Our Privacy Policy was last updated on May 25, 2026.
In order for us to provide you with our services and support, we need to process your personal data. This privacy policy describes how we collect, use and retain your personal data, as well as which rights you have and how you can exercise those rights.
We use cookies and other similar technologies. Please refer to Section 8 below (Cookies) and visit our cookie policy for more information about the cookies and other similar technologies that we use.
We value your privacy. It is, therefore, very important to us that you understand this privacy policy and how and why we process your personal data.
We provide a delivery experience platform to e-commerce companies and web shops we have partnered with (we refer to them as our "connected merchants"). When you shop with a connected merchant, we may process your personal data in connection with your order, for example to calculate and present delivery options, to fulfil and ship your order, to provide tracking, and to handle returns.
Connected merchants
When you shop with a connected merchant, the connected merchant is the data controller for some of the personal data we process in connection with your purchase. The "data controller" is the company that decides how and why personal data is used.
In those situations, we act on the merchant's behalf and according to the merchant's instructions. For more information about how the merchant handles your personal data, please read the merchant's privacy notice.
Ingrid
This privacy notice describes how Ingrid processes personal data when Ingrid is the data controller — that is, where we decide how and why your personal data is used.
Some of this processing applies whether or not you have entered into a direct agreement with us. Examples include when you visit our website, when you contact us, and when we auto-fill your details in a connected merchant's checkout.
Other processing applies when you have accepted our consumer terms in a connected merchant's checkout. By accepting those terms, you enter into a direct agreement with us to receive our delivery experience service.
Through that service, we recognize you on return visits, remember your delivery preferences, personalize the delivery options we present to you, and provide tracking and returns to you across the connected merchants you shop with.
1.2 Ingrid (In-Grid AB), with registration number 556940-2661, and with address at Sveavägen 34, 111 34 Stockholm, Sweden is the data controller for the processing covered by this notice. In this privacy policy we may refer to the data controller as "Ingrid", "we", "us" or"our".
"Personal data" means any information relating to an identifiable natural person, for example, a name, a personal registration number, an email address, location data or an online identifier.
"Processing" of personal data is a reference to what we do with your personal data, for example collection, use, structuring, storing and erasure of personal data.
You can read about the different categories of personal data that we collect from you in the table below. We have listed some examples of personal data in each category.
We may process your personal data for different purposes, on the basis of different legal grounds, and store your personal data for different periods of time.
The processing activities we undertake also depend on whether you are acting in your capacity as a consumer (i.e., for your own purposes), or a natural person on behalf of a company (i.e., for business purposes).
We have made efforts to distinguish these activities from each other by providing information in two separate tables, one for consumers and one for business representatives.
Please note that we have done this solely for your convenience. In practice, it is possible that processing activities in both tables may apply to your personal data. For this reason, we recommend that you read this section in full.
We do not currently make decisions about you that are based solely on automated processing and that produce legal effects concerning you or similarly significantly affect you. Some of our processing involves profiling — for example, when we personalize the delivery options shown to you — but this does not result in automated decisions of the kind described in Article 22 GDPR. If this changes, we will update this privacy policy and provide you with information about the logic involved and the significance and envisaged consequences of any such processing.
Our services are not directed to children and we do not knowingly collect personal data from children.
The personal data we need depends on how you use our services and which features are made available to you. Some personal data is necessary for us to provide a feature or service, for example, to present delivery options, arrange and track deliveries, handle returns, remember your delivery details, respond to your requests, or comply with legal requirements. If you do not provide the information needed for a particular feature, we may not be able to provide that feature to you.
Where we ask for your consent, providing personal data is voluntary. You can choose not to give consent or withdraw your consent later, but this may mean that optional features, such as non-essential cookies or marketing communications, are not available to you.
You have the right to withdraw your consent at any time if our processing of your personal data is solely based on your explicit consent.
Please note that if you withdraw your consent, this will not affect the legality of the processing that we have undertaken prior to you withdrawing your consent.
If you would like to withdraw your consent, please send an email to privacy@ingrid.com. You can also contact us using the contact information below in Section 13 (How to contact us).
We collect personal data from different sources depending on how you interact with our services.
For example, when you enter your details into a delivery checkout, contact us, or use a tracking or returns page.
For example, your order details and delivery address when the merchant sends them to us so that we can arrange and track your delivery.
For example, details relating to your selected delivery option.
For example, tracking status updates as your parcel moves through the delivery network.
