Information about tracking technologies

and other uses of personal data on Kivra's websites

Kivra's websites (i.e. kivra.se and all subdomains of the logged-in mode of our site, kivra.com) and Kivra's apps use cookies, SDKs and similar technologies ("tracking technologies") where data is stored on or retrieved from your mobile phone, computer and similar devices.

Here you will find information about why Kivra uses tracking technologies, what this means for you and what choices you can make if you do not want us to use certain tracking technologies.

When you use Kivra's websites, Kivra also collects a very limited amount of information about the device you are using, to be able to show you the websites and to perform fully anonymized analysis of how the website is used. As this involves the use of your personal data, this collection is also described here.

About tracking technologies

Kivra uses tracking technologies for two reasons: Either the tracking technologies are necessary to provide our services, or the technologies are an effective way for Kivra to analyze and improve the user experience of our services.

According to the Electronic Communications Act (2022:482), you are entitled to information about which tracking technologies are used on a website you visit or in an app you use. You also have the right to receive information about how and why tracking technologies are used. The provider of the website or app also needs to obtain your consent to use tracking technologies that are not necessary to provide a service you have requested to use.

If the use of a tracking technology means that personal data about you is collected, the General Data Protection Regulation applies to the collection and use of your personal data. This means that you also are entitled to receive certain information, and have certain rights in relation to how your personal data is used.

Kivra fulfills its obligations under the Electronic Communications Act and the General Data Protection Regulation by:

  • Informing you that tracking technologies are being used in connection with your visit to our websites or the use of one of our apps.

  • Allowing you to choose whether you want to consent to the use of tracking technologies that are not necessary to provide you with the service you are about to use.

  • Provide you with this information.

If you want to read more about tracking technologies in general, and what rights you have with regard to the use of such technologies, you can read more on the Swedish Post and Telecom Authority’s website and on the website of the Swedish Authority for Privacy Protection. 

Tracking technologies in Kivra's apps

When you use Kivra's app for iOS or Android, data is placed in the local storage space of your device, either by us or by a third party on our behalf. The data remains on your device until you or we (ourselves or through the third party) delete it, or until you uninstall the app. Using the data, certain data points are collected about your installation of the app and how it is used.

Necessary Tracking Technologies

We use the following tracking technologies to perform functions that are necessary to provide our services through the app:

These tracking technologies are used to:

  • Detect and analyze errors and crashes in the apps.

  • Be able to send notifications, such as reminders and messages that new content is available, or notifications of the fact that an update is available.

Examples of data points collected from or stored on your device are:

  • Installation IDs, i.e. an ID used for a particular tracking technology that corresponds to your installation of the Kivra app. Examples of such installation IDs are Firebase Installation ID and Crashlytics Installation UUID.

  • Information about your installation of the Kivra app, such as the bundle identifier and full version number.

  • Information about your device, such as model name, processor architecture, RAM and disk space.

  • Information that the app has crashed or that a certain error has occurred, and how your device was used in connection with the crash / error.

Some of the data collected is only temporarily stored on your device, while other data is stored for as long as you have the Kivra app installed. Kivra uses the data collected from your device via necessary tracking technologies for varying lengths of time, depending on the exact purpose of the technology in question. But at most, as long as you are a user of Kivra's services. If you terminate your use of Kivra's services, Kivra will either anonymize collected data or ensure that collected data is deleted as soon as possible, and at the latest within 180 days.

The legal basis for Kivra's collection and use of personal data via necessary tracking technologies is that the processing is necessary to fulfill your contract with Kivra.

Tracking technologies for analytical purposes

When you use Kivra's app for iOS or Android, you will be asked if you want to consent to Kivra collecting information about how you use the app to improve your user experience.

If you choose to provide such consent, we use the following tracking technology:

This tracking technology is used to analyze how Kivra's users interact with Kivra's apps. The analysis partly consists of understanding at a high level who our users are, for example which device models and operating systems most users have and in which countries most of our users are located. It also consists of examining how users generally interact with various functions in Kivra's apps, for example if/how users press a certain button or if/how users read a certain notification.

