Klarna
Klarna’s Privacy Notice It is important to us that you feel safe when you pay with Klarna or use any of our other services. Therefore, we are providing all the information about how we use your personal data in this privacy notice. 1. Who is responsible for your private data? Klarna Bank AB (publ), registered with the Swedish Companies Registration Office under company number 556737-0431 and with registered office at Sveavägen 46, 111 34 Stockholm, and Klarna Financial Services UK Limited registered at Companies House under registration number 14290857, Aviation House, 125 Kingsway, Holborn, London WC2B 6NH, United Kingdom (“Klarna”, “we”, “our” or “us”), are each a controller of your personal data in accordance with the UK data protection laws (such as the EU Regulation 2016/679 as incorporated and amended into UK domestic law (the “UK GDPR”) and the Data Protection Act 2018. If you have any questions regarding the processing of your personal data, please contact our data protection team by writing to privacy@klarna.co.uk. 2. Your data protection rights as a data subject You have several rights under the UK GDPR related to you having control of your personal data and to receive information directly from us on how we process personal data about you. In the following you can read about your rights. If you want to know more or come in contact with us to exercise your rights, the easiest way is to email us on privacy@klarna.co.uk. If you want to receive information about the data Klarna holds about you through so-called subject access, or have certain data deleted, you can send a request to us by filling out this form, which is available on our homepage. For other types of questions please use the contact details in section 12. Your rights v6.1.0 Right to have personal data deleted (“Right to be forgotten”). In some cases, you have the right to have us delete personal data about you. For example you can request us to delete personal data that we (i) no longer need for the purpose it was collected for, or (ii) process based on your consent and you revoke your consent. There are situations where Klarna is unable to delete your data, for example, when the data is still necessary to process for the purpose for which the data was collected, Klarna’s interest to process the data overrides your interest in having them deleted, or because we have a legal obligation to keep it. You can read more about our legal obligations to keep data in section 4 and 9 in this Privacy Notice. The laws described there prevent us from immediately deleting certain data. You also have the right to object to us using your personal data for certain purposes such as direct marketing, which you can read more about in this list of your rights. Right to be informed. You have the right to be informed of how we process your personal data. We do this through this privacy notice, by service-specific FAQs, and by answering your questions. Right to receive access to your personal data (“Data Subject access”). You have the right to know if Klarna processes personal data about you, and to receive a copy (“data extract”) of such data, so-called data subject access. Through the data extract you will receive information about what personal data Klarna holds about you and how we process it. Right to access, and request a transfer, of your personal data to another recipient (“Data portability”). This right means that you can request a copy of the personal data relating to you that Klarna holds for the performance of a contract with you, or based on your consent, in a machinereadable format. This will allow you to use this data somewhere else, for example to transfer your personal data to another controller/recipient. Right to rectification. You have the right to request that we rectify inaccurate information or complete information about you that you consider is inaccurate or incomplete. Right to restrict processing. If you believe that your personal data is inaccurate, that our processing is unlawful or that we do not need the information for a specific purpose, you have the right to request that we restrict the processing of such personal data. You also have the possibility to request that we stop processing your personal data while we assess your request. If you object to our processing per your right described directly below, you may also request us to restrict processing of that personal data while we make our assessment. Right to object against our processing of your personal data. You have the right to object to processing of your personal data which is based on our legitimate interest (Article 6(1)(f) UK GDPR), by referencing your personal circumstances. You can also always object to our use of your personal data for direct marketing purposes. When you let us know that you no longer wish to receive direct marketing from us, we will turn off marketing for you, and stop sending it to you. Right to object to an automated decision that significantly affects you. You have the right to object to an automated decision made by Klarna if the decision produces legal effects or significantly affects you in a similar way. See section 6 on how Klarna makes use of automated decisions. Right to withdraw your consent. As described in section 5 below, where we process your personal data based on your consent or explicit consent, you have the right to revoke that consent at any time. When you revoke your consent we will stop processing your data for such purposes. Right to lodge a complaint. If you have complaints about Klarna’s processing of your personal data, you may lodge a complaint with your supervisory data protection authority, (the Information Commissioner), which can be reached using this link: https://ico.org.uk/. Settings in the Klarna mobile application: In the Klarna mobile application, Klarna provides you with the functionality to tailor your preferences for certain services, such as current notifications or autofill of your information at purchase.
