The company Roomle GmbH (CN 417379v), hereinafter referred to as “we”, “us” and “Roomle”, headquartered at Peter-Behrens-Platz 2, 4020 Linz, operates a website and applications (abbreviated to “apps”). This data protection policy constitutes an integral part of our General Terms and Conditions (GT&C) and includes a description provided by us, the controller as per Article 4(7) of the European Union General Data Protection Regulation (EU-GDPR), of what data we collect when you visit our website or use our apps, and for what purposes we process this data. Please see section 11 of this data protection policy for all relevant contact details.

With this data protection policy, we fulfil our information obligations concerning the following individually accessible services provided by us:

Website: https://www.roomle.com
iOS app: https://itunes.apple.com/us/app/roomle-3d-home-office-interior-room-plannner/id732050356?mt=8
Android app: https://play.google.com/store/apps/details?id=com.roomle.android
Web app: https://www.roomle.com/en/floorplanner
iOS viewer app: https://itunes.apple.com/us/app/roomle-viewer-all-your-plans-in-vr-and-3d/id1053860177?mt=8
Android viewer app: https://play.google.com/store/apps/details?id=com.roomle.viewer

As we are deeply committed to protecting your personal data, we maintain strict compliance with the legal provisions of the Austrian Data Protection Act (DSG) and the EU-GDPR when collecting and processing your personal data.

In the following, we will provide you with detailed information on the extent and purpose of our data processing operations and your rights as a data subject. Please read our data protection policy carefully before continuing to use our website or apps and, if applicable, give your consent to the processing of your data.

In general, our services can be used without submitting any personal data. However, other provisions may apply for the use of individual services. You will be notified of this separately.

In general, with the exception of cookies which will be described in detail later on, we only collect and store those data that you yourself have provided by submitting them via our input screens or by actively interacting with our website in any other way.

Personal data comprises all information relating to an identified or identifiable natural person. This includes, for example, your name, address, telephone number or date of birth.

In order for Roomle GmbH to perform the services described in further detail in the GT&C, it is necessary to collect, process and use personal data submitted by the user during the registration process and other activities.

a. When registering, the user is required to provide certain minimum information without which registration cannot be concluded. This obligatory data includes:
• email address; and
• password.

b. The user may also add further data to their personal user account, e.g.:
• postal code/city;
• date of birth; and
• gender.

c. Roomle is accessed by means of the email address submitted during registration and the password chosen by the user.

d. Every time Roomle is accessed, usage data is transmitted via the respective Internet browser and stored in protocol files, so-called server logfiles. This data includes:
• the IP address (Internet Protocol address) of the accessing computer;
• user identification on Roomle;
• name of the page accessed;
• date and time of access;
• the referrer URL (URL of origin) from which the user has been referred to the accessed page; and
• the session identification number.

e. Every time a user logs in to Roomle, the following usage data is stored in the so-called login data sets:
• date and time of login;
• user identification on Roomle;
• IP address (Internet Protocol address);
• session cookie number; and
• the session identification number.

The main purpose for which Roomle GmbH collects personal data is to enable the user to use Roomle’s services securely, efficiently and in a way tailored to their personal needs. The personal data is used in particular for the following:
• performance of the Roomle GmbH service requested by the user;
• customisation, evaluation and improvement of Roomle GmbH’s performance, content and advertising campaigns;
• informing users of Roomle’s services, targeted marketing and promotions from Roomle GmbH’s cooperation partners;
• sending marketing communications;
• prevention, disclosure and investigation of users engaging in potentially prohibited or illegal activities on Roomle;
• enforcement of Roomle GmbH’s GT&C; and
• troubleshooting.

a. If you use our website for purely informational purposes, i.e. if you do not register or submit information in any other way, we will collect only those personal data that are transmitted to our server by your browser. If you wish to visit our website, we will therefore collect the following data which we require for technical reasons in order to be able to display the website and to ensure its stability and security as per Article 6(1)1f of the EU-GDPR:


• IP address;
• date and time of the request;
• time zone deviation from Greenwich Mean Time (GMT);
• content of the request;
• access status / http status code;
• amount of data transmitted per request;
• website from which the request originates;
browser used;
• operating system and its interface; and
• language and version of the browser software.

b. In addition to the aforementioned data, cookies are stored on your computer whenever you use our website. These are small text files which are assigned to the browser you have used and stored on your hard drive. They transmit certain information which is defined by the entity setting the cookies (in this case us). In the current state of technical development, cookies cannot run programmes or infect your computer with viruses. Instead, they serve solely to make our Internet presence more effective and user-friendly.


c. Our website(s) use(s) the following types of cookies, with the following respective scopes and functions:

Transient cookies
Transient cookies are deleted automatically when you close your browser. In particular, these include session cookies, which store a so-called session ID that allows a number of different requests from your browser to be assigned to the same session. This allows us to recognise your computer whenever you return to our website. These session cookies are deleted as soon as you log out or close the browser.

