Privacy Policy
Privacy Policy
Last Updated: 04/17/2026
Effective Date: 04/17/2026
ROOMATIC MARKETING LTD (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website (iqtest) and subscription Service, in compliance with the EU General Data Protection Regulation (GDPR) and applicable US privacy laws. It also describes your rights and how you can exercise them. We aim to be transparent and use clear language so you can make informed decisions about your data.
Note: By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.
1. Who We Are
ROOMATIC MARKETING LTD is a provider of digital subscription-based services. For purposes of data protection law, ROOMATIC MARKETING LTD is the “data controller” of your personal information for the Service. You can contact us using the details at the end of this Policy.
If applicable: We have appointed a Data Protection Officer (DPO) to address privacy concerns. You may reach the DPO at [email protected] for any questions or requests regarding your personal data.
2. Information We Collect
We collect personal data that you provide to us directly, as well as some information automatically collected from your use of our Service.
a. Information You Provide:
Account and Contact Data: When you register or subscribe, we collect personal identifiers such as your name, email address, billing address, and account login credentials.
Payment Information: If you make a purchase, our payment processor (RevUp) will collect your payment details (such as credit card number or PayPal account) to process the transaction. (Note: We do not store your full payment card numbers on our systems.)
Communications: If you contact us (e.g., via email at [email protected] or customer support), we will collect the information you provide in those communications. This may include your contact details and the content of your inquiry.
Other Data You Submit: Any other information you choose to provide, such as responses to surveys, user profile information, or feedback. For example, if our Service includes user profiles, you might provide a username, photo, or other details.
b. Information We Collect Automatically:
When you use our website or Service, we automatically collect certain technical and usage data via cookies and similar technologies (see our Cookie Policy for details). This may include:
Usage Data: Pages or features you access, time and date of visits, the amount of time spent on pages, and interactions with our Service.
Device and Technical Data: Your IP address, browser type, device type, operating system, and device identifiers. We may also collect information about your device’s interactions with our site (e.g., mouse movements or clicks) for fraud prevention purposes (often via our payment processor’s scripts).
Cookies & Analytics: We use analytics tools (e.g., Google Analytics) that utilize cookies and similar tracking technologies to gather information about user behavior on our site (such as referring URL, pages viewed, and demographic information on an anonymized basis). This helps us understand and improve user experience. Please see the Cookie Policy for more on our use of cookies and how to manage them.
We may receive some data from third parties. For instance, if you sign up via a social media account or SSO provider, we may receive basic profile info from them (according to your consent and their privacy policies). Also, for payments, we may receive confirmation of payment or fraud analysis results from payment processors.
3. How We Use Your Data (Purposes and Legal Bases)
We process personal data for the following purposes, and rely on the legal bases noted in parentheses as justified under GDPR (for users in the EU):
To Provide and Maintain the Service: We use your data to create and manage your account, provide the features you request, and enable subscription functionality (this is necessary for the performance of a contract with you). For example, we use your login credentials to authenticate you and your payment information to process subscription fees.
To Process Payments: We share necessary information with payment processor RevUp to bill you for the Service. This is done to perform our contract with you and to fulfill transactions (contractual necessity), and also to prevent fraud (legitimate interest).
To Communicate with You: We use contact information (like your email) to send service-related communications: confirmations, invoices, technical notices, updates, security alerts, and administrative messages. We may also respond to your inquiries or support requests. Sending these communications is in our legitimate interests to effectively administer the Service and in some cases to fulfill our contract (e.g., sending you receipts).
For Marketing (with Consent): If you have opted in, we will send you newsletters or promotional offers about our new features or products we think may interest you. We will only do this with your consent, which you can withdraw at any time. We may also use your past usage data to recommend similar services, but only in compliance with applicable law. (For EU users, direct marketing communications are generally based on consent or our legitimate interest in promoting our services, subject to your opt-out rights.)
