After 20 years at IKEA – including leading the IKEA Franchisor from 2018 and CEO of Inter IKEA Group since 2020 – Jon Abrahamsson Ring is handing over to Jakub Jankowski, currently Managing Director for IKEA Industry. Jakub will step into the role as CEO of Inter IKEA Group on 1 January 2026.
Torbjörn Lööf becomes a new member of the Supervisory Board of Inter IKEA Holding B.V., starting his assignment on August 1, 2025.
Thank you for trusting us at IKEA Älmhult AB with your personal data. The IKEA vision is to create a better everyday life for the many people. That’s a big job and one that we at IKEA take seriously.
When you interact with IKEA we will process your personal data. We will collect most of your personal data by using cookies and similar technologies or by other means. How we do this is described in our text about cookies which you find here.
We commit ourselves to be transparent with you by providing clear information about what personal data we collect; what we do with it and why; who we disclose it to; how we protect personal data and what choices you have regarding the use of your personal data by us and third parties.
Below you will find both detailed descriptions of your rights and how to exercise them as well as how we use your personal data and for what purposes.
Do not hesitate to contact us with any questions you have regarding this Privacy Statement!
Your personal data is initially collected and processed by us. We commit to never sell your personal data.
Nevertheless, to conduct our business, we need to work with service providers and business partners who will process your personal data. We are responsible for any sharing of your personal data and to make sure your personal data is safe when shared with this third parties as set out below.
We share your personal data with our service providers who process the personal data on our behalf, which means that we remain responsible for the data they are processing. Currently, we share your personal data with the following categories of service providers:
We also share your data with other organizations, who will be independently responsible for certain processing of your personal data. These are:
If you have any questions regarding how we share your personal data or want to know more about who we share your personal data with, please feel free to contact us.
Your personal data will be, in most cases, be processed within the EU.
However, your personal data will be processed outside of the EU/EEA if the service providers we use are based outside of the EU/EEA. Therefore, your personal data will be transferred outside the EU/EEA in the following cases:
In the above situations, the transfers only take place in accordance with applicable data protection legislation, meaning that we will transfer your personal data outside the EU/EEA when we can ensure an appropriate level of protection of your personal data. We will transfer your personal data under the Standard Contractual Clauses (article 46.1 (c) GDPR), Module 2, together with supplementary measures. You can find the Standard Contractual Clauses here.
If you want to know more about what safeguards we implement for transfers of personal data or receive a copy of the safeguards you are always very welcome to contact us.
You have the right to lodge a complaint with a supervisory authority.
The supervisory authority in Sweden is Integritetsskyddsmyndigheten
Copy link Copied Link Successfully copied link
You have the right to withdraw your consent at any time. This can easily be done in the Application under privacy settings. When you withdraw your consent, it will be done on behalf of all others using the same System as you. Notwithstanding the foregoing, when you withdraw your consent in relation to receiving push notifications regarding the System it will only affect you since such push notifications are sent to your specific device.
Copy link Copied Link Successfully copied link
You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we do process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about our processing of your personal data.
Copy link Copied Link Successfully copied link
You have a right to obtain, without undue delay, the rectification of inaccurate personal data concerning you.
Copy link Copied Link Successfully copied link
You can at any time ask us to delete some or all of your personal data.
Copy link Copied Link Successfully copied link
You have the right to demand restriction on the processing of your personal data.
Copy link Copied Link Successfully copied link
You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and, where technically feasible, have your personal data transferred to another data controller (“data portability”).
Copy link Copied Link Successfully copied link
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data that is based on the lawful basis legitimate interest (Article 6.1 (f) GDPR), including profiling.
Copy link Copied Link Successfully copied link
As we state in the tables below, for some purposes, we process your personal data based on our “legitimate interest”. By carrying out a balancing of interests’ assessment concerning our processing of your personal data, we have concluded that our legitimate interest for the processing outweighs your interests or rights which require the protection of your personal data.
