Privacy Policy
1. Introduction
This Privacy Policy outlines how ROOMATIC MARKETING LTD ("we", "us", or "our") collects, uses, discloses, and protects your personal data in connection with your use of Reviewed (the “Website”). We are committed to respecting your privacy and protecting your personal data, and we process such data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (EU GDPR) and Ireland’s Data Protection Act 2018.
For the purposes of data protection law, ROOMATIC MARKETING LTD is the “data controller” of the personal data processed via the Website. Our contact details are: Officepods Unit 1, Cranford Centre, Stillorgan Road-Montrose, D04 F6T4, Ireland, Ireland, +353 (83) 441 1940. If you have any questions about this Privacy Policy or our data practices, please contact us using the information provided in the “Contact Us” section below.
By using the Website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is incorporated into our Terms and Conditions, and by using our services, you consent to the data practices described herein. If you do not agree with this policy, you should discontinue use of the Website.
2. Personal Data We Collect
We may collect and process the following categories of personal data about you:
Information You Provide Directly: In general, you can browse our Website without telling us who you are or revealing personal information. We do not require account registration. However, if you choose to contact us (for example, by phone or sending us a letter/email) or engage with us in certain ways:
Contact Data: If you communicate with us (such as via a contact form, email inquiry, or phone call), we will collect the information you provide, which may include your name, email address, telephone number, and the contents of your inquiry or any other information you choose to provide. For instance, if you submit a DMCA notice or other legal request, we will process that notice, which might involve storing it and possibly sharing it with the person who posted the content, as required by law.
Feedback and Survey Data: If we ever solicit feedback, conduct user surveys, or run promotions where you voluntarily provide data, we will collect whatever information you provide within those interactions (e.g., survey responses, testimonials).
Information Collected Automatically: When you visit and interact with the Website, our systems and third-party services automatically collect certain information about your device and usage of the site. This information may be considered personal data in some circumstances (such as when it is linked to other identifying details):
Usage and Device Data: We collect details of your visits to the Website, such as the pages or content you view, the dates and times of access, the amount of time spent on each page, clickstreams (i.e., your navigation path through the site), and how you interact with our pages. We also gather technical information about your device and connection, including your IP address, browser type and version, operating system, device model, unique device identifiers, language preferences, and referring website or app. This information is typically logged automatically by our web server and through tools like Google Analytics.
Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with the Website. Cookies are small data files placed on your device. Some cookies are placed by us (first-party cookies) and others are placed by third-party services that we integrate (third-party cookies). Through these technologies, we may collect information such as your preferences (e.g., remembering your chosen language or cookie consent choice), as well as information about how you browse or use our site. For example, cookies enable analytics services to recognize your browser and tell us if you have visited before, and ad partners to show you relevant ads. In this policy, we use the term "cookies" to include all such technologies.
Analytics Data: We use Google Analytics to understand how users engage with our site. Google Analytics uses cookies (_ga, gid, etc.) to collect data about site usage and reports trends without identifying individual visitors. (We have enabled IP anonymization so that Google truncates IP addresses in the EU.) We also use Microsoft Clarity for session replay and heatmap analytics, which involves capturing how you interact with our site (mouse movements, scrolling, etc.) through Clarity’s script and cookies (clck, _clsk, etc.). The data collected by these analytics services may include your IP address (truncated for Google), device information, and on-site behaviors. This information helps us improve the website’s design and functionality but is not used to identify you personally.
Advertising and Conversion Data: We use advertising services such as Google AdSense to display ads. These services may use cookies (like the doubleclick.net IDE cookie) and other identifiers to serve ads personalized to your interests, measure ad performance, and prevent fraud. If you have consented to marketing cookies, Google may use data about your visits to this and other sites to show you relevant ads. We also implement conversion tracking for ad campaigns: for example, if you arrive at our site via a Google Ads or Bing Ads advertisement, a cookie like gclau (Google’s ad conversion cookie) or Microsoft’s uetvid may be used to note that a conversion (visit or action) occurred. Similarly, if you came via a Yahoo Japan ad, Yahoo’s conversion cookie (like yjsu_yjad) could be set. These tools let us know which advertisements are effective without identifying you by name.
