– Information about how KRAV processes personal information according to the new General Data Protection Regulation (GDPR).
Personal Data Controller
KRAV Economic Association, Org.no: 716422-5364, Address: Klostergatan 13, BOX 1037, 75140 Uppsala Sweden
Purpose and Legal Basis for the Respective Processing
Processing complies with current legislation and means that personal data is not retained for a longer period than is necessary with regard to the purpose of the processing.
If you sign a KRAV-certification agreement with a certification body, you provide your data to our customer portal (“Mitt KRAV”) directly or via the certification body.
The criteria for determining the retainment period are based on the agreement you have entered into, our legal obligations, and our interest in communicating with you, including after the termination of the agreement. KRAV saves the personal data as supported by the Swedish Accounting Act.
KRAV together with your chosen certification body is the recipient and personal data controller.
Personal data may also be disclosed if it is necessary to (a) comply with applicable law, regulation, legal process or (b) request from the executive authority.
During preparation of financial annual reports, our auditors can access the personal data.
Expressions of Interest
We would like to come in contact with more people who want to be involved in the development of organic and sustainable foods together with us! If you are not yet a KRAV-certified customer, in our contact with you we retain personal data in order to follow up, and for example, help you with answers to questions about how to best adapt your production to become KRAV-certified.
The purpose of most of our newsletters is to keep the contact people at each KRAV-certified actor updated about any changes in the standards and developments related to KRAV. Advisors, auditors and other interested parties are also important for achieving these goals. Newsletters that you have subscribed to can be cancelled at any time. Each newsletter contains a link that can be used to cancel the subscription. You will then be deleted from the list of newsletter subscribers.
Your Rights When Registered
When registered, you have a number of rights regarding personal data processing, which are explained in detail in the GDPR, Articles 12-20. These include the right to see and on request to gain access to the information processed about you. You also have the right to request correction or deletion of personal data, to in certain cases request limitation of processing, to object to processing, and the right to data portability. You can at any time request that personal data used for marketing purposes be deleted or that such activities be terminated.
All KRAV’s processing of your personal data is done in a secure manner. There is protection against both intrusion and destruction of personal data, and we take ongoing technical and organizational measures to reduce the risks involved.
When you visit our website or log in to KRAV’s customer portal (“Mitt KRAV”), some personal information may be handled by cookies. A so-called cookie file consists of a small amount of data with information about what you do when you are logged in to “Mitt KRAV”. The information about what you did on previous occasions is sent by the web server to your browser and can then be retrieved from there.
You Always Have the Right to Complain to the Swedish Data Inspection Board
A supervisory authority in each EU country monitors the processing of personal data to ensure compliance with the GDPR. In Sweden, the Data Inspection Board has this role. More information is available on The Swedish Data Protection Authority website, www.datainspektionen.se.
KRAV reserves the right to update or amend this policy at any time and you should regularly visit our website www.krav.se to get the latest version.
Contact Information for KRAV
If you have questions about how KRAV processes personal data or want to request a registry extract, contact us at firstname.lastname@example.org.