If you want more information in relation to our balancing of interests’ assessments, please do not hesitate to contact us.
Copy link Copied Link Successfully copied link
| What purpose we process for | What personal data we process | Our lawful basis for the processing |
|
Management of job and internship candidates (including management of related database); |
Information provided during the recruitment process: personal data contained in CV, resumes and application form, references, record of interview or interview notes, and selection and verification records and previous (job) experience. |
Legitimate interest (Article 6.1 (f) GDPR).
Performance of a contract (Article 6.1 (b) GDPR)
|
|
Storage period: One (5) years counted from the moment of closure of the recruitment process. |
||
Copy link Copied Link Successfully copied link
| What purpose we process for |
What personal data we process |
Our lawful basis for the processing |
|
Management and maintenance of physical site safety and security (including to manage physical access and administer camera surveillance).
|
Video surveillance footage and physical access records (recorded in and on premises of the Inter IKEA Group by the use of video surveillance equipment (CCTV) or access logging systems).
|
Legitimate interest (Article 6.1 (f) GDPR). The processing is necessary for purposes of our legitimate interest to be able to detect misconduct and protect IKEA’s asset in their different form. |
|
Management and maintenance of IT systems, network and office equipment including cybersecurity risk management, internal audits, data loss prevention, security assessments, logging and managing access rights and related requests. |
All categories and types of personal processed on the IT Network including information for use of company network and devices (information that is required to access company systems and applications such as email account and system passwords, in some cases also device information of devices provided such as mobile phones or laptops). |
Legitimate interest (Article 6.1 (f) GDPR). The processing is necessary for purposes of our legitimate interest to be able to prevent, detect, identify and resolve security threats to IKEA assets in their different forms. |
|
Other forms of risk management, including fraud prevention and investigation. |
Personal identification information (e.g., name, address, contact details). Employment-related information (e.g., job title, department, employment history). Allegations or reports of misconduct or breaches of codes of conduct. Witness statements or testimonies. Communications related to the investigation (e.g., emails, chat logs, systems logs). Any other relevant personal data necessary for conducting the investigation and ensuring compliance with legal requirements. |
Compliance with a legal obligation. (Article 6.1 (c) GDPR). The processing is necessary for the purpose of compliance with a legal obligation of providing tight security assurances, healthy work environment, compliance with financial and other applicable legislation. The processing is necessary for purposes of our legitimate interest to be able to detect misconduct and run out business in a legal and ethical way. |
|
For management of sanctioned party screening
|
Corporate email-address of the contact person of the party Financial information (e.g., bank account details, transaction history) Sanction-related information (e.g., presence on sanction lists, reasons for listing) Any other relevant personal data necessary for conducting the screening process and complying with legal requirements related to sanctions. |
Compliance with a legal obligation. (Article 6.1 (c) GDPR). The processing is necessary for the purpose of compliance with a legal obligation by which certain screenings are legally mandatory. The processing is necessary for purposes of our legitimate interest to be able to detect misconduct. |
|
Storage period: 30 days to 1 years counted from the moment of collection. For example, we delete the IP address after thirty (30) days.” |
||
Copy link Copied Link Successfully copied link
| What purpose we process for |
What personal data we process |
Our lawful basis for the processing |
|
To identify you as the business partner in marketing or communication material at all IKEA customer meeting points throughout the world next to one or more of the products you have designed IKEA as a brand whenever applicable – together with corresponding information material of any other business partner.
|
Your name, professional details including your CV, other work details when relevant, such as what team you might be a part of in your organization, as well as your picture, voice, and comments you may have supplied us with regarding our or your business.
|
Performance of a contract (Article 6.1 (b) GDPR) The processing is necessary for the performance of the agreement that you have with us as a designer, model, performer, etc. The processing is necessary for purposes of our legitimate interest to be able to keep our products and brand relevant and up to date and inform our customers about the identity of the people and organizations who support us in our development process. |
|
For internal communication across IKEA as well as with IKEA affiliates and business partners.
