IKEA_Logo 1
Back

Newly added articles

IKEA Älmhult AB Privacy Statement for Suppliers

Thank you for trusting us at IKEA Älmhult AB with your personal data. The IKEA vision is to create a better everyday life for the many people. That’s a big job and one that we at IKEA take seriously.

When you interact with IKEA we will process your personal data. We will collect most of your personal data by using cookies and similar technologies or by other means. How we do this is described in our text about cookies which you find here.

We commit ourselves to be transparent with you by providing clear information about what personal data we collect; what we do with it and why; who we disclose it to; how we protect personal data and what choices you have regarding the use of your personal data by us and third parties.

Below you will find both detailed descriptions of your rights and how to exercise them as well as how we use your personal data and for what purposes.

Do not hesitate to contact us with any questions you have regarding this Privacy Statement!

Responsible company for processing your personal data and how to contact us

We, IKEA Älmhult AB, with company registration no. 559070-5058, c/o IKEA of Sweden AB, Box 702, 343 81 ÄLMHULT are responsible for the processing activities when you interact with us in any of the ways described by this privacy statement.

If you have questions about our Privacy Statement or practices, please feel free to get in touch. You can contact us at data.protection@Inter.ikea.com.

Who do we share your personal data with?

Your personal data is initially collected and processed by us. We commit to never sell your personal data.

Nevertheless, to conduct our business, we need to work with service providers and business partners who will process your personal data. We are responsible for any sharing of your personal data and to make sure your personal data is safe when shared with this third parties as set out below.

We share your personal data with our service providers who process the personal data on our behalf, which means that we remain responsible for the data they are processing. Currently, we share your personal data with the following categories of service providers:

  • IT-service providers, e.g. for specific functionalities and hosting, who will process the personal data on our behalf and on our instructions to ensure good and secure IT operations. We only share your personal data with our IT service providers if it is necessary for them to fulfil their obligations towards us according to the contract that we have with them.
  • Other IT service providers and platforms: in multiple cases, the personal data produced through your interaction with us will be processed through IT services and platforms that we use for multiple purposes such as product development, cooperation with you, etc. We only share your personal data with them if it is necessary for to fulfil our mutual obligations.

We also share your data with other organizations, who will be independently responsible for certain processing of your personal data. These are: 

  • With the IKEA Value chain: IKEA is one brand, but multiple companies. Each company plays a special role to achieve the IKEA vision. We share your data with other companies operating under the IKEA brand. However, where possible, we pseudonymize the personal data to minimize the risk of impact in your privacy.
  • Business Partners: We work together with other companies that can support us achieve the IKEA vision. These companies might for example support us finance and administration, design and development, etc. Other companies might support us with media, marketing, and social media partners. We share your personal data with them to fulfil different business purposes. However, where possible, we pseudonymize the personal data to minimize the risk of impact in your privacy.

If you have any questions regarding how we share your personal data or want to know more about who we share your personal data with, please feel free to contact us.

Where is your personal data processed?

Your personal data will be, in most cases, be processed within the EU.

However, your personal data will be processed outside of the EU/EEA if the service providers we use are based outside of the EU/EEA. Therefore, your personal data will be transferred outside the EU/EEA in the following cases:

  • If the service providers or business partner are based outside of the EU/EEA. However, we protect your personal data and reduce the risk associated with transfer it outside of the EU/EEA by striving to only store your personal data on the IT service providers’ servers within the EU/EEA.
  • If you have consented to us using the analytic services from Google (Google Analytics), your personal data will be transferred to the United States since Google is based there. We have pseudonymized your personal data as far as possible to protect your personal data when being transferred outside of the EU/EEA.

In the above situations, the transfers only take place in accordance with applicable data protection legislation, meaning that we will transfer your personal data outside the EU/EEA when we can ensure an appropriate level of protection of your personal data. We will transfer your personal data under the Standard Contractual Clauses (article 46.1 (c) GDPR), Module 2, together with supplementary measures. You can find the Standard Contractual Clauses here.

