Last Updated: September 30, 2025
ROI·DNA, Inc. (“ROI·DNA,” “we,” “us,” or “our”), is a full-service digital marketing agency that delivers deep, functional solutions built on incisive expertise across the digital space. ROI·DNA respects and values your privacy. This Privacy Policy is designed to help you understand how we collect, use, process, and share your personal information, and to inform you how to exercise your privacy rights.
1. SCOPE AND UPDATES TO THIS PRIVACY POLICY
4. PERSONAL INFORMATION WE COLLECT
5. HOW WE USE YOUR PERSONAL INFORMATION
6. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
7. STORAGE OF YOUR INFORMATION
8. YOUR PRIVACY CHOICES AND RIGHTS
9. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
10. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
This Privacy Policy applies to personal information processed by us, including on our website (https://www.roidna.com/), and other online or offline offerings. To make this Privacy Policy easier to read, our website and other offerings are collectively called the “Services.”
Changes to our Privacy Policy. We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy takes effect.
An Important Note: This Privacy Policy does not apply to any of the personal information that we process on behalf of our customers through their use of our Services (“Customer Data”). Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Policy. Any questions or requests relating to Customer Data should be directed to our customer.
If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us either:
| ROI·DNA 655 Montgomery St. Suite 850 San Francisco, CA 94111 |
Data Protection Officer Level 2, 100 Harris St Pyrmont, NSW 2009 Australia gdpr@enero.com |
Or, click below to submit a data request to ROI·DNA. You will be redirected to a form where you will be required to provide your details.
SUBMIT DATA REQUEST
For the purpose of the General Data Protection Regulation in the United Kingdom and European Union (“GDPR) (collectively the “Data Protection Laws”) the Data Controller is ROI·DNA.
The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.
We may collect personal information that you provide to us in interactions you have with us, including but not limited to the following:
We may collect personal information automatically when you use our Services such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, traffic data, location information (including approximate location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data We have about you in order to track your usage of our services.
Cookie Policy (and Other Technologies.)
We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of our Services. By using our Website and providing opt-in consent you agree to our use of cookies and other technologies as more specifically set out below.
The provision of certain personal data may be required from you to enable Us to provide you use or access of our services. We will inform you at the point of collecting information from you, whether you are required to provide the information to Us.
Our uses of the Technologies identified above fall into the following general categories:
Some of the advertising Technologies we use include:
Essential (Strictly Necessary and Functional) 1st Party cookie(s).
The following cookies may be witnessed:
| Name | Provider | Purpose | Expires |
| OptanonConsent | OneTrust | Consent status of a visitor | 365 days |
| visitor_idXXXXXX | Salesforce/Pardot | Unique, anonymous identifier for a person interacting with the site before they are converted into a “prospect” record | 3,650 days (10 years) |
| _GRECAPTCHA | Spam Protection | 180 days | |
| _gtm | Google Tag Manager | Script Loader | End of session |
Third Party Cookies.
By clicking “Allow” you will see the following 3rd Party Cookies:
Analytical Cookie(s)
| Name | Provider | Purpose | Expires |
| _ga
_ga_<container-id> |
Google Analytics | Site Analytics | 730 days (2 years) |
| _hjSessionUser_XX | Hotjar | Sets when a user first lands on a page; used to ensure data from subsequent visits are tied to the same user ID | 365 days |
| _htHasCachedUserAttributes | Enables team to know whether data set in _hjUserAttributes Local Storage item is up to date or not | End of session | |
| _ hjUserAttributesHash | Enables team to know when any User Attribute has changed and needs updating | 2 minute duration, extended every 30 seconds | |
| _hjUserAttributes | Stores User Attributes sent through the Hotjar Identify API | No explicit expiration | |
| _hjSession_XXXXXX | Holds current session data; ensures subsequent results in the session window are attributed to the same session | 30 minute duration, extended on user activity | |
| _hjDonePolls | Set when a user completes an on-site survey to ensure the same survey is not shown to the same user | 365 days | |
| _hp2_id.APP_ID | Heap | User cookie that stores user_id, identity, other IDs | 13 months minus 1 day |
| _hp2_ses_props.APP_ID | Session properties cookie | 30 minutes | |
| _hp2_props_APP_ID | Event properties cookie | 13 months minus 1 day | |
| _hp5_meta.APP_ID | User + session cookie for heap.js v5 | 13 months minus 1 day | |
| _hp5_event_props_APP_ID | Event properties cookie for heap.js v5 (stores properties set by the addEventProperties API) | 13 months minus 1 day | |
| _hp5_let.ENV_ID | Contains last event time in Heap v5.2.7+ | 13 months minus 1 day | |
| 6suuid | 6sense | Intent Tracking | 730 days |
| tuuid
tuuid_lu |
Demandbase | Account Based Tracking | 13 months |
| liap | Denotes the logged in status of a LinkedIn member | 1 year | |
| Bcookie | Brower identifier cookie to uniquely identify devices accessing LinkedIn | 1 year | |
| __cf_bm | Bot management | After 30 minutes of continuous inactivity | |
| li_sugr | Makes a probabilistic match of a user’s identity | 90 days | |
| _guid | Used to identify a LinkedIn Member for advertising through Google Ads | 90 days | |
| __cf_bm | Qualified ChatBot | Bot management | After 30 minutes of continuous inactivity |
Please note that third parties’ affiliates may also use cookies, over which We have no control.