Analytics and Service Improvement: We analyze usage data and feedback to understand how our Service is used and to improve functionality and user experience (our legitimate interests in improving our product). This includes using cookies and third-party analytics services to see which features are popular or identify areas of improvement. Data used for analytics is typically aggregated or pseudonymized.
Enforcement and Security: We may process personal data to enforce our Terms and Conditions, to prevent fraud, address misuse, and to protect the rights, property, or safety of ROOMATIC MARKETING LTD, our users, or the public. For example, we might use IP addresses to block abusive behavior or share information with law enforcement if required. This processing is based on our legitimate interests in protecting our business and compliance with legal obligations.
Legal Compliance: We process personal data as required to comply with legal obligations. For instance, to satisfy accounting and tax requirements (storing transaction records), to respond to lawful requests by public authorities, or to meet know-your-customer (KYC) or other regulatory requirements. If necessary, we will also use data to exercise or defend legal claims.
Legal Bases under GDPR: We only process your personal data under a valid legal basis. The main bases we rely on are: (i) your consent (for example, for certain marketing or cookies), (ii) performance of a contract (to provide the Service and process transactions you request), (iii) legitimate interests (to improve our Service, secure our platform, communicate with you, etc., balanced with your rights), and (iv) compliance with legal obligations. In rare cases we might rely on vital interests or public interest, but our Service typically does not involve those scenarios. If we rely on consent, you have the right to withdraw it at any time (which will not affect processing already done). If we rely on legitimate interests, we have weighed those against your privacy rights and believe they are not overridden by your interests or fundamental rights.
4. How We Share Your Information
We do not sell your personal information. However, we may share information in the following contexts, in line with the purposes above:
Service Providers (Processors): We use trusted third-party companies to help us operate and support the Service. These vendors process personal data on our behalf and under our instructions, and include:
Payment Processors: e.g., RevUp, which processes your payment transactions. They handle personal and financial data necessary to charge your payment method and manage billing. (These processors are GDPR-compliant and act as our “data processors” or as independent controllers for payment data; see their privacy policies for details.)
Analytics/Performance Providers: e.g., Google Analytics or similar, which collect usage data and analytics on our behalf. They help us understand site traffic and usage patterns.
Email/Communication Services: e.g., an email delivery service to send newsletters or transactional emails.
Cloud Hosting and IT Services: providers of cloud storage, database, or server hosting that store our data (which may include your personal data) on our behalf.
These service providers are bound by contracts that require them to only use your data for the purposes we specify and to protect it. We ensure that any data processors we engage provide sufficient guarantees to meet GDPR requirements for data protection.
Within Our Corporate Group: If ROOMATIC MARKETING LTD is part of a group of related companies (subsidiaries, affiliates), we may share data within that corporate group for business operations (for instance, a parent company or a subsidiary helping to provide the Service). Any intra-group transfers will comply with applicable law (e.g., using EU Standard Contractual Clauses if transferring EU data outside the EEA – see International Transfers below).
Business Transfers: If we are involved in a merger, acquisition, reorganization, or sale of all or a portion of our business, personal data may be transferred to the acquiring entity or new entity as part of due diligence or final transfer. We will ensure the recipient agrees to honor this Privacy Policy, and we will notify you of the change or any new incompatible use.
Legal and Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or regulatory demand). We may also disclose information if we believe in good faith that it is necessary to: comply with a legal obligation; protect and defend our rights or property; prevent fraud or abuse of our Service; act in urgent circumstances to protect the personal safety of users or the public; or protect against legal liability.
With Your Consent: In cases where you have provided consent for us to share your information, we will do so in accordance with that consent. For example, if you consent to let us share your data with a partner company for their own marketing, we will do so as permitted (though this is not something we do unless clearly stated).
Anonymized Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you. For instance, we might publish trends or usage statistics (e.g., total number of subscribers in a region) that contain no personal information.
