v3.0.3 Published on November 8, 2022 Klarna’s Privacy Notice
It is important to us that you feel safe when you pay with Klarna or use any of our other services. Therefore, we are providing all the information about how we use your personal data in this privacy notice.
1. Who is responsible for your private data?
Klarna Bank AB (publ), registered with the Swedish Companies Registration Office under company number 556737-0431 and with registered office at Sveavägen 46, 111 34 Stockholm, also active through its UK branch, registration number BR020956, 125 Kingsway, Holborn, London WC2B 6NH, United Kingdom (“Klarna”, “we”, “our” or “us”), is the data controller in accordance with the UK data protection laws (such as the EU Regulation 2016/679 as incorporated and amended into UK domestic law (the “UK GDPR”) and the Data Protection Act 2018. If you have any questions regarding the processing of your personal data, please contact our data protection team by writing to privacy@klarna.co.uk.
2. Your data protection rights as a data subject
You have several rights under the UK GDPR related to you having control of your personal data and to receive information directly from us on how we process personal data about you. In the following you can read about your rights. If you want to know more or come in contact with us to exercise your rights, the easiest way is to email us on privacy@klarna.co.uk. If you want to receive information about the data Klarna holds about you through so-called subject access, or have certain data deleted, you can send a request to us by filling out this form, which is available on our homepage. For other types of questions please use the contact details in section 12.
Your rights
Right to have personal data deleted (“Right to be forgotten”). In some cases, you have the right to have us delete personal data about you. For example you can request us to delete such personal data that we (i) no longer need for the purpose it was collected for, or (ii) that we process based on your consent and you revoke your consent. There are situations where Klarna is unable to delete your data, for example, when the data is still necessary to process for the purpose for which the data was collected, Klarna’s interest to process the data overrides your interest in having them deleted, or because we have a legal obligation to keep it. You can read more about our legal obligations to keep data in section 4 and 9 in this Privacy Notice. The laws described there prevent us from immediately deleting certain data. You also have the right to object to us using your personal data for certain purposes such as direct marketing, which you can read more about in this list of your rights.
Right to be informed. You have the right to be informed of how we process your personal data. We do this through this privacy notice, by service-specific FAQs, and by answering your questions.
Right to receive access to your personal data (“Subject access”). You have the right to know if Klarna processes personal data about you, and to receive a copy (“data extract”) of such data, so- called subject access. Through the data extract you will receive information about what personal data Klarna holds about you and how we process it.
Right to access, and request a transfer, of your personal data to another recipient (“Data portability”). This right means that you can request a copy of the personal data relating to you that Klarna holds for the performance of a contract with you, or based on your consent, in a machine- readable format. This will allow you to use this data somewhere else, for example to transfer your personal data to another controller/recipient.
Right to rectification. You have the right to request that we rectify inaccurate information or complete information about you that you consider is inaccurate or incomplete.
Right to restrict processing. If you believe that your personal data is inaccurate, that our processing is unlawful or that we do not need the information for a specific purpose, you have the right to request that we restrict the processing of such personal data. You also have the possibility to request that we stop processing your personal data while we assess your request. If you object to our processing per your right described directly below, you may also request us to restrict processing of that personal data while we make our assessment.
Right to object against our processing of your personal data. You have the right to object to processing of your personal data which is based on our legitimate interest (Article 6(1)(f) UK GDPR), by referencing your personal circumstances. You can also always object to our use of your personal data for direct marketing purposes. When you let us know that you no longer wish to receive direct marketing from us, we will turn off marketing for you, and stop sending it to you.
Right to object to an automated decision that significantly affects you. You have the right to object to an automated decision made by Klarna if the decision produces legal effects or significantly affects you in a similar way. See section 6 on how Klarna makes use of automated decisions.
Right to withdraw one’s consent. As described in section 5 below, where we process your personal data based on your consent or explicit consent, you have the right to revoke that consent at any time. When you revoke your consent we will stop processing your data for such purposes.
Right to lodge a complaint. If you have complaints about Klarna’s processing of your personal data, you may lodge a complaint with your supervisory data protection authority, (the Information Commissioner), which can be reached using this link: https://ico.org.uk/.
Settings in the Klarna mobile application: In the Klarna mobile application, Klarna provides you with the functionality to tailor your preferences for certain services, such as current notifications or autofill of your information at purchase. We will always respect your choices.
3. What kind of personal data do we collect?
In this section, we describe the types of personal data that we collect or create. In section 4, we describe for what purposes we use these types of personal data.
Contact and identification data - Name, date of birth, social security number, title, occupation, gender, billing and delivery address, e-mail address, mobile phone number, nationality, age, income data, employment and employment history, audio recordings, photos and video recordings of you and your ID card etc.
Information about goods/services - Details concerning the goods/services you have bought or ordered, such as type of item or delivery tracking number.
Information about your financial standing - Information about, for example, your income, any credits, negative payment history and previous credit approvals.
Payment information - Credit and debit card details (card number, expiry date and CVV code), bank account number, bank name.
Information about your use of Klarna’s services - Which service(s) and what different functions in these services you have used and how you have used them. This includes information about outstanding and historical debt, your repayment history, and your personal preferences.
Technical information generated through your use of Klarna’s services - Technical data such as response time for web pages, download errors and date and time when you used the service.
Information about your contacts with Klarna’s customer service - Recorded phone calls, chat conversations and email correspondence.
Your contacts with the stores you shop at or visit - Information about how you interact with stores, such as whether you have received goods and the type of store you shop at.
Device information - Device ID, IP address, language settings, browser settings, time zone, operating system, platform, screen resolution and similar information about your device settings.
Information from external sanction lists and PEP lists - Sanction lists and lists of persons constituting politically exposed persons (“PEP”) include information such as name, date of birth, place of birth, occupation or position, and the reason why the person is on the list in question.
Sensitive personal data - Sensitive personal data are data that reveal religious beliefs, political or philosophical views, trade union membership, or constitute information about health, sex life or sexual orientation as well as biometric data.
Service-specific personal data - Within the framework of our services through the Klarna mobile application and browser extension, Klarna’s savings and payment accounts, Auto-import/Magic Import, Personal Finance and for event registrations, we use additional personal data that are not covered by the types listed above. Information regarding each service is listed here:
The Klarna mobile application and browser extension: All content you upload or submit (such as photos, receipts or product & store reviews), location information, geolocation information and websites you visit in the application’s browser, or with the extension installed;
Klarna’s savings and payment accounts: Information about your transactions and deposits and information about where your money comes from, or will be used for. Klarna will also process data about third parties (such as payees or payers) for this service;
Auto-import/Magic Import: Information from the connected e-mail account about your completed purchases, product, price and quantity information, delivery tracking numbers and information about stores that we pass on to the Klarna mobile application;
Personal Finance: Information from your other bank accounts and other types of accounts (such as card accounts) that you choose to connect to the service, as well as information such as account number, bank, historical transactions from your connected accounts and balances and assets; and
Event registration on social media: Information about your profile from your social media account and business information such as your employer’s name, address and type of company.
Detailed information on relevant personal data for each service can also be found in the terms and conditions we have listed here.