Persistent cookies
Persistent cookies are automatically deleted after a pre-defined period of time, which may vary from cookie to cookie. You can however delete the cookies yourself via your browser settings at any time.

d. You can change your browser settings to prevent third-party cookies, for example, or all cookies from being accepted. Please note, however, that this may limit the services provided by Roomle GmbH and have a negative impact on your usage of Roomle.

e. We also use cookies in order to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in every time you visit our site.

f. We use HTML5 storage objects, which are stored on your end device. These objects store the necessary data irrespective of the browser you use and do not have an automatic expiry date. You can prevent this processing by installing the corresponding add-ons on your browser or using the private browsing mode.

All personal data other than the information stored by cookies is processed by us only if you voluntarily submit this data to us, for example by registering with us, entering into a contractual relationship with us or otherwise contacting us. This data is restricted to contact details and information relating to the issue at hand.

We will use the personal data you submit solely to the extent required to achieve the respective purpose of processing (e.g. registration, sending out newsletters, processing an order, sending out information and advertising material, processing a competition, answering a question, providing access to specific information) and/or as permitted by law (in particular Article 6 of the EU-GDPR, e.g. sending information and advertising material to existing customers).

Your data is processed for the purpose of providing our services and for the targeted provision of company-specific information, which includes presenting the goods and services we offer (marketing). Your data will only be used for purposes other than these if you have explicitly consented to this beforehand. You can withdraw your consent at any time with future effect. This will be explained in more detail in the following.

In general, we store those data that you have submitted solely for the purposes of customer support or marketing and information for a period of three years following our last contact. If you wish, we can erase your data before this period expires, insofar as there is no legal impediment to this.

In the event of the initiation or conclusion of a contract, we will process your personal data after the contract has been completely processed and until the warrantee and guarantee periods, the period of limitations, and the statutory retention periods that apply to us have expired and, beyond that, until the settlement of any legal disputes for which the data may be required as evidence.

You have the option of subscribing to our free newsletter. This newsletter is sent out at regular intervals and features the latest news and information about our company and customised advertising. In order to receive our newsletter, you will need a valid email address.

We will verify the email address you enter into our registration form to ascertain whether you do actually wish to receive newsletters. To do this, we will send an email to the email address you have specified. This email contains a link you can click on to confirm receipt. Once you have confirmed that you have received this email, you will be signed up for our newsletter. (double opt-in)

When you first sign up for our newsletter, we will store your IP address, and the date and time of your registration. This is for security purposes, in case your email address is being used by a third party to subscribe to our newsletter without your knowledge. We do not collect or process any other data for your newsletter subscription and the data is used solely for the purposes of delivering the newsletter to you.

Unless you raise an objection, we will transmit your data within our company for the purposes of analysis and in order to transmit information for advertising purposes. The data you have provided for the purposes of your newsletter subscription will be compared with any other data we may have collected for other purposes (e.g. to book a service) within the company.

We will not disclose the data you have submitted to sign up for our newsletter to third parties who are not part of our company. You can cancel your newsletter subscription at any time. Details on how to unsubscribe can be found in the confirmation email and in each individual newsletter.

a. We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses so-called “cookies” (see above). The information generated by the cookies about your usage of the website is generally transferred to a Google server in the USA and stored there.

Google will, on our behalf, use this information to evaluate your usage of our website, to compile reports on website activities, and to provide the website operator with additional services associated with website and Internet usage. The IP address that your browser sends as part of the Google Analytics service will not be merged by Google with other data.

You can prevent the cookies required by Google Analytics from being stored by using the appropriate options in your browser settings. This may, however, prevent you from being able to use all of the website’s functions to their fullest extent. You can prevent cookie-generated data relating to your usage of the website (including your IP address) from being collected, transmitted, and processed by Google by downloading and installing the browser plugin available in the link below: http://tools.google.com/dlpage/gaoptout?hl=de

b. In order to continuously improve the services provided by Roomle for our users, we use www.Crashlytics.com, a subsidiary of Google Inc. In the event of a crash, an anonymised crash report is sent to Crashlytics.

c. In order to provide users with the latest information about Roomle in the form of push notifications, we use www.OneSignal.com, a cross-platform notification service headquartered at 2194 Esperanca Avenue, Santa Clara, CA 95054, USA. To stop receiving push notifications, please change your settings.

d. In order to analyse our users’ experiences and rectify application performance issues more quickly, we use www.dynatrace.com, headquartered at 1601 Trapelo Road, Suite 116, Waltham, MA 02451, USA. Again, anonymised data are transmitted to Dynatrace. This enables continuous improvements in Roomle’s services and improved stability.

e. We use www.uservoice.com, located at 121 2nd Street, 4th Floor, San Francisco, CA 94105, USA, to collect user feedback and provide support.

