Privacy Policy
Introduction
This Privacy Policy details how we The Romans London Limited (United Kingdom); and our affiliates entities of The Romans Amsterdam BV (Amsterdam); The Romans New York Inc (New York); and The Romans Communications LLC (Dubai); (together, 'we', 'us' or 'our') collect, use and process personal data provided to us.
If you have any questions on this Privacy Policy or otherwise relating to how we process your personal data, you can contact us at hello@wearetheromans.com
This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide your personal data to us.
We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws including the UK GDPR, EU GDPR, and local laws in jurisdictions where we operate. If we do so, and the changes substantially affect your rights or obligations, we shall notify you if we have your email address. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.
For the purposes of the UK GDPR and EU GDPR, we are a controller of that personal data unless we have been asked by our client to process the data, in which case we are the processor.
Whose personal data do we collect?
By personal data we mean identifiable information about you. The sorts of data we collect fall into the following categories:
- Contact Data includes data such as your name, email address, mobile and home telephone number;
- Identity Data includes data such as first name, last name, date of birth, gender, age;
- Financial Data includes details you provide to us so that we can process your payments;
- Technical Data includes data such as internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and any communications we may send to you.
- Usage Data includes information about how you use our website such as information about your visit to our website, including the full Uniform Resource Locators (URL) clickstream to and through, pages you viewed or searches you made, page response times, download errors, length of visit, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Marketing Data includes your preferences in receiving marketing communications and updates from us.
We also collect, use and share Aggregated Data such as statistical or demographic data from our platform users for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as it does not directly or indirectly identity you and it is not used to make decisions about you. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Information you provide to us
From time to time you may provide personal data to us. This may be because you wish to:
- engage us to provide services to you or the business you represent;
- use our website;
- provide services to us;
- provide feedback to us; or
- otherwise contact us including with queries, comments or complaints.
We shall process all such personal data in accordance with this Privacy Policy. Certain personal data is mandatory to be provided to us in order that we can fulfil your request and we shall make this clear to you at the point of collection of the personal data.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect identity fraud, we will record this and we may also report this to the appropriate authorities. At our request, you shall promptly provide evidence of your identity.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Information we automatically collect about you
When you use our website or mobile app, we may automatically collect and store information about your Technical Data and Usage Data for the purposes of research and analysis.
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy.
Information we receive from others
If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may receive further personal data from third parties, such as Companies House and credit reference agencies, confirming or otherwise, your identity.
We may also receive personal data about you from our third party service providers, including payment service providers and website analytic data providers.
Legal basis for processing your personal data
We will use your personal data only where we have a lawful basis to do so. The lawful purposes that we rely on under this Privacy Policy are:
- consent where you have given clear consent for us to process your personal data for a specific purpose;
- performance of our contract with you, or to take steps at your request before entering into a contract;
- compliance with legal requirements;
- recognised legitimate interests, that where we do not need to conduct a balancing test because those interests are specifically recognised in UK data protection law as not overriding the rights and freedoms of individuals; and
- legitimate interests, where the processing is necessary for our legitimate interests (or those of a third party) and those interests are not overridden by your rights and freedoms.
| PURPOSE/ACTIVITY | TYPE OF DATA | LAWFUL BASIS FOR PROCESSING |
|---|---|---|
| To register you as a client and to provide the services to you as requested and respond to any queries | Contact Identity | Performance of a contract with you |
| To manage your account including managing payments and for audit purposes | Contact Identity Financial Transaction | (a) Performance of a contract with you (b) Recognised legitimate interests (fraud-checking) |
| To manage our relationship with you such as notifying you about changes to this Privacy Policy | Contact Identity | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests |
| To administer and protect our business and this website (including improving and fixing our service, analysis, testing, system maintenance, support, reporting and hosting of data) | Technical | (a) Necessary for our legitimate interests (for running our business security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | Technical Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| To comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party's rights, property, or safety | Contact Identity | Necessary for recognised legitimate interests and our legitimate interests |
| In connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company | Contact Identity Usage Marketing Technical | Necessary for our recognised legitimate interests |
Who do we share your data with?