The analyses are used by Kivra's product development teams to understand which functions need to be developed and improved, and thus improving the user experience in our apps.

Examples of data points collected from or stored on your device are:

  • Installation IDs, i.e. an ID used for a particular tracking technology that corresponds to your installation of the Kivra app.

  • Information about activities in the app, such as when you open the app, update the app, press a certain button or open a certain notification.

  • Information about your installation of the Kivra app, such as app version, language and approximate location (e.g. country).

  • Pseudonymized information that identifies you or an event in the app, such as a user key, content key, receipt ID, and campaign ID.

Some of the data collected is only temporarily stored on your device, while other data is stored for as long as you have the Kivra app installed. Kivra uses data collected from your device via tracking technologies for analytical purposes for varying lengths of time depending on the exact purpose of the technology in question. But at most for up to 18 months from the time the collected data is collected. If you cancel your use of Kivra's services, collected data will be deleted within 2 months.

The legal basis for Kivra's collection and use of personal data via tracking technologies used for analytical purposes is your consent.

Your choices regarding our use of tracking technologies in the apps

You cannot opt out of necessary tracking technologies, as they are necessary for us to provide our service in our apps.

If you don’t want Kivra to use tracking technologies for analytics purposes, you can either not consent to it the first time you log into the app, or later withdraw your consent via the settings in the app. Kivra will then stop collecting data for analytics purposes, and will delete the data we have collected for this purpose within 2 months. If you withdraw your consent, it does not affect the legality of the processing that was carried out before you withdrew your consent.

How to change your settings:

If you use Kivra's app for iOS: Go into the app's settings. Go to More, select Settings and then Tracking Technologies.

If you use Kivra's app for Android: Go to Menu, select App Settings and then Tracking Technologies.

Tracking technologies, etc. on Kivra's websites

Necessary tracking technologies, etc.

When you visit Kivra's websites, Kivra places data in the local storage space of your device. We do so to perform the following functions necessary to provide the websites:

  • Customize the websites based on active choices you have made, if you have chosen to turn off information from Kivra on the websites (i.e. ensure that you do not need to see that information again), if you have chosen to read the website in a certain language or if you adjust the color scheme of the website.

  • Control the security and functionality on the websites, such as keeping you logged in and in the correct version of the website.

The technologies that control the logged-in mode and the version of the website are only saved in one session, i.e. until you close your browser.

The technologies that adapt the website according to choices you have made on kivra.se are saved in your browser until you delete them - see the section "Your choices regarding our use of tracking technologies on the websites" below.

The technologies that adapt the website according to choices you have made for the logged-in mode on kivra.com are saved for up to one year, unless you choose to clear them yourself via your browser - see the section "Your choices regarding our use of tracking technologies on the websites" below.

When you visit Kivra's websites, Kivra also collects certain information through your browser in order to:

  • Show you the websites.

  • Detect and investigate errors and crashes on the websites.

The data points collected for these purposes are:

  • User agent

  • IP address

  • Kivra's user key (so-called UserID)

  • Information that the website has crashed or that a certain error has occurred, and which parts of the website were used in connection with the crash / error.

Kivra saves this data for up to 45 days, in order to detect and investigate errors and security threats to the websites.

The legal basis for Kivra's collection and use of personal data via these necessary technologies is:

  • For kivra.se: A balancing of interests motivated by Kivra's legitimate interest in being able to provide the website in a secure and reliable manner, and to adapt it according to the visitor's choice regarding settings on the websites.

  • For logged-in mode (kivra.com): The processing is necessary to fulfill your contract with Kivra.

Use of Plausible on kivra.se

On kivra.se, Kivra uses the analytics tool Plausible Analytics, to analyze on an anonymized level how visitors interact with and arrive at the website. The analysis includes, for example, the number of users, through which posts and which channel they found the website, the most visited pages on the website, and the times when the website has the most visitors.

