and familiarity with the use of logs, metrics and tracing

Information about the digital device (eg mobile phone or computer) that you use

(From you)

Information about your choices, settings and interactions with the Service

(From you)

Balance of interests motivated by Kivra's legitimate interest in following up that the Service functions correctly and being able to detect, follow up, handle and remedy any errors and security incidents

Up to 90 days from the event being logged.

Supplier providing services for log analysis and monitoring in the EU/EEA in the role of Kivra's personal data assistant.

Google Cloud EMEA Limited providing a troubleshooting service in the EU/EEA in the role of Kivra's personal data assistant.

Measures for security purposes, such as network segmentation and DDoS protection

IP address of the digital device(s) (e.g. mobile phone or computer) that you use (From you)

Balance of interests motivated by Kivra's legitimate interest in providing a secure Service by protecting systems and applications from unauthorized access, malicious code, cyber threats or the like 

45 days from the event being logged. 

Providers of cyber security services that provide services within the EU/EEA to protect Kivra's Service in the role of Kivra's personal data assistant

Backup to protect and restore data

All categories of personal data in connection with your use of our Services

Balance of interests motivated by Kivra's legitimate interest in providing a secure and reliable Service by being able to protect and restore data, including personal data, in the event of technical errors or incidents. 

30 days from when the event is logged.  

Supplier that provides infrastructure and platform services in Sweden for the restoration of data in the role of Kivra's personal data assistant

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Identify yourself securely in your case with Kivra's customer service

Name

Social security number

Email address

Telephone number

Address

(From you)

Information about your activity with Mobile BankID (Financial ID-Teknik BID AB)

Verification code

(Squeal)

Balancing of interests justified by Kivra's legitimate interest in providing a secure customer service.

13 months from the end of the case. 

Finansiell ID-Teknik BID AB, which provides BankID in the role of personal data controller, read more here. 

Handling of customer service cases 

Information about your contacts with Kivra's customer service (From you)

Any recordings of conversations with you (From you)

Any information from a relative who helps you manage the Service (Relative) 

Any information about payments (Think)

Any information about direct debit authorization and payments (Trustly)

Any information about payments (Swish)

Any information about your Content (The Sender)

Balancing of interests justified by Kivra's legitimate interest in providing customer service.

Recordings of calls: Your consent

13 months from the end of the case. 

Telavox AB, which provides telephony services in the EU/EEA in the role of Kivra's personal data assistant.

Zendesk Inc. which provides a platform for customer service in the EU/EEA in the role of Kivra's personal data assistant. 

Google Cloud EMEA Limited, which provides Google Workspace in the EU/EEA in the role of Kivra's personal data assistant.

Your relatives who help you manage the Service.

Tink AB, which provides payment services in the role of personal data controller, read more here.  

Trustly Group AB, which provides payment services in the role of personal data controller, read more here.

Getswish AB, which provides payment services in the role of personal data controller, read more here.  

Logging that is done in order for Kivra's customer service to be able to see how you have interacted with Kivra.

Information about your choices, settings and interactions with the Service

(From you) 

Information about your e-mails (Squeal)

Details of your guardians (SPAR)

Balancing of interests justified by Kivra's legitimate interest in providing customer service. 

The last 500 events that have been logged. The last 500 events are saved up to 20 days after you terminate the Service.

CreditSafe AB, which collects information from the State's personal address register (SPAR) in the role of personal data controller, read more here.

Contact you within the framework of a customer survey

Name

Email address

Telephone number

(From you or the customer research company) 

Your consent (for customer surveys via customer survey companies)

Balance of interests (for other feedback and customer surveys carried out by Kivra) Kivra's legitimate interest in contacting you in the context of a customer survey

As long as the customer survey is ongoing.

The customer survey company that recruits a consumer panel in the role of personal data controller.

Google Cloud EMEA Limited which provides a Google Workspace in the EU/EEA in the role of Kivra's personal data assistant. 

Improve Kivra's Services.

Data that you provide in the survey or report (From you)

Your consent (for customer surveys via customer survey companies)

Balance of interests (for other feedback and customer surveys carried out by Kivra) motivated by Kivra's legitimate interest in being able to identify you and manage your feedback regarding Kivra's Service.

As long as the customer survey is ongoing (for customer surveys).

13 months from the end of the case with Kivra's customer service (for other feedback).

The customer survey company that recruits a consumer panel in the role of personal data controller.

Google Cloud EMEA Limited, which provides Google Workspace in the EU/EEA in the role of Kivra's personal data assistant. 

