data protection

Data protection

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Mentil&Ly Snacks4you, inh. Mentil
Dario Mentil
Kronenweg 6
4102 Binningen

Telephone: 0799279707
Email: dario.mentil@hotmail.com
Website: https://www.snacks4you.shop/

General remark

Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act, DSG), every person has the right to protection of their privacy and protection against misuse of their personal data. The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

In collaboration with our hosting providers, we strive to protect the databases as best as possible against unauthorized access, loss, misuse or forgery.

We would like to point out that data transmission over the Internet (e.g. when communicating via email) can have security gaps. Complete protection of data from access by third parties is not possible.

By using this website, you agree to the collection, processing and use of data as described below. This website can generally be visited without registration. Data such as pages accessed or the name of the file accessed, date and time are stored on the server for statistical purposes without this data being directly related to you personally. Personal data, in particular name, address or email address, is collected on a voluntary basis wherever possible. Your data will not be passed on to third parties without your consent.

Processing of personal data

Personal data is all information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, to the extent and to the extent that the EU GDPR is applicable, we process personal data in accordance with the following legal bases in connection with Art. 6 Para. 1 GDPR:

  • lit. a) Processing of personal data with the consent of the person concerned.

  • b) Processing of personal data to fulfill a contract with the data subject and to carry out corresponding pre-contractual measures.

  • c) Processing of personal data to fulfill a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the GDPR applies in whole or in part.

  • lit. d) Processing of personal data to protect the vital interests of the data subject or another natural person.

  • lit. f) Processing of personal data to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights as well as the interests of the data subject outweigh this. Legitimate interests include, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.

We process personal data for the period necessary for the respective purpose or purposes. If retention obligations last longer due to legal and other obligations to which we are subject, we will restrict processing accordingly.

Privacy Policy for Cookies

This site uses cookies. These are small text files that make it possible to store specific user-related information on the user's device while they use the website. Cookies make it possible, in particular, to determine the frequency of use and number of users of the pages, to analyze page usage behavior, but also to make our offering more customer-friendly. Cookies remain stored at the end of a browser session and can be accessed again when you visit the site again. If you do not want this, you should set your internet browser so that it refuses to accept cookies.

A general objection to the use of cookies used for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ can be explained. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that not all functions of this online offer may then be able to be used.

Privacy policy for SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests that you send to us as the site operator. You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data protection declaration for server log files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version

  • operating system used

  • Referrer URL

  • Host name of the accessing computer

  • Time of server request

This data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.

Third Party Services

This website only uses Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

These services from the American Google LLC use, among other things, cookies and as a result data is transferred to Google in the USA, although we assume that no personal tracking takes place solely through the use of our website.

Google is committed to ensuring adequate data protection in accordance with the American-European and American-Swiss Privacy Shield.

Further information can be found in Google's privacy policy .

Data protection declaration for contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us in order to process the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

Data protection declaration for newsletter data

If you would like to receive the newsletter offered on this website, we need an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter . Further data is not collected. We use this data exclusively to send the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the e-mail address and their use to send the newsletter at any time, for example via the “unsubscribe” link in the newsletter.

Data protection declaration for the comment function on this website

For the comment function on this website, in addition to your comment, information about the time the comment was created, your email address and, if you do not post anonymously, your chosen username are stored.

Storage of the IP address

Our comment function stores the IP addresses of users who write comments. Since we do not check comments on our site before they are activated, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

Subscribe to comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to check whether you are the owner of the email address provided. You can unsubscribe from this function at any time via a link in the information emails.

Rights of data subjects

Right to confirmation

Every data subject has the right to request confirmation from the website operator as to whether personal data relating to data subjects is being processed. If you would like to exercise this right of confirmation, you can contact the data protection officer at any time.

Right to information

Every person with personal data affected by the processing has the right to receive free information from the operator of this website at any time about the personal data stored about them and a copy of this information. Furthermore, if necessary, information may be provided about the following information:

  • the processing purposes

  • the categories of personal data that are processed

  • the recipients to whom the personal data has been or will be disclosed

  • if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining that period

  • the existence of a right to rectification or deletion of personal data concerning you or to restriction of processing by the controller or a right to object to this processing

  • the existence of a right to lodge a complaint with a supervisory authority

  • if the personal data is not collected from the data subject: all available information about the origin of the data

The data subject also has the right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transfer.

If you would like to exercise this right to information, you can contact our data protection officer at any time.

Right to rectification

Every person affected by the processing of personal data has the right to request the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - including by means of a supplementary statement.

If you would like to exercise this right to correction, you can contact our data protection officer at any time.

Right to deletion (right to be forgotten)

Any person affected by the processing of personal data has the right to request that the person responsible for this website delete the personal data concerning him or her immediately if one of the following reasons applies and if the processing is not necessary:

  • The personal data was collected or otherwise processed for purposes for which it is no longer necessary

  • The data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing

  • The data subject objects to the processing on grounds relating to their particular situation and there are no overriding legitimate grounds for the processing, or in the case of direct advertising and related profiling, the data subject objects to the processing

  • The personal data was processed unlawfully

  • The deletion of personal data is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject

  • The personal data was collected in relation to information society services offered directly to a child

If one of the reasons mentioned above applies and you would like to have personal data stored by the operator of this website deleted, you can contact our data protection officer at any time. The data protection officer of this website will ensure that the deletion request is complied with immediately.

Right to restriction of processing

Any person affected by the processing of personal data has the right to request that the person responsible for this website restrict processing if one of the following conditions applies:

  • The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data

  • The processing is unlawful, the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data

  • The controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims

  • The data subject has objected to the processing for reasons relating to his or her particular situation and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject

If one of the above conditions is met and you would like to request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the processing to be restricted.

Right to data portability

Every person affected by the processing of personal data has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format. You also have the right to have this data transmitted to another person responsible if the legal requirements are met.

Furthermore, the data subject has the right to have the personal data transmitted directly from one person responsible to another person responsible, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

To assert your right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.

Right to object

Every person affected by the processing of personal data has the right to object at any time to the processing of personal data concerning them for reasons arising from their particular situation.

The operator of this website will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or if the processing is for the purposes of asserting, exercising or serves to defend legal claims.

To exercise your right to object, you can contact the data protection officer of this website directly.

Right to revoke your data protection consent

Every person affected by the processing of personal data has the right to revoke their consent to the processing of personal data at any time.

If you would like to exercise your right to revoke your consent, you can contact our data protection officer at any time.

Data protection declaration for objection to advertising emails

The use of contact details published as part of the imprint obligation to send unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, such as spam emails.

Paid services

In order to provide paid services, we request additional data, such as payment details, in order to process your order or to be able to carry out your order. We store this data in our systems until the statutory retention periods have expired.

Use of Google Maps

This website uses Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google saves your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this you must contact Google. Further information on the purpose and scope of data collection and processing by Google, as well as further information on your rights in this regard and setting options to protect your privacy, can be found at: www.google.de/intl/de/policies/privacy .

Google Ads

This website uses Google Conversion Tracking. If you have reached our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Ads customers. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.

If you do not want to take part in tracking, you can refuse the necessary setting of a cookie - for example by using a browser setting that generally deactivates the automatic setting of cookies or setting your browser so that cookies from the domain "googleleadservices.com" are blocked.

Please note that you are not allowed to delete the opt-out cookies as long as you do not want measurement data to be recorded. If you have deleted all of your cookies in your browser, you must set the respective opt-out cookie again.

Use of Google Remarketing

This website uses the remarketing function of Google Inc. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A so-called “cookie” is stored in the website visitor’s browser, which makes it possible to recognize the visitor when they visit websites that are part of Google’s advertising network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function.

According to Google, it does not collect any personal data during this process. If you still do not want Google's remarketing function, you can deactivate it by making the appropriate settings at http://www.google.com/settings/ads . Alternatively, you can opt out of the use of cookies for interest-based advertising through the Advertising Network Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp .

Use of Google reCAPTCHA

This website uses the reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland “Google”). The query serves the purpose of distinguishing whether the input was made by a human or by automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha is not merged with other Google data. Your data may also be transmitted to the USA. An adequacy decision from the European Commission, the “Privacy Shield”, is in place for data transfers to the USA. Google participates in the “Privacy Shield” and has subjected itself to the requirements. By clicking on the query, you consent to the processing of your data. The processing takes place on the basis of Art. 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.

Further information about Google reCAPTCHA and the associated data protection declaration can be found at: https://policies.google.com/privacy?hl=de

Privacy Policy for Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited. If the person responsible for data processing on this website is located outside the European Economic Area or Switzerland, then Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google”.

