Real Thing Marketing, RTM, operated by TheRTMAgency OÜ
Last Updated On 14-Apr-2026
Effective Date 14-Apr-2026
Real Thing Marketing (RTM) is a trading name of TheRTMAgency OÜ, a company registered in Estonia (Registrikood 17200648, VAT EE102843932) with its registered office at Sepapaja 6, 15551 Tallinn, Estonia ("we", "us", "our"). We are the controller of the personal data described in this Policy, unless we are processing it on behalf of a client, in which case our client is the controller and we act as the processor under a separate Data Processing Agreement.
This Policy explains how we collect and use personal data when you visit our website (realthingmarketing.com), contact us, engage us as a service provider, or are introduced to us by a prospect or partner. If we process personal data on behalf of a client in the course of delivering services to that client, the client's privacy notices and our Data Processing Agreement with the client govern that processing.
When you visit our website we may collect: the information your browser sends by default (IP address, user-agent, referring URL, pages viewed), privacy-friendly analytics events (pages viewed, approximate location at country level, device type), and — only with your consent where consent is required by law — additional analytics and advertising identifiers. We use this information to operate the site, understand how it is used, and improve our content.
If you contact us by form, email, LinkedIn, calendar-booking or other channel, we collect your name, business email, company, role, the information you give us about your enquiry, and any follow-up correspondence. We use this to respond, to evaluate whether we can help, and — where we have your consent or a legitimate interest — to send occasional business-to-business marketing communications that you can unsubscribe from at any time.
In delivering services to clients, we process limited personal data about the client's employees and agents who interact with us: name, business email, job title, Slack/Notion/HubSpot identifiers, and the content of correspondence. We use this to deliver the engagement, account for our time and outputs, and comply with our legal and contractual obligations.
We process limited personal data about our suppliers and contractors (name, business contact details, identity/right-to-work documentation, bank details for payment, tax identifiers) to engage them and to meet our legal obligations.
In delivering SEO, content, AI visibility, analytics, web-development, UX and related services, we may be given access to personal data that belongs to the client — for example, end-user data in the client's Google Search Console, Google Analytics 4, CMS backend, HubSpot or equivalent. For that data we act as the client's processor under a written Data Processing Agreement. This Policy is not our legal basis for processing that data; the client's own privacy notice is.
Where the EU General Data Protection Regulation applies to our processing, we rely on the following legal bases:
Our website uses a small number of strictly necessary technologies to function. Where additional analytics or marketing technologies are enabled we ask for your consent on first visit and you can change your choices at any time through the cookie-preferences control on the site. A current list of the technologies we use, their purpose and retention is available on our cookie information page.
We share personal data with carefully selected service providers that help us run the business: email and productivity (Google Workspace), documentation and project tracking (Notion), CRM and marketing (HubSpot, where engaged), messaging (Slack), credential management (1Password), code and infrastructure (GitHub), accounting and invoicing providers, calendar and scheduling, analytics and website platform providers, and payment processors. These providers act as our processors or as independent controllers for limited narrow purposes (e.g., payment processors). A current sub-processor register for client-delivery purposes is available on request.
We do not sell personal data. We may disclose personal data where required by law, in response to lawful requests from public authorities, to protect our rights, or in connection with a restructuring or transfer of our business (in which case we will take steps to ensure your personal data remains protected).
Some of our providers are based outside the European Economic Area. Where personal data is transferred to a country that has not been found to provide an adequate level of protection, we rely on the European Commission's Standard Contractual Clauses, the EU-US Data Privacy Framework where the recipient is certified, or other lawful transfer mechanism. Copies of the relevant safeguards are available on request.
We keep personal data only as long as we need it for the purposes for which it was collected, or as required by law. In practice: enquiry correspondence is typically retained for up to 24 months from the last contact; client-delivery records are retained for the duration of the engagement and for a reasonable tail period (normally up to 6 years) to meet accounting and professional-liability obligations; marketing records are retained until you unsubscribe plus a short suppression period so we can honour your preference.
If the GDPR or a similar law applies to our processing of your personal data, you have the right to:
To exercise any right, email us at george@realthingmarketing.com and we will respond within one month. We may ask for information to verify your identity.
We protect personal data with the measures described in our Information Security Policy and supporting policies: unique accounts with multi-factor authentication, least-privilege access, credential management in 1Password, endpoint hardening, secure sub-processors, and documented incident handling. No system is completely secure; we will notify you without undue delay if a personal data breach affecting you occurs and the law requires us to do so.
Our services are aimed at businesses. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us and we will delete it.
We may update this Policy from time to time to reflect changes to our services or to the law. The "Effective date" at the top of this document records the last update; where the change is material we will also notify you directly or prominently on our website.
Questions, requests and complaints: george@realthingmarketing.com. Postal address: TheRTMAgency OÜ, Sepapaja 6, 15551 Tallinn, Estonia.