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our website.
Third-Party Services and Sources. We may obtain personal information about you from other sources, including through third-party services when we reasonably believe you have a legitimate interest in our Services (e.g., trade show attendee listings or directories, LinkedIn or other directory listings, external websites, etc.) and organizations. These third-party services and organizations may provide us with your name, physical address, and phone number while using our Services.
We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.
We rely on the following lawful basis for processing:
A. Provide Our Services
We use your information to fulfil our contract with you and provide you with our Services, including but not limited to:
B. Administrative Purposes
We use your information for various administrative purposes, such as:
C. Marketing and Advertising our Products and Services
In addition to the above uses, We may use personal information (and, where you have consented, permit selected third parties to use your information) to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.
Some of the ways we may market to you include email campaigns and text messages (if you have consented to such communications), custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking.
If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, please either:
D. With Your Consent
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
E. Other Purposes
We also use your personal information for other purposes as requested by you or as permitted by applicable law. We may use personal information to create de-identified and/or aggregated information, such as demographic information, information about the device from which you access our Services, or other analyses we create.
We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
A. Disclosures to Provide our Services
The categories of third parties with whom we may share your personal information are described below.
For example, the personal information we may send contains your email address, phone number, company name and full name to a publication or media outlet as it applies to our services.
These third-party service providers are required not to use your personal information other than to provide the services requested by us.
We may disclose your personal information to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
B. Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, our affiliated entities, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
A. Security
We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Where We process payment transactions, these will be encrypted using SSL technology. Where We have given you (or where you have chosen) a password which enables you to access certain parts of the Website or any website we host, you are responsible for keeping this password confidential.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any personal data to these websites.
B. Keeping your personal data up to date
If your personal details change you may update them by contacting Us using the contact details below. If you have any questions about how We use data collected which relates to you, please contact Us by sending a request by email to the contact details below.
We will endeavor to update your personal data within seven (7) working days of any new or updated personal data being provided to Us, in order to ensure that the personal data We hold about you is as accurate and up to date as possible.
C. How long we keep your personal data
The time periods for which we retain your personal data is dependent upon the purposes for which we use it. We will retain it for as long as you are a registered subscriber or user of our services or for as long as we have another business purpose to do so. Thereafter, for no longer than is required or permitted by law, by our Retention Policy, reasonably necessary for internal reporting and reconciliation purposes, or to provide you with feedback or information you might request.
D. Where we store your personal data
All information We hold about you is stored on our secure servers within the UK, EEA and US.
The data that We collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), or the United Kingdom. It may also be processed by staff operating outside the EEA who work for Us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services.
Such countries do not have the same data protection laws as the United Kingdom, and the EEA . Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal data will be subject to EU-U.S. Data Privacy Framework or under a European Commission approved contract or through a series of intercompany agreements based on the Standard Contractual Clauses authorized under the EU Data Protection Directive 95/46/EC and (as permitted under Article 46(5) of the General Data Protection Regulation that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
If you would like further information please contact Us OR our Data Protection Officer (see ‘Contact’ below). We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
A. Your Privacy Choices.
The privacy choices you may have about your personal information are determined by applicable law and are described below.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital
Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada. Please note you must separately opt out in each browser and on each device.