We can use the statistics obtained to improve our offering and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under “My data”, “Personal data”.

The legal basis for the use of Google Analytics is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. We would like to point out that on this website Google Analytics is supplemented by the code “_anonymizeIp();” has been expanded to ensure anonymized collection of IP addresses. This means that IP addresses are further processed in abbreviated form, which means that any personal connection can be ruled out. If the data collected about you is personally related, this will be excluded immediately and the personal data will be deleted immediately.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: Deactivate Google Analytics .

You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics . This means that a so-called opt-out cookie is stored on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted, meaning that you will have to set the opt-out cookies again if you still want to prevent this form of data collection. The opt-out cookies are set per browser and computer/device and must therefore be activated separately for each browser, computer or other device.

Privacy Policy for Google AdSense

We use Google AdSense on this website. This is an advertising program from Google Inc. In Europe, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google AdSense we can display advertisements on this website that match our topic.

Google AdSense uses cookies to serve ads that are relevant to users, improve campaign performance reporting, or prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which advertisements are shown in which browser and can thus prevent them from being displayed multiple times. In addition, Google AdSense can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, if a user sees a Google Ads ad and later visits the advertiser's website using the same browser and buys something there. According to Google, Google Ads cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. By integrating Google Ads, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and store your IP address.

You can prevent participation in this tracking process in various ways:

  1. by setting your browser software accordingly, in particular by suppressing third-party cookies, this means that you will not receive any advertisements from third-party providers;

  2. by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://adssettings.google.com , whereby this setting will be deleted when you change yours delete cookies;

  3. by deactivating the interest-based ads of providers that are part of the self-regulatory campaign “About Ads” via the link https://www.aboutads.info/choices , although this setting will be deleted when you delete your cookies;

  4. by permanently deactivating it in your browsers Firefox, Internet Explorer or Google Chrome under the link https://www.google.com/settings/ads/plugin . We would like to point out that in this case you may not be able to fully use all of the functions of this offer.

The legal basis for the processing of your data is a balance of interests, according to which the processing of your personal data described above does not conflict with any overriding interests on your part (Art. 6 Para. 1 Sentence 1 Letter f GDPR). Further information about Google Ads from Google can be found at https://ads.google.com/intl/de_DE/home/ , as well as data protection at Google in general: https://www.google.de/intl/de/policies/ privacy . Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org .

Data protection declaration for the use of Google Web Fonts

This website uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, your computer will use a standard font.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and, for example, integrate Google Analytics and other Google marketing services into our online offering. The tag manager itself, which implements the tags, does not process any of the users’ personal data. With regard to the processing of users' personal data, reference is made to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html .

Data protection declaration for Facebook

This website uses functions from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is already being transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be assigned to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking a “Like” or “Share” button, are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy .

Privacy Policy for Twitter

This website uses functions from Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you access our pages with Twitter plug-ins, a connection is established between your browser and Twitter's servers. Data is already being transferred to Twitter. If you have a Twitter account, this data can be linked to it. If you do not want this data to be assigned to your Twitter account, please log out of Twitter before visiting our site. Interactions, in particular clicking on a “Re-Tweet” button, are also passed on to Twitter. Find out more at https://twitter.com/privacy .

Privacy policy for Instagram

Functions of the Instagram service are integrated into our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to assign your visit to our pages to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

Further information can be found in Instagram's privacy policy: http://instagram.com/about/legal/privacy/

Data protection declaration for LinkedIn

We use the marketing services of the social network LinkedIn from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”) within our online offering.

These use cookies, i.e. text files that are stored on your computer. This enables us to analyze your use of the website. For example, we can measure the success of our ads and show users products that they were previously interested in.

This records, for example, information about the operating system, the browser, the website you previously accessed (referrer URL), which websites the user visited, which offers the user clicked on, and the date and time of your visit to our website.

The information generated by the cookie about your use of this website is transmitted pseudonymously to a LinkedIn server in the USA and stored there. LinkedIn does not store the name or email address of the respective user. Rather, the data mentioned above is only assigned to the person who generated the cookie. This does not apply if the user has allowed LinkedIn to process data without pseudonymization or has a LinkedIn account.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to fully use all of the functions of this website. You can also object to the use of your data directly on LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

We use LinkedIn Analytics to analyze the use of our website and to regularly improve it. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. All LinkedIn companies have adopted the Standard Contractual Clauses to ensure that the data traffic to the USA and Singapore necessary to develop, operate and maintain the Services takes place in a lawful manner. If we ask users for their consent, the legal basis for the processing is Article 6 (1) (a) GDPR. Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6 Paragraph 1 Sentence 1 Letter f GDPR.

Third party information: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; User Agreement and Privacy Policy .

External payment service providers

This website uses external payment service providers through whose platforms users and we can carry out payment transactions. For example about

  • PostFinance (https://www.postfinance.ch/de/detail/legal-barrier-freedom.html)

  • Visa (https://www.visa.de/USE Conditions/visa-privacy-center.html)

  • Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)

  • American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)

  • Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

  • Bexio AG (https://www.bexio.com/de-CH/datenschutz)

  • Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)

  • Apple Pay (https://support.apple.com/de-ch/ht203027)

  • Stripe (https://stripe.com/ch/privacy)

  • Klarna (https://www.klarna.com/de/datenschutz/)

  • Skrill (https://www.skrill.com/de/fusszeile/datenpolitik/)

  • Giropay (https://www.giropay.de/rechts/datenschutzerklaerung) etc.

As part of the fulfillment of contracts, we use payment service providers on the basis of the Swiss Data Protection Regulation and, if necessary, Article 6 Paragraph 1 Letter b. EU GDPR. Furthermore, we use external payment service providers based on our legitimate interests in accordance with the Swiss Data Protection Regulation and, where necessary, in accordance with Article 6 Paragraph 1 Letter f of the EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract details, amounts and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. As operators, we do not receive any information about (bank) accounts or credit cards, but only information about confirmation (acceptance) or rejection of the payment. Under certain circumstances, the data may be transmitted by the payment service provider to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. For this purpose, we refer to the general terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective website or transaction applications. We also refer to these for further information and to assert cancellation, information and other rights of those affected.

Newsletter - Mailchimp

The newsletter is sent using the shipping service provider 'MailChimp', a newsletter delivery platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection regulations of the shipping service provider here . The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thereby offers a guarantee that it will comply with the European level of data protection ( PrivacyShield ). The shipping service provider is used on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Letter f of the GDPR and an order processing contract in accordance with Article 28 Paragraph 3 Sentence 1 of the GDPR.

The shipping service provider can use the recipient's data in a pseudonymous form, ie without assigning it to a user, to optimize or improve its own services, for example to technically optimize shipping and the presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

Order processing in the online shop with customer account

We process our customers' data in accordance with the federal data protection regulations (Data Protection Act, DSG) and the EU GDPR, as part of the ordering processes in our online shop, to enable them to select and order the selected products and services, as well as their payment and delivery , or to enable execution.

The data processed includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services as part of the operation of an online shop, billing, delivery and customer services. We use session cookies, for example to store the contents of the shopping cart, and permanent cookies, for example to store the login status.

Processing is carried out on the basis of Article 6 Paragraph 1 Letter b (Execution of ordering processes) and c (Lawfully required archiving) GDPR. The information marked as necessary is required to establish and fulfill the contract. We only disclose the data to third parties as part of delivery, payment or within the scope of legal permissions and obligations. The data will only be processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request for delivery or payment).

Users can optionally create a user account, in particular by being able to view their orders. As part of registration, the required mandatory information is provided to users. The user accounts are not public and cannot be indexed by search engines, such as Google. If users have terminated their user account, their data will be deleted with regard to the user account, unless their retention is necessary for commercial or tax law reasons in accordance with Article 6 (1) (c) GDPR. Information in the customer account remains until it is deleted and then archived in the event of a legal obligation. It is the users' responsibility to back up their data before the end of the contract if the contract is terminated.

As part of the registration and re-registration process as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR.

Deletion takes place after statutory warranty and comparable obligations have expired; the necessity of storing the data is checked at irregular intervals. In the case of legal archiving obligations, deletion takes place after they have expired.

Note on data transfer to the USA

Our website includes, among other things, tools from companies based in the USA. When these tools are active, your personal information may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as the person concerned being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

Copyrights

The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of all files, the written consent of the copyright holder must be obtained in advance.

Anyone who commits a copyright infringement without the consent of the respective rights holder may be liable to prosecution and possibly be liable for damages.