4. What personal data are used for what purposes and with which legal basis?
In the tables below you can read about,
-
What we will use your personal data for (the purpose),
-
Which types of personal data we use for that purpose, and if the personal data comes directly from you or from another source. In the cases where we have received personal data about you from another source, we provide the name of that source in brackets,
-
What legal rights we have under current data protection legislation, such as the UK GDPR, to process the data about you, referred to as our “legal basis”, and
-
When Klarna stops using the personal data for each purpose.
4.1 Purposes for which your personal data is always used, regardless of the service you use.
Purpose of the processing - what we do and why. |
Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. |
Legal basis for processing according to the UK GDPR. |
When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. |
To manage our customer relationship with you in accordance with our agreements, for each service you use. This includes creating and sending information to you in electronic format (not marketing). |
From you:
From other sources:
|
The processing is necessary for Klarna to perform a contract with you (Article 6(1)(b) UK GDPR). If the service processes information that constitutes sensitive personal data (e.g., from materials you choose to upload), our processing takes place based on your explicit consent (Article 9(2)(a) UK GDPR). |
When the contract between you and Klarna terminates. |
To be able to perform customer satisfaction surveys and market surveys as well as ask for reviews from you, through email, text messages, phone or via other communication channels. If you do not want us to perform this processing, please contact us to let us know. See section 2 for more information about your rights. See section 12 for our contact information. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in being able to perform the personal data processing, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
When the contract between you and Klarna terminates. |
To ensure network and information security in Klarna’s services. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in being able to ensure network and information security, that the processing is necessary to realise that purpose, and that our interest outweighs your right not to have your data processed for this purpose. It is also in your interest as a customer that we ensure good information security. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
This processing lasts for as long as you are using a service. |
To be able to help you as a vulnerable customer (i.e. if you need extra support when contacting us due to particular circumstances). This means that we can offer you special support, for example, when you contact customer service. |
From you:
From other sources:
|
Based on your consent (Article 6(1)(a) and Article 9(2)(a) UK GDPR). |
When you notify us that you are no longer a vulnerable customer or withdraw your consent. We also cease this processing if and when you notify us that you no longer want to be a Klarna customer. |
To be able to perform risk analysis, prevent fraud, and carry out risk management. This processing constitutes profiling and automated decision-making. We use automated decision-making for this purpose, to be able to determine if you constitute a risk of fraud. See section 6 for more information about profiling and automated decisions. |
From you:
From other sources:
|
The processing is necessary for Klarna to be able to execute and perform a contract with you (Article 6(1)(b) UK GDPR). (Swedish Law (2017:630) on measures against money laundering and terrorist financing). |
This processing will take place while you use any Klarna service. If Klarna has identified a risk in how you use Klarna, we will continue to use your information for this purpose and continuously update our risk assessment if there is a risk of fraud. This processing lasts as long as we are required by law to keep your information. See section 9 for more information on our obligations and right to retain information according to law. |
To anonymise your personal data in order to improve our services and products and to analyse customer behaviour. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in anonymising your personal data for product development purposes and in analysing customer behaviour in order to improve the service and customer experience. We ensure that the particular processing this entails is necessary to achieve the purpose in question, and that our interest outweighs your right not to have your data processed for this purpose. By anonymising information concerning you, we also ensure that we use personal data to the lesser extent possible. |
This processing takes place for the entire period during which Klarna must retain the information in its systems, for example to perform the contract executed with you or to comply with applicable law. See section 9 for more information on our obligations and right to retain information according to law. |
To perform data analysis for product development and testing to improve our risk and credit models and to design our services (if possible, we first anonymise the data, which means that no personal data processing is performed thereafter). |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in performing data analysis for product development and testing purposes. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. Furthermore, our customers benefit from the processing because it helps us deliver error-free and sustainable services. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
This processing takes place for the entire period during which Klarna must retain the information in its systems, for example, to perform the contract executed with you or to comply with applicable law. See section 9 for more information on our obligations and right to retain information according to law. |
To produce statistics and reports for economic analysis or analysis of payment trends or payment volumes in certain regions or industries (if possible, we first anonymise the data, which means that no personal data processing takes place thereafter). |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in obtaining statistical data and reports for this purpose. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
This processing takes place for the entire period during which Klarna must retain the information in its systems, for example, to perform the contract executed with you or to comply with applicable law. See section 9 for more information on our obligations and right to retain information according to law. |
To check and verify your identity. |
From you:
|
The processing is necessary for Klarna to perform a contract with you (Article 6(1)(b) UK GDPR). |
As long as you use one of Klarna’s services. |
To share your personal data with the categories of recipients described in section 7.1 (suppliers and subcontractors, companies within the Klarna Group, persons with authority over your financial transactions, authorities and buyers of receivables, businesses or assets). |
All types mentioned in section 3. |
Varies depending on the recipient (see section 7.1). |
This processing takes place for the entire period during which Klarna must retain the data in its systems, for example, to fulfil the agreement with you or to comply with applicable law. See section 9 for more information on our obligations and right to retain information according to law. |
To decide what kind of marketing we will provide to you. The processing may constitute profiling. See section 6 for more information about profiling. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in identifying which type of marketing we should provide to you. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. We have also considered the fact that marketing is listed as an example of legitimate interest in the UK GDPR. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
When the contract between you and Klarna terminates, or if you notify us that you are not interested in this processing. |
If you agree, provide you with information about our products or services, and about deals offered in cooperation with our partners’. If you do not want to receive marketing from us, you can opt-out anytime. |
From you:
From other sources:
|
The processing is based on your consent (Article 6(1)(a) UK GDPR). |
When you unsubscribe or if you notify us that you are not interested in this processing. |
To provide marketing materials and offers to you about other products and services we offer that are similar to those you have already used and that are part of Klarna as a shopping platform. If you do not want to receive marketing from us, please contact us to let us know. We will then stop processing your data for sending marketing. See section 12 for our contact information. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in sending you marketing about our services and offers. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your data processed for this purpose. We have also considered the fact that marketing is listed as an example of legitimate interest in the UK GDPR. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
When the contract between you and Klarna terminates, or if you notify us that you are not interested in this processing. |
To protect Klarna from legal claims and safeguard Klarna’s legal rights. |
In the event of a dispute, Klarna may also collect other types of personal data concerning you if we need them to exercise our rights. |
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in being able to protect ourselves from legal claims. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
This processing takes place for the entire period during which Klarna must retain the information in its systems, for example to perform the contract executed with you or to comply with applicable law. See section 9 for more information on our obligations and right to retain information according to law. |
4.2 Purposes for which your personal data are used when you use one of Klarna’s payment methods, Klarna at a store, or choose to pay by debit or credit card in Klarna’s check-out at a store.