Should you require any further information on the type, scope and purposes of the services described in points a to d, we recommend that your read the companies’ respective data protection policies.

f. We also include links to other websites on our website and in our apps. These are for informational purposes only. We have no control over these websites, which means that they are not covered by the provisions of this data protection policy. If you activate a link, the operator of the website may collect data on you and process this in accordance with their own data protection policy, which may deviate be different from ours.

a. In addition, you have the option of interacting with a range of social networks on our website and in our apps via plugins. These include:

• Facebook, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Eire
• Twitter, operated by Twitter, Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
• LinkedIn, operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA
• YouTube, operated by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA.
• Vimeo, operated by Vimeo, Inc. 555 West 18th Street New York, New York 10011, USA

Clicking on a plugin for one of these social networks will activate it and the plugin will establish a connection to the server of the respective network. We have no influence on the scope or the content of the data that is transmitted to the operator of the respective social network when you click on the plugin.

If you require information on the type, scope and purpose of the data collected by the operators of these social networks, we recommend that you read the social networks’ respective data protection policies.

b. We have provided the Recruiterbox application tool for interested job applicants. This is a service provided by Recruiterbox, Inc. headquartered in Seattle, WA 98122, 911 E Pike St. #333. When you apply for a specific vacancy, we will store the information you submit for the respective application period until the vacancy is filled and for a further six months to safeguard our interests in the event of a dispute with an applicant.

In general, we store the data submitted by speculative applicants, and by applicants who voluntarily consent during the application process to having their data stored for a longer period of time for evidentiary purposes, for three years. If you declare your consent in this context, you may withdraw it at any time with future effect.

Roomle GmbH will not sell, exchange or make any other unauthorised use of personal data or information. Nor does Roomle GmbH disclose users’ personal data to third parties unless the user has consented to this or Roomle GmbH is legally obliged to disclose the data. Neither Roomle GmbH’s external service providers who provide services in the name of or on behalf of Roomle GmbH, nor Roomle GmbH licensees, shall be considered third parties.

We employ a number of technical and organisational measures to protect your data from manipulation, loss, destruction and third-party access. Our security measures are continuously improved in keeping with technological developments relating to the Internet.

Our services are not intended for children under 16 years of age. If you become aware that a child under 16 years of age has submitted personal data to us without their legal guardian’s consent, please contact us.

In accordance with the General Data Protection Regulation and the Data Protection Act, you as a data subject are entitled to the following rights and legal remedies:

• Right to information (Article 15 of the EU-GDPR)
You, as the data subject of the data processing operations, have the right to obtain information as to whether any (and if so, what) personal data concerning you are being processed. It may be necessary for us to verify your identity by suitable means. This is for your own protection, to prevent third parties from receiving information about your data.

• Right to rectification (Article 16) and erasure (Article 17 of the EU-GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you or, taking into account the purposes of the data processing, to have incomplete personal data completed and to obtain the erasure of your personal data insofar as the criteria set out in Article 17 have been met.

• Right to restriction of processing (Article 18 of the EU-GDPR):
In accordance with the statutory requirements, you have the right to obtain restriction of the processing of all your collected personal data. Following the submission of an application for restriction, these data shall only be processed with your individual consent or for the establishment or exercise of legal claims.

• Right to data portability (Article 20 of the EU-GDPR):
You have the right to obtain the unimpeded and unlimited transmission of your collected personal data to a third party.

• Right to object (Article 21 of the EU-GDPR):
You have the right to object at any time, on grounds arising from your particular situation, to the processing of personal data concerning you that is necessary to safeguard our legitimate interest or those of a third party. Once you have raised an objection, we will no longer process your data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is necessary for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time with future effect.

• Withdrawal of consent
If you have separately declared your consent to the processing of your data, you can withdraw this at any time. This withdrawal shall affect the lawfulness of the processing of your personal data after you have declared it to us.

If you undertake any measures to enforce your rights under the GDPR as detailed above, we must communicate our standpoint with regard to the measure you have requested, or comply with your request without undue delay or, at the latest, within one month of receiving your request.

We will respond free of charge and as soon as possible to all appropriate requests made within the legal framework.

The Data Protection Authority is responsible for all submissions concerning a violation of your right to information or a violation of your right to non-disclosure, rectification or erasure.

a. Controller’s contact information:

Roomle GmbH
Peter-Behrens-Platz 2, 4020 Linz
Telephone: +43 (0)732 790903-750
Telefax: +43 (0)732 790903-999

b. Information on the subject of data:
privacy@roomle.com

Dated: Jan 2020