General disclaimer

All information on this website has been carefully checked. We strive to keep our information up to date, accurate and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, accuracy and timeliness of information, including of a journalistic-editorial nature. Liability claims for material or immaterial damage caused by the use of the information provided are excluded unless there is evidence of intentional or grossly negligent fault.

The publisher may change or delete texts at its own discretion and without notice and is not obliged to update the content of this website. Use of or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damages, such as direct, indirect, accidental, predetermined or consequential damages, which are allegedly caused by visiting this website and therefore assume no liability for them.

The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be reached via external links on this website. The operators are solely responsible for the content of the linked pages. The publisher thereby expressly distances itself from all third-party content that may be relevant to criminal or liability law or that violate common decency.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. To the extent that the Privacy Policy is part of an agreement with you, in the event of an update, we will inform you of the change by email or other appropriate means.

Questions for the data protection officer

If you have any questions about data protection, please write us an email or contact the person responsible for data protection in our organization listed at the beginning of the data protection declaration directly.

Binningen, March 21, 2021
Source: SwissLawyer

Klarna’s privacy policy

It is very important to us that you feel safe when you pay with Klarna or use one of our other services. Therefore, you will find all information about the use of your personal data in this data protection declaration.

So that you can easily find the sections that interest you, we have divided the data protection declaration into different headings. Simply click on the relevant heading in the list below to go directly to the relevant section.

  1. Who is responsible for your personal data?
  2. Your rights in relation to your personal data
  3. What type of personal data do we collect?
  4. Which personal data is used for which purposes and on what legal basis?
  5. How can you revoke your consent?
  6. Klarna’s use of profiling and automated decisions
  7. Who do we share your personal data with?
  8. Where do we process your personal data?
  9. How long we store your personal data
  10. How we use cookies and other types of tracking technology
  11. Updates to this Privacy Policy
  12. Klarna's contact information

1. Who is responsible for your personal data?

Klarna Bank AB (publ), registered in the Swedish Commercial Register under company number 556737-0431 and with its registered office at Sveavägen 46, 111 34 Stockholm (“Klarna”, “we”, “our” or “us”), is in accordance with the EU -General Data Protection Regulation (the “GDPR”) is responsible for processing your data. If you have any questions about the processing of your personal data, please contact our data protection team by email at datenschutz.ch@klarna.com.

2. Your rights in relation to your personal data

  • Right to information. You have the right to obtain information about how we process your personal data. We do this through this privacy policy, by publishing information on our website and by answering your questions.
  • Right of access to your data. You can request a copy of your personal data if you would like to know what information we hold about you.
  • Right to data portability. You can request a copy in a machine-readable format of the personal data relating to you that we process for the performance of a contract concluded with you or based on your consent.
  • Right to rectification. You have the right to correct inaccurate information about yourself and to complete incomplete information.
  • Right to delete your data. You have the right to request the deletion of your personal data. This applies to data whose processing is no longer necessary for the purpose for which it was originally collected or in the event that you withdraw your consent. However, you must note that your right to have your data deleted is not absolute. Even if you ask for them to be deleted, Klarna is obliged to retain certain data. These data retention obligations are further explained in Sections 4 and 9 . These laws prevent us from immediately deleting certain data.
  • Right to restriction of processing. If you believe that data is inaccurate, that our processing of the data is unlawful, or that we do not need the data for a specific purpose, you can request that the processing of your personal data be restricted. You can also request a restriction while you wait for us to assess whether our interest in processing your data outweighs your right not to have that data processed.
  • Right to object to the processing of your personal data or to object to our processing. You can object to the processing of your personal data based on our legitimate interest (Art. 6 Para. 1 f) GDPR) with reference to your personal circumstances. In addition, you can object to the use of your personal data for marketing purposes at any time.
  • Right to object to an automated decision that significantly affects you . You have the right to object to an automated decision made by Klarna if that decision gives rise to legal consequences or constitutes a decision that similarly significantly affects you. Section 6 explains how Klarna uses automated decisions.
  • Right to withdraw consent. As described in Section 5 , where we process your personal data based on your implicit or explicit consent, you have the right to withdraw your consent at any time. This means that we will stop processing it. However, this has no effect on the processing that has already been carried out.
  • Right to file a complaint . You have the right to lodge a complaint with your data protection supervisory authority or Integritetsskyddsmyndigheten , the Swedish supervisory authority for Klarna's processing of personal data. You can reach the Integritetsskyddsmyndigheten via the following link .

You can exercise one or more of your rights by sending an email to datenschutz.ch@klarna.com indicating the rights you would like to exercise. For further questions, please see the contact information in Section 12 .

Settings in the Klarna mobile app: In the Klarna mobile app, Klarna offers you the opportunity to adjust your preferences for certain services, such as: B. regarding receiving up-to-date notifications or auto-filling your information when making a purchase. We will always respect your decisions in this regard.

3. What type of personal data do we collect?

In this section we explain the different categories of personal data we use. In Section 4 we describe the purposes for which we process personal data in the individual categories, i.e. H. how the data is used.

  • Contact and Identification Information - name, date of birth, social security number, title, occupation, gender, billing and shipping address, email address, mobile phone number, nationality, age, income information, etc.
  • Information about goods/services - data about the goods/services you have purchased or ordered, such as: B. Type of item or tracking number.
  • Information about your financial situation - information e.g. B. about your income, any loans, negative payment history and previous credit approvals.
  • Payment information - credit and debit card details (card number, validity and CVV code), account number, name of your bank.
  • Information about your use of Klarna's services - which service(s) and which functions you used on these services and how you used them. This includes information about outstanding and previous debts, your repayment history and your personal preferences.
  • Technical information generated by your use of Klarna's services - Technical data such as: E.g. website response time, download errors, date and time you used the service.
  • Information about your contacts with Klarna customer service - recorded telephone calls, chat conversations and email correspondence.
  • Your contacts with the merchants you shop at or visit - information about how you interact with merchants, e.g. B. whether you have received goods and the type of retailers you purchase from.
  • Device information - IP address, language settings, browser settings, time zone, operating system, platform, screen resolution and similar data about your device settings.
  • Information from external sanctions lists and PEP lists - Sanctions lists and lists of politically exposed persons ("PEP") contain information such as name, date of birth, place of birth, occupation or position and the reason why the person is on the respective list.
  • Sensitive personal data - Sensitive personal data is data revealing religious beliefs, political or philosophical views or trade union membership, as well as information about health status, sex life or sexual orientation.
  • Service-specific personal data - As part of our services in the Klarna mobile app and in connection with Email Connect, Personal Finance and to register for events, we use other personal data that does not fall into the categories listed above. Information about the individual services is listed here:
    • The Klarna mobile app: Any content you upload to the app (e.g. photos or receipts), location information, information about how you use the browser and the websites you visit;
    • Email Connect: Information from the connected email account about your completed purchases, product, price and quantity information, tracking numbers and merchant information that we share with the Klarna mobile app;
    • Personal Finance: Data from your other bank accounts and other types of accounts (e.g. card accounts) that you connect to the Service, as well as data such as account number, bank, historical transactions from your connected accounts, and balances and assets; and
    • Registration for events on social media: Information about your profile from your social media account and business data such as name, address and company type of your employer.

You can also find detailed information about the relevant personal data for each social media service here in our General Terms and Conditions.

4. Which personal data are used for which purposes and on what legal basis?

For a better overview, we describe in the following tables what (for what purpose) we use your personal data and which categories of personal data we use for each purpose. See Section 3 to learn which data points fall under each category of personal data. The tables also identify what legal rights we have under current data protection legislation, such as the GDPR, to process your data, which is referred to as our “legal basis”. The tables also indicate when Klarna stops using the personal data for the respective purpose. Finally, you can see from the tables whether it is data that we receive from you or whether it is data that Klarna receives from another source. For data from another source, this source is indicated in parentheses.

4.1 The following are the purposes for which your personal data will be used by Klarna in all cases , regardless of which service you use.

Purpose of processing - what we do and why

Categories of personal data used for the purpose and where they come from (source). See Section 3 for more information about what data each category includes.

Legal basis for processing in accordance with the GDPR

At what point the purpose no longer applies (see Section 9 for further information on data deletion)

To manage our customer relationship with you for each service you use in accordance with our agreements. This includes creating and sending information to you electronically (not marketing).

From you:

  • Contact and identification information.
  • Payment Information.
  • Sensitive Personal Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)
  • Service-specific personal data (see Section 3 ).

The processing is necessary so that Klarna can fulfill a contract with you (Art. 6 Para. 1 b) GDPR).

If the Service processes information that constitutes sensitive personal data (e.g. from materials you upload), our processing is based on your express consent (Article 9 Para. 2 a) GDPR).