3. What types of personal data do we collect? In this section, we describe the types of personal data that we collect or create. In section 4, we describe for what purposes we use these types of personal data. significantly affects you in a similar way. See section 6 on how Klarna makes use of automated decisions. Right to withdraw your consent. As described in section 5 below, where we process your personal data based on your consent or explicit consent, you have the right to revoke that consent at any time. When you revoke your consent we will stop processing your data for such purposes. Right to lodge a complaint. If you have complaints about Klarna’s processing of your personal data, you may lodge a complaint with your supervisory data protection authority, (the Information Commissioner), which can be reached using this link: https://ico.org.uk/. Settings in the Klarna mobile application: In the Klarna mobile application, Klarna provides you with the functionality to tailor your preferences for certain services, such as current notifications or autofill of your information at purchase. Contact and identification data - Name, date of birth, social security number, title, occupation, gender, billing and delivery address, e-mail address, mobile phone number, nationality, age, employment and employment history, audio recordings, photos and video recordings of you and your ID card etc. Information about goods/services - Details concerning the goods/services you have bought or ordered, such as type of item or delivery tracking number. Information about your financial standing - Information about, for example, your income, any credits, negative payment history and previous credit approvals. Payment information - Credit and debit card details (card number, expiry date and CVV code), bank account number, bank name. Information about your use of Klarna’s services - Which service(s) and what different functions in these services you have used and how you have used them. This includes information about outstanding and historical debt, your repayment history, and your personal preferences. Technical information generated through your use of Klarna’s services - Technical data such as response time for web pages, download errors and date and time when you used the service. Information about your contacts with Klarna’s customer service - Recorded phone calls, chat conversations and email correspondence. Your contacts with the stores you shop at or visit - Information about how you interact with stores, such as whether you have received goods and the type of store you shop at. Device information - Device ID, IP address, language settings, browser settings, time zone, operating system, platform, screen resolution and similar information about your device and device settings/usage. Information from external sanction lists and PEP lists - Sanction lists and lists of persons constituting politically exposed persons (“PEP”) include information such as name, date of birth, place of birth, occupation or position, and the reason why the person is on the list in question. Sensitive personal data - Sensitive personal data are data that reveal religious beliefs, political or philosophical views, trade union membership, or constitute information about health, sex life or sexual orientation as well as biometric data. Service-specific personal data - Within the framework of our services through the Klarna, Klarna’s savings and payment accounts, Auto-import/Magic Import, and Personal Finance, we use additional personal data that are not covered by the types listed above. Information regarding each service is listed here: The Klarna mobile application (the “Klarna App”) and browser extension (under the Klarna Shopping Service): All content you upload or submit (such as photos, receipts or product & store reviews), location information, geolocation information and websites you visit in the application’s browser, or with the extension installed; Klarna’s savings and payment accounts: Information about your transactions and deposits and information about where your money comes from, or will be used for. Klarna will also process data about third parties (such as payees or payers) for this service;
Auto-import/Magic Import: Information from the connected e-mail account about your completed purchases, product, price and quantity information, delivery tracking numbers and information about stores that we pass on to the Klarna mobile application; Personal Finance: Information from your other bank accounts and other types of accounts (such as card accounts) that you choose to connect to the service, as well as information such as account number, bank, historical transactions from your connected accounts and balances and assets;
Membership Connect Service: Information from your added third-party membership or loyalty card account such as membership information and credentials, points, status, levels, and balance history.
Event registration on social media: Information about your profile from your social media account and business information such as your employer’s name, address and type of company.
Detailed information on relevant personal data for each service can also be found in the terms and conditions we have listed here.