Contact you when you have reported a bug or otherwise provided feedback on our Services.

Name

Email address

Telephone number

(From you)

Data that you provide in the survey or report (From you)

Balance of interests motivated by Kivra's legitimate interest in being able to identify you and manage your feedback regarding Kivra's Service.

13 months from the end of the case with Kivra's customer service. 

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Check your eligibility to represent a company through daily checks against DIGG's register.

Social security number

(From you)

Information about your company positions 

(DIGG)

Balance of interests motivated by Kivra's legitimate interest in ensuring that you, as a representative, have the right to represent the company/organization.

As long as you represent the Business User or up to 20 days after you terminate the Service. 

The authority for digital governance (DIGG) which provides the intermediary address register (FaR) in the role of personal data controller, read more here. 

Share with Sweden's National Sports Confederation to check eligibility to represent Business users who are non-profit organizations.

Social security number

(From you / Sweden's National Sports Confederation)

Information about your association positions 

(Swedish National Sports Confederation)

Balancing of interests motivated by Kivra's legitimate interest in ensuring that representatives have the right to represent the Business User.

Sharing takes place immediately after registration by the User and processing ceases thereafter.

Sweden's National Sports Confederation, which provides its membership register in the role of personal data controller, read more here. 

Grant and revoke authorization to represent a Business user.

Social security number

(From you or the Swedish National Sports Confederation)

Information about your company positions 

(DIGG or Sweden's National Sports Confederation)

Balancing of interests motivated by Kivra's legitimate interest in ensuring that representatives have the right to represent the Business User. 

As long as the User represents the Business User.

The Digital Governance Authority (DIGG) which provides the Intermediary Address Register (FaR), read more here.  

Sweden's National Sports Confederation, which provides its member register in the role of personal data controller, read more here. 

Get paid for Kivra Företag Plus.

Information about your payment card

(From you)

Information about your purchase of Kivra Företag Plus

(From you)

Balancing of interests motivated by Kivra's legitimate interest in charging for our services.

The former of i) that you update your payment card details; and ii) 45 days after you terminate the agreement on Kivra Företag Plus. 

Stripe Payments Europe, Ltd which provides payment services in the EU/EEA in the role of Kivra's personal data assistant. 

Fulfill Kivra's obligations according to the Accounting Act (1999:1078).

Information about your purchase of Kivra Företag Plus (From you)

The processing is necessary to fulfill Kivra's legal obligations.

From the date of purchase through the seventh (7) year following the end of the calendar year in which the fiscal year ended.

Stripe Payments Europe, Ltd which provides payment services in the EU/EEA in the role of Kivra's personal data assistant. 

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Prospecting:

Identify new leads and relevant decision makers by collecting work-related contact information.

Name

E-mail address Phone number Title

(Publicly available information, e.g. company websites, LinkedIn, company register)

Our legitimate interest in being able to identify potential business customers and establish an initial contact in order to grow our business, where the processing only relates to work-related contact information obtained from public sources.

The data is saved for up to 6 months in order to initiate a contact. If no dialogue has been initiated during this period, the data will be deleted.

Salesforce.com EMEA Limited providing a customer relationship management (CRM) platform in the EU/EEA in the role of Kivra's data controller.

Sales dialogue:

Manage and conduct a sales dialogue with you as a company representative to understand your organization's needs and drive a dialogue towards a possible collaboration. This applies regardless of whether the dialogue was initiated by us, or if you yourself contacted us with an expression of interest.

Name

E-mail address Telephone number Title (From you)

Our legitimate interest in being able to conduct a business dialogue with you as a company representative in order to present our services and establish a new business relationship.

During the time the dialogue is active. If no activity has taken place for one (1) year, the data is deleted.

Salesforce.com EMEA Limited providing a customer relationship management (CRM) platform in the EU/EEA in the role of Kivra's data controller.

Google Cloud EMEA Limited providing a platform for e-mail and productivity (Google Workspace) in the EU/EEA in the role of Kivra's data controller.

Order, contract process and signing:

Conduct dialogue, negotiate and produce a contract proposal which is then signed electronically to formally start the business relationship.

Name

E-mail address Phone number Title

Signature (From you)

Our legitimate interest in being able to administer the contractual process with the organization you represent to establish and manage the business relationship.

Data linked to the dialogue is saved as long as it is active. The signed agreement, which constitutes accounting information, is saved in accordance with the Accounting Act up to and including the seventh (7) year after the end of the calendar year in which the accounting year ended.

Salesforce.com EMEA Limited providing a customer relationship management (CRM) platform in the EU/EEA in the role of Kivra's data controller.

