Privacy Policy

This Privacy Policy was last updated on: 3 January 2024

We are Roomfest. We respect your privacy and private life, but sometimes we need your Personal Data. We consider Personal Data to be any information relating to an identified or identifiable person, in conformity with the General Data Protection Regulation (the GDPR).
This policy explains which Personal Data we use and why (the Privacy Policy). Furthermore, you will read how we process, store and protect your Personal Data. Finally, we outline what rights you have when we process your Personal Data.
This Privacy Policy applies to our Website (the Website) and the services or products we provide (the Services). We process your Personal Data in accordance with the GDPR and all other relevant legislation and regulations in the field of protection of Personal Data, like Dutch Telecommunications Act (Telecommunicatiewet) regarding the use of cookies (the Relevant Legislation).

Are you under the age of 16?

If you are younger than 16 years old, you need permission from your parents or legal guardian to use our Website and Services.

Processing of Personal Data

In order to provide you with our Websiteand Services, we process your Personal Data.

How do we receive your Personal Data?

  • Personal data we receive from you: We receive Personal Data directly from you when you register and log in via our website.
  • Personal Data of third parties that you provide to us: It is possible that you provide us with Personal Data of third parties. We would like to remind you that it is your own responsibility to verify if those parties agree with the provision of their Personal Data.

Who is the controller of your Personal Data?

We are the controller of your Personal Data within the meaning of the Relevant Legislation. At the end of this Policy, you can find our contact details.

What Personal Data do we process, for which specified purpose(s), and on which legal basis?

We need some of your Personal Data in order for you to use our Website and Services.

We are allowed to process your Personal Data, because we comply with the Relevant Legislation. We lawfully process your Personal Data because we:

  • Have legal bases for processing your Personal Data;
  • Inform you about the processing; and
  • Only process data for specific purposes, and no more than is necessary for that.

In the table below you will read (1) which Personal Data we process (2) for which purpose(s) and (3) on which legal basis.

We shall only use your Personal Data for the following purposes or for compatible purposes. By doing so, we will not use your Personal Data in an unexpected manner.

Peronal Data Purpose(s) Legal basis
Contact Data:
  • Company name
  • First and/or last name
  • Email address
  • Address
  • Phone number
  • IP-address
  • Chamber of Commerce number
  • VAT number
We use these Data:
  • To contact you
  • To correspond with you
  • For the delivery or performance of our Services to you
We process these Data on the basis of:
  • A necessity to perform the contract
  • Consent
  • Legitimate interests
  • A necessity to protect vital interests of you or another person
Partner and/or supplier Data:
  • Company name
  • First and/or last name
  • Email address
  • Address
  • Phone number
  • Chamber of Commerce number
We use these Data:
  • To contact you
  • To correspond with you
  • A necessity to perform the contract
  • Consent
Content Data related to the Services:
  • Correspondence or chat messages
  • Your questions about our Services
  • Results
  • Location Data
  • IP address
We use these Data:
  • To provide you with an optimal service
  • A necessity to perform the contract
  • Legitimate interests
  • A legal obligation

Legitimate interest

To invoke the legitimate interest basis, we balance our interests against your interests, fundamental rights and freedoms. In this way, we assess whether our interest, in processing the Personal Data, outweighs your privacy interest. These Personal Data are valuable to us because As an organization, we process certain data based on legitimate interest to ensure that we can provide the best possible service to our users and maintain a safe, efficient, and customized experience. This includes activities such as personalization of content and offers, improvement of our services, and ensuring the security and integrity of our platform. We carefully balance our legitimate interests against the rights and freedoms of the individuals whose data we process. This ensures that their privacy is not unduly impacted and that their data is handled in a manner that they would reasonably expect, and which has a minimal privacy impact.
Based on careful consideration of the interests and risks involved, we have concluded that your privacy interest does not outweigh our interest. Therefore, we believe we can invoke our legitimate interest in processing these Personal Data.
However, this assessment is subjective. Do you disagree with the processing of your Personal Data based on our legitimate interest? If so, you can always object to this. We will then reassess, and possibly discontinue the processing of your Personal Data.

