Thank you for trusting us at IKEA of Sweden AB (“IKEA”, “we”, “us” or “our”) with your personal data. The IKEA vision is to create a better everyday life for the many people. That’s a big job and one that we at IKEA take seriously.
When you use your IKEA Home smart System (the “System”) and control your connected smart products within the System, such as a lamp, via the IKEA Home smart 1 Application (the “Application”), we will process your personal data. We will collect most of your personal data by using cookies and similar technologies. How we do this is described in our text about cookies which you find here.
We commit ourselves to be transparent with you by providing clear information about what personal data we collect; what we do with it and why; who we disclose it to; how we protect personal data and what choices you have regarding the use of your personal data by us and third parties.
Of course, you are not required to provide your personal data to us. But if you want to use certain functionalities, as further set out below, in the System and the Application, we will need certain personal data about you to make the System and the Application function in a secure and satisfactory manner. To protect your privacy, we have taken measures to avoid identifying you directly when you use the System and the Application.
Do not hesitate to contact us with any questions you have regarding this Privacy Statement!
Below you will find a detailed description of your rights and how to exercise them. In summary, you have the following rights:
By pressing the selected heading, you will be transferred to the relevant paragraph.
We, IKEA of Sweden AB, with company registration no. 556074-7551, Tulpanvägen 1, 343 34 Älmhult, Sweden are responsible for the processing activities when you use the System and the Application.
If you have questions about our Privacy Statement or practices, please feel free to get in touch. You can contact us at [email protected]
Your personal data is initially collected and processed by us and we do not sell your personal data.
Nevertheless, to conduct our business, we need to work with service providers and business partners who will process your personal data. We are responsible for any sharing of your personal data and to make sure your personal data is safe when shared with third parties as set out below.
We share your personal data with our service providers who process the personal data on our behalf, which means that we remain responsible for the data they are processing. Currently, we share your personal data with the following categories of service providers:
We also share your data with other business partners, who will be responsible for certain processing of your personal data. These business partners are:
If you have any questions regarding how we share your personal data or want to know more about who we share your personal data
with, please feel free to contact us.
Your personal data will in most cases be processed outside of the EEA, Switzerland or UK if the service providers we use are based outside of the EEA, Switzerland or UK. Your personal data will be transferred outside the EEA, Switzerland or UK in the following cases:
In the above situations, the transfers only take place in accordance with applicable data protection legislation, meaning that we will transfer your personal data outside the EU/EEA when we can ensure an appropriate level of protection of your personal data. We will transfer your personal data under the Standard Contractual Clauses (article 46.2 (c) GDPR), Module 1 (controller to controller) and Module 2 (controller to processor) respectively, together with supplementary measures. You can find the Standard Contractual Clauses here.
If you want to know more about what safeguards we implement for transfers of personal data or receive a copy of the safeguards you are always very welcome to contact us.
You have certain rights that you can exercise to affect how we process your personal data. You can read a more detailed description about those rights below.
If you want to know more about your rights or if you want to exercise any of your rights, please contact us and we will help you.
You have the right to lodge a complaint with a supervisory authority.
In detail. Your right to complain exists without prejudice to any other administrative or judicial remedy. You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place where the alleged infringement of applicable data protection laws has allegedly occurred.
You have the right to withdraw your consent at any time. This can easily be done in the Application under privacy settings. When you withdraw your consent, it will be done on behalf of all others using the same System as you.
In detail. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we do process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about our processing of your personal data.
In detail. The information we provide includes the following:
For any further copies of the personal data undergoing processing requested by you, we may charge a reasonable fee based on administrative costs. If you have made the request by electronic means the information will be provided to you in a commonly used electronic form, unless otherwise requested by you.
You have a right to obtain, without undue delay, the rectification of inaccurate personal data concerning you.
In detail. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including the means of providing a supplementary statement.
We will notify each recipient to whom the personal data has been provided of any correction that has been made unless this turns out to be impossible or entails a disproportionate effort. If you want information about these recipients, you are welcome to contact us.
You can at any time ask us to delete some or all of your personal data.
In detail. You have the right to obtain from us the erasure of your personal data and we have the obligation to erase your personal data without undue delay where one of the following grounds applies:
We will notify each recipient to whom the personal data has been provided about any erasure of personal data according to the above unless this turns out to be impossible or entails a disproportionate effort. If you want more information about these recipients, you are welcome to contact us.
Note that our obligation to erase and inform according to the above shall not apply to the extent that processing is necessary according to the following reasons:
You have the right to demand restriction on the processing of your personal data.
In detail. The right applies if:
Where the processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims or the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will notify you before the restriction of processing is lifted.
We will notify each recipient to whom the personal data has been provided about any restriction of processing according to the above unless this turns out to be impossible or entails a disproportionate effort. If you want more information about these recipients, you are welcome to contact us.
You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and, where technically feasible, have your personal data transferred to another data controller (“data portability”).
In detail. The right applies to our processing of your personal data when it is based on the lawful basis of consent (Article 6.1 (a) GDPR or contract (Article 6.1 (b) GDPR) and the processing is carried out by automated means.
