Privacy Policy

Information about how KRAV processes personal information according to the General Data Protection Regulation (GDPR).



The purpose of this privacy policy is to clearly and transparently describe how and why we collect, use, transfer and record certain personal data. It also describes the rights you have when registered. All processing of personal data complies with applicable privacy laws. Within the EU/EEA, the General Data Protection Regulation (GDPR) came into force 25 May 2018.

Personal Data Controller

KRAV Economic Association, 716422-5364, Address: S:t Olofsgatan 11, BOX 1037, 75140 Uppsala, Sweden

Purpose and Legal Basis for the Respective Processing

Processing complies with current legislation and means that personal data is not retained for a longer period than is necessary with regard to the purpose of the processing.

KRAV-certified Companies

If you sign a KRAV-certification agreement with a certification body, you provide your data to our customer portal (“Mitt KRAV”) directly or via the certification body.

The criteria for determining the retainment period are based on the agreement you have entered into, our legal obligations, and our interest in communicating with you, including after the termination of the agreement. KRAV saves the personal data as supported by the Swedish Accounting Act.

KRAV together with your chosen certification body is the recipient and personal data controller.

Personal data may also be disclosed if it is necessary to (a) comply with applicable law, regulation, legal process or (b) request from the executive authority.

During preparation of financial annual reports, our auditors can access the personal data.

Expressions of Interest

We would like to come in contact with more people who want to be involved in the development of organic and sustainable foods together with us! If you are not yet a KRAV-certified customer, in our contact with you we retain personal data in order to follow up, and for example, help you with answers to questions about how to best adapt your production to become KRAV-certified.


The purpose of most of our newsletters is to keep the contact people at each KRAV-certified actor updated about any changes in the standards and developments related to KRAV. Advisors, auditors and other interested parties are also important for achieving these goals. Newsletters that you have subscribed to can be cancelled at any time. Each newsletter contains a link that can be used to cancel the subscription. You will then be deleted from the list of newsletter subscribers.

Your Rights When Registered

When registered, you have a number of rights regarding personal data processing, which are explained in detail in the GDPR, Articles 12-20. These include the right to see and on request to gain access to the information processed about you. You also have the right to request correction or deletion of personal data, to in certain cases request limitation of processing, to object to processing, and the right to data portability. You can at any time request that personal data used for marketing purposes be deleted or that such activities be terminated.

Security Measures

All KRAV’s processing of your personal data is done in a secure manner. There is protection against both intrusion and destruction of personal data, and we take ongoing technical and organizational measures to reduce the risks involved.


When you visit our website or log in to KRAV’s customer portal (“Mitt KRAV”), some personal information may be handled by cookies. A so-called cookie file consists of a small amount of data with information about what you do when you are logged in to “Mitt KRAV”. The information about what you did on previous occasions is sent by the web server to your browser and can then be retrieved from the server.

You Always Have the Right to Complain to the Swedish Data Inspection Board

A supervisory authority in each EU country monitors the processing of personal data to ensure compliance with the GDPR. In Sweden, the Data Inspection Board has this role. More information is available on The Swedish Data Protection Authority website,

Changes to This Privacy Policy

KRAV reserves the right to update or amend this policy at any time and you should regularly visit our website to get the latest version.

Contact Information for KRAV

If you have questions about how KRAV processes personal data or want to request a registry extract, contact us at