Last Updated: 23 Dec 2025

ROOME is committed to preserving and protecting your privacy. Your trust is vital to us. When you use ROOME services, every effort is made to protect and safeguard any personal data that you share with us. We act and will always continue to act in the interest of our clients. We are transparent about our handling of your personal data.

Our intention is to give you a clear, transparent overview of how we use and handle your personal data, so you can understand our approach.We would be happy to clarify any questions you may have about your personal data and offer simple ways of getting in touch. This Privacy Statement applies to all types of information collected directly through our platforms (website www.theroome.com, mobile applications), indirectly through social media or partner sites, or through other means connected to these platforms (for example, our Customer Service reached by email or phone).

This Privacy Statement is subject to change from time to time. If you would like to know more about your personal data, visit this page regularly to keep up with the latest updates.

For any questions or comments regarding this Privacy Statement, please contact us at: info@theroome.com.

​

1. Who is Responsible for Processing Personal Data?

ROOME (hereinafter referred to as "we" or "ROOME") is the data controller responsible for processing your personal data. We are a company registered under the laws of Hong Kong, with our headquarters at:

Unit 2205, Prowell Asia Centre 926 Cheung Sha Wan Road Lai Chi Kok, Kowloon, Hong Kong

If you have any questions about this Privacy Policy or how your personal data is processed, please contact us by email at info@theroome.com.

2. What Type of Personal Data Do We Collect?

2.1. Personal Data You Share With Us When you use our services (e.g., creating an account or making a booking), we collect information you provide to us. This typically includes:

● Identity Data: Your name, email address, and phone number (including Hong Kong mobile numbers for login verification).

● Account Credentials: Password and login history.

● Payment Information: When you pay via our platform, we utilize PCI-DSS compliant third-party payment processors (such as Stripe or AlipayHK). We do not store full credit card numbers or security codes on our own servers.

● Rewards Information: Your points balance, redemption history, and accumulation sources.

● User Content: Reviews, ratings, and favorites lists you create on the platform.

You may also provide other information when contacting customer service, participating in surveys, or interacting with us via social media.

2.2. Guest Users (Book Without Login) If you choose to use our "Book without Login" feature, we generate a temporary order number and collect only the data necessary to process that specific transaction (such as contact info for the hotel). We do not create a permanent user profile for these transactions.

2.3. Personal Data About Others That You Share With Us If you make a booking for another person, you will need to provide that person's relevant personal data. You are responsible for ensuring that the person is aware that you have provided their personal data to ROOME and agrees to our use of it as described in this policy.

2.4. Personal Data We Collect Automatically When you visit our website or application, we automatically collect certain technical information, such as:

● Your IP address and approximate geographic location.

● Precise Location Data: If you grant our App permission, we use GPS data to enable "Smart Search" features, such as sorting hotels by distance. You can disable this in your device settings at any time.

● Device type, operating system, and browser type.

● Browsing history (e.g., pages visited, clickstream data, and room type preferences).

3. Why Do We Collect and Use Your Personal Data?

We use your personal data for the following purposes:

● A. Contract Performance: To process and manage your hotel bookings, including sending booking confirmations, notifications, promo code validation, and necessary communications regarding your reservation.

● B. Loyalty Program Management: To administer your points account, track point accumulation from bookings, and process point deductions during payment.

● C. Customer Service: To provide you with support and handle your inquiries or complaints.

● D. Legal, Financial & Compliance: To comply with applicable laws and regulations, respond to lawful requests from law enforcement agencies, establish/defend legal claims, and meet tax and accounting requirements.

● E. Marketing & Promotions (Based on Your Consent): With your consent, to send you news, offers, and promotional information about our services. You can opt-out at any time using the "unsubscribe" link in any promotional email or via the "Notification Management" section in the Personal Center.

● F. Service Improvement: To analyze usage data to improve the quality, features, and user experience of our website, applications, and services.

4. How Do We Share Your Personal Data?

We only share your personal data with third parties when necessary under the following circumstances:

● Partner Hotels: To complete your booking, we provide the necessary booking information (e.g., name, contact details, and special requests) to the hotel you have booked. If you choose "Offline Payment" (pay-at-hotel), we share relevant order details to facilitate settlement.

● Service Providers: We engage trusted third-party service providers to assist in operating our business, such as cloud hosting providers, payment processors (e.g., Stripe, AlipayHK), and customer service support systems. These providers may only process your personal data on our instructions and are obligated to protect the data.

● Analytics Partners: We may use third-party analytics tools to help us understand how our services are used. These tools collect data in an anonymized form.

● Business Transfers: In connection with a merger, sale of company assets, financing, or acquisition of all or a portion of our business, your personal data may be disclosed or transferred as a business asset.

● Legal Requirements: When required by law, regulation, legal process, or governmental authorities with legitimate requests.

5. International Data Transfers

ROOME's business is headquartered in Hong Kong. The personal data we collect is primarily processed and stored in Hong Kong. Where transfers of your personal data outside of Hong Kong are necessary, we will implement appropriate safeguards (such as standard contractual clauses) to ensure such transfers comply with applicable data protection laws.

6. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction. This includes the use of SSL certificates and regular system backups. Access to your personal information is restricted to authorized employees who need it to perform their job functions. We regularly review and update our security practices.

​

Specific measures include:

​

● Encryption: We use industry-standard encryption (TLS) for data in transit and advanced encryption (AES standards) for data at rest.

● Access Control: We utilize strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) to ensure only authorized personnel can access sensitive systems.

● Monitoring: Our systems undergo regular vulnerability scanning and continuous monitoring to detect and neutralize potential threats. While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet is 100% secure.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. After the retention period ends, we will securely delete or anonymize your personal data.

● Automated Minimization: We employ data minimization strategies to ensure we do not hold data longer than required.

● Secure Disposal: Once the retention period expires, your data is securely deleted or irreversibly anonymized in accordance with our data disposal standards.

8. Your Rights (Under Applicable Laws)

Depending on the data protection laws applicable in your jurisdiction (e.g., the Personal Data (Privacy) Ordinance in Hong Kong), you may have rights including:

● To access the personal data we hold about you.

● To request correction of inaccurate or incomplete personal data.

● To request deletion of your personal data under certain circumstances.

● To object to or restrict our processing of your personal data.

● To withdraw your marketing consent, where applicable.

● Security & Session Control: You have the right to view active login sessions within the App and request a remote logout of specific devices to ensure your account remains secure and discreet.

To exercise these rights, please contact us at info@theroome.com. To protect your privacy, we may need to verify your identity before processing your request.

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and for marketing purposes. You can manage your cookie preferences in your browser settings. Disabling certain cookies may affect website functionality.

10. Third-Party Links

Our booking system and app may contain links to other websites or display third-party advertisements (e.g., "Ad Banners"). This Privacy Policy applies only to our service. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Updates to This Policy

We may update this Privacy Policy from time to time. Any material changes will be posted on our website with an updated revision date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, comments, or complaints regarding this Privacy Policy or our data practices, please contact us at:

ROOME Address: Unit 2205, Prowell Asia Centre, 926 Cheung Sha Wan Road, Lai Chi Kok, Kowloon, Hong Kong Email: info@theroome.com

This Privacy Policy has been translated into other languages. If there is any inconsistency or ambiguity between the English version and the other versions, the English version shall prevail.