External Links: Our Service may include links to external websites or services (such as social media pages, partner sites, or third-party content). If you follow those links, please note you will leave our site and this Privacy Policy will no longer apply. We are not responsible for the privacy practices of other sites; we recommend you review the privacy policies of any third-party sites you visit.
5. International Data Transfers
We are based in Ireland, and the personal data we collect may be stored and processed in your region, the United States, and/or any other country where we or our service providers operate. If you are located in the European Economic Area (EEA) or UK, be aware that your personal data may be transferred outside of the EEA/UK, including to countries (such as the United States) that may have data protection laws different from those in your jurisdiction.
Whenever we transfer personal data out of the EEA to countries which the European Commission has not determined to provide an adequate level of protection, we ensure at least one of the following safeguards is implemented:
Standard Contractual Clauses (SCCs): We may use the European Commission’s approved contractual clauses with the recipient, which impose data protection obligations on the recipient similar to those in the EU.
EU-U.S. Data Privacy Framework: Where applicable, we may rely on the EU-U.S. Data Privacy Framework as an adequacy mechanism for transfers to certified U.S. organizations.
Binding Corporate Rules: For intragroup transfers within a corporate group, if applicable, approved internal data protection policies.
Other Legal Mechanisms: We may rely on a derogation (exception) for specific situations as allowed by GDPR (e.g., your explicit consent or as necessary to perform a contract with you).
We will provide further information on the specific mechanism used for a given transfer upon request. Our aim is to ensure that your data is treated securely and in accordance with this Privacy Policy wherever it is processed.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. The exact duration will depend on the type of data and the reason we have it. For example:
Account Information: We keep your account data while your account is active. If you cancel your subscription or request deletion, we will delete or anonymize your account data within a reasonable period, except where we need to retain it for legal purposes.
Transaction Records: We keep payment and purchase records as long as required by tax and financial regulations (e.g., 7 years or as per local law).
Communications: Copies of customer service communications may be kept for a period (e.g., 2 years) to help us train staff and address any follow-up issues.
Analytics Data: If analytics data is anonymized, we may retain it indefinitely for historical analysis. If not, we typically aggregate or delete raw personal data after a short period (e.g., we might keep IP logs for a few months).
When we have no ongoing legitimate business need to process your personal data, we will either delete it or anonymize it so it can no longer be associated with you. If deletion (or anonymization) is not immediately possible (for example, because the data is stored in backup archives), then we will securely store the data and isolate it from further processing until deletion is feasible. We also periodically review the data we hold and erase or anonymize data that is no longer needed.
7. Your Rights and Choices
Users in certain jurisdictions (including the EU, UK, and some US states) have specific rights regarding their personal data. We honor all applicable rights requests. These rights include:
Right of Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it.
Right to Rectification: You have the right to ask us to correct or update any inaccurate or incomplete personal data. You can also update some of your own information through your account settings.
Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (also known as the “right to be forgotten”). We will erase your data upon request if we do not have a legal or legitimate reason to continue processing it.
Right to Restrict Processing: You have the right to request that we limit the processing of your data in certain situations – for example, if you contest the accuracy of the data or object to us processing it, we will evaluate and, if appropriate, halt further use of your data.
Right to Object: You have the right to object to our processing of your personal data where we are relying on legitimate interests as the legal basis. You also have the right to object at any time to the processing of your data for direct marketing purposes, which includes profiling related to direct marketing. If you object, we will stop such processing unless we have compelling legitimate grounds to continue (or where it’s needed for legal claims).
Right to Data Portability: You have the right to request a copy of certain data in a structured, commonly used, machine-readable format, and to have that information transmitted to another controller, where technically feasible. This right applies to personal data you provided to us, and that we process by automated means based on your consent or a contract.