Purpose of the processing - what we do and why. |
Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. |
Legal basis for processing according to the UK GDPR. |
When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. |
To transfer the store’s right to payment for your purchase to Klarna (“factoring”). |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we (and the store) have a legitimate interest in selling or buying your outstanding debt. We ensure that the processing is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
When the purchase takes place. |
To share your personal information with the categories of recipients described in section 7.2 (stores, payment service providers and financial institutions, fraud prevention agencies and companies providing identity information, and Google). |
From you:
From other sources:
|
Varies depending on the recipient (see section 7.2). |
Primarily when the purchase takes place, but it also occurs during the entire period that Klarna has the data in its systems, i.e. until the data is deleted. See section 9 for more information on our obligations and right to retain information according to law. |
When you shop in a store that offers Klarna as a payment method or has Klarna checkout, we will assess the order in which different payment methods should be presented to you at the store checkout. This processing does not affect which of Klarna’s payment methods are available to you. This processing constitutes profiling. See section 6 for more information about profiling. |
From you:
From other sources:
|
If you have accepted and use the Klarna service called “Shopping Service” as described in more detail in the terms and conditions of the service, which you will find here, then the legal basis for the processing is the performance of the contract 6(1)(b) UK GDPR). Alternatively, if you have not entered into the “Shopping Service” agreement, the processing will be based on a balancing of interests instead (Article 6(1)(f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in examining the order in which different payment options will be presented to you when checking out at the store. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
When the payment methods are shown at checkout. |
To prevent Klarna’s operations from being used for money laundering or terrorist financing, by monitoring and reviewing transactions. Klarna also conducts ongoing risk assessments and creates risk models to counter money laundering and terrorist financing. This processing constitutes profiling and automated decision making. See section 6 for more information about profiling and automated decisions. |
From you:
From other sources:
|
To comply with law (Article 6(1)(c) UK GDPR). (Swedish Law (2017:630) on measures against money laundering and terrorist financing) As regards sensitive personal data, the basis is that the processing is necessary for reasons of the public interest (Article 9(2)(g) UK GDPR). However, if you have supplied us with sensitive personal data, it is processed based on your explicit consent. |
When the agreement between you and Klarna is terminated. See section 9 for more information on our obligations and right to retain information in accordance with the law. |
To perform a fraud prevention assessment before a purchase is accepted. This processing constitutes profiling and automated decision-making. We use automated decision-making for this purpose, to be able to determine if you constitute a risk of fraud. See section 6 for more information about profiling and automated decisions. Also see section 7.2.3 on our use of fraud prevention agencies to which your information may be shared, and our legal basis for that sharing. |
From you:
From other sources:
In addition to the above, Klarna receives information from fraud prevention agencies on whether your information indicates an attempt at fraud. |
To enter into and perform the agreement (Article 6(1)(b) UK GDPR). |
When the fraud assessment is performed. |
To perform bookkeeping and accounting in accordance with accounting laws and preserve them in compliance with the applicable law. |
From you:
From other sources:
|
To comply with law (Article 6(1)(c) UK GDPR) (The Swedish Accounting Act (1999:1078)) |
During the period in which the bookkeeping is recorded and 7 years after the end of the year in which the information was registered. See section 9 for more information on our obligations and right to retain information according to law. |
To perform calculations in accordance with rules on capital adequacy obligations. |
From you:
From other sources:
|
To comply with law (Article 6(1)(c) UK GDPR). (Capital Adequacy Regulation 575/2013, and Capital Adequacy Directive 2013/36)) |
Seven years after the end of the year in which the information was registered. See section 9 for more information on our obligations and right to retain information according to law. |
4.3 Purposes for which your personal data is used when you use one of Klarna’s payment methods involving the provision of credit or when you use the Klarna card or the one-time card.
The following services involve providing credit to you: “Pay later” (invoice), “Pay now” (for payment by direct debit), “Financing” and “Pay in 3 instalments” (pay in instalments), as well as the Klarna card and the one-time card (both of which are offered in the Klarna mobile application).
Purpose of the processing - what we do and why. |
Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. |
Legal basis according to the UK GDPR. |
When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. |
To perform a credit assessment before credit is granted. This constitutes profiling and the decision to approve or reject the credit constitutes an “automated decision”. See section 6 for more information about profiling and automated decisions. Also see section 7.3.1 on our use of credit information bureaus to which your information may be shared, and our legal basis for that sharing. |
From you:
From other sources:
|
To enter into and perform the credit agreement (Article 6(1) (b) UK GDPR). |
When the credit assessment is performed. |
To share your personal data with the types of recipients described in section 7.3 (credit bureaus, debt collection companies and other buyers of outstanding receivables, as well as VISA, debt acquirers and digital wallet providers). |
From you:
From other sources:
|
Varies depending on the recipient (see section 7.2). |
Primarily when the purchase takes place, but also as long as Klarna retains the data in its systems, i.e., until it is deleted. See section 9 for more information on our obligations and right to retain information according to law. |
To transfer Klarna’s right to payment for your purchase to a new owner. |
From you:
From other sources:
Your contacts with the stores you shop at or visit. (The store) |
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in selling outstanding credits as part of conducting our business. We ensure that the processing is necessary to pursue that interest, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
The processing may be performed while the debt is unpaid (you will be notified if the debt is transferred). |
To perform debt collection services, i.e. to collect and sell overdue debts. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in collecting and selling debts. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
When the debt has been paid. |
To prevent Klarna’s operations from being used for money laundering or terrorist financing, by monitoring and reviewing transactions, conducting risk assessments and creating risk models. This processing constitutes profiling, and a decision that you imply a money laundering risk constitutes an “automated decision”. See section 6 for more information about profiling and automated decisions. |
From you:
From other sources:
|
To comply with law (Article 6(1)(c) UK GDPR). (Swedish Law (2017:630) on measures against money laundering and terrorist financing) As regards sensitive personal data, the condition is that the processing is necessary in the public interest (Article 9(2)(g) UK GDPR). |
Up to five years from the termination of the agreement or after the termination of the customer relationship (up to ten years in cases where law enforcement authorities so request). See section 9 for more information on our obligations and right to retain information according to law. |
Filing and accounting in accordance with accounting laws. |
From you:
From other sources:
|
To comply with law (Article 6(1)(c) UK GDPR). (The Swedish Accounting Act (1999:1078)) |
Seven years after the end of the year in which the information was registered. See section 9 for more information on our obligations and right to retain information according to law. |
4.4 Use of your (and third parties’) personal data to give you access to the Klarna account service (savings and payment accounts).