4. What personal data are used for what purposes and with which legal basis? In the tables below you can read about, 1. What we will use your personal data for (the purpose), 2. Which types of personal data we use for that purpose, and if the personal data comes directly from you or from another source. In the cases where we have received personal data about you from another source, we provide the source in brackets, 3. What legal rights we have under current data protection legislation, such as the UK GDPR, to process the data about you, referred to as our “legal basis”, and 4. When Klarna stops using the personal data for each purpose. 4.1 Purposes for which your personal data is always used, regardless of the service you use. Purpose of the processing - what we Type of personal data used for the purpose, Legal basis for processing When the purpose of using the personal
do and why. and where they come from (the source). See section 3 to read more about the different types of personal data. according to the UK GDPR. data ends. See section 9 for when Klarna deletes the data. To manage our customer relationship with you in accordance with our agreements, for each service you use. This includes creating and sending information to you in electronic format (not marketing). From you: From other sources: The processing is necessary for Klarna to perform a contract with you (Article 6(1)(b) UK GDPR). If the service processes information that constitutes sensitive personal data (e.g., from materials you choose to upload), our processing takes place based on your explicit consent (Article 9(2)(a) UK GDPR). When the contract between you and Klarna terminates. Contact and identification data. Payment information. Sensitive personal data. Information about goods/services. (The store) Information about your financial standing. (Klarna and credit information bureaus) Information about your use of Klarna’s services. (Klarna) Technical information generated through your use of Klarna’s services. (Klarna) Your contacts with the stores you shop at or visit. (The store) Device information. (Your device) Service-specific personal data (see section 3). To be able to perform customer satisfaction surveys and market surveys, conduct consumer research as well as ask for reviews from you, through email, text messages, phone or via other communication channels. If you do not want us to perform this processing, please contact us to let us know. See section 2 for more information about your rights. See section 12 for our contact information. From you: From other sources: The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in being able to perform the personal data processing, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. When the contract between you and Klarna terminates. To ensure network and information security in Klarna’s services. From you: From other sources: The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined This processing lasts for as long as you are using a service. Device information. (Your device) Service-specific personal data (see section 3). Contact and identification data. Information about your use of Klarna’s services. Information about goods/services. (The store) Information about your use of Klarna’s services. (Klarna) Technical information generated through your use of Klarna’s services. (Klarna) Your contacts with the stores you shop at or visit. (The store)
4.2 Purposes for which your personal data are used when you use one of Klarna’s payment methods, Klarna at a store, or choose to pay by debit or credit card in Klarna’s check-out at a store. Purpose of the processing - what we do and why. Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. Legal basis for processing according to the UK GDPR. When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. To transfer the store’s right to payment for your purchase to Klarna (“factoring”). Klarna’s payment methods are offered to UK consumers by Klarna Financial Services UK Limited, except when you choose to pay by debit From you: From other sources: The processing is based on a balancing of interests (Article 6(1) (f) UK GDPR). When balancing interests, Klarna has determined that we (and the store) have a legitimate interest in selling or buying your outstanding debt. We When the purchase takes place. Contact and identification data. Payment information. Information about goods/services. (The store) 18 or credit card without logging in to Klarna. Then that payment is administered by Klarna Bank AB. ensure that the processing is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. To share your personal information with the categories of recipients described in section 7.2 (stores, payment service providers and financial institutions, fraud prevention agencies and companies providing identity information, and Google). From you: From other sources: Varies depending on the recipient (see section 7.2). Primarily when the purchase takes place, but it also occurs during the entire period that Klarna has the data in its systems, i.e. until the data is deleted. See section 9 for more information on our obligations and right to retain information according to law. Information about your financial standing. (Klarna and credit information bureaus) Information about your use of Klarna’s services. (Klarna) Technical information generated through your use of Klarna’s services. (Klarna) Your contacts with the stores you shop at or visit. (The store) Device information. (Your device) Contact and identification data. Payment information. Information about goods/services. (The store) Information about your financial standing. (Klarna and credit information bureaus) Information about your use of Klarna’s services. (Klarna) Technical information generated through your use of Klarna’s services. (Klarna) Your contacts with the stores you shop at or visit. (The store) Device information. (Your device) When you shop in a store that offers Klarna as a payment method or has Klarna