The exercise of the right to data portability shall be without prejudice to the right to be forgotten, Article 17 GDPR.
Your right to data portability shall not adversely affect the rights and freedoms of others.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data that is based on the lawful basis legitimate interest (Article 6.1 (f) GDPR), including profiling.
In detail. If you object, we shall then no longer process the personal data in question, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of you, or for the establishment, exercise, or defence of legal claims.
As we state in the tables below, for some purposes, we process your personal data based on our “legitimate interest”. By carrying out a balancing of interests’ assessment concerning our processing of your personal data, we have concluded that our legitimate interest for the processing outweighs your interests or rights which require the protection of your personal data.
If you want more information in relation to our balancing of interests’ assessments, please do not hesitate to contact us.
We are happy that you share your personal data with us! We want to make your experience with us as joyful, meaningful, and simple as possible. To achieve this, we collect some information about you. This section tells you what personal data we collect and process, why we process it, and the lawful basis and storage period for the personal data in question.
| For the functionality of the System and the Application | ||
| What processing we perform | What personal data we process | Our lawful basis for the processing |
|---|---|---|
|
To enable you to use the System and the Application and to make sure that the System and the Application work in a satisfying and secure manner we process your personal data to:
|
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to use the System and the Application, including the different functionalities. You need to provide the personal data to us, otherwise, you will not be able to use the System and the Application, including the different functionalities. |
|
Gather information to detect problems in the System’s and the Application’s functionality. This information is essential for us to be able to fix problems we detect in the System’s and the Application’s functionality. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for us to detect and fix problems in the System’s and the Application’s functionality. You need to provide the personal data to us, otherwise, we will not be able to ensure that the System and the Application, including the different functionalities, will function in a satisfying manner. |
|
Analyse information regarding detected problems in the System’s and the Application’s functionality in order to make improvements. To do this we use services from Logentries . You can find more information on how Logentries processes your personal data on Logentries website.
This information is essential for us to be able to improve the System’s and the Application’s functionality based on the analyses of detected problems and how the System and the Application are used. To best ensure your privacy while doing so, we mostly process personal data on an aggregate level. This means that we are able to see a certain pattern of use connected to a certain user of the System and the Application, but not who the user is. |
|
Legitimate interest (Article 6.1 (f) GDPR). The processing is necessary for purposes of our legitimate interest to be able to detect problems in the System and the Application’s functionality. |
| Storage period: We will store your personal data for as long as you use the System and the Application, including specific connected smart products. | ||
| To enable you to use and control the System via the Application on multiple devices | ||
| What processing we perform | What personal data we process | Our lawful basis for the processing |
|---|---|---|
|
Enable you to use and control the System via the Application on multiple devices and to remember your trusted devices connected to System.
These technical attributes that we collect are best described as codes and do not reveal your name or other personal data that directly can identify you. However, to be as transparent as possible, we inform you of our processing of these technical attributes since they, if connected with other personal data, could constitute personal data. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to control the System via the Application on multiple devices. You need to provide the personal data to us, otherwise, you will not be able to control the System via the Application on multiple devices. |
| Storage period: Your personal data will be stored for as long as the Application is installed on your device. | ||
| To enable you to save and adjust your favourite scenes | ||
| What processing we perform | What personal data we process | Our lawful basis for the processing |
|---|---|---|
|
Enable you to create and save a scene, for instance when it comes to connected lamps - to turn on the lights in the bedroom at seven o’clock as per your chosen scene.
These technical attributes that we collect are best described as codes and do not reveal your name or other personal data that directly can identify you. However, to be as transparent as possible, we inform you of our processing of these technical attributes since they, if connected with other personal data, could constitute personal data. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to create and save a scene. You need to provide the personal data to us, otherwise, you will not be able to create and save such a scene. |
|
Enable you to create and save a scene that will be initiated at sunrise and/or sunset, for instance when it comes to connected lamps - to turn on the lights in the bedroom at sunrise as per your chosen scene.
The majority of these technical attributes that we collect are best described as codes and do not reveal your name or other personal data that directly can identify you. However, to be as transparent as possible, we inform you of our processing of these technical attributes since they, if connected with other personal data, could constitute personal data. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to create and save a scene. You need to provide the personal data to us, otherwise, you will not be able to create and save such a scene. |
| Storage period: Your personal data for as long as you have such scene saved in the System. | ||
| To give you support regarding the System and the Application | ||
| What processing we perform | What personal data we process | Our lawful basis for the processing |
|---|---|---|
| Communicate with you when you contact us related to your usage of the System and the Application, e.g. for support matters. |
|
Legitimate interest (Article 6.1 (f) GDPR). The processing is necessary for the purposes of our legitimate interest to provide customer service, i.e. support. |
| Storage period: We will store your personal data for as long as necessary to perform our support in relation to the System and the Application, however no longer than one (1) year after your support matter has been solved. | ||
| To improve the System and the Application, including different functionalities | ||
| What processing we perform | What personal data we process | Our lawful basis for the processing |
|---|---|---|
|
Collect information that is necessary in order to improve the System and different functionalities.