3. How We Use Personal Data
We use your personal data for the purposes and on the legal bases described below:
To Operate and Provide the Website (Contractual Necessity/Legitimate Interest): We process data like IP addresses, device identifiers, and page requests to load the website and its content for you. This includes using necessary cookies to maintain your session and preferences, and to distribute traffic across our servers. It may also include adapting content to your device (e.g., mobile vs desktop). This processing is based on our legitimate interest in providing a functional service to you and, where applicable, on fulfilling our contractual obligation to deliver the website content you request.
To Understand and Improve Our Services (Consent/Legitimate Interest): We use analytics data to understand how our site is used (e.g., which pages are most popular, how users navigate, where users encounter errors). This helps us identify areas to improve, optimize user flow, and enhance content. The deployment of analytics cookies (Google Analytics, Microsoft Clarity) is done on the basis of your consent (which you give via our cookie banner). Where consent is not required (for example, when we review aggregated server logs or use anonymized data), we rely on our legitimate interest in ensuring our service meets users’ needs. We ensure that analytics data is aggregated or otherwise does not unnecessarily reveal personal identities.
To Provide Personalized Content/Ads (Consent): If you consent to advertising cookies, we and our advertising partners use information from those cookies to tailor what ads you see. For example, Google AdSense may show you ads based on your browsing history or demographic information, and measure whether you click or interact with those ads. We also use the data from ad cookies to understand ad performance (e.g., which ads lead to user visits or conversions). The legal basis for this processing is your consent. If you do not consent, we either show only non-personalized ads or no ads from those networks.
To Communicate with You (Legitimate Interest/Consent): If you contact us via email, phone, or contact form, we will use your provided information to respond to you. For example, if you ask a question, we’ll use your email to reply; if you report an issue, we’ll use details in your message to investigate and get back to you. Responding to user inquiries is in our legitimate interest to maintain good customer relations and improve our site. If we ever send out newsletters or marketing communications (which we currently do not without explicit signup), we would do so based on your consent, with the option to unsubscribe at any time.
For Security and Fraud Prevention (Legitimate Interest/Legal Obligation): We process data such as IP addresses, log entries, and certain behavioral signals to protect our Website, our business, and other users from threats. This includes using Cloudflare and similar services to detect and mitigate malicious activity (e.g., bot attacks, attempts to scrape content or disrupt service). It’s in our legitimate interest to keep the site secure, and in some cases, we have a legal obligation to implement appropriate security measures under data protection laws. These processes may automatically block an IP or show a challenge page if a visit is deemed suspicious (for instance, if the Cloudflare bot score suggests non-human traffic).
To Comply with Legal Obligations (Legal Obligation): We may use and retain your data as necessary to comply with laws, regulations, and requests from law enforcement or regulatory authorities. For example, if we receive a DMCA takedown notice, we will retain correspondence and may need to share certain info with the parties involved. We also keep records as required for tax, accounting, and auditing purposes. When we process data to meet legal obligations, that is our lawful basis for doing so.
To Enforce Our Terms and Policies (Legitimate Interest/Legal Obligation): We may process personal data to investigate and address violations of our Terms of Service or other policies, or to investigate fraud or other misuse of our website. It is in our legitimate interest to ensure our terms are followed and to protect our rights. If necessary, this data could be used in legal proceedings or to enforce our rights against a user or third party.