checkout, we will assess the order in which different payment methods should be presented to you at the store checkout. This processing does not affect which of Klarna’s payment methods are available to you. If you do not want us to perform this processing of your data, please contact us to let us know. Contact information is From you: From other sources: If you have accepted and use the Klarna service called “Shopping Service” as described in more detail in the terms and conditions of the service, which you will find here, then the legal basis for the processing is the performance of the contract 6(1)(b) UK GDPR). Alternatively, if you have not entered into the “Shopping Service” agreement, the processing will be based on a balancing of interests instead (Article 6(1)(f) UK GDPR). When When the payment methods are shown at checkout. available in section 12. This processing constitutes profiling. See section 6 for more information about profiling. balancing interests, Klarna has determined that we have a legitimate interest in examining the order in which different payment options will be presented to you when checking out at the store. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. You may contact us for more information about how the determination was made. See section 12 for our contact information. To prevent Klarna’s operations from being used for money laundering or terrorist financing, by verifying your identity, monitoring and reviewing transactions. Klarna also conducts ongoing risk assessments and creates risk models to counter money From you: From other sources: To comply with law (Article 6(1)(c) UK GDPR). (Swedish Law (2017:630) on measures against money laundering and terrorist financing). As regards sensitive personal data, the basis is that the processing is necessary for reasons of the public interest When the agreement between you and Klarna is terminated. See section 9 for more information on our obligations and right to retain information in accordance with the law. laundering and terrorist financing. This processing constitutes profiling and automated decision making. See section 6 for more information about profiling and automated decisions. (Article 9(2)(g) UK GDPR). However, if you have supplied us with sensitive personal data, it is processed based on your explicit consent. Information about your financial standing. (Klarna and credit information bureaus) Information about your use of Klarna’s services. (Klarna) Technical information generated through your use of Klarna’s services. (Klarna) Your contacts with the stores you shop at or visit. (The store) Device information (Your device) Information from external sanction lists and PEP lists. (Sanction lists and PEP lists) Sensitive personal data (information about political opinion, religious beliefs and/or health information contained in the PEP lists, as well as biometric information from your ID and picture submitted). Service-specific personal data (see section 3 for information about Klarna’s savings and payment accounts). Contact and identification data. Payment information. Information about goods/services. (The store) Information about your use of Klarna’s services. (Klarna) Technical information generated through your use of Klarna’s services. (Klarna) Your contacts with the stores you shop at or visit. (The store) Device information. (Your device) 23 information indicates an attempt at fraud. To perform bookkeeping and accounting in accordance with accounting laws and preserve them in compliance with the applicable law. From you: From other sources: To comply with law (Article 6(1)(c) UK GDPR) (The Swedish Accounting Act (1999:1078)) , and the UK Companies Act 2006) During the period in which the bookkeeping is recorded and 7 years after the end of the year in which the information was registered. See section 9 for more information on our obligations and right to retain information according to law. To perform calculations in accordance with rules on capital adequacy obligations. From you: From other sources: To comply with law (Article 6(1)(c) UK GDPR). (Capital Adequacy Regulation 575/2013, and Capital Adequacy Directive 2013/36)) Seven years after the end of the year in which the information was registered. See section 9 for more information on our obligations and right to retain information according to law. Contact and identification data. Payment information. Information about goods/services. (The store) Information about your use of Klarna’s services. (Klarna) Information about your contacts with Klarna’s customer service. (Klarna) Your contacts with the stores you shop at or visit. (The store)
4.3 Purposes for which your personal data is used when you use one of Klarna’s payment methods involving the provision of credit or when you use the Klarna card or the One-time Card Shopping Service. The following services involve providing credit to you: “Pay later” (invoice), “Pay now” (for payment by direct debit), “Financing” and “Pay in 3 instalments” (pay in instalments), as well as the Klarna card and the One-time Card Shopping Service (both of which are offered in the Klarna mobile To prevent Klarna’s operations from being used for money laundering or terrorist financing, by verifying your identity, monitoring and reviewing transactions, conducting risk assessments and creating risk models. This processing constitutes profiling, and a decision that you imply a money laundering risk constitutes an “automated decision”. See section 6 for more information about profiling and automated decisions.
4.5 Use of your personal data when you use Klarna’s Shopping Service. When you use Klarna’s Shopping Service, Klarna will process your personal data for the purposes described in the table below. The terms of the Shopping Service and the description of the functions included in the shopping service are available here.
4.6 Additional services you can access for example via the Klarna mobile application or through Klarna’s browser extension.