If you want to know more about what safeguards we implement for transfers of personal data or receive a copy of the safeguards you are always very welcome to contact us.

What are your rights when we process your personal data?

You have certain rights that you can exercise to affect how we process your personal data. You can read a more detailed description about those rights below.

If you want to know more about your rights or if you want to exercise any of your rights, please contact us and we will help you.

  • You have the right to lodge a complaint with a supervisory authority.

    In detail: Your right to complain exists without prejudice to any other administrative or judicial remedy. You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place where the alleged infringement of applicable data protection laws has allegedly occurred.

    Copy link Copied Link Successfully copied link

    Copy Link

  • You have the right to withdraw your consent at any time. This can easily be done in the Application under privacy settings. When you withdraw your consent, it will be done on behalf of all others using the same System as you. Notwithstanding the foregoing, when you withdraw your consent in relation to receiving push notifications regarding the System it will only affect you since such push notifications are sent to your specific device.

    In detail: The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

    Copy link Copied Link Successfully copied link

    Copy Link

  • You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we do process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about our processing of your personal data.

    In detail: The information we provide includes the following:

    • the purposes of the processing,
    • the categories of personal data concerned,
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
    • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing,
    • the right to lodge a complaint with a supervisory authority, and
    • the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer of personal data to a third country.
    For any further copies of the personal data undergoing processing requested by you, we may charge a reasonable fee based on administrative costs. If you have made the request by electronic means the information will be provided to you in a commonly used electronic form, unless otherwise requested by you.

    Copy link Copied Link Successfully copied link

    Copy Link

  • You have a right to obtain, without undue delay, the rectification of inaccurate personal data concerning you.

    In detail: Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including the means of providing a supplementary statement.

    We will notify each recipient to whom the personal data has been provided of any correction that has been made unless this turns out to be impossible or entails a disproportionate effort. If you want information about these recipients, you are welcome to contact us.

    Copy link Copied Link Successfully copied link

    Copy Link

  • You can at any time ask us to delete some or all of your personal data.

    In detail: You have the right to obtain from us the erasure of your personal data and we have the obligation to erase your personal data without undue delay where one of the following grounds applies:

    • the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed,
    • you withdraw your consent and there is no other legal ground for the processing,
    • you object to the processing pursuant to Article 21.1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21.2 GDPR,
    • the personal data have been unlawfully processed, or
    • the personal data have to be erased for compliance with a legal obligation in Union or Member State law that applies to us.

    We will notify each recipient to whom the personal data has been provided about any erasure of personal data according to above, unless this turns out to be impossible or entails a disproportionate effort. If you want more information about these recipients, you are welcome to contact us.

    Note that our obligation to erase and inform according to the above shall not apply to the extent that processing is necessary according to the following reasons:

    • for exercising the right of freedom of expression and information,
    • for compliance with a legal obligation which requires processing by Union or Member State law which applies to us, or
    • for the establishment, exercise or defence of legal claims.

    Copy link Copied Link Successfully copied link

    Copy Link

  • You have the right to demand restriction on the processing of your personal data.

    In detail: The right applies if:

    • the accuracy of the personal data is contested by you, during a period enabling us to verify the accuracy of the personal data,
    • the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of the use,
    • you need the personal data for the establishment, exercise or defence of legal claims even though we no longer need the personal data for the purposes of the processing, or
    • you have objected to processing pursuant to Article 21.1 GDPR pending the verification of whether our legitimate grounds override yours.

    Where the processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will notify you before the restriction of processing is lifted.

    We will notify each recipient to whom the personal data has been provided about any restriction of processing according to the above unless this turns out to be impossible or entails a disproportionate effort. If you want more information about these recipients, you are welcome to contact us.

    Copy link Copied Link Successfully copied link

    Copy Link

  • You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and, where technically feasible, have your personal data transferred to another data controller (“data portability”).

