Royal Connect

SMS Receptionist Service for Irish Tradespeople

Privacy Policy

Last updated: 25 June 2026 | Effective date: 25 June 2026 | Version 1.2

  Royal Connect is committed to protecting your personal data in full compliance with:

  — General Data Protection Regulation (GDPR) (EU) 2016/679

  — Data Protection Act 2018 (Ireland)

  — ePrivacy Regulations (S.I. No. 336 of 2011) — European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011

  — Postal and Telecommunications Services Act 1983 and Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993

  — Communications Regulation Acts 2002–2023 (ComReg)

  This Policy explains who we are, what data we collect, why we collect it, how long we keep it, and your rights as a data subject.

1. Who We Are

Data Controller: Royal Connect
Trading name registered with: Companies Registration Office (CRO), Ireland — Reference SR8979950
Owner: Monaliza Ferreira da Silva
Address: Maynooth, Co. Kildare, Ireland
Email: hello@royalconnect.ie
Website: https://royalconnect.ie

As the Data Controller, Royal Connect determines the purposes and means of processing personal data in connection with the provision of its SMS receptionist service.

2. What Data We Collect

2.1 Data from End Callers (customers of our tradespeople clients)

Phone number (caller ID)
Date and time of call
Nature of enquiry as described by the caller (e.g. booking request, information request, emergency)
Any personal information voluntarily provided during the call (e.g. name, address, description of work required)
A text-based summary of the call generated by AI processing (no audio recording is retained)

2.2 Data from Tradespeople (our direct clients)

Full name and business name
Business address
Email address
Mobile phone number
Type of trade and business hours
Billing information (processed via Stripe)

2.3 Technical and Usage Data

Call logs and SMS delivery records
System interaction data (timestamps, message status)

We do not collect special categories of personal data (e.g. health data, racial or ethnic origin, political opinions). We do not knowingly collect data from persons under 16 years of age, consistent with Section 31 of the Data Protection Act 2018.

3. How We Process Inbound Calls — Caller Notification

Important notice to callers: When you call a telephone number managed by Royal Connect on behalf of a tradesperson, your call is handled by an automated AI-assisted system. At the start of each call, you will hear a message informing you that your call is being processed by an automated service. The content of your call is transcribed and summarised by AI (OpenAI) and the resulting summary is sent by SMS to the tradesperson whose number you called. No permanent audio recording of your voice is stored by Royal Connect. If you do not wish your call to be processed in this manner, you may end the call at any time.

The processing of inbound calls is carried out under the following framework:

Authorisation basis: Each tradesperson (our client) has entered into a contract with Royal Connect authorising us to handle calls made to their business number on their behalf. This constitutes the contractual authorisation required under the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 and under Article 6(1)(b) GDPR.
Caller notification: Callers are informed at the start of every call that they are speaking with an automated service acting on behalf of the tradesperson. This satisfies the transparency requirements of Article 13 GDPR and Regulation 5 of the ePrivacy Regulations (S.I. No. 336 of 2011).
No persistent audio recording: Royal Connect does not store audio recordings of calls. Only a text summary generated by AI is retained, which constitutes the minimum data necessary for the purpose (data minimisation, Article 5(1)(c) GDPR).
AI transcription: Call content is processed by OpenAI solely to generate a written summary for the tradesperson. OpenAI processes this data as a data processor under a Data Processing Agreement and does not use call content to train its models.

4. Legal Basis for Processing

We rely on the following legal bases under Article 6 GDPR. Where we rely on legitimate interests (Article 6(1)(f)), we have conducted and documented a Legitimate Interests Assessment (LIA) to confirm that our interests do not override the fundamental rights and freedoms of data subjects. These assessments are available to the Data Protection Commission upon request.