4.7 Offers and invitations to events posted on social media, and when you contact us through social media. Purpose of the processing - What we do and why. Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. Legal basis for processing in accordance with the UK GDPR. When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data. If you sign up for an event posted on social media, we will process your personal data to From you: The processing Is necessary for Klarna to perform a contract with you (as regards the participation
4.8 Klarna’s processing when you contact Klarna’s customer service. Purpose of the processing - What we do and why. Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data. Legal basis for processing in accordance with the UK GDPR. When the purpose of using the personal data ends. See section 9 for when Klarna deletes the data.
5. How do you withdraw your consent?
When Klarna uses your personal data based on your consent, you can withdraw your consent at any time. You can do this by sending an e-mail to privacy@klarna.co.uk or via the contact information you find in section 12. You can also delete uploaded information from the Klarna mobile application, or end the service where personal data are processed. We will then delete the information. If you withdraw your consent or delete the uploaded information, you may be unable to use the service in cases where Klarna’s processing of personal data takes place based on your consent. Lastly: As described in section 2 above you also have the right to object against certain personal data processing (for example you may turn off marketing). You also have a right to have certain personal data erased, which is also described in section 2.
6. Klarna’s profiling and automated decisions that significantly affect you.
6.1 Klarna’s profiling of you as a customer. “Profiling” means an automated processing of personal data to evaluate certain personal matters, for example, by analysing or predicting your personal preferences, such as buying interests. At the same time, we compare your data with what our other customers, with similar use of our services, have preferred. The purpose of Klarna’s profiling and the personal data types used for each occasion and for each profiling are described in detail in section 4 above. The profiling for these purposes does not have a significant impact on you as a customer. We use profiling for the following purposes: to deliver our customised services, which customise their content based on what we think is most interesting to you (this applies to the Klarna mobile application, its various functions, and the order different payment methods appear at Klarna’s checkout), and to deliver customised marketing to you across both our own and external platforms and services. If you have any questions about how the profiling process works, please contact us. Contact information is available in section 12. You may object to our marketing profiling at any time by contacting us (and we will then cease profiling for marketing purposes). You may also end our profiling for our services by terminating the service.
6.2 Klarna’s automated decisions that significantly affect you.
Automated decisions with legal effect, or automated decisions that similarly significantly affect you, means that certain decisions in our services are completely automated, without our employees being involved. These decisions have a significant effect on you as a customer, comparable to legal effects. By making such decisions automatically, Klarna increases its objectivity and transparency in the decision to offer you these services. At the same time, you have the right to object to these decisions at all times. You can read about how to object to these decisions at the end of this section 6.2. Automated decisions that significantly affect you also mean that profiling is performed based on your data before the decision is made. This profiling is made to assess your financial situation (before the decision to grant credit) or to identify whether your use of our services involves a risk of fraud or money laundering. We profile your user behaviour and financial standing and compare this data with behaviours and conditions that indicate different risk levels for us. The different user behaviour and conditions are evaluated and weighted into our automated decisionmodels, so that we end up with a totalling score, which then results in either accepting or rejecting your use of our Services. We can also choose to request further identification from you, if we are not sure who you are. When does Klarna take automated decisions that significantly affect you? We make this kind of automated decision when we: to deliver our customised services, which customise their content based on what we think is most interesting to you (this applies to the Klarna mobile application, its various functions, and the order different payment methods appear at Klarna’s checkout), and to deliver customised marketing to you across both our own and external platforms and services. decide to approve your application to use a credit service. decide not to approve your application to use a credit service. These automated credit decisions are based on the data you provide to us, data from external sources such as credit bureaus' credit worthiness reports, and Klarna’s own internal information about you if we have lent you money before. In addition to information about you, Klarna’s credit model includes a large number of other factors, such as Klarna’s internal credit risk levels and our customers’ general repayment rates (based on, for example, the current product category). decide whether you pose a risk of fraud, if our processing shows that your behaviour indicates possible fraudulent conduct, that your behaviour is not consistent with previous use of our services, or that you have attempted to conceal your true identity. Automated decisions whereby we assess whether you constitute a fraud risk are based on information you have provided yourself, data from fraud prevention agencies (see section 7.2.3. for details of which ones we use), and Klarna’s own internal information. Klarna continuously develops our fraud models to keep our services secure, and closely investigate how fraudsters operate on different markets (for example which merchant categories or products are mostly subject to fraud attempts). The personal data types used in each decision are described in section 4. See section 7 for more information about whom we share information with as regards profiling during automated decisions. If you are not approved under the automated decisions described above, you will not have access to Klarna’s services, such as our payment methods. Klarna has several safety mechanisms to ensure the decisions are appropriate and fair. These mechanisms include ongoing overviews of our decision models and random sampling in individual cases. If you have any concern about the outcome, you can always contact us, and we will determine whether the procedure was performed appropriately. You can also object in accordance with the following instructions.
