Privacy Policy
Last updated: 05 Apr 2025
This website is owned and operated by Roomstead Ltd. (hereafter referred to as “Roomstead Ltd.”, “We”, “Us, “Our” and also “Roomstead”), a company registered in England & Wales under company number 15498316 and whose registered address, main trading and correspondence address is at International House, 64 Nile Street, London, N1 7SR, United Kingdom.
Please take time to read and understand this Privacy Policy issued by and on behalf of Roomstead and any top-level domain website “www.roomstead.co.uk” (the “Site”, “Website”, “Platform”, “Portal", “Vendor”, “Marketplace") and its sub-domain websites (which also means any websites owned and operated by us).
We know that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. This document describes our privacy policy and forms part of our website Terms & Conditions ('Website Terms'). Your legal rights are not affected by these provisions. By continuing to use our website, sub-domains and/or apps you are agreeing to our terms and have fully understood our Privacy Policy.
This Privacy Policy is in the English language only.
A. We provide services including but not limited to: Internet websites, personal introductions between users (as a conduit only), e-mail functions, electronic management tools, advertising and other business services. We are committed to safeguarding your privacy online and have created this Privacy Policy in order to demonstrate our best intentions in protecting the online privacy of users of our services.
B. By using our Services you consent to our gathering, use and disclosure of your information, as described in this Privacy Policy, the Terms & Conditions and the other documents, agreements and materials incorporated therein (collectively referred to as the Rules). This Privacy Policy may change from time to time and we will provide notice of changes as described in the Terms & Conditions.
C. Questions regarding this Privacy Policy should be sent to: The Data Protection Officer (DPO) listed in this document.
In this Privacy Policy we aim to explain the following:
- What information does Roomstead gather?
- How does Roomstead gather information?
- How does Roomstead use the gathered information?
- With whom does Roomstead share information we gather?
- How may you access or update stored information about you?
- How does Roomstead protect your personal information?
1. What information does Roomstead gather?
1.1. When registering or ordering on our website, as appropriate, you may be asked to enter your: name, e-mail address, mailing address or phone number. You may however also visit our website anonymously. Like most websites, we use cookies to enhance your experience, gather general visitor information, and track visits to our website. Please refer to our Cookie Policy page for information about cookies and how we use them. Roomstead gathers information about you and your use of the Services as set forth below.
1.2. Information about you. Roomstead collects personal information about you including, without limitation, personally identifiable information (such as your name, address, phone number and e-mail address) and some financial information (such as limited aspects of your credit card information for any rolling or repeat subscription services). For some of our Services we may also ask other information about you such as your age (as a security measure) or other demographic information. Roomstead may also collect your contact information and correspondence if you contact us by e-mail or letter.
1.3. We do not store or retain your full credit or debit card details. When any payment is made, you will transact directly with your card issuer and will be subject to their own particular Terms & Conditions and Privacy Policies. We only supply the barest details of your card to effect card processing payment to take place during temporary communication through our platform with your card processor and our payment processing provider.
1.4. Information about your use of the Services. Roomstead collects information about your use of the Services including, without limitation: data about your computer (such as operating system type, browser type, software installed on your computer) and your web browsing information (such as referring URL`s as well as your IP address).
1.5. We may send you periodic emails. The email address you provide for membership or for any order processing, will only be used to send you critical account information and updates pertaining to your order or request. If you decide to opt-in to our mailing list, you will receive emails that may include property alerts, news, updates, related product or service information, etc. Please note, that if at any time you wish to unsubscribe from receiving future emails or marketing materials, you can do so by following the link in the footer of the emails received, or by changing the settings in your account.
2. How does Roomstead gather information?
2.1. Roomstead gathers information that you submit on any Roomstead registration forms, surveys, questionnaires or other online forms. Roomstead gathers information about your use of the Services during such use, and you should understand that you are not anonymous to us.
2.2 Roomstead may also gather new information or update information from other sources including, for example, verifying and updating your address using third-party services, using various methods to update your credit card expiration date or collecting information from our business partners.
