Our promises for data protection

Data protection is of biggest importance to us. And we work continously with questions regarding data protection and GDPR. Here you can read about our eight promises for data protection. They are an important part of our Code of Conduct.


1. Awareness

We promise to ensure all Kivra’s employees have sufficient knowledge about the requirements under the data protection legislation and to make everyone at Kivra aware of the importance of handling personal data with care and integrity in compliance with the fundamental principles of the GDPR and Kivra’s Data Protection Promises.

Ikon som ska illustrera förteckning av data.

2. Data Inventory

We promise to know and continue to know what personal data we collect, how we use it, who we share it with, ensure we have a right to process it and that we are doing so in accordance with the requirements under the data protection laws.

Ikon föreställande ett rutnät som ska illustrera transparens.

3. Transpar­ency

We promise to process personal data in a transparent manner in relation to the individuals whose personal data we process.

Ikon som ska illustrera hantering av tredje parter.

4. Third Party Management

We promise to keep the personal data we process safe throughout its life cycle. This means that we will only share personal data with external parties if we have a legal basis to do so and if we feel confident that such party will process the personal data in accordance with the data protection legislation and Kivra’s instructions.

Ikon som ska illustrera personliga rättigheter.

5. Rights of Individuals

We commit to honor the rights of those people whose data we process (rights related to information, access, rectification, erasure, restrictive processing, data portability, object and automated decision making/ processing).

Ikon föreställande ett kassaskåp som ska illustrera säkerhet.

6. Secure processing

We promise to implement and maintain appropriate technical and organizational security measures which are appropriate to the level of risk we have identified and to ensure that our processing of personal data complies with the applicable laws. We promise to keep the personal data we process secure by conducting regular assessments of our security risks so as to adopt a risk-based approach when implementing and updating our security program.

Ikon som ska illustrera överföring av data.

7. Appropriate safeguards for data transfers

We promise not to transfer personal data unless appropriate safeguards are in place for the transfer. We particularly promise not to transfer personal data to a country or territory outside the EU/EEA (“third country”) unless an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data can be ensured.

Ikon med ett hänglås som ska illustrera personlig integritet.

8. Privacy by Design and Default

As we innovate and build or deploy new tools, features and methodologies, we will ensure that compliance with privacy laws and our 8 Promises is considered at the earliest possible stage so that we can comply with the requirement for “privacy by design” under the GDPR which also includes “privacy by default”.