Your right to object to these automated decisions You always have the right to object to an automated decision with legal consequences or decisions which can otherwise significantly affect you (together with the relevant profiling) by sending an e-mail message to privacy@klarna.co.uk. A Klarna employee will then review the decision, taking into account any additional information and circumstances that you provide to us.
7. Who do we share your personal data with? When we share your personal data, we ensure that the recipient processes it in accordance with this notice, such as by entering into data transfer agreements or data processor agreements with the recipients. Those agreements include all reasonable contractual, legal, technical and organizational measures to ensure that your information is processed with an adequate level of protection and in accordance with applicable law
7.1 Categories of recipients with whom Klarna will always share your personal information, regardless of the service you use. 7.1.1 Suppliers and subcontractors.
Description of the recipient: Suppliers and subcontractors are companies that only have the right to process the personal data they receive from Klarna on behalf of Klarna, i.e. processors. Examples of such suppliers and subcontractors are software and data storage providers, payment service providers business consultants and Klarna Group companies. Purpose and legal basis: Klarna needs access to services and functionality from other companies where it cannot perform them itself. Klarna has a legitimate interest in being able to access these services and functionality (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.1.2 Klarna Group
Description of the recipient: Companies in the Klarna Group. Purpose and legal basis: This is required for Klarna to be able to provide you with its services and functionalities. Klarna has a legitimate interest in being able to access and provide these services and functionalities (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights. When you shop in a foreign store (meaning a store located outside of the UK/EEA area) that has an agreement with another company within the Klarna Group, the disclosure of your personal information between Klarna companies is required in order for the two Klarna companies to manage your payment and enable the foreign store to administer your purchase. The legal basis for this processing is the performance of a contract (Article 6 (1)(b) UK GDPR). The receiving Klarna Group company will handle your personal data in accordance with the privacy notice that applies in your country (see list). You can read more about how Klarna safeguards your personal data when transferred outside of the UK/EEA in Section 8. 7.1.3 A person who holds a power of attorney for your financial affairs. Description of the recipient: Klarna may share your personal information with a person who has the right to access it under a power of attorney
Purpose and legal basis: This processing is carried out to facilitate your contact with us (through agents), and takes place based on your consent (Article 6(1)(a) UK GDPR).
7.1.4 Authorities.
Description of the recipient: Klarna may provide necessary information to authorities such as the police, financial authorities, tax authorities or other authorities and courts of law. Purpose and legal basis: Personal data is shared with the authority when we are required by law to do so, or in some cases if you have asked us to do so, or if required to manage tax deductions or counter crime. An example of a legal obligation to provide information is when it is necessary to take measures against money laundering and terrorist financing. Depending on the authority and purpose, the legal bases are the obligation to comply with the law (Article 6(1)(c) UK GDPR), to fulfil the agreement with you (Article 6(1)(b) UK GDPR), or Klarna’s legitimate interest in protecting itself from crime (Article 6(1)(f) UK GDPR). There is also a requirement under UK law to withhold tax due on the payments. You will not need to do so, or take any action based on the agreement we have with the UK tax office (the HMRC), as we will disclose the necessary information to the UK tax office to support this agreement. If you have any questions regarding these arrangements, please contact the tax office.
7.1.5 Divestment of business or assets.
Description of the recipient: In the event that Klarna sells business or assets, Klarna may hand over your personal information to a potential buyer of such business or assets. If Klarna or a significant part of Klarna’s assets is acquired by a third party, personal information about Klarna’s customers may also be shared. Purpose and legal basis: Klarna has a legitimate interest in being able to perform these transactions (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.2 Categories of recipients with whom Klarna shares your personal information when you use Klarna’s payment methods, Klarna at a store, or choose to pay by debit or credit card in Klarna’s check-out at a store. 7.2.1 Stores. Description of the recipient: By stores we mean the stores you visit or shop at (which may include the store’s group companies if you have been informed thereof by the store).
