Sign-in-with-Klarna terms of service

By integrating and using Klarna’s log-in feature Sign in With Klarna you as a merchant (referred to as you or Merchant below) acknowledge and accept to the below terms (SIWK Agreement). 

1. Sign in With Klarna

Sign in With Klarna (SIWK) is a social log-in feature offered by Klarna Bank AB (publ), or as the case may be, by any of its affiliated companies (jointly Klarna) enabling individuals/customers to sign up and log in to Merchants’ hosted environment. By integrating and using SIWK, you enter into this SIWK Agreement with the Klarna entity providing SIWK on the markets you have integrated SIWK. 

2. Suspension of SIWK/Termination

Klarna has the right to suspend the provision of SIWK or terminate the SIWK Agreement at any time if Klarna determines that the provision of SIWK, SIWK itself, or the Merchant’s activities, could be deemed illegal, unethical or in any other way non-compliant with any applicable rule or regulation, or result in negative publicity for Klarna. 

3. Transfers and subcontractors

Klarna may assign or transfer, in whole or in part, this SIWK Agreement to any Klarna group company. Klarna is entitled to engage subcontractors in order to provide SIWK, provided that Klarna takes full responsibility for such subcontractors. 

4. IP rights and know-how

Klarna retains all ownership and intellectual property rights to SIWK as well as anything else developed by Klarna and provided to or accessed by the Merchant. The Merchant warrants that it will not directly or indirectly reverse engineer, decompile, disassemble or otherwise attempt to derive source code or other trade secrets from SIWK. After termination of this  SIWK Agreement or the removal of SIWK (in whole or in part), the Merchant undertakes to immediately remove all respective logotypes and similar of Klarna. Klarna is entitled to refer to the Merchant as a user of SIWK in sales or similar material provided that such material is not directed at the general public. 

5. Customer Data

5.1 SIWK may include Klarna sharing customers’ personal data with the Merchant (including but not limited to customer contact details, transaction information and/or the fact that the customer is a customer of Klarna). 

5.1.1 The Merchant is not permitted to use the fact that a customer uses Klarna (or is a Klarna customer) when marketing goods or services. 

5.1.2 The Merchant is not permitted to use such personal data shared to promote or in any way facilitate the provision of non-Klarna payment methods, or to facilitate or promote the customer’s access to, or use of, any third-party services or functionalities which correspond to any services or functionalities provided by Klarna. 

5.2 The Merchant shall delete the personal data received as soon as reasonably possible if Klarna or the customer so requests. The Merchant shall upon request verify that such deletion has been completed. In the event that the Merchant is not able to verify deletion of the personal data, Klarna reserves the right to cease to share any further personal data.

5.3 The Parties agree to handle personal data as set out below under Data Protection below.

6. No warranty

Use of SIWK is provided under this Agreement on an “as is” basis, without warranty of any kind, except as expressly stated herein or implied by law. Klarna disclaims all representations, warranties, and conditions, express, implied, or statutorily, to the fullest extent permitted by law. Klarna is in no way responsible or liable for the correctness, accuracy or exhaustiveness of the shared customer personal data. 

7. Amendments

Klarna reserves the right to amend this SIWK Agreement at any time. Further, you accept that Klarna reserves the right to charge the Merchant a fee for the use of SIWK. Should the Merchant not accept such a fee, or any amendments to this SIWK Agreement made by Klarna, the Merchant may stop using SIWK. 

Klarna processes Personal Data of two separate Data Subject groups: (i) the merchant’s owners, employees and representatives, and (ii) customers. This appendix sets out how the Parties share Personal Data between each other, and the obligations relating to the Processing of such Personal Data.

1. Definitions

1.1 Data Protection Legislation means any and all laws, statutes and regulations relating to the Processing under this Agreement and applicable to the respective Party at each point in time. This may include, but is not limited to; (i) EU Regulation 2016/679 (GDPR), Directive 2002/58/EC on privacy and electronic communications, (ii) the United Kingdom’s Data Protection Act 2018, (iii) Australian Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth), (iv) the New Zealand Privacy Act 1993 and the Unsolicited Electronic Messages Act 2007, (v) the California Consumer Privacy Act (CCPA) and the Gramm-Leach Bliley Act (GLBA), (vi) the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and (vii) the Federal Law on Protection of Personal Data Held by Individuals (LGPDPPSO), in each case as updated, amended or replaced from time to time.

1.2 Data Subject means an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, taking into consideration all Personal Data reasonably accessible to a Party. This term also encompasses any analogous or similar term in applicable Data Protection Legislation.

