Cart
0
£0.00

Privacy policy

 

Last Updated: 27 September 2025

At Root & River, we respect your privacy and treat your data with care. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website, place an order, or interact with our QR-code-enabled resources.

By using our services, you agree to this Privacy Policy. We encourage you to read it carefully.

1. Controller Information

  • Controller: Root & River Yoga Ltd. Trading as Root & River, Company ID 16612858, based in Wiltshire, United Kingdom.

  • Contact details: Email: info@rootandriveryoga.com.

  • Supervisory authority: You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

2. What Personal Data We Collect

We collect and process the following categories of data:

  • Identity & Contact Data: name, billing/shipping address, email, telephone number.

  • Transaction Data: purchase history, payment details (processed securely by third-party providers).

  • Usage Data: how you use our website, pages visited, time spent.

  • Technical Data: IP address, browser, device type, operating system.

  • Location Data: approximate region (when scanning QR codes or via analytics).

  • Marketing & Communication Data: preferences for receiving newsletters, updates, or offers.

3. How We Collect Data

  • Directly from you when you create an order, register, or subscribe to our newsletter.

  • Automatically when you browse our site or scan our QR codes (via cookies, analytics, and tracking tools).

  • From trusted third-party providers (e.g. payment gateways, shipping partners).

4. Purposes of Data Processing

We use personal data for:

  1. Order Fulfillment: to process and dispatch your orders (usually within two working days).

  2. Customer Service: to communicate with you regarding your order or questions.

  3. Legal Compliance: to meet accounting, tax, and regulatory requirements.

  4. Improving Experience: to monitor usage and enhance our website and QR resources.

  5. Marketing (with consent): to send newsletters or promotions, which you may unsubscribe from at any time.

Without certain data (e.g. name, address, payment details), we cannot fulfill a purchase contract.

5. Cookies & Tracking Technologies

Root & River uses cookies and similar technologies to improve your browsing experience. These may include:

  • Essential cookies: required for site functionality.

  • Analytics cookies: help us understand visitor behaviour (Google Analytics).

  • Marketing cookies: used only with consent, for remarketing or tailored offers.

You can manage cookies in your browser settings or via our cookie banner.

6. QR Codes & Analytics

When you scan a Root & River QR code (for care guides or rituals):

  • Device type, browser, and approximate location may be collected.

  • This data is used only for analytics, never for profiling.

  • No personally identifying information is collected.

  • You may opt out by adjusting your device/browser privacy settings.

7. Recipients & Third-Party Processors

We only share data with trusted service providers, such as:

  • E-commerce platform: Webnode AG.

  • Shipping partners: e.g. Royal Mail / DHL.

  • Payment processors: Stripe, PayPal (encrypted & secure).

  • Analytics providers: Google Analytics.

  • Marketing tools: [e.g. Mailchimp / Klaviyo].

Each partner processes data only as needed to deliver their service and is bound by their own privacy policy.

8. International Transfers

If your data is transferred outside the UK/EU, we ensure it is protected by appropriate safeguards (e.g. Standard Contractual Clauses approved by the European Commission).

9. Data Retention

  • We retain personal data only as long as necessary: typically 3 years after the end of your customer relationship.

  • Exceptions: data may be kept longer if required by tax, accounting, or legal obligations, or to resolve disputes.

  • After this period, your data is securely deleted or anonymised.

10. Customer Rights

Under GDPR and other privacy laws, you have the right to:

  • Access your personal data.

  • Request rectification or erasure.

  • Restrict or object to processing.

  • Data portability (receive a copy in machine-readable format).

  • Withdraw consent at any time.

  • Lodge a complaint with your supervisory authority.

How to exercise your rights:
Contact us at info@rootandriveryoga.com. We aim to respond within 30 days.

11. Security of Personal Data

We take appropriate technical and organisational measures to safeguard your data, including:

  • Secure servers and encrypted payment processing.

  • Restricted employee access on a need-to-know basis.

  • Regular software updates and antivirus protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be published on this page, with the "Last Updated" date shown at the top. In the event of significant changes, we will also notify you via email or site banner.

13. Contact

If you have any questions about this Privacy Policy or your personal data, please contact us at:

Root & River, 14 Linleys, Corsham, Wiltshire, United Kingdom, SN13 9PD, Email: info@rootandriveryoga.com.