Roaring has the right to offer its services containing personal and business data because Roaring Group AB's database has a publication certificate from the Swedish Press, Radio and TV Authority. The publishing certificate means that Roaring's database, which provides our services with information, is covered by constitutional protection through the Freedom of Expression Act (YGL). This means that the database is not covered by the GDPR because the GDPR, in its nature as EU law, is subsidiary to the Constitution.
When does the protection under YGL apply?
YGL applies to all information returned in response to an inquiry/call made by a customer, i.e. requested data from Roaring's database. The GDPR is not applicable to this part of Roaring's business due to the publication certificate.
More information about what the publication certificate means and covers can be found on the following link: https://www.mprt.se/regelverk/utgivningsbevis/
Certificate of publication can be found at the following link: Publication certificate for Roaring
When is the GDPR applicable?
Roaring is the data controller for the personal data that Roaring collects in connection with customer relations and account registration. Examples of such data are the data the customer registers when creating an account with us (app.roaring.io), as well as the data the customer registers about its users. Furthermore, personal data is stored in internal systems and CRM, such as contact information, billing information, agreements or documents related to the customer relationship. The purpose of this processing of personal data is to be able to provide customers with the requested services. More information about how Roaring handles and processes personal data can be found in our Data Processing Agreement (DPA) and in our privacy policy.
A request that a customer makes in Roaring's service, i.e. when the customer enters a social security number, organization number or name, is covered by the GDPR. In these cases, Roaring is a data processor. The customer is responsible for the personal data submitted and returned in response to each request. Roaring is not a data processor responsible for the answers to the requests, instead these answers fall under YGL. In connection with signing an agreement with Roaring, all customers approve our DPA. This means that you as a customer give your consent for Roaring to process the specific request that the customer makes in the service.
Roaring works constantly to protect the data by maintaining appropriate technical and organizational measures to prevent intrusion, access or dissemination of data regardless of whether the personal data is subject to YGL or GDPR. Roaring has the necessary procedures and policies in place that determine how we will work to protect data and personal data.
Does the publication certificate only apply to Swedish information?
The publication certificate applies to Roaring's database. The certificate of publication therefore covers all data stored in the database, regardless of the country of origin of the information. Roaring may not distort any information, but all information is presented according to the original source.
Who processes the data covered by the GDPR?
Personal data is mainly processed by employees in customer support, sales and administration. Subcontractors may process personal data, e.g. in order to manage the operation of a system, such as accounting. Roaring does not disclose or sell personal data to third parties for marketing or other purposes. All storage or other processing takes place within the EU.