1.3 Personal Data means any information or data, including personal information, relating to a Data Subject. This term also encompasses any analogous or similar term in applicable Data Protection Legislation.

1.4 Processing means any operation performed on Personal Data, including but not limited to collection, sharing, use, erasure or destruction of such data. This term also encompasses any analogous or similar term in applicable Data Protection Legislation.

2. Data protection obligations

2.1 Each Party is responsible for its own Processing, and for implementing necessary security measures.

2.2 The Parties hereby acknowledge and agree that, in order to fulfill the obligations of this Agreement, they are separately and independently responsible for determining for which purposes, and by which means, they will be Processing any Personal Data, thus the Parties are individual and separate personal data controllers. No Personal Data is Processed on behalf of the other Party.

2.3 Personal Data is shared between the Parties for the purpose of allowing Klarna to perform, and the merchant to use, SIWK, with the ultimate aim of allowing each of Klarna and the merchant to provide its respective services to the customers and administer its respective customer relationship. The merchant warrants that it will not share any Personal Data with Klarna unless and until it has a legal right to do so.

2.4 Each Party shall implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk of its Processing (taking into account the nature, scope, context and purposes of processing the Personal Data). This includes protection against unauthorized or unlawful Processing of all Personal Data, or accidental loss or destruction of, or damage to, the Personal Data. Furthermore, each Party shall ensure that all personnel Processing Personal Data are subject to a binding written contractual obligation with the relevant Party to keep the data confidential. Moreover, each Party will ensure that access to Personal Data will be restricted only to those personnel who require it for the purposes of fulfilling the obligations under the provisions of this Agreement or the respective Party’s agreement with the relevant Customer, and that personnel Processing Personal Data are suitably skilled and experienced and have received adequate training on compliance with Data Protection Legislation applicable to the Processing. 

2.5 Each Party has implemented an information security program designed to: (i) ensure the security and confidentiality of the Personal Data; (ii) protect against any anticipated threats or hazards to the security or integrity of such data; and (iii) protect against unauthorized access to, or use of, such data that could result in substantial harm or inconvenience to any Data Subject.

3. Transparency and exercising Data Subject’s rights

3.1 The Parties are each responsible for clearly informing Data Subjects of how Personal Data are Processed, in line with applicable Data Protection Legislation (via a privacy notice and/or other means, as appropriate to ensure that the Data Subjects understand how their Personal Data will be Processed). Specifically, each Party shall ensure any Data Subject is informed that Personal Data is shared with the other Party before such sharing takes place, as required under Data Protection Legislation. 

3.2 Each Party shall carry out any Data Subject’s requests. Neither Party is entitled or authorized to act on the other Party’s behalf in relation to Data Subjects’ rights, although each Party should support the other Party in fulfilling a Data Subject’s request to exercise its rights.

4. Klarna’s Personal Data Processing

4.1 Klarna will Process the Personal Data it holds to carry out its relationships with the Merchant and Customers in line with its applicable privacy notices. This includes Processing Personal Data for statistical analysis and business reporting purposes, marketing and promotion, improvement of Klarna’s products and services, to protect Klarna’s property, interests and rights, during fraud investigations and to comply with applicable laws. Klarna may disclose Personal Data to its affiliates or third party service providers in line with Data Protection Legislation, in each case which may also use Personal Data for the purposes set out in applicable notices.

4.2 Personal Data of the Merchant’s owners, employees and representatives is shared by the Merchant to Klarna in order for Klarna to administer the business relationship between the Parties, and to send newsletters, to conduct product surveys, to advertise similar products or services of Klarna and for event invitations, in accordance with Klarna’s privacy notice for Merchant representatives. Such Data Subjects are entitled to their rights in respect of their Personal Data as described in Data Protection Legislation.

5. Cross-border transfers of Personal Data

5.1 Neither Party shall transfer Personal Data outside of the country in which the Data Subject is present (country of origin) when the respective Party collects such data from the Data Subject, unless the relevant Party has ensured that (i) the transfer is to a country providing equal protection of the Personal Data as the country of origin, and, in case the country of origin is a country within the European Union, such country has been approved by the European Commission as providing adequate protection pursuant to Article 45 of the GDPR, or (ii) there are appropriate safeguards in place in order to ensure the Personal Data is protected in the receiving country, and, in case the country of origin is a country within the European Union, such safeguards are pursuant to Article 46 of the GDPR, or (iii) special circumstances are in place which makes such transfer legal under Data Protection Legislation, and, in case the country of origin is a country within the European Union, such special circumstances are pursuant to the delegations listed in Article 49 of the GDPR.