When the contract between you and Klarna ends.

To conduct customer satisfaction and market research surveys via email, text messages, telephone calls or other communication channels.

If you do not want such processing, please contact us to let us know. See Section 2 for more information about your rights. Our contact information can be found in Section 12 .

From you:

  • Contact and identification information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna concluded that we have a legitimate interest in conducting such surveys, that the processing is necessary to achieve this purpose and that our interest outweighs your right not to have your data processed for this purpose.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

When the contract between you and Klarna ends.

Ensuring network and information security for Klarna’s services.

From you:

  • Contact and identification information.

From other sources:

  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in being able to guarantee network and information security, that the processing is necessary to achieve this purpose and that our interest overrides your right not to process your data for this purpose let, predominates. It is also in your interest as a customer that we ensure good information security.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

Your data will be processed for as long as you use a service.

To support you as a vulnerable customer (i.e. if you need additional assistance in contacting us due to special circumstances). This means that we can offer you special support, e.g. B. when you contact customer service.

From you:

  • Contact and identification information.
  • Sensitive personal data (information about your health status).

From other sources:

  • Information about your use of Klarna’s services. (Klarna)

Based on your consent (Art. 6 Para. 1 a) and Art. 9 Para. 2 a) GDPR).

If you inform us that you are no longer classified as a vulnerable customer or withdraw your consent. We will also stop this processing if and when you inform us that you no longer wish to be a Klarna customer.

To conduct risk analysis, prevent fraud and manage risk.

We carry out the processing to confirm your identity and ensure that the data you provide is correct, as well as to prevent crime.

This processing constitutes profiling and automated decision-making. We use automated decision-making for this purpose to determine whether you pose a risk of fraud. For more information about profiling and automated decisions, see Section 6 .

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)
  • Sensitive Personal Information

The processing is necessary so that Klarna can fulfill a contract with you (Art. 6 Para. 1 b) GDPR).

We are also legally obliged to verify the identity of our customers (Article 6 Para. 1 c) GDPR), (Swedish Law (2017:630) on measures against money laundering and terrorist financing ).

This processing takes place for the duration of your use of a Klarna service.

If Klarna has identified a risk in the way you use Klarna, we will continue to use your data for this purpose and, if there is a risk of fraud, we will continually update our risk assessment. We process your data for as long as we are legally obliged to keep your data. Further information about our legal retention obligations and rights can be found in Section 9 .

To anonymize your personal data and, based on this, improve our services and products and analyze customer behavior.

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)
  • Service-specific personal data (see Section 3 ).

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in anonymizing your personal data for product development purposes and analyzing customer behavior in order to improve the service and customer experience. We ensure that the related processing is necessary to achieve the purpose of the processing and that our interests outweigh your right not to have your data processed for this purpose. By anonymizing data about you, we ensure that we use personal data as little intensively as possible.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

This processing occurs throughout the period that Klarna needs to retain the data in its systems, for example to fulfill the contract concluded with you or to comply with applicable law. Further information about our legal retention obligations and rights can be found in Section 9 .

To carry out data analyzes for product development and testing to improve our risk and credit models and to design our services (if possible, the data is anonymized in the first step, i.e. no further processing of personal data takes place afterwards).

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)
  • Service-specific personal data (see Section 3 ).

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in carrying out data analyzes for product development and testing purposes. We ensure that the related processing is necessary to achieve the purpose of the processing and that our interests outweigh your right not to have your data processed for this purpose. In addition, our customers benefit from the processing as it helps us to provide error-free and sustainable services.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

This processing occurs throughout the period that Klarna needs to retain the data in its systems, e.g. B. to fulfill the contract concluded with you or to comply with applicable law. Further information about our legal retention obligations and rights can be found in Ab

This processing occurs throughout the period that Klarna needs to retain the data in its systems, e.g. B. to fulfill the contract concluded with you or to comply with applicable law. Further information about our legal retention obligations and rights can be found in Section 9 .

To create statistics and reports for economic analysis or analysis of payment trends or payment volumes in specific regions or industries (if possible, the data is anonymized in the first step, i.e. no further processing of personal data takes place afterwards).

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Service-specific personal data (see Section 3 ).

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in creating statistical data and reports for this purpose. We ensure that the related processing is necessary to achieve the purpose of the processing and that our interests outweigh your right not to have your data processed for this purpose.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

This processing occurs throughout the period that Klarna needs to retain the data in its systems, e.g. B. to fulfill the contract concluded with you or to comply with applicable law. Further information about our legal retention obligations and rights can be found in Section 9 .

To check and verify your identity.

From you:

  • Contact and identification information.

The processing is necessary so that Klarna can fulfill a contract with you (Art. 6 Para. 1 b) GDPR).

As long as you use one of Klarna’s services.

To disclose your personal data to the categories of recipients described in Section 7.1 (suppliers and subcontractors, Klarna group companies, persons with authority over your financial transactions, public authorities and buyers of receivables, companies or assets).

Varies depending on the recipient (see section 7.1 ).

This processing occurs throughout the period that Klarna needs to retain the data in its systems, e.g. B. to fulfill the contract concluded with you or to comply with applicable law. Further information about our legal retention obligations and rights can be found in Section 9 .

To decide what type of marketing we will offer you.

If you do not want such processing, please contact us to let us know. Our contact information can be found in Section 12 .

The processing can constitute profiling. See Section 6 for further information about your rights.

From you:

  • Contact and identification information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)
  • Service-specific personal data (see Section 3 ).

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in determining what type of marketing we should offer you. We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose. This is done taking into account that marketing is listed as an example of a legitimate interest in the GDPR.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

When the contract between you and Klarna ends, or if you inform us that you are not interested in this processing.

To send you marketing materials and offers about our Services.

If you do not want such processing, please contact us to let us know. Our contact information can be found in Section 12 .

From you:

  • Contact and identification information.

From other sources:

  • Information about your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in sending you marketing communications about our services and offers. We ensure that the related processing is necessary to pursue that interest and that our interest outweighs your right not to have your data processed for this purpose. This is taking into account that marketing is listed as an example of a legitimate interest in the GDPR.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

When the contract between you and Klarna ends, or if you inform us that you are not interested in this processing.

To protect Klarna from legal claims and to protect Klarna’s legal interests.

In the event of a dispute, Klarna may also collect other categories of personal data about you if we need it to exercise our rights.

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in being able to protect ourselves from legal claims. We ensure that the related processing is necessary to achieve the purpose of the processing and that our interests outweigh your right not to have your data processed for this purpose.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

This processing occurs throughout the period that Klarna needs to retain the information in its systems, for example to fulfill the contract entered into with you or to comply with applicable law. Further information about our legal retention obligations and rights can be found in Section 9 .

4.2 Purposes for which your personal data is used when you use one of Klarna's payment methods, log in to a merchant using Klarna or choose to pay by debit or credit card when paying in Klarna's checkout at a merchant.

Purpose of processing - what we do and why

Categories of personal data used for the purpose and where they come from (source). See Section 3 for more information about what data each category includes.

Legal basis for processing in accordance with the GDPR

At what point the purpose no longer applies (see Section 9 for further information on data deletion)

To transfer the merchant’s right to payment for your purchase to Klarna (“factoring”).

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we (and the dealer) have a legitimate interest in selling or buying your outstanding claims. We ensure that the related processing is necessary to achieve the purpose of the processing and that our interests outweigh your right not to have your data processed for this purpose.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

At the time of purchase.

To share your personal data with the categories of recipients described in Section 7.2 (merchants, payment service providers and financial institutions, fraud prevention entities, companies that provide identity information and Google).

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)

Varies depending on the recipient (see section 7.2 ).

Primarily during the purchase, but also throughout the entire period that Klarna stores the data in its systems, i.e. H. until the data is deleted. Further information about our legal retention obligations and rights can be found in Section 9 .

If you purchase from a merchant that offers Klarna as a payment method or uses Klarna's checkout, we determine the order in which different payment methods should be offered to you in the merchant's checkout process. This processing has no influence on which of Klarna’s payment methods are available to you.

If you do not want such processing, please contact us to let us know. Our contact information can be found in Section 12 .

This processing constitutes profiling. See Section 6 for more information about your rights.

From you:

  • Contact and identification information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)

If you have accepted and use the Klarna service called “Shopping Service”, which is described in more detail in the general terms and conditions of the service, which you can find here , the processing of the data takes place on the legal basis of the fulfillment of the contract between you and Klarna in accordance with Art. 6 Para. 1 (b) GDPR.

