Who is responsible for the processing of your personal data?
Riksrapport.se is owned and operated by Saltsjön Media Ltd., a private company registered in Gibraltar (company number 131688). As the data controller (personuppgiftsansvarig), we are responsible for how your personal data is collected, used and protected when you visit our website or interact with us.
All processing of personal data is carried out in accordance with the EU General Data Protection Regulation (GDPR) as implemented in Sweden – the dataskyddsförordningen together with the complementary Swedish dataskyddslagen (2018:218). Our registered office is Suite 4.11, Ocean Village Business Centre, 23 Ocean Village Promenade, Gibraltar GX11 1AA, and our main editorial line in Sweden is +46 8 525 030 75. For privacy-specific inquiries you can always reach us at privacy@riksrapport.se.
What personal data do we collect and why?
We collect personal data that you voluntarily provide to us, as well as certain technical data that is generated automatically when you use our website. The exact types of data depend on how you interact with us.
If you subscribe to our newsletter via our newsletter page, we collect your email address and optionally your name. If you contact us through our contact page or send a tip to tips@riksrapport.se, we collect your email address, name and the content of your message. When you browse the site, we collect information such as your IP address, browser type, operating system and which pages you visit – this helps us improve the site and ensure security. We also use cookies and similar technologies, as described in our cookie policy.
On what legal basis do we process your data?
We process your personal data only when we have a valid legal ground under GDPR. The main grounds we rely on are your consent, our legitimate interest, and in some cases a legal obligation.
For newsletter subscriptions and direct contact via forms, we process data based on your consent – you can withdraw that consent at any time by contacting privacy@riksrapport.se. For technical data such as IP addresses and analytics, we rely on our legitimate interest to operate the site securely, analyse traffic and improve our journalism. We never sell your personal data, and no processing is based on a contractual necessity unless you have a specific agreement with us (for example, if you are a freelance contributor).
How long do we keep your data?
We retain your personal data only as long as it is necessary for the purposes for which it was collected, or as required by applicable law. After that, we delete or anonymise the data.
For newsletter subscribers, we keep your email address until you unsubscribe or request deletion. Contact inquiries are kept for two years after the last correspondence, unless ongoing. Log data and analytics data are retained for up to 26 months. For sponsored content or affiliate partnerships, we may retain business-related data for the duration of the agreement plus any statutory retention periods under accounting law in Gibraltar or Sweden.
Do we share your data with third parties?
We share your personal data only with trusted service providers that help us run the website, send newsletters or analyse traffic – and always under strict data processing agreements that comply with GDPR. We never sell your data to third parties.
Our current processors include email delivery services, web analytics platforms and hosting providers, all established within the EU/EEA or covered by adequate safeguards such as the EU-US Data Privacy Framework. If we ever transfer data to a third country outside the EU/EEA, we ensure an adequate level of protection is in place. We do not share your data with advertisers or partners for their own purposes without your explicit consent.
What you can expect from us
You can expect that we treat your personal data with the same care and transparency that we apply to our journalism. We will never sell your information, we will always be clear about what we collect, and we will respect your choices.
Our editorial team – led by chefredaktör Daniel Wikström – and our fact‑checking desk under Rebecca Lundin adhere to strict ethical guidelines. For more about how we work, see our Sources & Standards page. If your data is ever involved in a security incident, we will notify you and the relevant authority without undue delay, in line with GDPR’s breach notification rules.
What rights do you have regarding your personal data?
Under GDPR you have the right to access, rectify, erase, restrict processing, object to processing and – where technically feasible – data portability. These rights apply to all personal data we hold about you.
You have the right to request a copy of the data we process about you (tillgång). If any information is incorrect or incomplete, you can ask us to correct it (rättelse). You can ask us to delete your data (radering) unless we are legally required to keep it. You may request that we stop processing your data temporarily (begränsning) or object to processing based on legitimate interest (invändning). For data you have provided based on consent, you have the right to receive it in a structured, commonly used format (dataportabilitet).
How can you exercise your rights?
Send your request to privacy@riksrapport.se. We will respond within 30 days and will not charge a fee unless the request is manifestly unfounded or excessive.
When you contact us, please specify which right you wish to exercise and provide enough information so that we can identify you – for example, the email address you used for the newsletter or a copy of an earlier message. We may ask for additional verification to protect your privacy. You may also designate a representative to act on your behalf. We will handle all requests confidentially and without delay.
If you are not satisfied, who can you turn to?
If you believe we have processed your personal data in violation of GDPR or the Swedish dataskyddslagen, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
Before filing a complaint, we encourage you to contact us at privacy@riksrapport.se so we can try to resolve the issue directly. IMY’s website is https://www.imy.se/. You can also reach them by post at Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden. We cooperate fully with IMY’s supervision and will respect any decision they make.
How do we use cookies and similar technologies?
Our website uses cookies and similar tracking technologies to improve your experience, analyse traffic and enable certain features. For full details, please see our cookie policy.
We use both session cookies (which disappear when you close your browser) and persistent cookies (which are stored for a limited period). You can control cookies through your browser settings, but disabling some cookies may affect the functionality of the site. Our cookie policy is updated regularly and includes a list of all third‑party cookies we use, along with their purposes and retention periods.
Questions or concerns?
If you have any questions about this privacy policy, how we handle your data, or if you want to exercise your rights, the easiest way is to email privacy@riksrapport.se. You can also write to our registered office in Gibraltar or call our Swedish editorial line at +46 8 525 030 75.
We aim to answer all inquiries within three working days. For general matters unrelated to privacy, please use info@riksrapport.se or visit our contact page. You can also read more about our editorial standards on the editorial policy page and about our ownership and funding on the ownership & funding page.