Purpose of the processing – what we do and why. |
Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. |
Legal basis according to the UK GDPR. |
When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. |
To provide Klarna’s savings and payment accounts. |
From you:
From other sources:
|
The processing is necessary for Klarna to perform a contract with you (Article 6(1)(b) UK GDPR). Information about third parties (such as payment recipient or payer) is based on a balancing of interests (Article 6(1)(f) UK GDPR). When balancing interests, Klarna has determined that we and you (and also the payment recipient/payer) have a legitimate interest in having these data processed to perform the transactions in question. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
When the contract between you and Klarna terminates. |
To share your personal data with the categories of recipients described in section 7.4 (credit institutions and other financial institutions) |
From you:
From other sources:
|
The processing is necessary for Klarna to perform a contract with you (Article 6(1)(b) UK GDPR). The service terms are available here. |
When the contract between you and Klarna terminates. |
To prevent Klarna’s operations from being used for money laundering or terrorist financing, by monitoring and reviewing transactions, conducting risk assessments and creating risk models. This processing constitutes profiling, and a decision that you imply a money laundering risk constitutes an automated decision. See section 6 for more information about profiling and automated decisions. |
From you:
From other sources:
|
To comply with law (Article 6(1)(c) UK GDPR) (Swedish Law (2017:630) on measures against money laundering and terrorist financing). As regards sensitive personal data, the condition is that the processing is necessary in the public interest (Article 9(2)(g) UK GDPR). |
Up to five years from the termination of the contract or after the termination of the customer relationship (up to ten years in cases where law enforcement authorities so request). See section 9 for more information on our obligations and right to retain information according to law. |
Filing and accounting in accordance with accounting laws. |
From you:
From other sources:
|
To comply with law (Article 6(1)(c) UK GDPR) (The Swedish Accounting Act (1999:1078)) |
Seven years after the end of the year in which the information first was registered. See section 9 for more information on our obligations and right to retain information according to law. |
To perform calculations in accordance with rules on capital adequacy obligations. |
From you:
From other sources:
|
To comply with law (Article 6(1)(c) UK GDPR) (Capital Adequacy Regulation 575/2013, and Capital Adequacy Directive 2013/36)) |
Seven years after the end of the year in which the information was registered. See section 9 for more information on our obligations and right to retain information according to law. |
4.5 Use of your personal data when you use Klarna’s shopping service.
When you use Klarna’s Shopping Service, Klarna will process your personal data for the purposes described in the table below. The terms of the Shopping Service and the description of the features included in the shopping service are available here.
Purpose of the processing - what we do and why. |
Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. |
Legal basis according to the UK GDPR. |
When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. |
To deliver the Klarna’s Shopping Service and the functions included therein. The service involves profiling you to personalise the content in the Klarna mobile application and at Klarna’s checkout. |
|
The processing is necessary for Klarna to perform a contract (terms and conditions for the shopping service) with you (Article 6(1)(b) UK GDPR). If the shopping service also processes data |
Klarna terminates. |
You can choose to share your location and geolocation information with us. We use this information to find stores in your vicinity. You can turn off location and geolocation information sharing on your device at any time. |
From you:
|
The processing is necessary for Klarna to perform a contract (terms and conditions for the shopping service) with you (Article 6(1)(b) UK GDPR). |
When the function is closed. Klarna will not save your location and geolocation information after we have shown you the stores that are close to you. |
To provide a browser, through the Klarna mobile application, for you to visit, for example, stores’ websites. Klarna will collect information about how you use the browser to customise the contents of the Klarna mobile application. |
From you:
|
The processing is necessary for Klarna to perform a contract (terms and conditions for the shopping service) with you (Article 6(1)(b) UK GDPR). |
When the contract between you and Klarna terminates. |
To share your personal data with the categories of recipients described in section 7.5 (affiliate networks, Google, partners within the framework of the Personal Finances service and the offer and benefit program, and logistics and transportation companies, Advertising services). |
From you:
From other sources:
|
Varies depending on the recipient (see section 7.5). |
When the contract between you and Klarna terminates. |
Deliver tailored marketing outside of the Klarna App, through Klarna and our third party advertising services, based on your user behaviour and profile. You may see advertisements when you are on other websites and apps, such as on social media. This is delivered to you through our third party advertising services, which are named in the link above. Also see section 7.5.5.1. on our use of advertising services to which your information is shared, and our legal basis for that sharing. This processing may constitute profiling which aims to customise the marketing based on what we think you may be interested in. You can read more about profiling in section 6. |
From you:
From other sources:
|
This is based on where you have given your consent (under Article 6(1)(a) GDPR). |
Either when you notify us that you want to withdraw your consent or if you notify us that you are not interested in this processing. We will also cease this processing if and when you notify us that you no longer want to be a Klarna customer. |
To enable Klarna to analyse which third party advertising services are the most effective in driving Klarna App installations. This requires certain data to be shared with third party advertising services. Also see section 7.5.5.2 for more information about which personal data that is shared, and our legal basis for that sharing. |
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in determining which third party advertising services are the most effective in driving Klarna App installations. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. |
When the contract between you and Klarna terminates. |
4.6 Additional services you can access for example via the Klarna mobile application or through Klarna’s browser extension.
Purpose of the processing - what we do and why. |
Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. |
Legal basis according to the UK GDPR. |
When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. |
If you have connected your e-mail account to Klarna’s Auto- import/Magic Import service, Klarna will regularly connect to your e-mail account(s) to obtain information about your purchases. You can terminate this service at any time and thereby delete Klarna’s access to your e-mail account. |
From other sources: Sensitive personal data. (The webmail provider) Service-specific personal data (see section 3 for information about Auto-import/Magic Import). (The webmail provider) |
The processing is necessary for Klarna to perform a contract (terms and conditions for the shopping service) with you (Article 6(1)(b) UK GDPR). |
When the contract between you and Klarna terminates. |
If you have chosen to connect your bank accounts to the Personal Finance service, Klarna will display and give you tools to control your finances, by means of offers tailored to your specific needs. This processing constitutes profiling which aims to customise the service’s content based on what we think you may be interested in. You can read more about profiling in section 6. If you choose to take advantage of offers and benefits that Klarna delivers within the framework of this service, we will share your personal information with the partner who delivers these (see section 7.5.3). |
From other sources:
|
The processing is necessary for Klarna to perform a contract (terms and conditions for the shopping service) with you (Article 6(1)(b) UK GDPR). If the service processes sensitive personal data (from your transactions), our processing will place based on your explicit consent (Article 9(2)(a) UK GDPR). See section 3 for more information. |
When the contract between you and Klarna terminates. |
If you use our browser extension, Klarna will process your data to deliver the service, which includes processing information about which websites/web domains you visit: Klarna processes information about the ecommerce websites/web domains you visit in order to identify deals, offer cash back and provide you with customised offers in the Klarna extension and mobile application. This processing is also done to allow you to create One-time Cards directly in your browser on websites where this service is enabled. Information about non-ecommerce websites/web domains visited will not be stored by Klarna. Read more about how your personal data is used in the extension FAQ. |
From you:
From other sources:
|
The processing is necessary for Klarna to perform a contract (terms and conditions for the Klarna Shopping Service) with you (Article 6(1)(b) UK GDPR). |
When the contract between you and Klarna terminates. |
If you choose to connect with a store by signing in or registering with your Klarna credentials, Klarna will share your personal data with the store. |
From you:
From other sources:
|
Based on your consent (Article 6(1)(a) UK GDPR) |
When you notify us that you want to withdraw your consent. We will also cease this processing if and when you notify us that you no longer want to be a Klarna customer. |
4.7 Offers and invitations to events posted on social media, and when you contact us through social media.
Purpose of the processing - What we do and why. |
Type of personal data used for the purpose, and where they come from (the source). See section 3 to read Klarna deletes the more about the data. |
Legal basis for processing in accordance with the UK GDPR. |
When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. |
If you sign up for an event posted on social media, we will process your personal data to provide the requested service. You can always unsubscribe from this by contacting us. See section 12 for contact information. |
From you:
|
The processing is necessary for Klarna to perform a contract with you (as regards the participation in the event) (Article 6(1)(b) UK GDPR). |