B. Your Privacy Rights.
In accordance with applicable law, you may have the right to:
If you would like to exercise any of these rights, please:
We will process such requests in accordance with applicable laws.
his Supplemental Notice for California Residents, under the meaning of Section 17014 of Title 18 of the Cal. Code of Regulations, only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”).
For the purpose of the CCPA, the business is ROI·DNA, Inc.
We are complying with the CCPA and considering its underlying principles in how we think about customer trust and data privacy as a core pillar of our business. We are providing this CCPA-specific privacy notice to supplement the information and disclosures already contained above.
A. Your Rights.
Under the CCPA you have a number of important rights. In summary, those include rights to:
For further information on each of those rights, see the CCPA Fact Sheet from the Office of the Attorney General
California: https://oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20S heet%20%2800000002%29.pdf
If you would like to exercise any of these rights, please:
We will process such requests in accordance with applicable laws.
B. Personal Information Collected in the previous 12 months.
The CCPA provides California residents with the right to know what categories of personal information ROI·DNA has collected about them, and whether ROI·DNA disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding twelve months. The examples of Personal Information provided for each category are taken from the CCPA and are included to help you understand what the categories mean.
California residents can find this information below:
| Category of Personal Information Collected by ROI·DNA | We collect | Category of Third Parties Personal Information is Disclosed to for a Business Purpose | We Sell |
| Identifiers.
A real name, alias, telephone number, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. |
YES | Service providers Business partners Affiliates
Other third parties you interact with Advertising networks (online identifiers and/or hashed email addresses) Data analytics providers Social networks |
NO |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, address, telephone number, |
YES | Advertising networks Data analytics provider Service providers | NO |
| Protected classification characteristics under California or federal law
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender,gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
NO | N/A | NO |
| Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES | Advertising networks Data analytics provider Service providers | NO |
| Biometric Information
Physiological, biological, or behavioral characteristics, including DNA, that can be used, singly or in combination with each other or with other identifying data, to establish individual identity, such as imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. |
NO | N/A | NO |
| Internet or other electronic network activity
Browsing history, search history, information on a consumer’s interaction with an internet website, application, or advertisement. |
YES | Advertising networks Data analytics provider Service providers | NO |
| Geolocation data
Physical location or movements. |
YES | Advertising networks Data analytics provider Service providers | NO |
| Professional or employment-related information
Current or past job history or performance evaluations. |
YES | N/A | NO |
| Inferences drawn from other personal information to create a profile about a consumer
Profile reflecting a consumer’s preferences, characteristics, predispositions, behavior, and attitudes. |
YES | Advertising networks Data analytics provider Service providers | NO |
The categories of sources from which we collect personal information, our business and commercial purposes for using personal information, and the disclosure of personal information are set forth in “Personal Information We Collect”, “How We Use Your Personal Information” and “How We Disclose Your Personal Information” above, respectively.
C. “Sales” of Personal Information and use of cross-context behavioral advertising under the CCPA/CPRA
the CCPA, ROI·DNA does not “sell” personal information, nor do we sell the personal information of minors under 16 years of age, without affirmative authorisation. That said, we may share information with third-party advertising partners for the purpose of promoting our Services as described above, such as for
cross-context behavioral advertising. To the extent that such sharing is considered a “sale” under California law, you may limit such sharing by following the instructions found above in the section titled, Your Privacy Choices, or by contacting us as set forth in “Contact Us” below.
D. Additional Privacy Rights for California Residents
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent and contact us as set forth in “Contact Us” below for additional instructions.
Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our Services.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.
California Shine the Light. The California “Shine the Light” law permits users who are California residents to request and
obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to
those parties.
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at contact@roidna.com OR Catherine Hoyle our Data Protection Officer via gdpr@enero.com, with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in Contact Us below.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account if applicable.
A. Third-Party Websites/Applications.
The Services may contain links to other websites/applications and other
websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
B. Supervisory Authority.
If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, the United Kingdom, or Virginia, you have the right to lodge a complaint with the competent supervisory authority or attorney general if you believe our processing of your personal information violates applicable law.
We hope that We or our Data Protection Officer can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.