Privacy Policy for IKEA Family

The personal data we collect from you directly

When you create an IKEA Family account, we receive a range of personal data directly from you, including:

• Name
• Gender
• Birth date
• Email address
• Phone number
• Address

 

The information we collect from you indirectly

When you become an IKEA Family member, we save your purchase history if you are logged in when you shop. This means that we store all your receipts digitally on your Family profile. This way we receive information about the products you buy, amount, date of purchase and method of payment.

We receive personal data indirectly from you when you use our online IKEA Family services, including when you visit your IKEA Family profile and otherwise make purchases via our website. This includes personal data such as the date and time you visited our website, the type of mobile/PC you used when you visited the website, which operating system and browser you use, as well as IP addresses.

The personal data we collect from other sources
We may also receive personal data from other sources, such as publicly available registers.

Deletion of personal data
If your account has been inactive for more than 36 months, it will be deleted for security reasons.

Manage membership

It is necessary for us to process your personal data in order to be able to offer you a membership in IKEA Family, and thus to be able to offer you our membership benefits, such as discounts on our products. We use, among other things, your email address or your membership number to identify you when you log in to your IKEA Family profile. Your purchase history can also be used to handle any complaints or claims, or to check whether you have purchased goods with any defects. This includes us using information about you to retrieve previous purchase receipts, and thus help you in the best possible way.

We will also be able to use your personal data to communicate with you in connection with the completion of your purchases and any other services that we provide to you.

Marketing
General marketing

When you register as an IKEA Family member, you can choose whether you want to receive newsletters by email and/or SMS. If you consent to this we will send you general information about IKEA Family offers, events and inspiration on an ongoing basis.

Personalised marketing

If you have agreed to us using your data to send more relevant marketing, we will offer you personalised offers, tailored to your preferences and needs. In order to do this, we need your consent. To give your consent, log in to your IKEA Family profile and tick the box for customised communication. To withdraw consent, remove the check mark.

Improve and develop our services
Your personal data can be used in anonymised form to improve, further develop and optimise our services and products, including the IKEA Family customer club, our website and our product range.

The personal data you share with us in connection with any surveys and other evaluations may also be used to improve our services and products.

In line with privacy legislation, IKEA is obliged to base its processing of personal data on a legal basis for processing. Our processing of personal data is based on one or more of the following bases:

• The processing is necessary to fulfill the membership agreement with you, for example being able to offer you the services that appear in our membership agreement.
• The processing is necessary for purposes related to a legitimate interest pursued by us, provided that your interests or fundamental rights and freedoms do not take precedence.
• You have given your consent to the processing of your personal data for one or more specific purposes, for example for us to create a customer account in order to provide you with offers adapted to your needs.
• The processing is necessary to fulfill a legal obligation. For example, we are required by the Bookkeeping Act (Bokføringsloven) to store receipts.

We may share your personal data with other companies in INGKA group. We will also be able to share your personal data with our subcontractors if it is necessary to deliver the agreed service. However, we will never sell or disclose your personal information to a third party for the use of information for purposes other than those described in these privacy guidelines. We ensure that your personal data is protected when it is sent outside INGKA group to trusted business partners with whom we have a contract in place.

A company that processes personal data on our behalf is called a data processor. When we use a data processor, we make sure to enter into a Data Processing Agreement. A Data Processing Agreement is a contract that regulates how the data processor can process the personal data to which they are given access. Each subcontractor is obliged to ensure that the data is processed in accordance with the law.

If there is a statutory disclosure obligation, we will also have to share your personal data with public authorities. As we are a global company, we may be required to assist international authorities with information. This may apply, for example, to export controls, financial sanctions, sanctions, anti-corruption work, etc.

How long is your personal data stored?
We store your personal data for as long as is necessary for the fulfillment of the above-mentioned purposes for the processing of the personal data. However, this does not apply if storage is required by law for a longer period than the purpose dictates. If you opt out of IKEA Family, all associated data will be deleted immediately. We also delete the membership and associated data if the membership is inactive for 36 months.

How do we secure your personal data?
We have established routines and measures to ensure that unauthorised persons do not gain access to your personal information and that all processing of the information otherwise takes place in line with applicable law. The measures include, among other things, regular risk assessments, adapted technical systems and physical procedures to safeguard information security, as well as routines to verify access and other rights requests.

The GDPR gives you a number of rights, including the right to access, correction and deletion of the personal data we have stored about you.

We are concerned that the personal data we have stored about you is correct and up-to-date. If you discover that your information is incorrect, we encourage you to contact us. This also applies if you want your personal data to be deleted. When it comes to requests for deletion, this does not apply to information that is necessary for us to be able to deliver a service that you still want to have access to, or that is required by law to keep the information for a specific period.

Your also have the right to object to the processing of personal data and the right to object to personal profiling and automated decisions. This means that you can demand that your personal data is not analysed to reveal your behaviour, preferences, abilities or needs. However, this does not apply if the processing is necessary to fulfill an agreement you have entered into with us or if you have previously given your express consent to the processing. If you wish to request access, correction or deletion, you can contact us at any time. We will answer you no later than 30 days after you have made contact. To ensure that we send the information to the right person, use the access request for verification (PDF in Norwegian) if you want to be sent the information we have stored on you, and send it to: [email protected].

If you think we are not following these guidelines for privacy, or applicable legislation, you can send us a complaint. You can also complain to the Norwegian Data Protection Authority (Datatilsynet).