Right to Withdraw Consent: If we rely on your consent to process personal data, you have the right to withdraw that consent at any time. For example, you can opt out of marketing emails by clicking the “unsubscribe” link, or adjust cookie preferences through our Cookie banner or your browser. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Not Be Subject to Automated Decisions: ROOMATIC MARKETING LTD does not make any solely automated decisions, including profiling, that have legal or similarly significant effects on individuals. If that changes, and such decisions occur, you would have the right to contest them or request human intervention.
In addition to the above, users in the EU/UK have the right to lodge a complaint with a Data Protection Supervisory Authority, in particular in the member state of your residence, place of work, or where an issue occurred. For example, UK residents can contact the ICO; in France, the CNIL; in Germany, your state DPA, etc. We would, however, appreciate the chance to address your concerns before you do this, so please consider contacting us first.
California Residents (CCPA/CPRA): If you are a California resident, you have certain rights under the California Consumer Privacy Act (as amended by the CPRA), such as the right to know what personal information we collect, the right to request deletion (with similar exceptions as under GDPR), the right to opt out of “sale or sharing” of personal data (note: we do not sell your data for money, and we do not share it for cross-context behavioral advertising without consent), and the right to non-discrimination for exercising these rights. We will handle any verified requests to exercise California rights in accordance with applicable law. Please contact us as described below to exercise your California privacy rights, .
Exercising Your Rights: You (or an authorized agent acting on your behalf) can submit requests to access, correct, delete, or object to processing of your personal data by contacting us at [email protected]. Please include “Privacy Request” in the subject line and detail which right you seek to exercise. We may need to verify your identity before acting on the request (to ensure we don’t disclose data to the wrong person). For example, we might ask you to confirm certain account details or to use your account email to send the request. We will respond to your request within a reasonable timeframe and in any event within the timeframes required by law (GDPR mandates one month, with an extension possible; CCPA mandates 45 days, etc.). There is no fee for making a request, unless it is excessive or unfounded in which case we may charge a reasonable fee or refuse.
If you have any issues with how we handle your request or if you feel we have not addressed a concern satisfactorily, please let us know so we can try to resolve it. You also have the right to complain to a supervisory authority as noted above.
8. Security Measures
We take security seriously and have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. For example, we use encryption (HTTPS/TLS) to protect data in transit, apply access controls to our databases, and limit employee access to personal data on a need-to-know basis. We also regularly review our security practices and may update them as new technology becomes available.
However, please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. You should also play a role in keeping your data safe by choosing a strong password for your account and keeping it confidential. If you believe your account or data may have been compromised, please contact us immediately.
9. Children’s Privacy
Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 (or under 16 in the EU without parental consent). If you are under 13, please do not use or register on this site. Parents or guardians should supervise the online activities of minors. If we learn that we have inadvertently collected personal data from a child under the required age, we will take steps to delete that information promptly. If you are a parent or guardian and discover that your child under 13 (or under 16 in EU) has provided personal data to us, please contact us at [email protected] and we will delete the child’s information.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website to personalize content, remember your preferences, and analyze usage. For detailed information about the cookies we set and your choices regarding cookies, please see our Cookie Policy (below). In summary, cookies are small text files placed on your device that help the site function and provide info to us. We use both first-party and third-party cookies for various purposes (essential operation, analytics, advertising, etc.). When you first visit, we will ask for your consent to any non-essential cookies in accordance with the GDPR and ePrivacy Directive. You can manage your cookie preferences at any time via our site’s cookie settings or through your browser settings.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes, we will notify you by posting the updated policy on this page and updating the “Last Updated” date above. In some cases, we may provide additional notice (such as adding a statement to our homepage or sending you an email notification). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Policy indicates your acceptance of the changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how ROOMATIC MARKETING LTD handles your personal data, please contact us at:
Email: [email protected]
Address: Officepods, Unit 1, Cranford Centre, Stillorgan Road-Montrose, D04 F6T4, Ireland
Data Protection Officer: [email protected]
We will do our best to address your inquiry promptly and thoroughly. Your privacy is important to us, and we welcome your feedback.