If you have not concluded the “Shopping Service” contract, the processing is instead based on a balance of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in checking the order in which you are offered various payment options in the merchant's checkout process. We ensure that the related processing is necessary to achieve the purpose of the processing and that our interests outweigh your right not to have your data processed for this purpose.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

When viewing payment methods in checkout.

To prevent Klarna's products and services from being used for money laundering or terrorist financing by monitoring and verifying transactions. Klarna also carries out ongoing risk assessments and creates risk models to combat money laundering and terrorist financing.

This processing constitutes profiling and automated decision-making. Further information on profiling and automated decision-making can be found in Section 6 .

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information (your device)
  • Information from external sanctions lists and PEP lists. (sanctions lists and PEP lists)
  • Sensitive personal data (information about political opinions, religious beliefs and/or health information contained in the PEP lists).
  • Service-specific personal data (see Section 3 for information about Klarna's savings and payment accounts).

To comply with laws (Art. 6 Para. 1 c) GDPR), (Swedish Law (2017:630) on measures against money laundering and terrorist financing ).

With regard to sensitive personal data, the condition is that the processing is necessary in the public interest (Art. 9 Para. 2 g) GDPR).

As soon as the contract between you and Klarna ends. See Section 9 for further information about our obligations and our right to retain information in accordance with legal requirements.

To conduct a fraud prevention check before accepting a purchase.

This processing constitutes profiling and automated decision-making. We use automated decision-making for this purpose to determine whether you pose a risk of fraud. For more information about profiling and automated decisions, see Section 6 .

See also Section 7.2.3 regarding our use of fraud prevention organizations and companies with whom your information may be shared and our legal basis for such sharing.

From you:

  • Contact and identification information.
  • Payment Information

From other sources:

  • Information about goods/services. (dealer)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information (your device)

In addition, Klarna receives information from fraud prevention institutions and companies about whether your information indicates an attempted fraud.
The processing is necessary so that Klarna can fulfill a contract with you (Art. 6 Para. 1 b) GDPR). When conducting the fraud check.

For bookkeeping and accounting in accordance with applicable accounting regulations and for the retention of information within the scope of bookkeeping and accounting in accordance with applicable laws.

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your use of Klarna’s services. (Klarna)
  • Information about your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)

To comply with the law (Art. 6 para. 1 c) GDPR), ( Swedish Accounting Act (1999:1078 ).

During the accounting period and 7 years after the end of the year in which the data was collected. Further information about our legal retention obligations and rights can be found in Section 9 .

Perform calculations in accordance with capital adequacy regulations.

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Service-specific personal data (see Section 3 for information about Klarna's savings and payment accounts).

To comply with laws (Article 6 Para. 1 c) GDPR), ( Capital Adequacy Regulation 575/2013 and Capital Adequacy Directive 2013/36 ) .

Seven years after the end of the year in which the data was collected. Further information about our legal retention obligations and rights can be found in Section 9 .

4.3 Purposes for which your personal data is used when you use one of Klarna's payment methods where you are granted credit or when you use the Klarna Card or the one-off payment card.

You will be granted credit for the following services: “Pay Later” (invoice), “Pay Now” (payment by direct debit), “Financing” (installment purchase), the Klarna Card and one-off payment cards (all available in the Klarna mobile app ).

Purpose of processing - what we do and why

Categories of personal data used for the purpose and where they come from (source). See Section 3 for more information about what data each category includes.

Legal basis for processing in accordance with the GDPR

At what point the purpose no longer applies (see Section 9 for further information on data deletion)

To carry out a credit check before a loan is granted.

This constitutes profiling and the decision to approve or reject the loan constitutes an “automated decision”. See Section 6 for more information on profiling and automated decisions.

See also section 7.3.1 about our use of credit reference agencies to which your information may be shared and our legal basis for this sharing.

From you:

  • Contact and identification information.

From other sources:

  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)

To conclude and implement the credit agreement (Art. 6 Para. 1 b) GDPR).

Once the credit check is completed.

To disclose your personal data to the categories of recipients described in Section 7.3 (credit reference agencies, debt collection agencies and other purchasers of outstanding debts as well as VISA, debt purchasers and digital wallet providers).

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods and services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)

Varies depending on the recipient (see section 7.3 ).

Primarily during the purchase, but also throughout the entire period in which Klarna stores the data in its systems, i.e. until it is deleted. Further information about our legal retention obligations and rights can be found in Section 9 .

To transfer Klarna's right to payment for your purchase to a new claim holder.

From you:

  • Contact and identification information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in selling outstanding loans as part of our business activities. We ensure that the processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

Processing can occur as long as the claim remains unpaid (you will be notified when the claim is transferred).

To provide debt collection services, i.e. H. to collect and sell overdue receivables.

From you:

  • Contact and identification information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in the collection and sale of receivables. We ensure that the related processing is necessary to achieve the purpose of the processing and that our interests outweigh your right not to have your data processed for this purpose.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

As soon as the claim is settled.

In order to prevent Klarna's products and services from being used for money laundering or terrorist financing, transactions are monitored and verified, risk assessments are carried out and risk models are created.

This processing constitutes profiling and if it is decided that you pose a money laundering risk, this will constitute an automated decision. Further information on profiling and automated decisions can be found in Section 6 .

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your financial situation. (Klarna and credit reporting agencies)
  • Information about your use of Klarna’s services. (Klarna)
  • Technical information generated through your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Device information. (your device)
  • Information from external sanctions lists and PEP lists. (sanctions lists and PEP lists)
  • Sensitive personal data (information about political opinions, religious beliefs and/or health information contained in the PEP lists).

To comply with laws (Art. 6 Para. 1 c) GDPR), (Swedish Law (2017:630) on measures against money laundering and terrorist financing ).

With regard to sensitive personal data, the condition is that the processing is necessary in the public interest (Art. 9 Para. 2 g) GDPR).

Up to five years after termination of the contract or after termination of the customer relationship (up to ten years if law enforcement authorities request this). Further information about our legal retention obligations and rights can be found in Section 9 .

For archiving and accounting in accordance with applicable accounting regulations.

From you:

  • Contact and identification information.
  • Payment Information.

From other sources:

  • Information about goods/services. (dealer)
  • Information about your use of Klarna’s services. (Klarna)
  • Your contacts with the retailers you shop at or visit. (dealer)
  • Service-specific personal data (see Section 3 for information about Klarna's savings and payment accounts).

To comply with the law (Art. 6 para. 1 c) GDPR), ( Swedish Accounting Act (1999:1078 ).

Seven years after the end of the year in which the data was collected. Further information about our legal retention obligations and rights can be found in Section 9 .

4.4 Processing of your personal data when using Klarna’s shopping service

When you use Klarna's shopping service, Klarna processes your personal data for the purposes described in the table below. The terms and conditions for the Shopping Service and the description of the functions that the Shopping Service includes can be found here .

Purpose of processing - what we do and why

Categories of personal data used for the purpose and where they come from (source). See Section 3 for more information about what data each category includes.

Legal basis for processing in accordance with the GDPR

At what point the purpose no longer applies (see Section 9 for further information on data deletion)

To provide Klarna’s shopping service and associated features.

The service includes the creation of profiles to personalize the content in the Klarna mobile app and in the Klarna Checkout.

  • All categories mentioned in Section 3 ;
  • Service-specific personal data (see Section 3 ).
  • Sensitive Personal Information.

The processing is necessary so that Klarna can fulfill a contract (general terms and conditions of the shopping service) with you (Art. 6 Para. 1 b) GDPR).

If the Shopping Service also processes data that constitutes sensitive personal data (if you have uploaded this data, for example through receipts for certain purchases/memberships, or if you have otherwise given us access to this data), our processing will take place based on your express consent (Art. 9 Para. 2 a) GDPR). See Section 3 for more information about this type of personal data.

When the contract between you and Klarna ends.

You are free to share your location with us or not. We use this information to find dealers in your area.

You can turn off location sharing on your device at any time.

From you:

  • Service-specific personal data (see Section 3 ).

The processing is necessary so that Klarna can fulfill a contract (general terms and conditions of the shopping service) with you (Art. 6 Para. 1 b) GDPR).

As soon as you exit the function. After we have shown you the dealers in your area, Klarna will no longer save your location.

To provide you with a browser via Klarna's mobile application with which you can e.g. B. can visit retailers' websites. Klarna collects information about how you use the browser to customize the content of the Klarna mobile app.

From you:

  • Sensitive Personal Information.
  • Service-specific personal data (see Section 3 for information about the Klarna mobile app).

The processing is necessary so that Klarna can fulfill a contract (general terms and conditions of the shopping service) with you (Art. 6 Para. 1 b) GDPR).