2.3. Roomstead does not sell your personal information or allow access to your data to or by any third party.
3. How does Roomstead use the gathered information?
3.1. Roomstead uses your information to make your use of the Services more personalised and convenient. We use your information to display or deliver materials, such as e-mails, surveys, communications and content. Roomstead may use your information to target such materials so that they may be more relevant to you than materials that would be provided without the use of your information. We may use your information to make online transactions more convenient for you, such as pre-filling online forms that you may submit to us or, for some of our Services. You will have the option to opt-out of any communications or the like at the footer of each communication we send you. This is all aimed at assisting you to best manage the use of our services.
3.2. Roomstead uses your information to conduct and provide our own market and demographics research and data analysis services. Roomstead may also share the information with any sister companies we may have, in order to provide tailored offers and services. You can opt out of this service if you wish to on registration.
3.3. Roomstead uses your information to provide, support and maintain the Services including, for example, to monitor and diagnose the Services, to provide technical support, to bill you for the Services and to contact you with respect to the Services or other Online Web Services products or services.
4. With whom does Roomstead share information we gather?
4.1. Roomstead may share your information with our partners.
4.2. We may share your personally identifiable information with third parties that provide services on behalf of Roomstead. Such third parties do not have the right to use your information for any purpose other than to provide the applicable service.
4.3. Roomstead may share your personally identifiable information with its affiliates that protect your personally identifiable information from disclosure such as our payment processing provider, any relevant government agencies and data protection agencies.
4.4. Roomstead may disclose your personally identifiable information, any communications sent or received by you, and any other information that we may have about your account as follows: as may be required by law, regulation, rule or court order; pursuant to requests from governmental agencies or law enforcement authorities; as necessary to identify, contact or bring legal action against someone who may be violating the Rules; to operate the Services properly; or to protect Roomstead our members or other third parties including, without limitation for data breaches and other emergency situations. We may also release your information when we believe release is appropriate to comply with the law, enforce our website policies, or protect ours or others' rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third-party websites and co-branded services
4.5. Roomstead may advertise, promote, reference, recommend or provide links to third-party websites, services and products. Any third-party websites we promote might have their own privacy policies, which may not comply with this Privacy Policy, even if the website, service or product is branded with Roomstead logo or name. Roomstead IS NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OF SUCH THIRD PARTIES OR ANY OTHER THIRD PARTIES. We recommend that you review the privacy policies of any such third parties or links.
5. How may you access or update stored information about you?
5.1 You may review and update your information stored as a part of your account by contacting our company and requesting such information.
6. How does Roomstead protect your personal information?
6.1. All of your account information is password protected for your security. Your billing information is transmitted and displayed using industry-standard SSL encryption. While Roomstead believes that it has implemented reasonable security, we cannot guarantee that our security measures will prevent unauthorised third parties, such as hackers or Phishers, from obtaining or accessing your information. Additionally, we use encoding for user and property data appearing in our website, and take all reasonable steps to prevent any malicious activity.
7. UK/ EUEAA GDPR Compliance Policy Statement
Introduction
7.1. Upon the UK’s withdrawal from the European Union, the EU General Data Protection Regulation (“GDPR”) were incorporated into the “UKGDPR”.
7.2. The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The Regulation aims to standardise data protection laws and processing, affording individuals stronger, more consistent rights to access and control their personal information.
Our Commitment to you:
7.3. We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We believe we have a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in meeting the demands of the UKGDPR.