4. Cookies and Similar Technologies
Cookies and similar technologies (such as the ones described in Section 2) play a vital role in how we collect data on our Website. In our Cookie Policy, we provide a detailed breakdown of each cookie and its purpose. Here’s a brief overview:
Necessary Cookies: These cookies are essential for the Website’s operation. They enable basic features like page navigation, load balancing, and security. For example, cookies set by Cloudflare are necessary to distinguish legitimate users from bots and ensure our site’s security. Also, our consent management tool uses a cookie to remember your privacy preferences. These cookies do not store personally identifiable information (beyond technical data) and are always active because the site won’t function properly without them.
Analytics Cookies: With your consent, we use analytics cookies (from Google Analytics, Microsoft Clarity, etc.) to gather information about how you use our site. This includes things like what pages you visit, how long you stay, and how you got to our site. The information is used in aggregate form to help us improve user experience and website performance. These cookies are not set unless you enable them via the consent banner. Google Analytics cookies typically last from 24 hours (_gid) to 2 years (_ga), and Microsoft Clarity cookies like clck last up to 1 year.
Advertising Cookies: These cookies (used with your consent) help us and our advertising partners show you more relevant ads, and measure the effectiveness of those ads. For instance, Google’s DoubleClick cookie IDE helps personalize ads and avoid showing you the same ad repeatedly, and it lasts about 13 months in Europe. Microsoft’s advertising cookies (uetvid, etc.) and Yahoo Japan’s cookies (_yjsu_yjad, etc.) similarly allow us to know if an advertisement led you to our site and if an action was taken (like downloading an app or clicking another link). We do not see personal details from these cookies; we receive reports such as “X number of users clicked the ad and visited the page.” Advertising cookies are only set if you enable them, and you can always opt out later.
Other Tracking Technologies: Sometimes emails or third-party content might contain small transparent images or scripts (often called pixels or beacons) that track actions like email opens or content views. Currently, Reviewed does not heavily use these, but we mention them for completeness. An example is that if we embedded a YouTube video, YouTube might set a tracking pixel or cookies to see how you interact with that video. Any such usage would be governed by the third party’s privacy policy (e.g., Google/YouTube in this example).
Managing cookies: When you first visit, you have the option to allow or refuse non-essential cookies. You can change your mind at any time by using the “Cookie Settings” link on our site, or by adjusting your browser settings to delete or block cookies. Additionally, tools like browser extensions can help manage or block trackers. Refer to our Cookie Policy for more on how to manage these technologies.
5. Disclosure of Personal Data to Third Parties
We value your privacy and do not sell your personal data to third parties. However, we do share personal data with certain categories of recipients for the purposes outlined in this policy:
Service Providers: We employ trusted third-party companies to perform tasks on our behalf and to assist in providing our services. Examples include website hosting providers, data analytics services, advertising networks, and IT security services. These providers only receive the data necessary to render their services and are contractually obligated to keep your data confidential and secure. Key service providers and partners include:
Hosting and IT Infrastructure: Our web hosting provider stores the Website and all data collected through it on its servers. This means that information you provide or that we collect automatically (including potentially personal data like IP addresses) will be processed by our host. Our hosting is [choose: located in the EU / uses a cloud provider with data centers in multiple regions including Ireland and the EU].
Cloudflare (Security/CDN): We use Cloudflare to enhance site security and performance. Cloudflare may process IP addresses and requests of our site visitors to filter malicious traffic and cache content at servers near you for faster loading. As part of security, if Cloudflare suspects a request is malicious, it might challenge or block it based on automated analysis (using the __cf_bm cookie etc.). Information processed by Cloudflare (like IP and user agent) may be transferred to the United States. Cloudflare is under contractual obligation (and frameworks like Standard Contractual Clauses) to protect EU personal data when transferred.
Google (Analytics and Ads): We share data with Google as needed for Google Analytics and Google AdSense/Ads. For Analytics, Google acts as our data processor, analyzing how users use our site. Data such as truncated IP addresses, device info, and on-site actions are sent to Google Analytics servers (which might be outside the EU, e.g., in the USA). For AdSense/Ads, certain data (your IP, device info, cookie identifiers) is shared with Google to decide what ads to display and to measure ad performance. For example, if a user views or clicks an AdSense ad on our site, Google receives the info necessary to attribute that action to our site and the ad campaign. Google is certified under the EU-U.S. Data Privacy Framework, which facilitates lawful transfer of personal data to the US. We also have Data Processing Agreements and/or rely on Standard Contractual Clauses where applicable.