Purpose	Legal Basis	LIA Conducted
Providing the SMS receptionist service to tradespeople	Article 6(1)(b) — Performance of a contract	N/A
Processing caller enquiries on behalf of tradespeople	Article 6(1)(f) — Legitimate interests of our clients (enabling them to respond to their customers)	✓ Documented
AI-assisted call summarisation	Article 6(1)(b) — Performance of a contract / Article 6(1)(f) — Legitimate interests	✓ Documented
Sending daily summary reports to tradespeople	Article 6(1)(b) — Performance of a contract	N/A
Billing and financial records	Article 6(1)(c) — Legal obligation (Irish tax law)	N/A
ComReg SMS Sender ID Registry compliance	Article 6(1)(c) — Legal obligation	N/A
ePrivacy compliance for electronic communications	Article 6(1)(c) — Legal obligation (S.I. No. 336 of 2011)	N/A
Improving and maintaining our service	Article 6(1)(f) — Legitimate interests	✓ Documented

5. How We Use Your Data

To handle inbound calls on behalf of tradespeople and relay a summary of caller enquiries via SMS
To categorise enquiries (booking, information, emergency) using AI-assisted processing
To generate and send daily SMS and/or email summary reports to the relevant tradesperson
To maintain a log of call summaries for the tradesperson's reference
To manage client accounts, billing, and subscriptions
To comply with our legal and regulatory obligations in Ireland, including ComReg requirements

6. Automated Processing and AI

Royal Connect uses automated processing, including artificial intelligence (OpenAI), to:

Transcribe and summarise the content of caller enquiries in real time
Categorise enquiries as booking, information, or emergency
Identify potential emergency situations for priority notification to the tradesperson

This automated processing does not produce legal or similarly significant effects on any individual. No decisions are made solely by automated means that would materially affect any person's rights, consistent with Article 22 GDPR. The tradesperson retains full human responsibility for responding to any enquiry or emergency.

7. ePrivacy and Electronic Communications

As a provider of electronic communication services operating in Ireland, Royal Connect complies fully with the ePrivacy Regulations (S.I. No. 336 of 2011). In particular:

We process call traffic data only to the extent necessary to provide the service, after which it is anonymised or deleted in accordance with Regulation 6 of S.I. No. 336 of 2011
SMS messages sent by Royal Connect are sent strictly in performance of contracted services — not for unsolicited marketing purposes
All SMS communications to tradespeople are transactional in nature and directly related to their contractual service
Our SMS Sender ID "RoyalConnect" is registered with ComReg's SMS Sender ID Registry in compliance with Decision D14/24
We do not send unsolicited direct marketing communications by SMS, email, or telephone to any individual without their prior explicit consent
We do not use location data beyond what is inherent in a caller's network number prefix

8. Compliance with the Interception Acts

The processing of calls made to tradespeople's business numbers is carried out under explicit contractual authorisation from each tradesperson client. Each tradesperson, by entering into a service contract with Royal Connect, expressly authorises Royal Connect to receive, process, and summarise calls made to their business telephone number on their behalf.

This contractual authorisation constitutes lawful authority for the purposes of the Postal and Telecommunications Services Act 1983 and the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993. Royal Connect does not intercept, record, or process any telephone communication without such prior contractual authorisation from the subscriber (the tradesperson).

9. Third-Party Service Providers (Data Processors)

We share data with the following third-party processors, each bound by appropriate Data Processing Agreements (DPAs) in accordance with Article 28 GDPR:

Processor	Purpose	Location	Transfer Mechanism
Twilio Inc.	Voice call handling and SMS delivery	USA	SCCs / EU Data Residency (IE1)
OpenAI, L.L.C.	AI-assisted call transcription and summary generation	USA	SCCs — zero data retention API
Google LLC (Sheets, Calendar)	Call log storage and scheduling	USA/EU	SCCs / EU servers
Brevo (Sendinblue SAS)	Email delivery for client reports and onboarding	France (EU)	Within EEA
Make.com (Celonis SE)	Automation platform orchestrating all service workflows	EU	Within EEA
Stripe, Inc.	Payment processing and subscription management	USA/EU	SCCs / EU servers

We do not sell, rent, or trade personal data with any third party for marketing purposes.

10. International Data Transfers

Some of our third-party processors are located outside the European Economic Area (EEA), primarily in the United States. We rely on the European Commission's Standard Contractual Clauses (SCCs) as the lawful transfer mechanism under Chapter V GDPR. Where required, we conduct Transfer Impact Assessments (TIAs) to ensure personal data transferred outside the EEA receives an equivalent level of protection, consistent with the CJEU's Schrems II ruling and EDPB guidance. The results of these assessments are available to the Data Protection Commission upon request.