7.4. Roomstead are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our objectives for UKGDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
How we comply with the UKGDPR:
7.5. As both a Data Collector and a Data Processor, we have held an Information Audit, carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
7.6. Policies & Procedures - revising/implementing new data protection policies and procedures to meet the requirements and standards of the UKGDPR and any relevant data protection laws, including:
a. Data Protection – our main policy and procedure document for data protection meets the standards and requirements of the UKGDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
b. Data Retention & Erasure – we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
c. Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time, and to notify the Information Commissioner’s Office of such a breach within 72 hours of any personal data Breach being discovered. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
d. International Data Transfers & Third-Party Disclosures – where Roomstead stores or transfers personal information outside the UK, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
e. Subject Access Requests (SAR) – You have a right to know what information we hold on you. We have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
f. Legal Basis for Processing - we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under the UKGDPR are met.
g. Privacy Notice/Policy – we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
h. Obtaining Consent - we are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information.
i. Direct Marketing - we are revising the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
j. Data Protection Impact Assessments (DPIA) – where we process personal information that is considered high risk, involves large scale processing or includes special category data; we have stringent procedures that comply fully with the UKGDPR’s requirements.
k. Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting etc), we have effective due diligence procedures for ensuring that they (as well as we), meet and understand their/our UKGDPR obligations.
l. Special Categories Data - where we obtain and process any special category information, we do so in complete compliance with the requirements and have high-level encryptions and protections on all such data.
Data Subject Rights:
7.7. Under the UKGDPR you have the following rights:
| Your rights: | What this means in practice: |
|---|---|
| The right to access personal data | You hold the right to request disclosure of what data we hold about you. |
| The right to rectification | You can request any data held about you to be amended if it is incorrect. |
| The right to erasure | In some instances, according to Law (non-financial records), you have the “right to deletion, sometimes referred to as “the right to be forgotten” where all of your data is erased. |
| The right to restrict processing | You have the right to prohibit unnecessary or inapplicable data about you being collected or processed by us. |
| The right to data portability | You have the right to receive a copy of your data and take it with you in an accessible format, such as a spreadsheet or zip file. |
| The right to object to processing | If for example you discover we are profiling you, or collecting inapplicable data such as credit scoring or collecting sensitive data on you without lawful cause. |
| The right not to be subject to automated decision-making. | This means you can object if you discover we are credit scoring you or performing sociological surveys or profiling without your consent. |
7.8. In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website of an individual’s right to access any personal information that Roomstead processes about them and to request information about:
a. What personal data we hold about them
b. The purposes of the processing
c. The categories of personal data concerned
d. The recipients to whom the personal data has/will be disclosed
e. How long we intend to store your personal data for
f. If we did not collect the data directly from them, information about the source
g. The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
h. The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
i. The right to lodge a complaint or seek judicial remedy and who to contact in such instances.
8. Information security & technical and organisational measures
8.1. Roomstead takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place aimed at protecting personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including; SSL, access controls, password policy, encryptions, pseudonymisation, practices, restriction, IT, authentication etc.
8.2. The following information is brought to your attention.
A. What data do we collect and how?
Depending upon your use of our website, we may collect and hold some or all of the personal and non-personal data set out in the table below. We do not collect any ‘special category’ or ‘sensitive’ personal data relating to children or data relating to criminal convictions and/or offences.
| Type of data collected | How we collect the data |
|---|---|
| Identity Information including name, title or salutation, date of birth (DOB), address. | Via your emailing us or opening an account with us. |
| Contact information including address, email address and phone number. | Via your contacting us or opening an account with us. Also, for placing any adverts or listings with our website. |
| Submission of any personal documents, photographs or advertising/ listing information. | Via the submission buttons on our website where indicated. This is a direct interaction via our website. |
| Profile information including interests, browsing history, transaction details, preferences and login details. | Via your use of our website and your member account and specific cookies. |
| Technical information including IP address, browser type, browsing history. | Via the cookies placed in our website. Some are temporary some are permanent. |
| Data from third parties including mailing and marketing preferences. | Via the cookies placed on our website and associated links. |