When the event has been held. |
4.8 Klarna’s processing when you contact Klarna’s customer service.
Purpose of the processing - What we do and why. |
Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. |
Legal basis for processing in accordance with the UK GDPR. |
When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. |
To handle all matters that come to Klarna’s customer service. |
From you:
From other sources:
|
Performance of contracts (Article 6(1) (b) UK GDPR). |
Up to ten years, based on the statute of limitations. See section 9 for more information on our obligations and right to retain information according to law. |
Quality and service improvement (to ensure satisfactory customer service). We may record telephone conversations as well as screen sharing sessions between you and our employees for quality purposes in order to deliver better products and services to you. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in improving our services, our internal training and quality control. We ensure that the particular processing this involves is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. As a customer, you also have an interest in the quality of your interactions with Klarna. |
We process the recordings of telephone conversations for up to 90 days for quality assurance purposes, and the recorded screen sharing sessions for up to 30 days for quality assurance purposes. |
Documenting what has been said when talking to our customer service (to ensure we have documented what has been agreed or discussed). We use recorded telephone conversations between you and our employees as well as our employees’ notations to document what has been said. |
From you:
From other sources:
|
The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest to document communications with Klarna’s customer service. We ensure that the particular processing this entails is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. As a customer, you also have an interest in ensuring impartial means of documenting what has been discussed. You may contact us for more information about how the determination was made. Please see the contact information in section 12. |
We process the recordings of telephone conversations for up to three years and the phone call notations up to six years, in order to document what has been discussed and decided on the call. |
If you contact us via social media such as Facebook or Twitter, your personal data will also be collected and processed by these companies, in accordance with their privacy notices. The same is true for the answer you get from us. Klarna processes this information to answer your questions |
From you:
From other sources:
|
Performance of contracts (Article 6(1) (b) UK GDPR). |
When we have answered your question. |
5. How do you withdraw your consent?
When Klarna uses your personal data based on your consent, you can withdraw your consent at any time. You can do this by sending an e-mail to privacy@klarna.co.uk or via the contact information you find in section 12.
You can also delete uploaded information from the Klarna mobile application, or end the service where personal data are processed. We will then delete the information. If you withdraw your consent or delete the uploaded information, you may be unable to use the service in cases where Klarna’s processing of personal data takes place based on your consent.
Lastly: As described in section 2 above you also have the right to object against certain personal data processing (for example you may turn off marketing). You also have a right to have certain personal data erased, which is also described in section 2.
6. Klarna’s profiling and automated decisions that significantly affect you.
6.1 Klarna’s profiling of you as a customer.
“Profiling” means an automated processing of personal data to evaluate certain personal matters, for example, by analysing or predicting your personal preferences, such as buying interests. At the same time, we compare your data with what our other customers, with similar use of our services, have preferred.
The purpose of Klarna’s profiling and the personal data types used for each occasion and for each profiling are described in detail in section 4 above. The profiling for these purposes does not have a significant impact on you as a customer.
We use profiling for the following purposes:
to deliver our customised services, which customise their content based on what we think is most interesting to you (this applies to the Klarna mobile application, its various functions, and the order different payment methods appear at Klarna’s checkout), and
to deliver customised marketing to you across both our own and external platforms and services.
If you have any questions about how the profiling process works, please contact us. Contact information is available in section 12. You may object to our marketing profiling at any time by contacting us (and we will then cease profiling for marketing purposes). You may also end our profiling for our services by terminating the service.
6.2 Klarna’s automated decisions that significantly affect you.
Automated decisions with legal effect, or automated decisions that similarly significantly affect you, means that certain decisions in our services are completely automated, without our employees being involved. These decisions have a significant effect on you as a customer, comparable to legal effects. By making such decisions automatically, Klarna increases its objectivity and transparency in the decision to offer you these services. At the same time, you have the right to object to these decisions at all times. You can read about how to object to these decisions at the end of this section 6.2.
Automated decisions that significantly affect you also mean that profiling is performed based on your data before the decision is made. This profiling is made to assess your financial situation (before the decision to grant credit) or to identify whether your use of our services involves a risk of fraud or money laundering. We profile your user behaviour and financial standing and compare this data with behaviours and conditions that indicate different risk levels for us.
When does Klarna take automated decisions that significantly affect you?
We make this kind of automated decision when we:
decide to approve your application to use a credit service.
decide not to approve your application to use a credit service. These automated credit decisions are based on the data you provide to us, data from external sources such as credit bureaus and Klarna’s own internal information. In addition to information about you, Klarna’s credit model includes a large number of other factors, such as Klarna’s internal credit risk levels and our customers’ general repayment rates (based on, for example, the current product category).
decide whether you pose a risk of fraud, if our processing shows that your behaviour indicates possible fraudulent conduct, that your behaviour is not consistent with previous use of our services, or that you have attempted to conceal your true identity. Automated decisions whereby we assess whether you constitute a fraud risk are based on information you have provided yourself, data from fraud prevention agencies (see section 7.2.3. for details of which ones we use), and Klarna’s own internal information.
decide whether there is a risk of money laundering, if our processing shows that your behaviour indicates money laundering. In relevant cases, Klarna also investigates whether specific customers are listed on sanction lists.
The personal data types used in each decision are described in section 4. See section 7 for more information about whom we share information with as regards profiling during automated decisions.
If you are not approved under the automated decisions described above, you will not have access to Klarna’s services, such as our payment methods. Klarna has several safety mechanisms to ensure the decisions are appropriate. These mechanisms include ongoing overviews of our decision models and random sampling in individual cases. If you have any concern about the outcome, you can contact us, and we will determine whether the procedure was performed appropriately. You can also object in accordance with the following instructions.
Your right to object to these automated decisions
You always have the right to object to an automated decision with legal consequences or decisions which can otherwise significantly affect you (together with the relevant profiling) by sending an e-mail message to privacy@klarna.co.uk. A Klarna employee will then review the decision, taking into account any additional information and circumstances that you provide to us.
7. Who do we share your personal data with?
When we share your personal data, we ensure that the recipient processes it in accordance with this notice, such as by entering into data transfer agreements or data processor agreements with the recipients. Those agreements include all reasonable contractual, legal, technical and organizational measures to ensure that your information is processed with an adequate level of protection and in accordance with applicable law.
7.1 Categories of recipients with whom Klarna will always share your personal information, regardless of the service you use.
7.1.1 Suppliers and subcontractors.
Description of the recipient: Suppliers and subcontractors are companies that only have the right to process the personal data they receive from Klarna on behalf of Klarna, i.e. data processors.
Examples of such suppliers and subcontractors are software and data storage providers, payment service providers and business consultants.
Purpose and legal basis: Klarna needs access to services and functionality from other companies where it cannot perform them itself. Klarna has a legitimate interest in being able to access these services and functionality (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.1.2 Klarna Group.
Description of the recipient: Companies in the Klarna Group.