The analyses are used by Kivra's product development teams to understand which parts of the website need to be developed and improved, thus improving the user experience on the website. They are also used by Kivra's marketing team to understand which social media activities (i.e. ads and posts) generate the most traffic to the website.

When using Plausible Analytics, Kivra (via its supplier Plausible Insights OÜ) collects information about visitors' User Agent and IP address, but anonymizes this information immediately, as described here. It’s therefore not possible to follow individual visitors across different days, devices or websites.

The legal basis for Kivra's collection of this personal data is a balance of interests motivated by Kivra's legitimate interest in ensuring that the website is as accessible, intuitive and informative as possible, and in being able to use the most effective messages and channels possible to bring visitors to the website.

Your choices regarding our use of tracking technologies on the Websites

You can turn off and receive warnings about tracking technologies in your browser, by changing your browser settings. Through the browser, you can also delete previously stored tracking technologies.

If you choose to turn off tracking technologies, it may result in you not being able to access all features of the Kivra websites, and your user experience of the websites may be impaired.

Who is the data controller?

The data controller for the processing of your personal data described here is: Kivra Sverige AB (org. no. 556917-3544) Klara Norra kyrkogata 33, 111 22 Stockholm, Sweden. Mail: dataskydd@kivra.se

Who has access to your data?

Some of the technologies that Kivra uses on its websites and apps are provided by companies that process the personal data they receive from Kivra on Kivra's behalf, so-called personal data processors.

The legal basis for Kivra's use of personal data processors is that Kivra needs to access services and functionality from other companies, which Kivra cannot offer itself. Kivra then has a legitimate interest in being able to access their services and functionality. We ensure that the processing this entails is necessary to fulfill that interest, and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing due to circumstances in your individual case. You can find more information about your rights under the section "What are your rights?" below.

Where is your personal data processed?

As a general rule, Kivra's storage and other processing of personal data using tracking technologies takes place within the EU/EEA.

However, when Kivra uses Firebase Crashlytics and Firebase Cloud Messaging (for the purposes described under the heading “Tracking Technologies in Kivra's apps”), the collected data is stored and processed in the United States, by Kivra's data processor. 

When using the Firebase technologies and when using Amplitude (for the purposes described under the heading "Tracking technologies in Kivra's apps"), Kivra's data processor or its subcontractors also have connections to the USA and other countries outside the EU/EEA.

In all cases where Kivra has not been able to rule out a risk that personal data collected via tracking technologies may be disclosed to countries outside the EU/EEA, we have ensured that the country in question has what is known as an adequate level of protection, or that EU- the commission's standard contract clauses are entered into with the recipient.

You can find more information about which countries are considered to have an adequate level of protection on the EU Commission's website. You can read about the various standard contract clauses, and find copies of them in Swedish translation, on the Swedish Authority for Privacy Protection's website.

We have also analyzed which technical and organizational safeguards are appropriate to take to protect the personal data in the event of disclosure.

Exactly which protective measures have been taken depends on what has been technically feasible and considered sufficiently effective for the respective service.

If you want more information about the safeguards we put in place, you can always contact us, see the section "Where do you go if you want more information or have a complaint?" below.

What are your rights?

For information about what rights you have in relation to Kivra's processing of your personal data in connection with Kivra using tracking technologies, etc. on our websites and in our apps, we ask you to read the paragraph “What are your rights?” in Kivra's Privacy Notice.

What can you do if you want more information or have a complaint?

You are always welcome to contact Kivra by email: dataskydd@kivra.se or phone: 077-045 70 00 with questions about Kivra's use of your personal data.

Kivra has a data protection officer (DPO) who checks that we comply with the data protection regulation. If you want to have direct contact with the DPO, please write "DPO" in the subject line when you email dataskydd@kivra.se.

If you believe that Kivra processes your personal data in violation of current data protection legislation, we of course want you to tell us, by writing to dataskydd@kivra.se. You also have the right to submit a complaint to the Swedish Authority for Privacy Protection, which is the supervisory authority for Kivra's processing of your personal data. For more information, see the Swedish Authority for Privacy Protection's website www.imy.se.