From your browser or device.
For example, technical and online identifiers when you interact with our services.
We will always ensure that third parties can provide sufficient guarantees in protecting your personal data before we share any of your personal data. We have listed the categories of third parties with whom we may share your personal data below.
7.1 Connected merchants
When you shop with a connected merchant, we share information with that merchant about your order, our services and any returns or complaints. Examples include your name and contact details, your delivery address, the delivery option you selected, the progress of the delivery, and details relating to a return.
7.2 Checkout providers
Some connected merchants offer their checkout through a checkout provider that we integrate with. Where this is the case, the checkout provider and Ingrid each provide a part of the checkout experience, and we share information needed to operate the integrated checkout — for example, your name and contact details, your delivery address, and the delivery option you selected.
The checkout provider acts as a separate data controller for the personal data it processes through its checkout. For information about how the checkout provider processes your personal data, please refer to its privacy notice.
7.3 Carrier and logistics
To deliver your order, we share information with the carrier or other logistics provider that handles your shipment. This includes, for example, information such as your name and contact details, your delivery address, the pickup point you selected (if any), and details of your parcel.
For cross-border shipments, we may also need to share information required for customs declarations. Carriers and logistics providers act as separate data controllers for the personal data they process to carry out the delivery. For information about how a carrier processes your personal data, please refer to its privacy notice.
7.4 Public authorities
We may need to share your personal data to a public authority for the purpose of complying with applicable law. The legal ground is to comply with a legal obligation.
7.5 Mergers and acquisitions
We may need to share your personal data for the purpose of selling Ingrid, or all or parts of Ingrid's assets, to a potential buyer who wishes to acquire the same, or if we are otherwise subject to a merger with another company. The legal ground is our legitimate interest to complete such transactions, which we have determined overweighs your interest not to have your personal data processed for this purpose.
7.6 Service providers supporting our operations
In order to provide, and for the sole purpose of providing, our services to you, we may need to share your personal data with certain carefully selected suppliers and contractors. Such suppliers and contractors could be consultants or providers of legal, technical and IT support/functionalities, and storage providers (such as cloud storage). They will only process your personal data based on our instructions to them, and we will always ensure that the necessary agreements (for example a so called data processing agreement) are in place to protect your personal data at all times. The legal ground is our legitimate interest in conducting our business by accessing these services and functionalities, which we have determined overweighs your interest not to have your personal data processed for this purpose.
7.7 Marketing partners
We use HubSpot's email marketing services to manage our direct marketing. If you opt-in to receive direct marketing via email from us, we will therefore share your email address withHubSpot Ireland Limited and HubSpot, Inc.
As a main rule, we will process your personal data only within the European Union (EU) and the European Economic Area (EEA). In some situations, for example, when the services and functionalities we need are provided outside of the EU/EEA, we may need to transfer your personal data outside of the EU/EEA.
Regardless of whether your personal data is processed within or outside the EU/EEA, we will at all times ensure that the same level of technical and organizational measures are in place to protect your personal data. Should we transfer your personal data outside of the EU/EEA, we will take additional appropriate measures to safeguard your personal data, which may, as a main rule, include one of the following measures.
Transfer of personal data only to countries that, according to the European Commission, provide an adequate level of protection. This means that those countries offer a similar level of protection as provided under the GDPR in the EU.
We will enter into standard contractual clauses adopted by the European Commission with the recipient of your personal data. This means that the recipient is required to comply with the same level of protection as provided under the GDPR in the EU.
In addition to one of the above measures, we will always seek to take any additional security measures that we deem appropriate and necessary to safeguard your personal data at all times. If you would like more information about the safeguards we use for transfers outside the EU/EEA, or would like to request a copy of relevant safeguards where applicable, please contact us using the contact details in Section 14 below.
We use cookies and similar technologies on our website and within the features we provide in our connected merchants' checkouts, tracking pages and returns portals. Cookies are small files stored on your browser or device when you interact with our services. "Similar technologies" include browser local storage, pixels and other tools that perform comparable functions.
We use them for the following purposes.
Necessary. Those that are required for our services to function, for example, to maintain your session in a checkout or to keep our website secure.
Functional. Those that help us provide convenience features, such as identifiers stored in your browser's local storage that we use to recognise you and pre-fill your details on return visits.
Statistical. Those that help us understand how our services are used so we can improve them.
Marketing. Those used to deliver marketing that is relevant to you and to measure the effectiveness of our marketing.