    In detail: The right applies to our processing of your personal data when it is based on the lawful basis of consent (Article 6.1 (a) GDPR or contract (Article 6.1 (b) GDPR) and the processing is carried out by automated means.

    The exercise of the right to data portability shall be without prejudice to the right to be forgotten, Article 17 GDPR.

    Your right to data portability shall not adversely affect the rights and freedoms of others.

    Copy link Copied Link Successfully copied link

    Copy Link

  • You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data that is based on the lawful basis legitimate interest (Article 6.1 (f) GDPR), including profiling.

    In detail: If you object, we shall then no longer process the personal data in question, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, or for the establishment, exercise or defence of legal claims.

    Copy link Copied Link Successfully copied link

    Copy Link

  • As we state in the tables below, for some purposes, we process your personal data based on our “legitimate interest”. By carrying out a balancing of interests’ assessment concerning our processing of your personal data, we have concluded that our legitimate interest for the processing outweighs your interests or rights which require the protection of your personal data.

    If you want more information in relation to our balancing of interests’ assessments, please do not hesitate to contact us.

    Copy link Copied Link Successfully copied link

    Copy Link

Why and what type of personal data we process

We are happy that you share your personal data with us! We want to make your experience with us as joyful, meaningful, and simple as possible. To achieve this, we collect some information about you. This section tells you what personal data we collect and process, why we process it, the lawful basis and storage period for the personal data in question.

  • What purpose we process for What personal data we process Our lawful basis for the processing

    Management of job and internship candidates (including management of related database);

    Undertaking recruitment processes (including assessment of candidates, background checks including fitness for work (where necessary only), and communicating with candidates);

    Acquiring and providing job references.

    When required, behavioural assessment of candidates (Predictive Index) to determine the suitability for a position that an applicant has applied for.

    To produce all the documentation needed to hire a candidate (employment agreement, visa requirements, etc).

    Information provided during the recruitment process: personal data contained in CV, resumes and application form, references, record of interview or interview notes, and selection and verification records and previous (job) experience.

    Basic work details: work contact details (corporate email address and telephone number), employee identification number, user ID, photograph, details regarding the job function, primary work location, working hours, annual leave and family related leave records, emergency contacts, retirement eligibility, employment status, and terms and conditions of employment.

    Legitimate interest (Article 6.1 (f) GDPR).


    The processing is necessary for purposes of our legitimate interest to be able to recruit and find the suitable candidate to work at IKEA.

    Performance of a contract (Article 6.1 (b) GDPR)


    The processing is necessary to take steps at the request of the data subject prior to entering an employment contract.

    Storage period: One (5) years counted from the moment of closure of the recruitment process.

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for
    		 What personal data we process
    		 Our lawful basis for the processing

    Management and maintenance of physical site safety and security (including to manage physical access and administer camera surveillance).

    Video surveillance footage and physical access records (recorded in and on premises of the Inter IKEA Group by the use of video surveillance equipment (CCTV) or access logging systems).

    Legitimate interest (Article 6.1 (f) GDPR).

    The processing is necessary for purposes of our legitimate interest to be able to detect misconduct and protect IKEA’s asset in their different form.

    Management and maintenance of IT systems, network and office equipment including cybersecurity risk management, internal audits, data loss prevention, security assessments, logging and managing access rights and related requests.

    Monitoring the use of the IT systems for compliance with applicable policies.

    All categories and types of personal processed on the IT Network including information for use of company network and devices (information that is required to access company systems and applications such as email account and system passwords, in some cases also device information of devices provided such as mobile phones or laptops).

    Legitimate interest (Article 6.1 (f) GDPR).

    The processing is necessary for purposes of our legitimate interest to be able to prevent, detect, identify and resolve security threats to IKEA assets in their different forms.

    Other forms of risk management, including fraud prevention and investigation.