Are you obliged to share your Personal Data with us?

In some cases, the processing of your Personal Data is necessary. This is relevant, for example, when we have to process your Personal Data in order to oblige to a contract with you or to provide a service to you. Without your Personal Data, we cannot provide our Service to you.

How do we secure your Personal Data?

We make every effort to protect your Personal Data from loss, destruction, use, alteration or dissemination of your Personal Data by unauthorized persons. We ensure that those who have nothing to do with your Personal Data cannot access it. We do this through the following measures:

  • Secure network connections with Transport Layer Security (TLS), Secure Socket Layer (SSL), or a comparable technology
  • The access to the Personal Data is strictly limited to the employees on a ‘need to know’ basis
  • The access to the Personal Data is secured by two-step authentication

We constantly check our security measures for effectiveness, and if necessary adjust our process. That way, your Personal Data is always protected and accessible in the event of a failure.

How long do we store your Personal Data?

We shall not store your Personal Data longer than the period in which we need them for the aforementioned purposes. We delete the Personal Data after we no longer need them for the purpose we process them for. The following is a list of the categories of Personal Data and the (functionally defined) retention periods:

Category of Personal Data Retention period
Contact Data We retain your contact information for as long as necessary to provide our Services. Partner and/or supplier Data We retain partner or supplier data for as long as it is needed to provide our Services.
Content data related to our Services We retain content data for as long as necessary to provide you with our Services in an integral and continuous manner.

With whom do we share your Personal Data?


We may share your Personal Data with data ‘processors’ within the meaning of the Relevant Legislation. We conclude a Data processing agreement with these parties, which entails that they shall process your Data carefully and that they shall only receive the Personal Data they need to provide their service. These parties shall only use your Personal Data in accordance with our instructions and not for their own purposes. We only share your Personal Data with the following categories of processors: Stripe, TransIP. They perform the following tasks for us: take care of the storage of personal data and the execution of payment services.

If we have a legal obligation to share your Personal Data, we will do so. This is the case, for example, if a public authority legally requires us to share your Personal Data.


A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.

We use cookies to improve the user experience on our Website. Moreover, cookies ensure that the Website works faster, that you can visit our Website safely and that we can track and solve errors on our Website.

You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our Website. However, please note that without cookies, our Website may not function as well as it should.

Other provisions


We also process your Personal Data outside the European Economic Area (EEA). We only do so if a country provides an adequate level of protection for your Personal Data.

We shall never transfer your Personal Data to other countries or to other parties than those mentioned above without your permission.

Websites of third parties

Our website may contain links to other websites. We are not responsible for the content or the privacy protection on these websites. Therefore, we advise you to always read the privacy policy of those websites.

Your rights

You have the following rights:

  • The right of access: You can request access to your Personal Data;
  • The right to rectification: You can request us to correct, limit or delete your Personal Data. In the event of fraud, non-payment or other wrongful acts, we can store some of your Personal Data in a register or on a blacklist;
  • The right to data portability: You can request a copy of your Personal Data. We can provide this copy to third parties at your request, so you do not have to do so yourself;
  • The right to object: You can object to the processing of your Personal Data;
  • The right to file a complaint: You can file a complaint at the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you are of the opinion that we wrongfully process your data;
  • The right to withdraw consent

You can always withdraw your permission to process your Personal Data. From the moment of your withdrawal, we cannot process your Personal Data anymore.

Modifications to the Privacy Policy

We may modify this Privacy Policy. If we substantially modify the Privacy Policy, we shall place a notification on our Website together with the new Privacy Policy. We shall notify registered users in case of a substantial modification. If you are not a registered user, we advise you to consult the Website and this Policy regularly.


In the event that you wish to exercise these rights, or in the event of other questions or remarks regarding our Privacy Policy, you can contact us via the following contact details.

Van Boetzelaerstraat 49
1051CZ Amsterdam