|
Your name and picture, your voice, information about your preferences and opinions, quotes, interviews, results from surveys that you may have participated in, comments you may have supplied us with regarding our or your business, as well as documents and works (in any format, such as video or sound recordings) that you might create and voluntarily share with us.
|
Performance of a contract (Article 6.1 (b) GDPR) The processing is necessary for the performance of the agreement that you have with us as a designer, model, performer, etc. The processing is necessary for purposes of our legitimate interest to be able to keep our internal communication flowing and up to date and inform our co-workers and business partners about multiple aspects of our brand, customers, business partners, etc. |
|
For external communication by global and local publishing of different content in different media channels including but not limited to publications online, social media, earned media, printed media, paid media.
|
Your name, picture, and voice, along with information about your preferences and opinions, quotes, interviews, and results from surveys that you may have participated in. In addition to this, comments that you may have supplied us with regarding our or your business may be collected as well as documents and works (in any format, such as video or sound recordings) that you might create and voluntarily share with us.
|
Performance of a contract (Article 6.1 (b) GDPR) The processing is necessary for the performance of the agreement that you have with us to participate on different events or campaigns. The processing is necessary for purposes of our legitimate interest to be able to keep expanding the IKEA brand. |
|
Storage period: We will store this information for as long as the life validity of the IP rights supporting the works. You have the right to object to the processing as explained in your rights section of this privacy statement. |
||
Copy link Copied Link Successfully copied link
| What purpose we process for |
What personal data we process |
Our lawful basis for the processing |
|
Managing our general business operations; facilitating business operations and corporate transactions.
|
Contact details (such as name, email address, address, phone number). Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.). Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and IKEA. Personal data related to audit records and trails. Company details including business name, role, and business address. |
Performance of a contract (Article 6.1 (b) GDPR) The processing is necessary for the performance of the agreement that you have with us. For us to perform our obligation under the agreement, such as payment, we need to process the necessary data. The processing is necessary for the purposes of our legitimate interest to provide correctly administer our business. |
|
Complying with applicable law and legal obligations, such as tax law, labor law, corporate governance including financial reporting and forecasting.
|
Contact details (such as name, email address, address, phone number) of relevant data subjects. Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.). Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. Personal data related to audit records and trails. Company details including business name, role and business address. |
Compliance with a legal obligation (Article 6.1 (c) GDPR) The processing is necessary for complying with legal obligations under applicable law. |
|
Assist in handling payments out and approving payments and expense reimbursements, including towards suppliers and business partners.
|
Contact details (such as name, email address, address, phone number) of relevant data subjects. Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.). Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. Personal data related to audit records and trails. Company details including business name, role and business address. |
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for us to be able to process payment when you partner up with us. You need to provide the personal data to us, otherwise, you will not be able to process your payment. The processing is necessary for complying with legal obligations under applicable law. |
|
Conduct business analysis, such analysis of revenue, margin fluctuations, quality monitoring.
|
Contact details (such as name, email address, address, phone number) of relevant data subjects. Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.). Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and IKEA. Personal data related to audit records and trails. Company details including business name, role, and business address. |
Legitimate interest (Article 6.1 (f) GDPR). The processing is necessary for the purposes of our legitimate interest to provide correctly administer our business. |
|
Detecting, preventing, and stopping financial fraud. |
Contact details (such as name, email address, address, phone number) of relevant data subjects. Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.). Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. Personal data related to audit records and trails. Company details including business name, role, and business address. |
Compliance with a legal obligation (Article 6.1 (c) GDPR) The processing is necessary for complying with legal obligations under applicable law. The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
As part of regular reporting activities to other members of the Inter IKEA Group.
|
Contact details (such as name, email address, address, phone number) of relevant data subjects. Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.). Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and IKEA. Personal data related to audit records and trails. Company details including business name, role, and business address. |
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
To protect the rights and property of the Inter IKEA Group or others.