    Internal investigations such as enquiries into ethics & integrity or breaches of codes of conduct (including legal hold and data access processes) where necessary and in accordance with local legal requirements.

    Personal identification information (e.g., name, address, contact details).

    Employment-related information (e.g., job title, department, employment history).

    Allegations or reports of misconduct or breaches of codes of conduct.

    Witness statements or testimonies.

    Communications related to the investigation (e.g., emails, chat logs, systems logs).

    Any other relevant personal data necessary for conducting the investigation and ensuring compliance with legal requirements.

    Compliance with a legal obligation. (Article 6.1 (c) GDPR).

    The processing is necessary for the purpose of compliance with a legal obligation of providing tight security assurances, healthy work environment, compliance with financial and other applicable legislation.

    Legitimate interest (Article 6.1 (f) GDPR).

    The processing is necessary for purposes of our legitimate interest to be able to detect misconduct and run out business in a legal and ethical way.

    For management of sanctioned party screening

    Corporate email-address of the contact person of the party

    Financial information (e.g., bank account details, transaction history)

    Sanction-related information (e.g., presence on sanction lists, reasons for listing)

    Any other relevant personal data necessary for conducting the screening process and complying with legal requirements related to sanctions.

    Compliance with a legal obligation. (Article 6.1 (c) GDPR).

    The processing is necessary for the purpose of compliance with a legal obligation by which certain screenings are legally mandatory. 

    Legitimate interest (Article 6.1 (f) GDPR).

    The processing is necessary for purposes of our legitimate interest to be able to detect misconduct.

    Storage period: 30 days to 1 years counted from the moment of collection. For example, we delete the IP address after thirty (30) days.”

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for
    		 What personal data we process
    		 Our lawful basis for the processing

    To identify you as the business partner in marketing or communication material at all IKEA customer meeting points throughout the world next to one or more of the products you have designed IKEA as a brand whenever applicable – together with corresponding information material of any other business partner.

    Your name, professional details including your CV, other work details when relevant, such as what team you might be a part of in your organization, as well as your picture, voice, and comments you may have supplied us with regarding our or your business.

    Performance of a contract (Article 6.1 (b) GDPR)

    The processing is necessary for the performance of the agreement that you have with us as a designer, model, performer, etc.

    Legitimate interest (Article 6.1 (f) GDPR).

    The processing is necessary for purposes of our legitimate interest to be able to keep our products and brand relevant and up to date and inform our customers about the identity of the people and organizations who support us in our development process.

    For internal communication across IKEA as well as with IKEA affiliates and business partners.

    Your name and picture, your voice, information about your preferences and opinions, quotes, interviews, results from surveys that you may have participated in, comments you may have supplied us with regarding our or your business, as well as documents and works (in any format, such as video or sound recordings) that you might create and voluntarily share with us.

    Performance of a contract (Article 6.1 (b) GDPR)

    The processing is necessary for the performance of the agreement that you have with us as a designer, model, performer, etc.

    Legitimate interest (Article 6.1 (f) GDPR).

    The processing is necessary for purposes of our legitimate interest to be able to keep our internal communication flowing and up to date and inform our co-workers and business partners about multiple aspects of our brand, customers, business partners, etc.

    For external communication by global and local publishing of different content in different media channels including but not limited to publications online, social media, earned media, printed media, paid media.

    Your name, picture, and voice, along with information about your preferences and opinions, quotes, interviews, and results from surveys that you may have participated in. In addition to this, comments that you may have supplied us with regarding our or your business may be collected as well as documents and works (in any format, such as video or sound recordings) that you might create and voluntarily share with us.

    Performance of a contract (Article 6.1 (b) GDPR)

    The processing is necessary for the performance of the agreement that you have with us to participate on different events or campaigns.

    Legitimate interest (Article 6.1 (f) GDPR).

    The processing is necessary for purposes of our legitimate interest to be able to keep expanding the IKEA brand.