Purpose and legal basis: This is required for Klarna to be able to provide you with its services and functionalities. Klarna has a legitimate interest in being able to access and provide these services and functionalities (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
When you shop in a foreign store (meaning a store located outside of the EU/EEA area) that has an agreement with another company within the Klarna Group, the disclosure of your personal information between Klarna companies is required in order for the two Klarna companies to manage your payment and enable the foreign store to administer your purchase. The legal basis for this processing is the performance of a contract (Article 6 (1)(b) UK GDPR).
The receiving Klarna Group company will handle your personal data in accordance with the privacy notice that applies in your country (see list). You can read more about how Klarna safeguards your personal data when transferred outside of the EU/EEA in Section 8.
7.1.3 A person who holds a power of attorney for your financial affairs.
Description of the recipient: Klarna may share your personal information with a person who has the right to access it under a power of attorney.
Purpose and legal basis: This processing is carried out to facilitate your contact with us (through agents), and takes place based on your consent (Article 6(1)(a) UK GDPR).
7.1.4 Authorities.
Description of the recipient: Klarna may provide necessary information to authorities such as the police, financial authorities, tax authorities or other authorities and courts of law.
Purpose and legal basis: Personal data is shared with the authority when we are required by law to do so, or in some cases if you have asked us to do so, or if required to manage tax deductions or counter crime. An example of a legal obligation to provide information is when it is necessary to take measures against money laundering and terrorist financing. Depending on the authority and purpose, the legal bases are the obligation to comply with the law (Article 6(1)(c) UK GDPR), to fulfil the agreement with you (Article 6(1)(b) UK GDPR), or Klarna’s legitimate interest in protecting itself from crime (Article 6(1)(f) UK GDPR).
There is also a requirement under UK law to withhold tax due on the payments. You will not need to do so, or take any action based on the agreement we have with the UK tax office (the HMRC), as we will disclose the necessary information to the UK tax office to support this agreement. If you have any questions regarding these arrangements, please contact the tax office.
7.1.5 Divestment of business or assets.
Description of the recipient: In the event that Klarna sells business or assets, Klarna may hand over your personal information to a potential buyer of such business or assets. If Klarna or a significant part of Klarna’s assets is acquired by a third party, personal information about Klarna’s customers may also be shared.
Purpose and legal basis: Klarna has a legitimate interest in being able to perform these transactions (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.2 Categories of recipients with whom Klarna shares your personal information when you use Klarna’s payment methods, Klarna at a store, or choose to pay by debit or credit card in Klarna’s check-out at a store.
7.2.1 Stores.
Description of the recipient: By stores we mean the stores you visit or shop at (which may include the store’s group companies if you have been informed thereof by the store).
Purpose and legal basis: In order for the store to be able to perform and manage your purchase and your relationship with the store or its group companies, e.g. by confirming your identity, sending goods, handling questions and disputes, in order to prevent fraud and, where appropriate, send relevant marketing. The store’s privacy notice applies to the processing of your personal data that has been shared with the store and that the store processes. Normally, you will find a link to the store’s privacy notice on the store’s website. The legal basis for sharing data with stores is partly the performance of a contract (Article 6(1)(b) UK GDPR) insofar as the data sharing takes place to perform the contract between you and the store, and partly based on Klarna’s and the store’s legitimate interest (Article 6(1)(f) UK GDPR) or your consent (Article 6(1)(a) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.2.2 Payment service providers and financial institutions.
Description of the recipient: Payment service providers and financial institutions provide services to you, stores and Klarna to implement and administer electronic payments through a variety of payment methods, such as credit cards and bank-based payment methods such as direct debit and bank transfer.
Purpose and legal basis: Some stores use payment service providers with whom they share your information for managing your payment. This sharing takes place in accordance with the stores’ own privacy notices. The store may also let Klarna share your information with the payment service provider they use for processing your payment. Some payment service providers also collect and use your information independently, in accordance with their own privacy notices. This is the case, for example, for electronic wallet suppliers. In addition, Klarna may share your information with other financial institutions when conducting transactions with your account to complete the transactions. Sharing with payment service providers and financial institutions is performed to make a transaction initiated by you and it is done to fulfil the agreement with you (Article 6(1)(b) UK GDPR).
7.2.3 Fraud prevention agencies and companies providing identity checks.
Description of the recipient: Your personal data are shared with fraud prevention agencies and companies that provide identity checks.
Purpose and legal basis: Klarna shares your information to verify your identity, the accuracy of the data you have provided, and to combat fraudulent and criminal activities. The companies with which we work are listed here. Please note that these companies may process your data in accordance with their own data privacy notices.
Klarna shares your information based on Klarna’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), as the fraud prevention agencies and the companies providing identity checks have information on fraud activities and identity confirmation which are important for Klarna to use as input to decrease its level of fraudulent transactions. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights. You can also contact the entities listed in the link above, to exercise the same rights as stated in section 2 also against those entities.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details in Section 12 below.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
7.2.4 Google.
Description of the recipient: When you use Google Maps at checkout or in the Klarna App (for example, by searching your address in the address bar, viewing “stores near me” or requesting information on nearby deals and offers), your personal information will be shared with Google. Google will process your data in accordance with Google Maps/Google Earths terms of service and privacy policy.
Purpose and legal basis: Klarna shares this information based on Klarna’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), as Google Maps makes it possible to find the address functionality at checkout and to show maps and deals relevant to your current location in the Klarna App. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.3 Categories of recipients with whom Klarna shares your data when you use one of Klarna’s payment methods involving the provision of credit or when you use the Klarna card or the one-time card.
7.3.1 Credit information bureaus.
Description of the recipient: If you apply to use a service from Klarna that involves us providing credit (see section 4.3 on which services from Klarna involve credit), we will share your personal data with credit information bureaus. Sharing does not take place in the event of small amounts or where we already have sufficient information.
Purpose and legal basis: Your personal information is shared with credit bureaus in order to assess your creditworthiness, to confirm your identity and your contact information, and to protect you and other customers from fraud. This data sharing constitutes a credit report.
If you apply to use a credit Service (see Section 4.1 above for a specification of our credit Services), your personal data may be shared with Credit Reference Agencies (“CRAs”) to assess your creditworthiness in connection with your application, to confirm your identity and your contact information, and to protect you and other customers from fraud.
For Klarna card, Pay Later in 30 days or Pay in 3 instalments, this sharing constitutes soft credit searches (or “soft credit lookups”) which does not affect your credit file nor credit score. The search is only visible to you and Klarna. In order to perform these credit searches, Klarna will send the CRAs your name, address, date of birth, phone number, as well as bank account number and sort code if relevant, in order to receive the lookups on you.
However, if you apply for one of our Financing products (fixed term loans or revolving account), a hard credit search (or “a hard credit lookup”) is performed in addition to soft searches. This is due to our Financing products constituting regulated credit products under UK credit legislation. This hard credit search will be recorded on your credit file and may impact your credit score as follows:
The CRA will keep a record of our enquiry against your name and which may be linked to your representatives (“associated records”). For the purposes of any application for Services from us, you may be assessed with reference to “associated records”. Where any search or application is completed, or agreement entered into, involving joint parties, we may record details about this at the CRAs. As a result an “association” will be created that will link your financial records.