|
Contact details (such as name, email address, address, phone number) of relevant data subjects. Data required as part of due diligence (e.g., professional qualification, location, ITAR approval, citizenship etc.). Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and IKEA. Personal data related to audit records and trails. Company details including business name, role, and business address. |
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Storage period: Your personal data will be stored for as long as required by law. In general terms this is 10 years counted from the moment of the transaction. |
||
Copy link Copied Link Successfully copied link
| What purpose we process for |
What personal data we process |
Our lawful basis for the processing |
|
Supplier/Service provider onboarding and assessment: onboarding, including financial screening, sanction party screening and general assessment of the supplier/service provider.
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Compliance with a legal obligation (Article 6.1 (c) GDPR) The processing is necessary for complying with legal obligations under applicable law. The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Database management: managing databases relationships with former, existing and prospective suppliers/service providers.
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Supplier/service provider management: conducting tender activities, requests for proposals and contract negotiation; managing relationship with existing and prospective suppliers/service providers.
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Support and communications: communicate with service providers regarding the services, including to develop and improve the quality of services; assisting in handling complaints and requests.
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Supplier/service provider contracting: administration and execution of the agreements concluded with suppliers/service providers.
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Performance of the contract (Article 6.1 (b) GDPR) The processing is necessary for us to be able to comply with your payment when you partner up with us. You need to provide the personal data to us, otherwise, you will not be able to process your payment. The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Accounting and finance: facilitate invoicing, billing, collections and related activities.
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Compliance with a legal obligation (Article 6.1 (c) GDPR) The processing is necessary for complying with legal obligations under applicable law. The processing is necessary for us to be able to comply with your payment when you partner up with us. You need to provide the personal data to us, otherwise, you will not be able to process your payment The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Audits and assessments: conducting audits and assessments of suppliers/service providers (including security audits).
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Recordkeeping: fulfilling management and recordkeeping purposes
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Compliance with a legal obligation (Article 6.1 (c) GDPR) The processing is necessary for complying with legal obligations under applicable law such as corporate law, tax law, international trade legislation, import and export legislative frameworks. Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. |
|
Dispute resolution and management: manage and address disputes with suppliers/service providers.
|
Contact details (such as name, email address, address, phone number). Company details including business name, role and business address. Key business contacts. Data required as part of supplier/service provider assessment (e.g., who the owners are, cross check against sanction lists). Information regarding orders and other transactional details. Financial information (such as business bank account or invoicing details). Other personal data disclosed during communications between an individual and Inter IKEA. |
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. Performance of the contract (Article 6.1 (b) GDPR) The processing is necessary for us to be able to comply with contractual obligations assumed by us when you partner up with us. You need to provide the personal data to us, otherwise, you will not be able to process your payment. |
|
To identify you in marketing or communication material throughout the world next to one or more of the products designed for IKEA of Sweden AB and – whenever applicable – together with corresponding information material of any other business partner.
|
Your name, professional details including your CV, other work details when relevant, such as what team you might be a part of in your organization, as well as your picture, voice, and comments you may have supplied us with regarding our or your business.