Microsoft (Clarity and Advertising): We utilize Microsoft Clarity for analytics (session replays) and possibly Microsoft’s advertising services. Microsoft Clarity may record pseudonymous user interactions on our site (without capturing personal text or sensitive info). This data might be transmitted to Microsoft servers (in the US or EU). Microsoft Advertising (Bing Ads) may receive a notification (via a UET tag cookie) when you visit our site after clicking one of our Bing ads. That information typically includes a cookie ID and site visit info, allowing Microsoft to tell us that a conversion happened. Microsoft, like Google, has adopted measures like SCCs to protect EU data transfers and has its own compliance under relevant frameworks.
Yahoo Japan Ads: If we run campaigns on Yahoo Japan’s ad network, we implement their conversion tracking tag. This causes certain data (like a unique cookie value yjsuyjad and conversion event info) to be sent to Yahoo Japan when you visit our site after engaging with a Yahoo Japan ad. Yahoo Japan may process this data in Japan. Note that Japan has an adequacy decision from the EU, recognizing its data protection as essentially equivalent to EU standards. We receive only aggregated conversion statistics from Yahoo (e.g., how many users clicked an ad and then visited our site).
Email/Communication Tools: If we use a third-party service to send out communications (for example, a service for sending mass emails or a CRM for handling inquiries), then obviously data like your email address and message might pass through that service. We will ensure any such provider has appropriate safeguards and contracts in place.
Analytics/Monitoring: Apart from Google and Microsoft, we may use other tools or plugins that collect data (for example, an error monitoring service might log what page and browser a user had when an error occurred). These providers would only use the data to provide insights to us about our service.
Legal and Regulatory Purposes: We may disclose personal data to third parties when we believe in good faith that such disclosure is required to: (i) comply with a legal obligation (e.g., respond to subpoenas, court orders, or legal process); (ii) enforce our Terms and other agreements; (iii) address fraud, security, or technical issues; or (iv) protect the rights, property, or safety of ROOMATIC MARKETING LTD, our users, or the public. For instance, if law enforcement provides a lawful request for data (like server logs) in an investigation, we may be compelled to provide it.
Business Transfers: If ROOMATIC MARKETING LTD is involved in a merger, acquisition, asset sale, bankruptcy, or other transaction, personal data may be transferred to a successor or affiliate as part of that deal. We would ensure that any such entity is bound by terms that are at least as protective of your data as the terms of this Privacy Policy. You would be notified via a prominent notice on our site or by email of any change in ownership or uses of your personal data.
When sharing data with any third party, we adhere to the principle of data minimization: we only share what is necessary for the purpose. We also evaluate the data protection measures of our partners. Where a third party is outside the EEA and not in a country with an EU adequacy decision, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or reliance on a framework like the EU-U.S. Data Privacy Framework for certified US entities.
6. International Data Transfers
We are based in Ireland, and primarily your data is processed within the European Economic Area (EEA). However, as noted earlier, some of our service providers are located in (or store data in) countries outside the EEA – for example, the United States. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
Adequacy Decisions: For transfers to certain countries deemed by the European Commission to have adequate data protection laws (for example, if we were to transfer data to Japan, which has an adequacy decision, or the UK, which is also considered adequate post-Brexit), we rely on that decision as the legal basis for transfer.
Standard Contractual Clauses: For transfers to countries without an adequacy decision (e.g., the USA, where some of our providers like Google and Cloudflare operate), we use the European Commission’s Standard Contractual Clauses (SCCs). These are contractual commitments between us and the data recipient, binding them to protect the personal data according to EU standards.