Scrive AB, which provides a platform for electronic signing in the EU/EEA in the role of Kivra's personal data assistant.

Google Cloud EMEA Limited providing a platform for e-mail and productivity (Google Workspace) in the EU/EEA in the role of Kivra's data controller.

Provision of digital services:

To give authorized users at your place access to agreed services, such as Sender Portal and Kivra Campaign. This includes secure identification and authentication to protect your account and data.

Name

Email address (From you)

Our legitimate interest in being able to identify authorized users in order to securely provide the contracted service to the organization you represent.

As long as you are an active user on behalf of your organization.

Ongoing support and incident management:

Manage your organization's support issues, troubleshoot, report relevant incidents (such as personal data incidents and other security incidents) and communicate necessary service information.

Name

Email address Telephone number (From you)

Our legitimate interest in being able to offer support and communicate service information to maintain the functionality of the service your organization uses.

Also legal obligation for reporting certain incidents.

As long as the contractual relationship lasts.

Salesforce.com EMEA Limited providing a customer relationship management (CRM) platform in the EU/EEA in the role of Kivra's data controller.

Google Cloud EMEA Limited providing a platform for e-mail and productivity (Google Workspace) in the EU/EEA in the role of Kivra's data controller.

Billing:

Manage billing for the services your organization uses.

Name of invoice reference (From you)

Our legitimate interest in being able to manage payment and invoicing for the services your organization uses, in order to administer the business relationship. 

Also legal obligation to store documents according to the Accounting Act.

Up to and including the seventh (7) year after the end of the calendar year in which the fiscal year ended.

Fortnox AB which provides a platform for financial administration and invoicing in Sweden in the role of Kivra's personal data assistant.

Salesforce.com EMEA Limited providing a customer relationship management (CRM) platform in the EU/EEA in the role of Kivra's data controller.

Reporting and statistics:

Compile and make available reports and statistics for your organization, based on your use of Kivra's services, to provide insight and added value.

User data that is aggregated (From you)

Our legitimate interest in being able to offer added value to your organization through insightful statistics, as well as being able to understand and analyze the use of our services for future product development.

Instant aggregation. No personal data is saved.

Newsletter and information:

As a company representative, keep yourself informed of relevant news, product updates and industry insights via email.

Name

Email address

Title (From you)

Our legitimate interest in being able to maintain the business relationship with the organization you represent and to market relevant services and news, with a clear and simple opportunity for you to unsubscribe from mailings.

During the contract period and up to one (1) year afterwards. Always ends if you unregister.

Salesforce.com EMEA Limited providing a customer relationship management (CRM) platform in the EU/EEA in the role of Kivra's data controller.

Braze, Ltd. which provides a service for customer communication in the EU/EEA in the role of Kivra's personal data assistant.

Events and webinars:

Invite you and manage registrations for events and webinars in order to build and maintain business relationships.

Name

Email address

Any food preferences (From you)

Our legitimate interest in being able to build and maintain business relationships and market our services by inviting relevant contact persons to events and webinars.

Invitation and participant lists are saved for one (1) year after the event has been completed.

Salesforce.com EMEA Limited providing a customer relationship management (CRM) platform in the EU/EEA in the role of Kivra's data controller.

Braze, Ltd. which provides a service for customer communication in the EU/EEA in the role of Kivra's personal data assistant.

Livestorm SAS, which provides a platform for webinars in the EU/EEA in the role of Kivra's personal data assistant.

Administration of suppliers and purchases: Manage the purchasing process and the contractual relationship with suppliers, from evaluation and negotiation to ongoing contract management.

Name

Email address

title

Signature (From you)

Our legitimate interest in being able to purchase, implement and manage the necessary systems and services to be able to run and develop our own business. The processing is necessary in order to establish and maintain the business relationship with the supplier you represent.

Personal data in ongoing communication is saved as long as the contractual relationship with the supplier lasts.

The agreement itself, which constitutes accounting information, is saved in accordance with the Accounting Act up to and including the seventh (7) year after the end of the calendar year in which the accounting year ended.

Precisely AB which provides a platform for storage and management of agreements in Sweden in the role of Kivra's personal data assistant.

Google Cloud EMEA Limited providing a platform for e-mail and productivity (Google Workspace) in the EU/EEA in the role of Kivra's data controller.

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Verify your identity in connection with using Mobile BankID, e.g. when you log into Kivra's verification service. 

Social security number

(controller's representative)

Information about your activity with BankID (Financial ID-Teknik BID AB)

Balancing of interests motivated by Kivra's legitimate interest in verifying your identity when using the verification service. 