Details of which CRA we have used for a specific search are available on request.
In addition, if you open an agreement with one of our Financing products, Klarna Card, Pay Later in 30 Days or Pay in 3 instalments, we will share further information on your agreement with the CRAs. This will occur on a monthly basis until the agreement is closed. This will include details of your outstanding balance, payments made and any default or failure to meet the terms of your agreement. These records will remain on the CRAs’ files for 6 years after our agreement with you is settled or terminated, whether settled by you or, if applicable, your business or by way of default. This and other information about you (or, if applicable, your business and those with whom you are linked financially) may be used to make credit decisions about you in the future.
The ways in which CRAs use and share personal data are explained in more detail at; https://www.transunion.co.uk/crain and https://www.experian.co.uk/crain. The CRAs will process your information in accordance with their own privacy notices and you can find out which ones we cooperate with here.
Klarna shares your information based on Klarna’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), as the credit information bureaus have information on your financial standing which is important for Klarna to use as input to ensure a correct credit assessment, and not grant credit to consumers who is unable to repay it. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights. You can also contact the entities listed in the link above, to exercise the same rights as stated in section 2 also against those entities.
Klarna retains credit information about you that we have received from a credit information bureau only in script data format. If you would like to have a readable version, we recommend that you directly contact the credit bureau that informed you that Klarna requested a credit report.
7.3.2 Debt collection companies (for debts that are overdue).
Description of the recipient: Klarna may need to share your information when we sell or outsource collection of unpaid overdue debts through a third party, such as a debt collection company.
Purpose and legal basis: This data is shared to collect your overdue debts. Debt collection companies process personal data in accordance with their own privacy notices, or only on behalf of Klarna in their capacity as Klarna’s data processors. Debt collection companies may report your unpaid debts to credit information bureaus or authorities, which may affect your creditworthiness and your ability to apply for future credit. This data is shared based on our legitimate interest in collecting and selling debt (Article 6(1)(f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in collecting and selling debts. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.3.4 Debt acquirers (for open debts).
Description of the recipient: Klarna can transfer your open debt to debt acquirers.
Purpose and legal basis: Upon transfer of your debt to an acquirer and continuously until you pay off the debt, Klarna will share your contact and identification information (name, date of birth, social security number, address, and phone number), information about your financial standing (such as residual credit, repayments and any negative payment history in relation to the current debt), as well as information about the goods or services associated with the debt. The buyer will process your personal data in accordance with its own privacy notice, which you will receive information about when the debt is transferred.
The sharing of personal data with different acquirers is based on our legitimate interest in selling outstanding debts as part of our business operations (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your personal data processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.4 Categories of recipients when using the Klarna accounts service (savings and payment accounts).
7.4.1 Credit institutions and other financial institutions.
Description of the recipient: We share your information with credit institutions and other financial institutions (such as other banks) when you make transactions or payments to other accounts.
Purpose and legal basis: If you have made payments to a Klarna account, Klarna will process the information we receive from the bank you used for the transaction, such as contact and identification data and payment information. If you make transactions or payments to accounts in other banks, Klarna will also pass on some of your contact and identification data as well as payment information to the recipient and also to the recipient’s credit institution or financial institution. Sharing is performed to fulfil the agreement with you (Article 6(1)(b) UK GDPR).
7.5 Categories of recipients with whom Klarna shares your personal information when you use Klarna’s Shopping Service.
You may find the terms for the Klarna Shopping Service here.
7.5.1 Affiliate Networks.
Description of the recipient: When you choose to click on a sponsored link in the Klarna mobile application or on our website that links to a store, product or service, you will be redirected to another company’s website through a third party, known as an affiliate network. Here you can learn which affiliate networks Klarna cooperates with (presented in the left column). The affiliate networks will process your device information in accordance with their own privacy notices (you will find these privacy notices in the right column in the same link as referenced above). The store you visit through a sponsored link determines which affiliate network processes your information. Usually a store only cooperates with one affiliate network. You can get more information about which network by contacting us (or the store).
Purpose and legal basis: The affiliate network may place tracking technology on your device that contains information about you clicking on that link in the Klarna mobile application, and which is then used to document your visit to the store to calculate a potential commission due to Klarna.
The processing is based on a balancing of interests (Article 6(1)(f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in supplying you with sponsored links in order to market shops in the Klarna mobile application and on our website. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose.
You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.5.2 Google.
7.5.2.1 reCAPTCHA
Description of the recipient: When you use the Klarna mobile application through our web portal, Google will collect your device information through Google’s reCAPTCHA service which is implemented there, in some cases together with additional information that you choose to enter into the reCAPTCHA service.
Purpose and legal basis: Klarna processes this information based on Klarna’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), since the reCAPTCHA service prevents misuse of our services (for example by preventing bots from trying to log in). Google will process this information in accordance with its terms of service and privacy policy. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose.
You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.5.2.2 Google Maps
Description of the recipient: In order to show where your parcel will be delivered on an integrated map in the Klarna mobile application, we share the relevant delivery address with Google. Google will process your data in accordance with Google Maps’/Google Earth’s terms of service and privacy policy.
Purpose and legal basis: Klarna shares this information based on Klarna’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR). By using Google Maps we are able to show you the delivery address on an integrated map in the Klarna mobile application. We ensure that this processing is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You have the right to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights and how to use them.
7.5.3 Partners within the framework of the Personal Finance service and the offer and benefit program.
Description of the recipient: Partners within the framework of the Personal Finance service and the offer and benefit program.
Purpose and legal basis: If you choose to take advantage of Klarna’s offers and benefits within the framework of the Personal Finance service or the offer and benefits program, Klarna will share the personal information required for you to take advantage of the offer with our business partners (which includes the fact that you are a Klarna customer). Each offer specifies the data that will be shared. Data is shared to perform the agreement between yourself and Klarna (Article 6(1)(b) UK GDPR).
7.5.4 Logistics and transport companies.
Description of the recipient: Logistics and transport companies.
Purpose and legal basis: Klarna will share your personal information with logistics and transport companies that deliver the goods you order if you have signed up for parcel tracking. Examples of information we share are contact and identification data and tracking numbers.
Logistics and transport companies process your data in accordance with their own privacy notices. Sharing is performed to fulfil the agreement between you and Klarna (Article 6(1)(b) UK GDPR).
7.5.5 Advertising services.
7.5.5.1 Tailored marketing.
Description of the recipient: You may see advertisements when you are outside the Klarna App on other websites and apps, such as on social media. This is delivered to you through Klarna and our third party advertising services.
Purpose and legal basis: Klarna will share your personal data with third party advertising services in order to deliver tailored marketing to you outside of the Klarna App, based on your Klarna user behaviour and profile. Some third party advertising services will use your data for their own purposes and in accordance with their own privacy policies, available through the above link which can be found here. You can also get more information about this sharing or how to exercise your rights in regards to these companies by contacting us.
This processing is based on your consent (under Article 6(1)(a) GDPR).
This processing may constitute profiling which aims to customise the marketing based on what we think you may be interested in. You can read more about profiling in section 6.