|
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to correctly administer our business. The processing is necessary for us to be able to comply with your or ours obligations under the agreement that you have signed with us e.g.. You need to provide the personal data to us, otherwise, you will not be able to process your payment. |
|
Storage period: Your personal data for 10 years. |
||
Copy link Copied Link Successfully copied link
| What purpose we process for |
What personal data we process |
Our lawful basis for the processing |
|
Collaboration and Communication: provision of global email, calendar sharing, communication, messaging, document sharing, shared workspaces, and other online collaboration services and tools, including: To facilitate access to collaboration, communications, and company knowledge management tools and assets. To enable communications. To establish corporate directory. Calendar integration and Outlook-related integrations to enable communication, availability and scheduling. Cross-organization access to document sharing platforms and shared workspaces, as well as other cross-company systems and data, on a need-to-know basis. Network support and IT services related to such tools. Administration, security and management: management and security associated with collaboration and communications resources, including data loss prevention. |
Company and user information, including: Name Business email, phone number, address and contact info Computer name Title Location Direct report/manager, department, and cost centre Calendar visibility, such as free/busy status Support and service tickets and requests related to tools and resources. Other network and organizational information necessary to provision, secure and maintain access to resources and tools, including: IP address, device and user IDs/names Event logs and other log files Roles Email and attachments, file and folder content, hashes, history, and associated metadata. Domain names, and URLs. Configuration information such as for example software version information, applied patches, security settings, permissions, or other technical settings for laptops, desktops and other endpoints. Utilization statistics. |
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to provide customer service, i.e. support. |
|
Storage period: We will store this information for as long as the life validity of the IP rights supporting the works. You have the right to object to the processing as explained in your rights section of this privacy statement. |
||
Copy link Copied Link Successfully copied link
| What purpose we process for |
What personal data we process |
Our lawful basis for the processing |
|
Collect information that is necessary in order to improve the System and different functionalities. |
|
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to provide better tools to our co-workers and suppliers. |
|
Collect information that is necessary in order to improve the Application and different functionalities. To do this we use the analytic service from Google (i.e. Google Firebase Analytics including Google Analytics). You can find more information on how Google processes your personal data on Google’s website. |
|
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for the purposes of our legitimate interest to provide better tools to our co-workers and suppliers. |
|
Storage period: We will store your personal data for as long as necessary to perform our analysis and further improve the System and the Application and no longer than one (1) year. Google will continue to store your personal data for its own purposes and Google will inform you separately about such storing. |
||
Copy link Copied Link Successfully copied link
| What purpose we process for |
What personal data we process |
Our lawful basis for the processing |
|
For product research and development |
Personal identification information (e.g., name, address, contact details).
|
Performance of the contract (Article 6.1 (b) GDPR) The processing is necessary for us to be able to comply with your payment when you partner up with us. You need to provide the personal data to us, otherwise, you will not be able to process your payment. Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for purposes of our legitimate interest to be able to keep our products and brand relevant and up to date. |
|
Storage period: We will store your personal data for as long as necessary to perform our product development and further improve our products. |
||
Copy link Copied Link Successfully copied link
| What purpose we process for |
What personal data we process |
Our lawful basis for the processing |
|
To keep and manage records on the IKEA Archive.
|
Your name, professional details including your CV, other work details when relevant, such as what team you might be a part of in your organization, as well as your picture, voice, and comments you may have supplied us with regarding our or your business.
|
Legitimate interest (Article 6.1 (f) GDPR) The processing is necessary for purposes of our legitimate interest to be able to keep our products and brand relevant and up to date. |
|
Storage period: We will store your personal data for as long as it is relevant for our archives. |
||
Copy link Copied Link Successfully copied link
| What purpose we process for | What personal data we process |
Our lawful basis for the processing |
|
Production of cultural exhibitions at the IKEA Museum.
|
Your name, professional details including your CV, other work details when relevant, such as what team you might be a part of in your organization, as well as your picture, voice, and comments you may have supplied us with regarding our or your business.
Your name, picture, and voice, along with information about your preferences and opinions, quotes, interviews, and results from surveys that you may have participated in. In addition to this, comments that you may have supplied us with regarding our or your business may be collected as well as documents and works (in any format, such as video or sound recordings) that you might create and voluntarily share with us.
|
Performance of a contract (Article 6.1 (b) GDPR) The processing is necessary for the performance of the agreement that you have with us to participate on different events or campaigns. The processing is necessary for purposes of our legitimate interest to be able to keep our products and brand relevant and up to date. |
|
Storage period: We will store your personal data for as long as it is relevant for our exhibition |
||
Copy link Copied Link Successfully copied link