Privacy Shield/Framework Participation: Some US entities, like Google and Microsoft, have certified their compliance with the EU-U.S. Data Privacy Framework as of 2023. Where applicable, we leverage such certifications as an additional safeguard (note: we still use SCCs with these providers as needed).
Additional Technical Measures: We also implement technical measures such as encryption (in transit and at rest) and data minimization for any data that might leave the EEA. For example, as mentioned, we truncate IP addresses for Google Analytics, meaning even though data goes to the US, it’s not in a directly identifiable form.
You can contact us if you would like further information on the specific mechanism used by us when transferring your personal data outside the EEA.
7. Data Retention
We will retain your personal data for no longer than is necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The exact retention period depends on the type of data and our processing needs:
Usage Data: General web server logs containing IP addresses and visit timestamps are usually retained for a short period (typically 30–90 days) before being automatically deleted, unless we need to keep them longer (for example, if investigating a security incident). Aggregated data (which no longer contains personal data) may be kept longer for analysis.
Analytics Data: Data in Google Analytics is retained for a period we configure (often 14 months), after which it is deleted automatically. We may keep non-personal, aggregated analytics reports indefinitely. Microsoft Clarity data retention is typically 30 days for session recordings (unless configured differently).
Advertising Data: Cookies set on your browser have their own expirations (see Cookie Policy). For instance, the IDE cookie lasts ~13 months and gclau lasts 90 days. Our systems don’t store the personal data from these cookies beyond what the cookies themselves store. We receive ad reports from partners that do not identify individuals (e.g., “100 users clicked Ad X”). Those reports might be stored indefinitely as part of our business records, but they contain no personal identifiers.
Communications: If you contact us directly (email, contact form, etc.), we may retain that correspondence and any personal details in it for as long as necessary to address your query, resolve any disputes, or as required by law. For example, if you make a GDPR data request, we’ll keep a record of that request for compliance purposes. If you submit a DMCA notice, we may retain it indefinitely to document our response and compliance.
Legal Obligations: We might also retain certain personal data for longer periods if required by law. For instance, records of transactions or payments would be kept for the period required by Irish tax law (which can be several years). Also, if we reasonably believe there’s potential for litigation, we may preserve relevant information until the statute of limitations expires or the issue is resolved.
Once the retention period expires or the purpose for collection is fulfilled, we will either securely delete or anonymize your personal data. For example, we may delete raw log files but keep aggregated statistics, or delete personal identifiers from a dataset so it can no longer be linked to you.
8. Your Rights under GDPR
As an individual in the European Union (or in a jurisdiction with similar data protection laws), you have certain rights regarding your personal data. Below is a summary of your rights under the GDPR and how you can exercise them:
Right to Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to obtain access to that personal data. This allows you to receive a copy of the personal data we hold about you and certain information about how we use it. (Note: To protect others’ privacy, we will not include data that identifies someone else, and we may ask you to specify the information or processing activities your request relates to.)
Right to Rectification: You have the right to request that we correct any inaccuracies in your personal data or complete any incomplete data. If you believe we hold incorrect details about you (e.g., wrong email spelling or outdated contact info), please let us know so we can update it.
Right to Erasure: You can ask us to delete or remove your personal data in certain circumstances. Commonly referred to as the “right to be forgotten,” this right applies, for instance, if the data is no longer necessary for the purposes it was collected, if you withdraw consent (where consent was the basis for processing), or if you object to processing and we have no overriding legitimate grounds to continue. Note that this is not an absolute right; we may retain data if we have a compelling reason (e.g., a legal obligation) to do so.
Right to Restrict Processing: You have the right to request the suspension of processing of your personal data in certain scenarios. For example, if you contest the accuracy of your data, you can request that we restrict processing until we verify its accuracy. Or if you’ve objected to processing (see below), you may want to restrict processing while we determine whether our grounds override yours.