If the service processes information that constitutes sensitive personal data (e.g. from pages that you visit), this processing is carried out on the basis of your express consent (Art. 9 Para. 2 a) GDPR). However, this sensitive information is only used to show you the current website in the browser.

When the contract between you and Klarna ends.

To share your personal data with the categories of recipients described in Section 7.5 (affiliate networks, Google, partners in the Personal Finances service and the offers and benefits program, and logistics and transport companies).

From you:

  • Contact and identification information.
  • Sensitive personal data (if you have uploaded it or otherwise given us access to this data).

From other sources:

  • Information about goods/services. (dealer)
  • Device information. (your device)
  • Service-specific personal data (see Section 3 for information about Klarna's mobile application).

Varies depending on the recipient (see section 7.5 ).

When the contract between you and Klarna ends.

4.5 Additional services you can access via the Klarna mobile app

Purpose of processing - what we do and why

Categories of personal data used for the purpose and where they come from (source). See Section 3 for more information about what data each category includes.

Legal basis for processing in accordance with the GDPR

At what point the purpose no longer applies (see Section 9 for further information on data deletion)

If you have connected your email account to Klarna's Email Connect service, Klarna will periodically connect to your email account(s) to receive information about your purchases.

You can cancel this service at any time. From the moment of termination, Klarna will no longer have access to your email account.

From other sources:

  • Sensitive Personal Information. (The webmail provider)
  • Service-specific personal data (see Section 3 for information about Email Connect). (The webmail provider)

The processing is necessary so that Klarna can fulfill a contract (general terms and conditions of the shopping service) with you (Art. 6 Para. 1 b) GDPR).

If the service processes sensitive personal data (from your transactions), this processing is carried out on the basis of your express consent (Art. 9 Para. 2 a) GDPR). For more information, see Section 3 .

When the contract between you and Klarna ends.

If you have chosen to connect your bank accounts to the Personal Finance service, Klarna will display and provide you with tools to control your finances in the form of offers tailored to your specific needs.

This processing constitutes profiling aimed at tailoring the service based on an assessment of your potential interests. For more information on profiling, see Section 6 .

If you choose to take advantage of offers and benefits offered by Klarna as part of this service, we will share your personal data with the partner who provides it (see section 7.5.3 ).

From other sources:

  • Sensitive Personal Information. (Your connected account)
  • Service-Specific Personal Data (see Section 3 for information on Personal Finance). (Your connected account)

The processing is necessary so that Klarna can fulfill a contract (General Terms and Conditions for the Account Information Service) with you (Art. 6 Para. 1 b) GDPR).

If the service processes sensitive personal data (from your transactions), the processing is carried out on the basis of your express consent (Art. 9 Para. 2 a) GDPR). For more information, see Section 3 .

When the contract between you and Klarna ends.

4.6 Offers and invitations to events published on social media, as well as any contact with us via social media

Purpose of processing - what we do and why

Categories of personal data used for the purpose and where they come from (source). See Section 3 for more information about what data each category includes.

Legal basis for processing in accordance with the GDPR

At what point the purpose no longer applies (see Section 9 for further information on data deletion)

If you register for an event that is published on social media, we process your personal data to provide the requested service.

You can unsubscribe at any time by contacting us. Our contact information can be found in Section 12 .

From you:

  • Contact and identification information.
  • Service-specific personal data (see Section 3 regarding registrations for events on social media).

The processing is necessary so that Klarna can fulfill a contract with you (related to your participation in the event) (Art. 6 Para. 1 b GDPR).

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12 .

Once the event has taken place.

4.7 Processing of data by Klarna when contacting customer service

Purpose of processing - what we do and why

Categories of personal data used for the purpose and where they come from (source). See Section 3 for more information about what data each category includes.

Legal basis for processing in accordance with the GDPR

At what point the purpose no longer applies (see Section 9 for further information on data deletion)

To handle all matters brought to Klarna’s customer service.

This includes retaining various forms of written conversations to document customer issues, as well as for security and anti-fraud purposes.

From you:

  • Information about your contacts with Klarna customer service.

From other sources:

  • Information about your contacts with Klarna customer service. (Klarna)

Fulfillment of contracts (Art. 6 Para. 1 b) GDPR).

Depending on the statutory statute of limitations, up to ten years. Further information about our legal retention obligations and rights can be found in Section 9 .

Quality and service improvement (to ensure satisfactory customer service). We may record telephone conversations between you and our employees for quality purposes to improve the quality of our products and services.

From you:

  • Information about your contacts with Klarna customer service.

From other sources:

  • Information about your contacts with Klarna customer service. (Klarna)

The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in improving our services, internal training and quality controls as well as documenting communication with our customer service. We ensure that the related processing is necessary to achieve the purpose of the processing and that our interests outweigh your right not to have your data processed for this purpose. As a customer, you also have an interest in the quality of the interaction between Klarna and you.

You may contact us for further information on how this balancing was made. Our contact information can be found in Section 12

.

90 days from the day the recording was taken.

If you contact us via social media such as Facebook or Twitter, your personal data will also be collected and processed by these companies in accordance with their data protection declarations. This also applies to the answer you receive from us. Klarna processes this information to answer your questions.

From you:

  • Contact and identification information.
  • Information about your contacts with Klarna customer service.

From other sources:

  • Information about your contacts with Klarna customer service. (Klarna)

Fulfillment of contracts (Art. 6 Para. 1 b) GDPR).

Once we have answered your question.

5. How can you revoke your consent?

If Klarna uses your personal data based on your consent, you can withdraw your consent at any time. You can do this via email to datenschutz.ch@klarna.com or using the contact information in Section 12 .

You can also delete uploaded data from the Klarna mobile app or cancel the service in which personal data is processed. We will then delete the data. If you withdraw your consent or delete the uploaded data, you may not be able to use the service if Klarna processes personal data as part of the service on the basis of your consent.

6. Klarna’s use of profiling and automated decisions that significantly affect you

6.1 Profiling by Klarna regarding you as a customer.

“Profiling” is automated processing of personal data to evaluate certain aspects of you, for example by analyzing or predicting your personal preferences, e.g. B. Buying interests. At the same time, we compare your data with what our other customers who use our services in a similar way to you prefer.

In Section 3 you will find detailed information about the purpose of profiling by Klarna and the categories of personal data used for the respective occasion and profiling. Profiling for these purposes has no significant impact on you as a customer.

We use profiling for the following purposes:

  • To provide our tailored services that customize their content based on your potential interests (this applies to the Klarna mobile app, its various features and the order in which different payment methods appear in Klarna Checkout), and
  • to provide you with tailored marketing.

Please contact us if you have any questions about how the profiling process works. Our contact information can be found in Section 12 . You can object to our marketing profiling at any time by contacting us (we will then stop profiling for marketing purposes). You can also stop profiling on our Services by canceling the Service.

6.2 Automated decisions by Klarna that significantly affect you.

The term “automated decisions that give rise to legal consequences or automated decisions that similarly significantly affect you” means that certain decisions in our Services are completely automated without the involvement of our employees. These decisions have a significant impact on you as a customer and are comparable to legal consequences. By making such decisions automatically, Klarna increases its objectivity and transparency when deciding to offer these services to you. At the same time, you have the right to object to these decisions at any time. Later in this section we explain how you can appeal these decisions.

Automated decisions that significantly affect you also mean that profiling is carried out based on your data before the decision is made. This profiling is done to assess your financial situation (before making a lending decision) or to determine whether your use of our services poses a risk of fraud or money laundering. We create a profile of your user behavior and financial situation and compare this data with behaviors and circumstances that we use to classify the risk differently depending on the materiality.

We make such automated decisions when we:

  • decide that your application to use a credit service will be approved.
  • decide that your application to use a credit service is not approved. These automated credit decisions are based on the data you provide, data from external sources such as credit reference agencies and Klarna's own internal information. In addition to information about you, Klarna's credit model includes a variety of other factors, such as: B. Klarna's internal credit risk classification and our customers' general repayment rates (e.g. based on the corresponding product category).
  • decide whether you pose a risk of fraud if our processing shows that your behavior indicates possible fraudulent behavior, that your behavior is inconsistent with previous use of our Services, or that you have attempted to disguise your true identity. Automated decisions that we use to assess whether you pose a risk of fraud are based on information you have provided to us, fraud prevention facilities (see Section 7.2.3 for details about which of these facilities we use) and on Klarna's own internal information.
  • decide whether there is a risk of money laundering if our processing reveals evidence that your behavior indicates money laundering. In relevant cases, Klarna also checks whether certain customers are listed on sanctions lists.