11. Record of Processing Activities (Article 30 GDPR)

Royal Connect maintains an internal Record of Processing Activities (RoPA) as required by Article 30 GDPR. This record documents all categories of processing carried out by Royal Connect as Data Controller, including purposes, categories of data subjects and personal data, recipients, international transfers, retention periods, and legal bases including Legitimate Interests Assessments (LIAs). This record is maintained up to date and is available to the Data Protection Commission upon request.

12. Data Retention

Data Type	Retention Period	Legal Basis
Call summaries and SMS logs	12 months from date of call	Contract performance / legitimate interests
Client account data	Duration of contract + 7 years	Irish tax and accounting obligations
Billing records	7 years	Taxes Consolidation Act 1997 (Ireland)
Email correspondence	3 years	Legitimate interests
Call traffic metadata	Anonymised after 12 months	ePrivacy Regulations S.I. No. 336 of 2011, Regulation 6
Audio processing data (OpenAI)	Not retained — zero data retention API used	Data minimisation, Article 5(1)(c) GDPR

After the applicable retention period, personal data is securely deleted or anonymised in an irreversible manner.

13. Data Breach Notification

In the event of a personal data breach, Royal Connect will:

Notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, where feasible, in accordance with Article 33 GDPR
Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 GDPR
Document all breaches internally, including those not required to be notified to the DPC, in our breach register
Take immediate steps to contain, assess, and remediate the breach

To report a suspected data breach or security concern, please contact: hello@royalconnect.ie

14. Your Rights as a Data Subject

Under the GDPR and Data Protection Act 2018, you have the following rights:

Right of Access (Article 15) — to obtain a copy of your personal data we hold
Right to Rectification (Article 16) — to have inaccurate data corrected
Right to Erasure (Article 17) — to request deletion ("right to be forgotten")
Right to Restriction of Processing (Article 18) — to limit how we use your data
Right to Data Portability (Article 20) — to receive data in a structured, machine-readable format
Right to Object (Article 21) — to object to processing based on legitimate interests. Where we rely on legitimate interests, you have the right to object at any time and we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.
Right not to be subject to automated decision-making (Article 22)

To exercise any of these rights, contact us at hello@royalconnect.ie. We will respond within one month as required by Article 12 GDPR. This service is provided free of charge. Where requests are complex or numerous, we may extend the response period by a further two months, notifying you within the first month.

15. Cookies and Website Tracking

Our website (royalconnect.ie) operates in compliance with the ePrivacy Regulations (S.I. No. 336 of 2011) regarding cookies and similar technologies:

Strictly necessary cookies — used for the website to function correctly. These do not require consent.
Analytics, preference, and marketing cookies — only placed on your device after you provide explicit, informed, and freely given consent via our cookie consent banner. Pre-ticked boxes or implied consent are not used and are not valid under Irish law.
You may withdraw consent at any time via the cookie preference centre on our website.
We do not use third-party advertising cookies or cross-site tracking technologies without explicit consent.

16. Security

We implement appropriate technical and organisational measures (TOMs) in accordance with Article 32 GDPR to protect personal data against accidental loss, destruction, alteration, or unauthorised access, including:

Encryption of data in transit (TLS/HTTPS)
Access controls and role-based permissions
Use of reputable third-party processors with independent security certifications
Zero audio retention policy — call content is processed in real time and not stored as audio
Regular review of security practices and access controls

17. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Irish supervisory authority:

Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
Phone: +353 (0)761 104 800
Online complaints: https://forms.dataprotection.ie/contact

We would appreciate the opportunity to address your concerns before you approach the DPC. Please contact us first at hello@royalconnect.ie.

18. Changes to This Policy

We may update this Privacy Policy from time to time. The version number and date of the most recent revision appear at the top of this page. Where changes are material, we will notify our clients directly by email at least 30 days before the changes take effect. Continued use of our service after such notification constitutes acceptance of the updated policy. Previous versions are available upon request.

19. Contact Us

Royal Connect — Data Controller
Email: hello@royalconnect.ie
Website: https://royalconnect.ie
Address: Maynooth, Co. Kildare, Ireland