    Storage period: We will store this information for as long as the life validity of the IP rights supporting the works. You have the right to object to the processing as explained in your rights section of this privacy statement.

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for
    		 What personal data we process
    		 Our lawful basis for the processing 

    Managing our general business operations; facilitating business operations and corporate transactions.

    Managing and fulfilling internal financial reporting and auditing, recordkeeping, and other related purposes.

    Contact details (such as name, email address, address, phone number).

    Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.).

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and IKEA.

    Personal data related to audit records and trails.

    Company details including business name, role, and business address.

    Performance of a contract (Article 6.1 (b) GDPR)

    The processing is necessary for the performance of the agreement that you have with us. For us to perform our obligation under the agreement, such as payment, we need to process the necessary data.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to provide correctly administer our business.

    Complying with applicable law and legal obligations, such as tax law, labor law, corporate governance including financial reporting and forecasting.

    Complying with legal processes such as search warrants, subpoenas or court orders.

    Contact details (such as name, email address, address, phone number) of relevant data subjects.

    Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.).

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Personal data related to audit records and trails.

    Company details including business name, role and business address.

    Compliance with a legal obligation (Article 6.1 (c) GDPR)

    The processing is necessary for complying with legal obligations under applicable law.

    Assist in handling payments out and approving payments and expense reimbursements, including towards suppliers and business partners.

    Contact details (such as name, email address, address, phone number) of relevant data subjects.

    Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.).

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Personal data related to audit records and trails.

    Company details including business name, role and business address.

    Performance of the contract (Article 6.1 (b) GDPR).

    The processing is necessary for us to be able to process payment when you partner up with us.

    You need to provide the personal data to us, otherwise, you will not be able to process your payment.

    Compliance with a legal obligation (Article 6.1 (c) GDPR)

    The processing is necessary for complying with legal obligations under applicable law.

    Conduct business analysis, such analysis of revenue, margin fluctuations, quality monitoring.

    Contact details (such as name, email address, address, phone number) of relevant data subjects.

    Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.).

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and IKEA.

    Personal data related to audit records and trails.

    Company details including business name, role, and business address.

    Legitimate interest (Article 6.1 (f) GDPR).

    The processing is necessary for the purposes of our legitimate interest to provide correctly administer our business.

    Detecting, preventing, and stopping financial fraud.

    Contact details (such as name, email address, address, phone number) of relevant data subjects.

    Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.).

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Personal data related to audit records and trails.

    Company details including business name, role, and business address.

    Compliance with a legal obligation (Article 6.1 (c) GDPR)

    The processing is necessary for complying with legal obligations under applicable law.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    As part of regular reporting activities to other members of the Inter IKEA Group.

    Contact details (such as name, email address, address, phone number) of relevant data subjects.

    Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.).

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and IKEA.

    Personal data related to audit records and trails.

    Company details including business name, role, and business address.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    To protect the rights and property of the Inter IKEA Group or others.

    Contact details (such as name, email address, address, phone number) of relevant data subjects.

    Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.).

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and IKEA.

    Personal data related to audit records and trails.

    Company details including business name, role, and business address.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Storage period: Your personal data will be stored for as long as required by law. In general terms this is 10 years counted from the moment of the transaction.

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for
    		 What personal data we process
    		 Our lawful basis for the processing

    Supplier/Service provider onboarding and assessment: onboarding, including financial screening, sanction party screening and general assessment of the supplier/service provider.

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Compliance with a legal obligation (Article 6.1 (c) GDPR)

    The processing is necessary for complying with legal obligations under applicable law.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Database management: managing databases relationships with former, existing and prospective suppliers/service providers.

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Supplier/service provider management: conducting tender activities, requests for proposals and contract negotiation; managing relationship with existing and prospective suppliers/service providers.

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Support and communications: communicate with service providers regarding the services, including to develop and improve the quality of services; assisting in handling complaints and requests.