We will collect information about you to acknowledge patterns in how the System and the different functions are used. To best ensure your privacy while doing so, we only process personal data on an aggregate level. |
|
Consent (Article 6.1 (a) GDPR). The personal data will be processed based on your consent. When you consent, it will be done on behalf of all others using the same System as you. You can withdraw such consent at any time in the Application under privacy settings. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. |
|
Collect information that is necessary in order to improve the Application and different functionalities. To do this we use the analytic service from Logentries. You can find more information on how Logentries processes your personal data on Logentries website.
This analytics service from Logentries will collect information about you to acknowledge patterns in how the Application and the different functions are used. To best ensure your privacy while doing so, we only process personal data on an aggregate level. |
|
Consent (Article 6.1 (a) GDPR). The personal data will be processed based on your consent. When you consent, it will be done on behalf of all others using the same System as you. You can withdraw such consent at any time in the Application under privacy settings. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. |
| Storage period: We will store your personal data for as long as necessary to perform our analysis and further improve the System and the Application and no longer than one (1) year. | ||
| To notify you about the information in relation to the System (air purifier) by push notifications | ||
| What processing we perform | What personal data we process | Our lawful basis for the processing |
|---|---|---|
| Send you push notifications regarding events in the System, such as when the filter needs to be changed or the filter was changed on the IKEA smart product (air purifier).
In order to send you such push notifications, we use services from Google (Google Firebase). You can find more information on how Google processes your personal data on Google’s website. The information is used to send you push notifications about such events, as described above. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to receive information regarding maintenance of the filter of the IKEA smart product (air purifier). |
| Storage period: We will store your personal data for as long as you have chosen to receive push notifications regarding the System. | ||
| To connect and control the System via your smart products from third parties | ||
| What processing we perform | What personal data we process | Our lawful basis for the processing |
|---|---|---|
|
Enable you to connect to and control the System via smart products from Google (i.e. Google Home).
We and Google (i.e. the third party provider of such smart product) will process your personal data to authenticate the user and make the integration between the System and the smart product in question function, i.e. perform the actions made by you via such smart product. These technical attributes that we collect are best described as codes and do not reveal your name or other personal data that directly can identify you. However, to be as transparent as possible, we inform you of our processing of these technical attributes since they, if connected with other personal data, could constitute personal data. You can find more information on how Google processes your personal data on Google´s website. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to connect and control the System via such smart product from Google. You need to provide the personal data to us, otherwise, you are unable to connect and control the System via such a smart product from Google. |
|
Enable you to connect to and control the System via smart products from Amazon (i.e. Alexa).
We and Amazon (i.e. the third party provider of such smart product) will process your personal data to authenticate the user and make the integration between the System and the smart product in question function, i.e. perform the actions made by you via such smart product. These technical attributes that we collect are best described as codes and do not reveal your name or other personal data that directly can identify you. However, to be as transparent as possible, we inform you of our processing of these technical attributes since they, if connected with other personal data, could constitute personal data. You can find more information on how Amazon processes your personal data on Amazon´s website. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to connect and control the System via such smart product from Amazon. You need to provide the personal data to us, otherwise, you are unable to connect and control the System via such a smart product from Amazon. |
|
Enable you to connect to and control the System via smart products from Apple (i.e. Apple HomeKit).
We and Apple (i.e. the third party provider of such smart product) will process your personal data to authenticate the user and make the integration between the System and the smart product in question function, i.e. perform the actions made by you via such smart product. These technical attributes that we collect are best described as codes and do not reveal your name or other personal data that directly can identify you. However, to be as transparent as possible, we inform you of our processing of these technical attributes since they, if connected with other personal data, could constitute personal data. You can find more information on how Apple processes your personal data on Apple´s website. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to connect and control the System via such smart product from Apple. You need to provide the personal data to us, otherwise, you are unable to connect and control the System via such a smart product from Apple. |
| Storage period: We will store your personal data for as long as such smart product from third parties connected to the System. | ||
| To connect the System with your speakers from Sonos | ||
| What processing we perform | What personal data we process | Our lawful basis for the processing |
|---|---|---|
| Enable you to connect your Sonos speakers to the System and control your Sonos speakers via the Application.
We and Sonos (the provider) will process your personal data in order to make the integration between the System and the Sonos speakers function, i.e. perform the actions made by your device when you use the Application to control the Sonos speaker. These technical attributes that we collect are best described as codes and do not reveal your name or other personal data that directly can identify you. However, to be as transparent as possible, we inform you of our processing of these technical attributes since they, if connected with other personal data, could constitute personal data. You can find more information on how Sonos processes your personal data on Sonos’ website. |
|
Performance of the contract (Article 6.1 (b) GDPR). The processing is necessary for you to be able to connect and control your Sonos speakers via the Application. You need to provide the personal data to us, otherwise, you are unable to connect and control your Sonos speakers via the Application. |
| Storage period: We will store your personal data for as long as such speaker from Sonos is connected to the System. | ||