For more information about the cookies that we use, please read our cookie disclosures here.
Managing your cookie preferences. Necessary cookies are required for our services to function and do not rely on your consent. For functional and statistical cookies, we will not set or read them unless we have your consent.
Where you manage your preferences depends on where you encounter our services.
On our own website and on pages that we host (such as our tracking and returns pages on ingrid.com domains): through our cookie banner. You can re-open it at any time via the link in our cookie policy.
Within a connected merchant's checkout, tracking page or returns portal hosted by the merchant: through the merchant's own cookie banner. The merchant collects your preferences and passes them to us, and we apply those preferences to the cookies and similar technologies we operate within the merchant's site.
You can change or withdraw your consent at any time using the same mechanism through which you provided it.
We will keep your personal data for as long as it is necessary in order for us to fulfill the purpose for which we collected your personal data. We have indicated the necessary storage periods in the table in Section 4 (For what purposes and on what legal grounds do we process your personal data?).
Please note, however, that Ingrid may be required to retain personal data for a longer period if we are required to do so pursuant to applicable law or a binding decision by a public authority or court of law. If that is the case, we will retain it for the period required under law or such decision.
We take the protection of your personal data seriously. We have reasonable and appropriate technical and organizational measures in place in our business to ensure that your personal data is safeguarded and protected against loss, destruction, misuse, and unauthorized access and disclosure, at all times.
Our employees work under strict confidentiality and follow clear instructions on how to manage your personal data in accordance with applicable data protection laws and our own policies. We only grant employees access to your personal data when it is necessary in order for them to perform their duties.
We continuously evaluate our security measures to remedy any vulnerabilities we may identify in an effort to make sure that your personal data is safe with us.
You have rights with regard to your personal data. Please read this Section to understand them, as well as how you can exercise them. You are always welcome to contact us if you need more information about your rights. You can also read more about your rights on the Swedish Authority for Privacy Protection's website.
12.1 Right to information
You have the right to be informed about how we process your personal data. We respect this right by being transparent with you in our communication, on our Website and by providing you with the information in this privacy policy.
12.2 Right of access
You have the right to obtain a confirmation from us as to whether or not we process your personal data. If we do process your personal data, you also have the right to obtain access to the personal data by requesting a copy showing which data we have about you and how we use it.
Please note that we may ask for additional information in order to identify you to ensure that personal data is disclosed to the correct individual.
12.3 Right to rectification
You have the right to request that we correct inaccurate information about you, as well as to complete any incomplete information.
12.4 Right of erasure
You sometimes have the right to request the erasure of personal data that concerns you. We are required to erase the personal data in question, for example, if the personal data is no longer necessary in relation to the purposes for which the personal data was initially collected.
Please note that we are not obliged to delete your personal data if it is necessary to retain it to comply with legal obligations, or for the establishment, exercise or defense of legal claims.
12.5 Right to restriction of processing
You have the right to request that we restrict our processing of your personal information if you, for example, believe that the information we have about you is inaccurate, our processing is unlawful, or we no longer need the information for the purposes they were collected.
12.6 Right to object
You have the right to object to our processing of your personal data if our processing is based on a legitimate interest. You always have the right to object to our processing of your personal data for direct marketing purposes.
12.7 Right to data portability
You have the right to request a copy of the personal data in a machine-readable format that concerns you and which we process to perform a contract or based on your consent. You can then have such personal data transmitted to a different data controller.
12.8 Right to withdraw your consent
You have the right to withdraw your consent. Please refer to Section 5 (How can you withdraw your consent?) for more information.
12.9 Right to lodge a complaint
If you have any complaints about the way in which we process your personal data, you are always welcome to reach out to us. You also have the right to lodge a complaint to a supervisory authority (such as the Swedish Authority for Privacy Protection).
We reserve the right to introduce updates and make amendments to this privacy policy. This is necessary to ensure that we have the ability to constantly improve our services to you and to introduce new functionalities.
We may also be required to make changes to the way in which we process your personal data pursuant to applicable law or a decision issued by a public authority or court of law.
If we make any changes to this policy, we will update the "Last updated" date at the top of this policy, so please make sure to check in from time to time.
If you have any questions about the processing of your personal data, this privacy policy or if you have concerns regarding our processing of your personal data, please contact us using the following contact information:
In-Grid AB
Sveavägen 34
111 34 Stockholm
Sweden
Email: privacy@ingrid.com
Website: https://www.ingrid.com/