Purpose and legal basis: In order for the store to be able to perform and manage your purchase and your relationship with the store or its group companies, e.g. by confirming your identity, sending goods, handling questions and disputes, in order to prevent fraud and, where appropriate, send relevant marketing. The store’s privacy notice applies to the processing of your personal data that has been shared with the store and that the store processes. Normally, you will find a link to the store’s privacy notice on the store’s website. The legal basis for sharing data with stores is partly the performance of a contract (Article 6(1)(b) UK GDPR) insofar as the data sharing takes place to perform the contract between you and the store, and partly based on Klarna’s and the store’s legitimate interest (Article 6(1)(f) UK GDPR) or your consent (Article 6(1)(a) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.2.2 Payment service providers and financial institutions. Description of the recipient: Payment service providers and financial institutions provide services to you, stores and Klarna to implement and administer electronic payments through a variety of payment methods, such as credit cards and bank-based payment methods such as direct debit and bank transfer. Purpose and legal basis: Some stores use payment service providers with whom they share your information for managing your payment. This sharing takes place in accordance with the stores’ own privacy notices. The store may also let Klarna share your information with the payment service provider they use for processing your payment. Some payment service providers also collect and use your information independently, in accordance with their own privacy notices. This is the case, for example, for electronic wallet suppliers. In addition, Klarna may share your information with other financial institutions when conducting transactions with your account to complete the transactions. Sharing with payment service providers and financial institutions is performed to make a transaction initiated by you and it is done to fulfil the agreement with you (Article 6(1)(b) UK GDPR).
7.2.3 Fraud prevention agencies and companies providing identity checks. Description of the recipient: Your personal data are shared with fraud prevention agencies and companies that provide identity checks. Purpose and legal basis: Klarna shares your information to verify your identity, the accuracy of the data you have provided, and to combat fraudulent and criminal activities. The companies with which we work are listed here. Please note that these companies process your data in accordance with their own data privacy notices. Klarna shares your information based on Klarna’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), as the fraud prevention agencies and the companies providing identity
checks have information on fraud activities and identity confirmation which are important for Klarna to use as input to decrease its level of fraudulent transactions. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights. You can also contact the entities listed in the link above, to exercise the same rights as stated in section 2 also against those entities. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details in Section 12 below. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
7.2.4 Google. Description of the recipient: When you use Google Maps at checkout or in the Klarna App (for example, by searching your address in the address bar, viewing “stores near me” or requesting information on nearby deals and offers), your personal information will be shared with Google. Google will process your data in accordance with Google Maps/Google Earths terms of service and privacy policy. Purpose and legal basis: Klarna shares this information based on Klarna’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), as Google Maps makes it possible to find the address functionality at checkout and to show maps and deals relevant to your current location in the Klarna App. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights. 7.3 Categories of recipients with whom Klarna shares your data when you use one of Klarna’s payment methods involving the provision of credit or when you use the Klarna card or the One-time Card Shopping Service.
7.3.1 Credit information bureaus. Description of the recipient: If you apply to use a service from Klarna that involves us providing credit (see section 4.3 on which services from Klarna involve credit), we will share your personal data with credit information bureaus. Sharing does not take place in the event of small amounts or where we already have sufficient information.