For our recognised legitimate interests, we may share your personal data with our group companies and partners, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers.
We shall provide our group companies and partners, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
If we need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party's rights, property, or safety then in doing so, we may share your personal data with third party authorities and regulatory organisations and agencies.
If we choose to merge, sell assets, consolidate or restructure, finance, or sell of all or a portion of our business by or into another company then the new owners may use your personal data in the same way that we do as set out in this Privacy Policy.
Where we hold and process your personal data
Some or all of your personal data may be stored or transferred outside of the country where we operate if for example, our email server is located in a country outside the country or if any of our sub-contractors are based outside of the country.
Where your personal data is transferred outside the United Kingdom or the European Economic Area we ensure that appropriate safeguards are in place to protect your data. These safeguards may include transfers to countries that the UK or EU has determined provide an adequate level of data protection; use of standard contractual clauses or other legally approved transfer mechanisms; or binding internal policies and agreements within the Group to ensure that international transfers meet UK, EU, and applicable local data protection standards.
In all cases, we will take all reasonable steps to ensure that your personal data remains protected, treated confidentially, and processed in accordance with applicable data protection laws.
Security
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.
Access to personal data is restricted to employees, contractors, and service providers who have a legitimate need to access it to perform their duties. We employ a combination of technical, administrative, and physical safeguards, including strong password protection and access controls; and regular monitoring and review of our data security systems and procedures.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us or we collect will always remain secure. If there is a security breach, we will act promptly to contain the breach, assess its impact, and notify affected individuals and regulators where required by applicable laws.
Marketing
You may consent to receive marketing email messages from us about our product, services and business, or we may rely on our recognised legitimate interests to do so. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. We will still contact you as necessary to provide services you have requested, or comply with legal obligations.
Your rights
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here
Right of access:
You have the right to obtain from us a copy of the personal data that we hold for you.
Right to rectification:
You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.
Right to portability:
You can request that we transfer your personal data to another organisation if you initially provided consent for us to use the personal data or where we used the personal data to perform a contract with you.
Right to restriction of processing:
In certain circumstances, you have the right to require that we restrict the processing of your personal data if you believe our processing impacts on your fundamental rights and freedoms. However, we may demonstrate that we have legitimate grounds to process your personal data not withstanding your rights and freedoms.
Right to be forgotten:
You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws and when we respond to your request we shall notify you of any specific legal reasons that we have to retain your personal data.
Right to stop receiving marketing information:
You can ask us to stop sending you information about our business, but we will still contact you as necessary to provide services you have requested, or comply with legal obligations.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.
Complaints
We are committed to ensuring that your personal data is processed fairly, lawfully, and transparently. If you believe that we have not complied with applicable data protection laws in the way we handle your personal data, you have the right to raise a complaint with us. You may submit a complaint by sending an email to hello@wearetheromans.com; or writing to our Data Protection Officer at hello@wearetheromans.com. Please include your name and contact information, details of the personal data involved and a description of the issue or concern.
On receiving your complaint, we will investigate your complaint thoroughly and respond in writing with the outcome of the investigation and any actions we have taken or will take. We aim to resolve all complaints within 30 calendar days. If your complaint is complex and cannot be resolved within this timeframe, we will keep you informed and provide an estimated resolution date.
If you are not satisfied with our response or believe that your rights under applicable data protection law have been violated, you can also contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local regulatory authority.
Retention of personal data
Subject to the provisions of this Privacy Policy, we will retain personal data in accordance with applicable laws including the UK GDPR, EU GDPR, and local laws in jurisdictions where we operate.
To determine the appropriate retention period for personal data, we consider the type of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
For the avoidance of doubt, we may use anonymous data, such as usage data for research or statistical purposes indefinitely without further notice to you.
Last updated: October 2025