Right to Data Portability: For personal data that you have provided to us and which we process by automated means either based on your consent or for performance of a contract, you have the right to request that we provide it to you in a structured, commonly used, machine-readable format. You also have the right to request that we transmit that data directly to another controller, where technically feasible.
Right to Object: You have the right to object to our processing of your personal data when the processing is based on legitimate interests (including profiling on that basis). You also have the absolute right to object if your data is processed for direct marketing purposes (including profiling related to direct marketing). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms (for example, if data is needed for a legal claim); in other cases, if you object, we will stop processing your data as requested.
Right to Withdraw Consent: If we rely on consent as the legal basis for processing your personal data, you are free to withdraw that consent at any time. This will not affect the lawfulness of processing that was carried out prior to withdrawing consent. For example, if you consented to analytics cookies, you can change your mind and disable them (via our cookie settings or browser settings), which will stop further data collection by those cookies.
Rights related to Automated Decision-Making: You have rights related to automated decision-making and profiling. However, we do not engage in any decision-making about you that is solely automated and has a legal or similarly significant effect on you (as defined by GDPR Article 22). Should that change, we will inform you and ensure appropriate safeguards are in place, and you would have the right to request human intervention or to challenge the decision.
To exercise any of these rights, please contact us using the details in the Contact section below. We may need to verify your identity before fulfilling the request (this is to protect your privacy – for instance, we wouldn’t want to give your data to someone impersonating you). We will respond to your request as soon as we can, and in any case within one month of receipt. If your request is complex or if we have a high volume of requests, we may extend this period by an additional two months, but we will inform you of the extension and the reasons for it within the initial one-month period.
If you feel that we have not addressed your concerns adequately, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC) or with your local Data Protection Authority in the EU. The DPC’s contact details can be found on their website (www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns first, so we kindly ask you to contact us and we will do our best to resolve the issue.
9. Your Choices and Controls
In addition to your formal rights, we want to highlight practical ways you can control or limit how we use your data:
Cookie Controls: Through our cookie consent banner and settings, you can choose which categories of cookies to accept (Analytics, Advertising) and which to reject. You can change these at any time by revisiting the consent tool on our site. You can also use your browser settings to delete cookies set on your device. Note that if you clear cookies, the next time you visit our site, you’ll be prompted again for your cookie preferences.
Opt-Out of Analytics: If you do not want your site activity to be available to Google Analytics, you can install the Google Analytics opt-out browser add-on. This prevents the Google Analytics script from running. We honor the consent you’ve given (or not given) via our cookie banner, so if you said “no” to analytics cookies, Google Analytics and Clarity will not track your activity on our site.
Ads Personalization: For Google ads, you can visit Google’s Ads Settings page to manage your ad preferences and opt out of personalized ads. For other ad networks, check their privacy settings (e.g., Microsoft has an opt-out form for personalized ads on its services). The websites youronlinechoices.eu (for EU) or aboutads.info (for US) allow you to opt out of many participating ad networks’ targeted ads. Keep in mind, opting out of targeted ads doesn’t mean you won’t see any ads, just that they may be less relevant to you.
Email Communications: If we send any marketing or newsletter emails, each email will have an “unsubscribe” link. Click that to stop receiving future emails of that type. Transactional or service emails (like responses to an inquiry you sent) generally cannot be opted out of because they’re not promotional.
Do Not Track (DNT): As mentioned, our site doesn’t currently respond to DNT signals. Instead, we rely on our comprehensive cookie consent solution. Please use that to manage tracking on our site.
Social Media and External Platforms: If you engage with our content on social media (like if we have a Facebook page, or if you click “Share” on one of our posts), those platforms might collect data about that action. You can adjust your privacy settings on those platforms (Facebook, Twitter, etc.) to control how your data is used there.
10. Data Security
We implement a variety of security measures to protect your personal data. Our measures include:
Encryption: We use HTTPS encryption (SSL/TLS) across our Website. This means that information you send to us or that we send to you is encrypted in transit and cannot easily be read by third parties intercepting the traffic.