You can revoke your consent at any time by contacting us.
You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.5.5.2 Klarna App installation analytics
Description of the recipient: Klarna will share your device ID and installation of the Klarna App with third party advertising services.
Purpose and legal basis: This data is used to determine whether your installation of the Klarna App was driven by a particular advertisement, to enable Klarna to analyse which advertising services are the most effective in driving Klarna App installations. You can get more information about this by contacting us.
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in determining which third party advertising services are the most effective in driving Klarna App installations. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose.
You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.6 Categories of recipients with which Klarna shares your personal information if you contact our customer service through social media.
7.6.1 Social media.
Description of the recipient: Social media companies such as Facebook, Instagram or Twitter.
Purpose and legal basis: If you contact us via social media such as Facebook or Twitter, your personal data will also be collected and processed by these companies, in accordance with their privacy notices. Sharing is performed to fulfil the agreement with you (Article 6(1)(b) UK GDPR).
8. When can we transfer your personal data outside of the EU, and how do we protect it then?
We always strive to process your personal data within the EU/EEA area. But in certain situations, such as when we share your information within the Klarna Group or with a supplier, subcontractor or store which operates outside the EU/EEA, your personal data may be transferred outside the EU/EEA. Klarna always ensures that the same high level of protection applies to your personal data according to the UK GDPR, even when the data is transferred outside of the EU/EEA. Your rights in respect to your personal data (described in detail in section 2), are not affected when data is transferred outside of the EU/EEA. More information about the recipients Klarna shares your data with you can find in section 7.
When you shop with a store placed in a country outside of the EU/EEA area, our sharing of your personal data with that store means that your personal data will be transferred to this country outside of the EU/EEA area.
If you want more information about our safety measures you can always contact us. You can find our contact information in section 12. You find more information about which countries are deemed to have an “adequate level of protection” on the European Commission’s website, and you can read more about the European Commission’s standard clauses here.
Safety measures which Klarna uses when transferring personal data outside of the EU/EEA
Countries outside of the EU/EEA may have laws that allow public authorities to request access to personal data stored in the country for the purpose of combating crime or safeguarding national security. Regardless of whether we or any of our providers process your personal data, we will ensure that a high level of protection is guaranteed when transferring that data and that appropriate protection measures have been taken, in accordance with applicable data protection requirements (such as the UK GDPR). Such appropriate safeguards include, but are not limited to, ensuring:
if the European Commission has decided that the country outside of the EU/EEA to which your personal data are transferred has an adequate level of protection, which corresponds to the level of protection afforded by the UK GDPR. This means for example that the personal data is still protected from unauthorized disclosure, and that you may still exercise your rights in regards to your personal data, or
the European Commission’s standard clauses have been entered into between Klarna and the recipient of the personal data outside the EU/EEA. This means that the recipient guarantees that the level of protection for your personal data afforded by the UK GDPR still applies, and that your rights are still protected. In these cases, we also assess whether there are laws in the recipient country that affects the protection of your personal data. Where necessary, we take technical and organizational measures so that your data remain protected during the transfer to the relevant country outside the EU/EEA.
Despite the above, if the store where you choose to shop is located in a country outside the EU/EEA, our data sharing with that foreign store (or with that foreign store’s local Klarna entity) means that your personal data will be transferred to this country outside the EU/EEA. Otherwise it would not be possible to administer your purchase. Klarna primarily relies on the European Commission’s standard clauses to ensure the protection of your personal data for such data transfers, but as set out above, countries where the foreign store is located may have laws preventing the efficient protection by the standard clauses. Even if this is the case, your personal data will still be transferred to the foreign store (or the foreign store’s local Klarna entity), as long as the data transfer is necessary to administer your specific purchase.
9. How long we store your personal data
How long Klarna stores your personal data depends on the purposes for which Klarna uses the personal data:
Personal data used for the contractual relationship between you and Klarna is generally stored for the duration of the contractual relationship and thereafter for a maximum of 10 years based on statutes of limitations.
Personal data that Klarna is under a legal obligation to retain, for example under anti-money laundering laws or bookkeeping laws, is generally retained for 5 and 7 years respectively.
We process the recordings of telephone conversations for a time period of 90 days for quality assurance purposes. We will also retain recordings of inbound and outbound calls for up to three years, as well as Klarna employees’ notations from these calls for up to six years, in order to document what has been discussed and decided on the call.
Personal data which is not used for the purposes of your contractual relationship with Klarna or where Klarna does not have a legal obligation to retain the data is only retained as long as necessary to fulfill the respective purpose for our data processing (usually 3 months). More information can be found in the table in section 4.
In some limited cases, the personal data may need to be stored for a longer period because of capital adequacy laws which Klarna has to comply with.
The legal obligations referred to above means that Klarna can not delete your personal data, even if you request us to delete it, as described in section 2. If we don’t have a legal obligation to retain the personal data, we instead have to make an assessment if we may require the personal data in order to protect Klarna from legal claims.
Please note that just because we have a legal obligation to store your personal data, this does not mean that we are also permitted to use this data for any other purpose. Klarna will make an assessment for each specific purpose of how long we may use your personal data. You can read more about this in section 4.
10. How we use cookies and other types of tracking technology
To provide a tailored and smoooth experience, Klarna uses cookies and similar tracking technologies in our multiple interfaces, such as our website, the Klarna mobile application and at the checkout of a store that uses Klarna. You can find information about the tracking technology that Klarna uses, and information about how you accept or decline the tracking technology, in each interface.
11. Updates to this Privacy Notice
We are constantly working to improve our services so that you have a smoooth user experience. This may involve modifications of existing and future services. If that improvement requires a notice or consent in accordance with applicable law, you will be notified or given the opportunity to give your consent. It is also important that you read this privacy notice every time you use any of our services, as the processing of your personal data may differ from your previous use of the service in question.
12. Klarna contact information
Klarna Bank AB (UK branch) located at 125 Kingsway, Holborn, London WC2B 6NH, United Kingdom.
Klarna has a data protection officer and a team of data protection specialists. We also have a number of customer service teams that handle data protection issues. You can reach all of these individuals at privacy@klarna.co.uk. If you specifically wish to contact Klarna’s data protection officer, enter this on the subject line.
Klarna Bank AB (UK branch) located at 125 Kingsway, Holborn, London WC2B 6NH, United Kingdom, complies with UK data protection laws. Please visit www.klarna.com/uk/ for more information about Klarna.
13. Acquisition of Close Brothers Retail Finance
In January 2019, Klarna acquired the Retail Finance division of Close Brothers Limited. In relation to this acquisition, Klarna acquired the personal data of customers who use or have used the services of the Retail Finance division. Klarna will process this personal data in order to fulfill contractual obligations, comply with applicable laws, and in line with Klarna’s legitimate interest to conduct its business.
The personal data acquired will be processed in line with the privacy notice, in force at the time of the acquisition, and in line with applicable data protection laws. Please note that you have the rights stipulated in this Privacy Notice also for this data, for example the right to access (See Section 13). The privacy notice, in force at the time of the acquisition, may be found here.