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Supplier/service provider contracting: administration and execution of the agreements concluded with suppliers/service providers.

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Performance of the contract (Article 6.1 (b) GDPR)

    The processing is necessary for us to be able to comply with your payment when you partner up with us.

    You need to provide the personal data to us, otherwise, you will not be able to process your payment.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Accounting and finance: facilitate invoicing, billing, collections and related activities.

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Compliance with a legal obligation (Article 6.1 (c) GDPR)

    The processing is necessary for complying with legal obligations under applicable law.

    Performance of the contract (Article 6.1 (b) GDPR)

    The processing is necessary for us to be able to comply with your payment when you partner up with us.

    You need to provide the personal data to us, otherwise, you will not be able to process your payment

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Audits and assessments: conducting audits and assessments of suppliers/service providers (including security audits).

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Recordkeeping: fulfilling management and recordkeeping purposes

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Compliance with a legal obligation (Article 6.1 (c) GDPR)

    The processing is necessary for complying with legal obligations under applicable law such as corporate law, tax law, international trade legislation, import and export legislative frameworks.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Dispute resolution and management: manage and address disputes with suppliers/service providers.

    Contact details (such as name, email address, address, phone number).

    Company details including business name, role and business address.

    Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists).

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Performance of the contract (Article 6.1 (b) GDPR)

    The processing is necessary for us to be able to comply with contractual obligations assumed by us when you partner up with us.

    You need to provide the personal data to us, otherwise, you will not be able to process your payment.

    To identify you in marketing or communication material throughout the world next to one or more of the products designed for IKEA of Sweden AB and – whenever applicable – together with corresponding information material of any other business partner.

    Your name, professional details including your CV, other work details when relevant, such as what team you might be a part of in your organization, as well as your picture, voice, and comments you may have supplied us with regarding our or your business.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to correctly administer our business.

    Performance of the contract (Article 6.1 (b) GDPR)

    The processing is necessary for us to be able to comply with your or ours obligations under the agreement that you have signed with us e.g..

    You need to provide the personal data to us, otherwise, you will not be able to process your payment.

    Storage period: Your personal data for 10 years.

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for
    		 What personal data we process
    		 Our lawful basis for the processing

    Collaboration and Communication: provision of global email, calendar sharing, communication, messaging, document sharing, shared workspaces, and other online collaboration services and tools, including:

    To facilitate access to collaboration, communications, and company knowledge management tools and assets.

    To enable communications.

    To establish corporate directory.

    Calendar integration and Outlook-related integrations to enable communication, availability and scheduling.

    Cross-organization access to document sharing platforms and shared workspaces, as well as other cross-company systems and data, on a need-to-know basis.

    Network support and IT services related to such tools.

    Administration, security and management: management and security associated with collaboration and communications resources, including data loss prevention.

    Company and user information, including:

    Name

    Business email, phone number, address and contact info

    Computer name

    Title

    Location

    Direct report/manager, department, and cost centre

    Calendar visibility, such as free/busy status

    Support and service tickets and requests related to tools and resources.

    Other network and organizational information necessary to provision, secure and maintain access to resources and tools, including:

    IP address, device and user IDs/names

    Event logs and other log files

    Roles

    Email and attachments, file and folder content, hashes, history, and associated metadata.

    Domain names, and URLs.

    Configuration information such as for example software version information, applied patches, security settings, permissions, or other technical settings for laptops, desktops and other endpoints.

    Utilization statistics.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to provide customer service, i.e. support.

    Storage period: We will store this information for as long as the life validity of the IP rights supporting the works. You have the right to object to the processing as explained in your rights section of this privacy statement.

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for
    		 What personal data we process
    		 Our lawful basis for the processing

    Collect information that is necessary in order to improve the System and different functionalities.

    We will collect information about you to acknowledge patterns in how our Systems and the different functions are used. To best ensure your privacy while doing so, we only process personal data on an aggregate level.

    • IP-address.