The categories of personal data used in each decision are set out in Section 3 . See Section 7 for more information about who we share data with in connection with profiling for automated decisions.

If your application is not approved as a result of the automated decisions described above, you will not have access to Klarna's services, such as: B. our payment methods. Klarna has several safeguards in place to ensure that decisions are appropriate. These mechanisms include ongoing monitoring of our decision models and samples in individual cases. If you have any concerns about the result, you can contact us. We will then check whether the procedure was carried out appropriately. You can also object by following the steps below.

Your right to object to these automated decisions

You have the right at any time to object to an automated decision with legal consequences or decisions that could otherwise significantly affect you (in connection with the relevant profiling) by sending an email to datenschutz.ch@klarna .com send. A Klarna representative will then review the decision taking into account any additional information you have provided and the circumstances you have explained.

7. Who do we share your personal data with?

If we transfer your personal data, we will ensure that the recipient processes it in accordance with this privacy policy, e.g. B. by concluding data transfer agreements or order processing contracts with the recipients. These agreements require the contracting parties to take all appropriate contractual, legal, technical and organizational measures to ensure that your data is processed with an appropriate level of protection and in accordance with applicable law.

7.1 Categories of recipients to whom Klarna always shares your personal data, regardless of which service you use.

7.1.1 Suppliers and Subcontractors.

Description of the recipient : Suppliers and subcontractors are companies that are only authorized to process the personal data they receive from Klarna on behalf of Klarna, i.e. as a processor. Examples of such suppliers and subcontractors include software and data storage providers, payment service providers and business consultants.

Purpose and legal basis: Klarna needs access to services and functionalities from other companies if it cannot provide them itself. Klarna has a legitimate interest in being able to access these services and functions (Art. 6 Para. 1 f) GDPR). We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.1.2 Klarna Group

Description of the recipient : Klarna Group company.

Purpose and legal basis: This is necessary so that Klarna can provide you with services and functions. Klarna has a legitimate interest in being able to access these services and functions (Art. 6 Para. 1 f) GDPR). We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.1.3 A person who has power of attorney over your financial affairs.

Description of recipient : In certain circumstances, Klarna will transfer your personal data to a person who has the right to access this data based on a power of attorney.

Purpose and legal basis: This processing is carried out to facilitate your contact with us (through representatives) and is based on your consent (Art. 6 para. 1 a) GDPR).

7.1.4 Authorities.

Description of the recipient : Under certain circumstances, Klarna forwards necessary information to authorities such as the police, tax authorities, tax authorities or other authorities and courts.

Purpose and legal basis: Personal data will be disclosed to authorities if we are legally obliged to do so, or in some cases if you have asked us to do so, or if this is necessary to manage tax deductions or to combat crime. Such a legal obligation to provide information exists, for example, if measures have to be taken to combat money laundering and terrorist financing. Depending on the authority and purpose, the legal bases are the obligation to fulfill legal obligations (Art. 6 Para. 1 c) GDPR), the fulfillment of the contract with you (Art. 6 Para. 1 b) GDPR) or Klarna's legitimate interest, to protect yourself from crime (Art. 6 Para. 1 f) GDPR).

7.1.5 Sale of companies or assets.

Description of recipient: In the event that Klarna sells a business or assets, Klarna may transfer your personal data to a potential buyer of that business or asset. If Klarna or a significant portion of Klarna's assets is acquired by a third party, personal information about Klarna's customers may also be passed on.

Purpose and legal basis: Klarna has a legitimate interest in being able to carry out such transactions (Art. 6 Para. 1 f) GDPR). We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.2 Categories of recipients to whom Klarna shares your personal data when you use Klarna's payment methods, log in to a merchant with Klarna or decide to pay by debit or credit card in Klarna's checkout at a merchant.

7.2.1 Dealer

Description of Recipient: By Merchants we mean the merchants that you visit or purchase from (which may include the relevant merchant's affiliates if you have been informed so by the merchant).

Purpose and legal basis: To enable the merchant to carry out and manage your purchase and the customer relationship with you or the relationship between you and the merchant's affiliates, e.g. B. by verifying your identity, shipping goods, dealing with questions and disputes, preventing fraud and, if necessary, sending relevant advertising. The Merchant's Privacy Policy applies to the processing of your personal data that has been provided to the Merchant and which the Merchant processes. You will usually find a link to their privacy policy on the retailer's website. The legal basis for the transfer of data to the dealer is, on the one hand, the fulfillment of a contract (Art. 6 Para. 1 b) GDPR), provided that the data is passed on to fulfill the contract between you and the dealer, and, on the other hand, what is legitimate Interest of Klarna and the retailer (Art. 6 Para. 1 f) GDPR). We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.2.2 Payment service providers and financial institutions.

Recipient Description: Payment service providers and financial institutions provide services to you, merchants and Klarna to implement and manage electronic payments across a variety of payment methods, such as: B. Credit cards and bank-based payment methods such as direct debit and bank transfer.

Purpose and legal basis : Some merchants use payment service providers to whom they forward your data to manage your payment. This sharing is carried out in accordance with the relevant merchants' own privacy policies. The merchant may also allow Klarna to pass on your data to the payment service provider it uses to process your payment. Some payment service providers also collect and use your data independently and in accordance with their own privacy policies. This is e.g. This is the case, for example, with providers of digital wallets. In addition, Klarna may share your information with other financial institutions when completing transactions with your account to complete payments. The forwarding to payment service providers and financial institutions takes place in order to carry out a transaction initiated by you and to fulfill the contract with you (Art. 6 Para. 1 b) GDPR).

7.2.3 Fraud prevention institutions and companies that offer identity checks.

Description of the recipient: Your personal data will be shared with fraud prevention organizations and companies that carry out identity verification.

Purpose and legal basis: Klarna forwards your information to verify your identity and the accuracy of the data you have provided, as well as to combat fraud and crime. The companies we work with are listed here . Please note that these companies may process your data in accordance with their own privacy policies. Klarna transfers your data on the basis of the legitimate interest in carrying out the business activity (Art. 6 Para. 1 f) GDPR), as the fraud prevention agencies and the companies that offer identity verification have information about fraud activities and identity confirmations that are necessary for Klarna are important in reducing the number of fraudulent transactions. We ensure that the related processing is necessary to pursue that interest and that our interest outweighs your right not to process your data for this purpose. You have the right to object to this processing on grounds relating to the circumstances of your individual case. For more information about your rights, see Section 2 . You may also contact the companies listed in the link above to exercise the same rights as set out in Section 2 against these companies.

7.2.4 Google.

Recipient Description : If you use Google Maps in checkout (e.g. by searching your address in the address bar), your personal information will be shared with Google. Google processes your data in accordance with the Google Maps/Google Earth Terms of Use and Privacy Policy .

Purpose and legal basis : Klarna passes on this information on the basis of Klarna's legitimate interest in carrying out its business activities (Art. 6 Para. 1 f) GDPR), as Google Maps provides the address search function in the checkout. We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.3 Categories of recipients to whom Klarna passes on your data if you use one of Klarna's payment methods where you are granted credit or if you use the Klarna Card or the card for one-off payment.

7.3.1 Credit reference agencies.

Description of the recipient: If you request a Klarna service for which we will grant you credit ( Section 4.3 describes which Klarna services you will receive credit for) or apply for a Klarna account, we will pass on your personal data to credit reporting agencies. If the amounts are small or if we already have sufficient information, no such forwarding will take place.

Purpose and legal basis: Your personal data will be shared with credit reference agencies to assess your creditworthiness in connection with your credit application, to verify your identity and contact details and to protect you and other customers from fraud. This data transfer constitutes a credit report.

In Switzerland, Klarna sends your name, address and telephone number to the credit agency for the credit check. Our credit check has no influence on your creditworthiness.

The credit reference agencies process your data in accordance with their own privacy policies. Information about which credit agencies we work with can be found here .

Klarna transmits your data on the basis of the legitimate interest in carrying out the business activity (Art. 6 Para. 1 f) GDPR), as the credit reporting agencies have information about your financial situation, which is important for Klarna to ensure a correct creditworthiness check and not to make loans to consumers who cannot repay them. We ensure that the related processing is necessary to pursue that interest and that our interest outweighs your right not to process your data for this purpose. You have the right to object to this processing on grounds relating to the circumstances of your individual case. For more information about your rights, see Section 2. You may also contact the companies listed in the link above to exercise the same rights as set out in Section 2 against those companies.

Credit information about you that we have received from a credit reporting agency is only stored in encrypted form by Klarna. If you would like a readable version, we recommend that you contact the credit reporting agency that notified you that Klarna has requested a credit report directly.