B. How do you use my personal data?
Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The following table describes how we may use your personal data, and our lawful bases for doing so:
| What we do | What data we use | Our lawful basis |
|---|---|---|
| Registering you on our website. | Personal details to identify you. | To ensure that only valid and genuine users are registered and to prevent fraud or spam. |
| Providing and managing your Account. | Your preferences and personal details. | To ensure that our website provides information to suit your needs and allow you to submit information. |
| Providing and managing your access to website. | Your personal login details. | To provide our services to you and ensure your account’s integrity. |
| Personalising and tailoring your experience on our website. | Managing your preferences and opt-in/out wishes. | To make sure that you receive only information that is beneficial or of interest to you. |
| Administering our website. | Your Account details. | To provide our services and enhance your experience. |
| Administering our business. | All of the above. | To ensure we are compliant with the appropriate regulations regarding record keeping, accounting and Privacy/ Data Management. |
| Supplying you with information by email and post that you have opted into (you may opt-out at any time by letting us know or managing your own preferences. | All of the above. | To ensure our services comply with our mission and also our obligations under law. |
C. How long will you keep my personal data for?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected, and for which we are required to by Law. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
| Type of data | How long we keep it after account closure |
|---|---|
| Identity Information | For a period of up to 7 (seven) years. |
| Contact information | For a period of up to 7 (seven) years. |
| Business information including any purchases or transactions with the Website. | For a period of up to 7 (seven) years. |
| Payment information | For a period of up to 7 (seven) years. |
| Profile or account information | For a period of up to 7 (seven) years. |
| Technical information or marketing information | For a period of up to 2 (two) years unless opted out of or unsubscribed before then. |
9. GDPR Roles and Employees
9.1. We have designated a Data Protection Officer (DPO) and have appointed a data privacy team to develop and implement our ongoing roadmap for compliance. The team are responsible for promoting awareness of the UKGDPR across the organisation, assessing our UKGDPR compliance, identifying any gap areas and implementing any new policies, procedures and measures as required.
9.2. Roomstead understands that continuous employee awareness and understanding is vital to the continued compliance of the UKGDPR and have involved our employees in our plans.
10. Compliance with additional Codes of Conducts & Privacy Regulations
10.1. State of California Online Privacy Protection Act Compliance: we have taken necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute the personal data or information regarding California State Residents to outside parties without your consent.
10.2. Children’s Online Privacy Protection Act Compliance: we are in compliance with the requirements of the USA COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 18 years of age. Our website, products and services are all promoted and directed to people who are at least 18 years old or older.
10.3. CAN-SPAM Compliance: we have taken necessary steps to ensure that we are compliant with the CAN-SPAM Act of 2003 by never sending out knowingly misleading information.
Our online Protection Compliance & Privacy Policy customer pledge
We pledge to you, that for any USA Visitors to our website, we have made a dedicated effort to bring and keep, our privacy policy in line with the following important privacy laws and initiatives:
- Federal Trade Commission Fair Trading Act
- California Online Privacy Protection Act
- Children’s Online Privacy Protection Act
- Privacy Alliance Standards
- Controlling the Assault of Non-Solicited Pornography and Marketing Act
11. Contacting Roomstead
If you have any questions about our compliance with the UKGDPR or our Privacy Policy, or you have a cause, problem or complaint that leads to a dispute and needs to be resolved please contact us directly.
Data Protection Officer (DPO): Stefan Nikolov
DPO Email: dpo@roomstead.co.uk
Disputes Email: disputes@roomstead.co.uk
Postal address:
Roomstead
International House
64 Nile Street
London
N1 7SR
United Kingdom
12. Contacting The Information Commissioner’s Office
If you are not satisfied with the way we maintain our data, or our response to you in respect of data matters, you have the right to take your concerns to the Information Commissioner’s Office (UK Users). The contact details are:
Website: www.ico.org.uk
Phone: 0303 123 1113
Postal address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF
United Kingdom
13. Changes to our Privacy Policy:
We reserve the right to make future changes to our Privacy Policy. If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date below. Policy changes will apply only to information collected after the date of the change. If there are any questions regarding any other aspect of our services or policies please contact us.
Thank you for visiting Roomstead.
Copyright © 2025 Roomstead Ltd. All rights reserved