Purpose and legal basis: Your personal information is shared with credit bureaus in order to assess your creditworthiness, to confirm your identity and your contact information, and to protect you and other customers from fraud. This data sharing constitutes a credit report. If you apply to use a credit Service (see Section 4.1 above for a specification of our credit Services), your personal data may be shared with Credit Reference Agencies (“CRAs”) to assess your creditworthiness in connection with your application, to confirm your identity and your contact information, and to protect you and other customers from fraud. For Klarna card, Pay Later in 30 days or Pay in 3 instalments, this sharing constitutes soft credit searches (or “soft credit lookups”) which does not affect your credit file nor credit score. The search is only visible to you and Klarna. In order to perform these credit searches, Klarna will send the CRAs your name, address, date of birth, phone number, as well as bank account number and sort code if relevant, in order to receive the lookups on you. However, if you apply for one of our Financing products (fixed term loans or revolving account), a hard credit search (or “a hard credit lookup”) is performed in addition to soft searches. This is due to our Financing products constituting regulated credit products under UK credit legislation. This hard credit search will be recorded on your credit file and may impact your credit score as follows: The CRA will keep a record of our enquiry against your name and which may be linked to your representatives (“associated records”). For the purposes of any application for Services from us, you may be assessed with reference to “associated records”. Where any search or application is completed, or agreement entered into, involving joint parties, we may record details about this at the CRAs. As a result an “association” will be created that will link your financial records. Details of which CRA we have used for a specific search are available on request. In addition, if you open an agreement with one of our Financing products, Klarna Card, Pay Later in 30 Days or Pay in 3 instalments, we will share further information on your agreement with the CRAs. This will occur on a monthly basis until the agreement is closed. This will include details of your outstanding balance, payments made and any default or failure to meet the terms of your agreement. These records will remain on the CRAs’ files for 6 years after our agreement with you is settled or terminated, whether settled by you or, if applicable, your business or by way of default. This and other information about you (or, if applicable, your business and those with whom you are linked financially) may be used to make credit decisions about you in the future. The ways in which CRAs use and share personal data are explained in more detail at; https://www.transunion.co.uk/crain and https://www.experian.co.uk/crain. The CRAs will process your information in accordance with their own privacy notices and you can find out which ones we cooperate with here.
7.3.2 Debt collection companies (for debts that are overdue)
Description of the recipient: Klarna may need to share your information when we sell or outsource collection of unpaid overdue debts through a third party, such as a debt collection company. Purpose and legal basis: This data is shared to collect your overdue debts. Debt collection companies process personal data in accordance with their own privacy notices, or only on behalf of Klarna in their capacity as Klarna’s processors. Debt collection companies may report your unpaid debts to credit information bureaus or authorities, which may affect your creditworthiness and your ability to apply for future credit. This data is shared based on our legitimate interest in collecting and selling debt (Article 6(1)(f) UK GDPR). When balancing interests, Klarna has determined that we have a legitimate interest in collecting and selling debts. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
7.3.3 VISA and digital wallet suppliers.
Description of the recipient: We share information about you and your purchases when you use the Klarna card with VISA and with members of VISA’s card network. If you also add the Klarna card to your digital wallet, we may need to share your information with the supplier of that wallet. In such case, data will be processed in accordance with that supplier’s privacy notice. Purpose and legal basis: The sharing takes place to the extent necessary to carry out card transactions, prevent fraud and follow the rules for VISA’s card network. If you renew your Klarna card or receive a new card, we will transfer this information to VISA so that VISA can inform third parties with whom you have previously chosen to save your card information (for example, for 55 recurring transactions). Sharing is performed to fulfil the agreement with you (Article 6(1)(b) UK GDPR).
7.3.4 Debt acquirers (for open debts).Description of the recipient: Klarna can transfer your open debt to debt acquirers. Purpose and legal basis: Upon transfer of your debt to an acquirer and continuously until you pay off the debt, Klarna will share your contact and identification information (name, date of birth, social security number, address, and phone number), information about your financial standing (such as residual credit, repayments and any negative payment history in relation to the current debt), as well as information about the goods or services associated with the debt. The buyer will process your personal data in accordance with its own privacy notice, which you will receive information about when the debt is transferred. The sharing of personal data with different acquirers is based on our legitimate interest in selling outstanding debts as part of our business operations (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your personal data processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights
7.4 Categories of recipients when using the Klarna accounts service (savings and payment accounts). 7.4.1 Credit institutions and other financial institutions. Description of the recipient: We share your information with credit institutions and other financial institutions (such as other banks) when you make transactions or payments to other accounts. Purpose and legal basis: If you have made payments to a Klarna account, Klarna will process the information we receive from the bank you used for the transaction, such as contact and identification data and payment information. If you make transactions or payments to accounts in other banks, Klarna will also pass on some of your contact and identification data as well as payment information to the recipient and also to the recipient’s credit institution or financial institution. Sharing is performed to fulfil the agreement with you (Article 6(1)(b) UK GDPR). 7.5 Categories of recipients with whom Klarna shares your personal information when you use Klarna’s Shopping Service. You may find the terms for the Klarna Shopping Service here.