7.3.2 Debt collection companies (for overdue debts).

Description of the recipient: Klarna may need to pass on your data if we are responsible for the collection of unpaid, overdue debts to a third party, such as: B. a debt collection company, sell or outsource.

Purpose and legal basis: This data is shared in order to collect your overdue debts. Debt collection companies process personal data in accordance with their own data protection declarations or exclusively on behalf of Klarna in their capacity as Klarna's data processor. Debt collectors may report your unpaid debts to credit bureaus or government agencies, which may affect your credit rating and your ability to apply for future credit. This data is passed on on the basis of our legitimate interest in collecting and selling receivables (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in collecting and selling receivables. We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.3.3 VISA and digital wallet providers.

Recipient Description: We share information about you and your purchases when you use Klarna Card with VISA and members of the VISA card network. If you also add the Klarna Card to your digital wallet, we may need to pass your information to the provider of that wallet. In this case, the data will be processed in accordance with the privacy policy of this provider.

Purpose and legal basis: The transfer occurs to the extent necessary to carry out card transactions, prevent fraud and comply with the rules of the VISA card network. When you renew your Klarna Card or receive a new card, we transmit this information to VISA so that VISA can in turn inform third parties where you have previously stored your card information (e.g. for recurring transactions). The data is passed on in order to fulfill the contract with you (Art. 6 Para. 1 b) GDPR).

7.3.4 Acquirer of claims (for outstanding claims).

Description of the recipient: Klarna may transfer your outstanding claims to purchasers of claims.

Purpose and legal basis: Klarna forwards your contact and identification data (name, date of birth, social security number, address and telephone number), information about your financial situation (e.g. remaining balance, repayments and any negative payment history in relation to the current claim) as well as information about the goods or services associated with the claim when you transfer your claim to a transferee and on an ongoing basis until you pay that claim. The transferee will process your personal data in accordance with its own privacy policy, of which you will be informed when the claim is transferred.

The transfer of personal data to various purchasers is based on our legitimate interest in selling outstanding claims as part of our business activities (Art. 6 Para. 1 f) GDPR). We ensure that the related processing is necessary to pursue that interest and that our interest outweighs your right not to have your personal data processed for this purpose. You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.4 Categories of recipients to whom Klarna forwards your personal data when you use Klarna's shopping service .

7.4.1 Affiliate Networks.

Description of the recipient: If you decide to click on a sponsored link in the Klarna mobile app or on our website that leads to a merchant, product or service, you will be referred to the website via a third party, a so-called affiliate network Redirected to another company's website.

Purpose and legal basis: The affiliate network may place tracking technologies on your device that store information about the fact that you clicked on this link in the Klarna mobile app and which is subsequently used to document your visit to a retailer and to calculate any possible commission that Klarna may be entitled to.

The affiliate network may process your data in accordance with its own privacy policies. The processing is based on a balancing of interests (Art. 6 Para. 1 f) GDPR). As part of the balancing of interests, Klarna came to the conclusion that we have a legitimate interest in providing you with sponsored links to market retailers in the Klarna mobile app and on our website. We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose.

You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.4.2 Google.

Description of the recipient: If you use the Klarna mobile app via our web portal, Google collects your device information via Google's reCAPTCHA service implemented there, in some cases in combination with additional information that you enter into the reCAPTCHA service.

Purpose and legal basis : The processing of this information is based on Klarna's legitimate interest in carrying out its business activities (Art. 6 Para. 1 f) GDPR), as the reCAPTCHA service prevents the misuse of our services (e.g. by it prevents bots from logging in). Google processes this information in accordance with its Terms of Use and Privacy Policy . We ensure that the related processing is necessary to pursue this interest and that our interest outweighs your right not to have your data processed for this purpose.

You have the right to object to this processing on grounds relating to the specific circumstances of your case. See Section 2 for more information about your rights.

7.4.3 Partners within the framework of the Personal Finance service and the offers and benefits program.

Description of the recipient: Partner within the framework of the Personal Finance service and the Offers and Benefits program.

Purpose and legal basis : If you decide to take advantage of Klarna's offers and benefits as part of the Personal Finance service or the offers and benefits program, Klarna will pass on the personal data required to take advantage of the offer to our business partners ( including the information that you are a Klarna customer). The respective offer states which data will be forwarded. The data is forwarded in order to fulfill the contract between you and Klarna (Art. 6 Para. 1 b) GDPR).

7.4.4 Logistics and transport companies.

Description of the recipient: Logistics and transport company.

Purpose and legal basis: Klarna shares your personal data with logistics and transport companies that deliver the goods you ordered if you have registered for shipment tracking. For example, we share contact and identification information and tracking numbers.

Logistics and transport companies process your data in accordance with their own privacy policies. The transfer takes place to fulfill the contract between you and Klarna (Art. 6 Para. 1 b) GDPR).

7.5 Categories of recipients to whom Klarna forwards your personal data when you contact our customer service via social media.

7.5.1 Social Media.

Recipient description: Social media companies such as Facebook, Instagram or Twitter.

Purpose and legal basis: If you contact us via social media such as Facebook or Twitter, your personal data will also be collected and processed by these companies in accordance with their data protection declarations. The data is passed on in order to fulfill the contract with you (Art. 6 Para. 1 b) GDPR).

8. Where do we process your personal data?

We always endeavor to process your personal data within the EU/EEA. In certain situations, e.g. B. if we transfer your data to a Klarna Group company or a supplier or subcontractor operating outside the EU/EEA, your personal data may also be processed outside the EU/EEA. For more information about who we share data with, see Section 7. If the merchant you are purchasing from is outside the EU/EEA, transferring your data to that merchant will result in your data being transferred to that merchant country outside the EU/EEA. Please contact us if you require further information about our security measures. Our contact information can be found in Section 12 .

Other countries may have laws that allow personal data stored there to be disclosed in response to requests for information from authorities for the purposes of combating crime or maintaining national security. Regardless of whether we or one of our providers process your personal data, we will ensure that an adequate level of protection is ensured when transmitting that data and that appropriate safeguards are in place in accordance with applicable data protection requirements (such as the GDPR). Such appropriate protective measures exist if, among other things, it is ensured that:

  • the European Commission has decided that the third country to which your personal data is transferred has an adequate level of protection, or
  • the standard clauses of the European Commission have been included in the agreements between Klarna and the recipient outside the EU/EEA. In these cases, we will also check whether there are laws in the recipient's country that affect the protection of your personal data. If necessary, we will take special measures to ensure that your data remains protected during transfer to the relevant country outside the EU/EEA.

9. How long we store your personal data

Klarna stores your personal data in accordance with applicable laws, such as: B. the Money Laundering and Accounting Act (usually 5 years or 7 years). In addition, we will only retain your personal data for as long as necessary to fulfill the relevant purpose of our processing (for further information, see the table in Section 3 ).

Personal data that is important for the contractual relationship between you and Klarna is usually stored for the entire duration of the contractual relationship and after the end of the contractual relationship for a maximum period of 10 years due to statute of limitations.

In some cases, the data may need to be stored for longer due to capital adequacy requirements that Klarna must comply with. If you do not conclude a contract with us, the personal data will usually be stored for a maximum of 3 months. However, in some cases the data needs to be kept longer, e.g. B. due to money laundering laws or to protect Klarna from legal claims and to protect Klarna's legal interests.

10. How we use cookies and other types of tracking technology

In order to offer you a tailored and smooth user experience, Klarna uses various touchpoints, such as: B. on our website, in the Klarna mobile app and in the checkout of a merchant that uses Klarna, cookies and similar tracking technologies. Information about the tracking technologies used by Klarna and how you can accept or reject the use of tracking technologies can be found in the respective touchpoint.

11. Updates to this Privacy Policy

We are constantly working on improving our services with the aim of offering you a smooth user experience. This may involve changes to existing and future services. If such improvements require notice or consent from you under applicable law, you will be informed or given the opportunity to provide your consent. It is also important that you read this privacy policy before each use of our services, as the processing of your personal data may have changed compared to the last time you used the relevant service.

12. Klarna’s contact information

Klarna Bank AB (publ) is registered with the Swedish Companies Register under company number 556737-0431 and has its registered office at Sveavägen 46, 111 34 Stockholm.

Klarna has a data protection officer and a team of data specialists. We also employ a customer service team to deal with data protection issues. You can reach these contacts by email datenschutz.ch@klarna.com . If you would like to contact Klarna's data protection officer, please indicate this in the subject line.

Klarna Bank AB (publ) acts in accordance with Swedish data protection laws. Further information about Klarna can be found at www.klarna.at .

The privacy policy was last updated on May 30, 2021.

***