During the time you are logged in to the verification service. 

Through tracking technology, we collect information that is necessary for our web pages to function properly. See here which tracking technology is to be considered necessary.

Information about the digital device (eg mobile phone or computer) that you use 

(From you)

Information about your choices, preferences and interactions with the verification service

(From you)

Balance of interests justified by Kivra's legitimate interest in providing a secure and functional service.

For information on how long we save the information we collect through tracking technology, see here.

Analysis and logging done for security reasons, e.g. to be able to detect, manage and investigate possible intrusions and cyber attacks.

Social security number

(controller's representative)

Information about your activity with BankID (Financial ID-Teknik BID AB)

Information about the digital device (eg mobile phone or computer) that you use

(controller's representative)

Information about your choices, preferences and interactions with the verification service (controller's representative)

Balance of interests motivated by Kivra's legitimate interest in following up that the verification service is working correctly and in being able to detect, follow up, manage and remedy any security incidents.

Up to 5 years from the event that is logged.

Logging that is done to ensure that Kivra's website and verification service works as intended, and to investigate errors that are detected (so-called application logs). 

Social security number

(controller's representative)

Information about your activity with BankID (Financial ID-Teknik BID AB)

Information about the digital device (eg mobile phone or computer) that you use (controller's representative)

Information about your choices, preferences and interactions with the verification service (controller's representative)

Balance of interests motivated by Kivra's legitimate interest in following up that the verification service works correctly and in being able to detect, follow up, manage and remedy any errors.

45 days from the event being logged. 

Troubleshoot and investigate suspected security incidents. 

All categories of personal data that Kivra processes can be used, depending on the error / incident in question. 

Balance of interests motivated by Kivra's legitimate interest in following up that the verification service is working correctly and in being able to detect, follow up, manage and remedy any errors and security incidents.

During the investigation of the error / incident.

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Manage and assess your application (such as collecting, reviewing CVs, grades, certificates, conducting tests/cases) 

Name, social security number, contact details (address, e-mail, phone), CV, cover letter, grades, certificates, references, information from any tests, case exercises, interviews (incl. notes) 

Ev. link to LinkedIn profile or other public source you specify. Data from reference persons or recruitment firms that you have approved for us to contact (data from you, reference person or recruitment firm) 

Our legitimate interest in being able to administer the recruitment process and assess your suitability for the position or internship applied for.

180 days after completion of recruitment for the specific post.  See treatment below for the possibility of longer storage for future recruitment opportunities

Teamtailor AB

(personal data assistant for recruitment platform) 

Administer the recruitment process (call for an interview, book meetings, communicate status, leave a message)

Name, contact details (email, telephone), information related to the specific recruitment process (e.g. interview times, notes from conversations) (data from you)

Our legitimate interest in being able to effectively manage and communicate with you regarding the recruitment process.

180 days after completion of recruitment for the specific position.

Teamtailor AB

which provides a recruitment platform in the EU/EEA in the role of Kivra's personal data assistant. 

Save data for future recruitment opportunities

(contact you about future services that match your profile)

Name, contact details (email, telephone), CV, personal letter, place of work/preferences, notes from previous processes (if relevant)

(data from you in previous application process at Kivra)  

Name, telephone number, email address, place of work, CV, cover letter and notes from previous interviews at Kivra, if such has occurred 

Your consent which you provide separately by actively agreeing to remain in our candidate database by email). You can revoke this consent at any time.

180 days, up to 2 years and match your profile to future job positions with us if you approve this job seeker or intern chooses to be in Kivra's job seeker database 

Up to two (2) years from the time you gave your consent, or until you revoke it. We may contact you before the period expires to ask for renewed consent.

Teamtailor AB

which provides a recruitment platform in the EU/EEA in the role of Kivra's personal data assistant. 

Fulfill our obligations and safeguard our rights in accordance with, for example, labor legislation, collective agreements and the discrimination act.  

Name, information relevant to be able to handle a possible claim, for example information from the application, interview notes, communication, assessments. (information from you who are applying for a position or internship) 

Our legitimate interest in being able to defend against and deal with any legal claims (e.g. discrimination cases

Up to two (2) years after the end of the recruitment process, in accordance with the statute of limitations in the Discrimination Act. This storage takes place regardless of whether you have agreed to point 3 or not, but access is limited.

Teamtailor AB

which provides a recruitment platform in the EU/EEA in the role of Kivra's personal data assistant. 