    • Geographical location (only on an aggregate level and not exact address).

    • Information regarding how you use the System, e.g. what features you enable in the System as well as your use of the features (e.g. if you turn on a connected lamp).

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to provide better tools to our co-workers and suppliers.

    Collect information that is necessary in order to improve the Application and different functionalities. To do this we use the analytic service from Google (i.e. Google Firebase Analytics including Google Analytics). You can find more information on how Google processes your personal data on Google’s website.

    This analytics service from Google will collect information about you to acknowledge patterns in how the Application and the different functions are used. To best ensure your privacy while doing so, we only process personal data on an aggregate level.

    • IP-address.

    • Geographical location (only on an aggregate level and not exact address).

    • Information regarding how you use the Application, e.g. what features you enable in the System as well as your use of the features (e.g. if you turn on a connected lamp) and what you click on in the Application.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for the purposes of our legitimate interest to provide better tools to our co-workers and suppliers.

    Storage period: We will store your personal data for as long as necessary to perform our analysis and further improve the System and the Application and no longer than one (1) year.

    Google will continue to store your personal data for its own purposes and Google will inform you separately about such storing.

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for
    		 What personal data we process
    		 Our lawful basis for the processing

    For product research and development

    Personal identification information (e.g., name, address, contact details).

    • Family relation.

    • Opinions, preferences, interests, designs.

    • Images in different formats.

    • Voice.

    • Home or workshop interior.

    Performance of the contract (Article 6.1 (b) GDPR)

    The processing is necessary for us to be able to comply with your payment when you partner up with us.

    You need to provide the personal data to us, otherwise, you will not be able to process your payment.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for purposes of our legitimate interest to be able to keep our products and brand relevant and up to date.

    Storage period: We will store your personal data for as long as necessary to perform our product development and further improve our products.

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for
    		 What personal data we process
    		 Our lawful basis for the processing

    To keep and manage records on the IKEA Archive.

     Your name, professional details including your CV, other work details when relevant, such as what team you might be a part of in your organization, as well as your picture, voice, and comments you may have supplied us with regarding our or your business.


    Your name, picture, and voice, along with information about your preferences and opinions, quotes, interviews, and results from surveys that you may have participated in. In addition to this, comments that you may have supplied us with regarding our or your business may be collected as well as documents and works (in any format, such as video or sound recordings) that you might create and voluntarily share with us.

    Company details including business name, role and business address.

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for purposes of our legitimate interest to be able to keep our products and brand relevant and up to date.

    Storage period: We will store your personal data for as long as it is relevant for our archives.

    Copy link Copied Link Successfully copied link

    Copy Link

  • What purpose we process for What personal data we process
    		 Our lawful basis for the processing

    Production of cultural exhibitions at the IKEA Museum.

    Your name, professional details including your CV, other work details when relevant, such as what team you might be a part of in your organization, as well as your picture, voice, and comments you may have supplied us with regarding our or your business.

     

    Your name, picture, and voice, along with information about your preferences and opinions, quotes, interviews, and results from surveys that you may have participated in. In addition to this, comments that you may have supplied us with regarding our or your business may be collected as well as documents and works (in any format, such as video or sound recordings) that you might create and voluntarily share with us.


    Company details including business name, role and business address.

    Information regarding orders and other transactional details.

    Financial information (such as business bank account or invoicing details).

    Other personal data disclosed during communications between an individual and Inter IKEA.

    Performance of a contract (Article 6.1 (b) GDPR)

    The processing is necessary for the performance of the agreement that you have with us to participate on different events or campaigns.

    Legitimate interest (Article 6.1 (f) GDPR)

    The processing is necessary for purposes of our legitimate interest to be able to keep our products and brand relevant and up to date.

    Storage period: We will store your personal data for as long as it is relevant for our exhibition

    Copy link Copied Link Successfully copied link

    Copy Link

Above information applies from 2025-04-15.