Access Management: Personal data stored in our systems is accessible only by those who need to access it. We limit and control access through user accounts, permissions, and authentication. For example, our database or analytics results can only be accessed by authorized personnel or contractors who have been given access.
Monitoring and Logging: We use tools to monitor access to our systems and to detect any anomalies or potential intrusions. Unusual activity triggers alerts for our team to investigate. Our Cloudflare integration also provides an additional layer of security monitoring for malicious traffic.
Regular Updates: We keep our website software, content management systems, and other tools updated to the latest secure versions. Security patches are applied in a timely manner to mitigate vulnerabilities. Our service providers also maintain high security standards (e.g., Google and Microsoft data centers benefit from cutting-edge security).
Backups: We maintain backups of critical data to ensure resilience. Backups are secured and encrypted. In the event of a data incident (like accidental deletion or a malware event), we can restore information from these backups.
Anonymization/Pseudonymization: Where feasible, we anonymize or pseudonymize data. For example, as described, we use IP anonymization in Google Analytics so that full IP addresses are not stored. Any analytics or ad data we look at is typically in aggregated form.
Despite all these measures, no system is 100% secure. The transmission of information via the internet is not completely secure, so we cannot guarantee the security of data sent to our site. Any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorized access.
In the unfortunate event of a personal data breach (where personal data is compromised) that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, if required by law, notify you as well without undue delay.
We also recommend that you take steps to protect yourself online. Use strong passwords, do not reuse passwords across different sites, and be cautious about sharing personal data on public forums or in response to unsolicited communications.
11. Children’s Privacy
Our Website and services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not submit any personal information to us (for example, do not register on any forms, make purchases, or contact us with personal details). If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information promptly.
Parents or guardians: if you believe that we might have any information from or about a child under 16, please contact us immediately so that we can delete it.
For users in Ireland (and EU generally), note that the age of consent for online data processing may vary by member state (it ranges from 13 to 16 across different countries; in Ireland it is 16). We do not intend to process data of those under the relevant age of consent unless consent is given or authorized by the legal guardian. As stated, we simply avoid collecting data from individuals likely to be children in the first place.
12. Updates to This Privacy Policy
We may modify this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make significant changes, we will provide a more prominent notice, for example by posting a notice on our Website or by sending you an email notification. The “Last Updated” date at the top of this policy will always indicate when the last changes were made.
Some of the changes that might prompt an update include: launching new features that affect personal data usage, decisions by data protection authorities that require adjustments to our practices, or changes in our service providers. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
If you continue to use the Website after those changes become effective, you will be considered to have agreed to the updated Privacy Policy. If you do not agree to the changes, you should stop using the Website and, if necessary, exercise your rights (for example, you can request we delete your data if applicable).
13. Contact Us
We welcome any questions, comments, or requests regarding this Privacy Policy or our handling of your personal data. Please feel free to contact us using the details below:
Email: You may email us at [email protected] (please mention “Privacy Inquiry” in the subject line for faster routing).
Mail: You can write to us at ROOMATIC MARKETING LTD, Officepods Unit 1, Cranford Centre, Stillorgan Road-Montrose, D04 F6T4, Ireland, Ireland.
Telephone: For general inquiries, you can reach our office at +353 (83) 441 1940 during normal business hours.
To exercise any of your rights (as outlined in Section 8 above), it is usually best to contact us via email or mail so that we have a written record of your request. We may ask you to verify your identity before we fulfill your request, to ensure we don’t disclose data to the wrong person.
We will do our best to respond promptly and address your concerns. Your privacy is important to us, and we take all queries seriously. If you have an issue that you believe we have not resolved satisfactorily, remember you have the right to contact the Data Protection Commission or your local Data Protection Authority.
Thank you for reading our Privacy Policy. We are committed to protecting your personal data and being transparent about our privacy practices.
Last updated: 06/05/2026