External legal advice in the event of a dispute 

Conduct background checks (if relevant to the post) to verify details and assess suitability for specific roles)

Name, social security number, contact details (email, telephone), information about the intended service

Our legitimate interest in ensuring that candidates for particularly sensitive positions (for example financial responsibility or security clearance) meet the necessary requirements and are trustworthy.  Before the background check begins, you as a candidate will be informed about this .

The report from the supplier is stored for 45 days. This period can be extended if the report needs to be saved pending determination of the judgment

Supplier that has the Swedish Data Protection Authority's (IMY) permission to process personal data regarding violations of the law during background checks and acts as an independent personal data controller.

Contact potential candidates (head-hunting). For example, when Kivra finds your profile via e.g. LinkedIn or tips and contact you. 

Name, contact details (if available), current/former employer information, role, education, skills (from public sources such as LinkedIn). Any username and profile picture from social media (data from public sources, e.g. LinkedIn, networks, tips)

Our legitimate interest in identifying and contacting potential candidates for current or future positions with us

In the meantime we evaluate your profile and have an ongoing dialogue. If you show interest and want to be part of a recruitment process, your data will be processed for 180 days.  

Teamtailor AB

which provides a recruitment platform in the EU/EEA in the role of Kivra's personal data assistant. 

Manage your registration via "connect" on Kivra's career page (so that you can receive notices about vacancies)

Name, e-mail address, if information you share from external platforms, such as LinkedIn profile if you choose to connect it (data from you and public sources, such as LinkedIn) 

Our legitimate interest in being able to communicate with you and to be able to evaluate your profile and match your profile to future services. You can unsubscribe at any time. 

Until you choose to unregister from the connect service. If you do not interact with the service for 180 days, you will disappear from the site.

Teamtailor AB

which provides a recruitment platform in the EU/EEA in the role of Kivra's personal data assistant. 

Evaluate and improve our recruitment process 

Name, email address, your answers in the survey

(data from you)

Our legitimate interest in analyzing, evaluating and improving the efficiency and quality of our recruitment process.

Raw data from surveys is saved for 180 days for analysis purposes. 

Teamtailor AB

which provides a recruitment platform in the EU/EEA in the role of Kivra's personal data assistant. 

Carry out and assess case assignments/work samples (to evaluate practical skills)

Name, results from case/work sample, possible link to external platform where work sample was performed (e.g. GitHub) 

Our legitimate interest in being able to assess your practical skills and your suitability for the position applied for

180 days after completion of process for specific service

Teamtailor AB

which provides a recruitment platform in the EU/EEA in the role of Kivra's personal data assistant. 

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Interact with Users and other visitors in social media

Information about your interaction with Kivra (From you)

Balancing of interests motivated by Kivra's legitimate interest in being able to respond to your interactions with Kivra in social media.

Direct messages are saved for 2 months after the end of interaction. Your own comments, reactions, etc. are not actively deleted by Kivra but you can delete them whenever you want. 

Meta Platforms, Inc. which provides Facebook and Instagram in the role of joint data controller with Kivra, read more here. 

LinkedIn Corporation providing LinkedIn in the role of joint data controller with Kivra, read more here. 

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Release information to authorities when Kivra has a legal obligation to do so.

All categories of personal data that Kivra processes can be used, depending on what the authority requests. 

The processing is necessary to fulfill Kivra's legal obligations.

Disclosure takes place immediately.

Swedish authority in the role of personal data controller. 

Release information to authorities in legal proceedings.

All categories of personal data that Kivra processes can be used, depending on what the authority requests. 

Balance of interests motivated by Kivra's legitimate interest in being able to establish, enforce or defend Kivra's legal claims.

Disclosure takes place immediately.

Swedish authority in the role of personal data controller.

Purpose 

Categories of personal data and the source of the data 

Legal basis

How long is the personal data used for the purpose?

Who do we share personal data with? 

Meet your rights under Section 6 of this data protection information (apart from the right to register extracts - see column below) under the Data Protection Regulation

All categories of personal data that Kivra processes may be used, depending on which right you invoke. 

The processing is necessary to fulfill Kivra's legal obligations according to the data protection regulation. 

Up to 20 days after you terminate the Service.

Satisfy your right of access and provide you with information about which personal data we process about you and how it is used, in a so-called register extract

All categories of personal data that Kivra processes as a data controller can be included in a register extract

The processing is necessary for us to be able to fulfill our legal obligations according to the data protection regulation

A copy of your register extract is saved for three (3) months in order to be able to answer any questions from you.

Information about when you requested the register extract and when we responded is saved for ten (10) years.