Privacy Policy

Introduction

This privacy policy describes how Rooted Wellness AB (hereinafter referred to as “Rooted,” “the Website,” “we,” “us,” or “our”) collects, uses, and shares your personal information when you visit, use our services, or make a purchase from rooted.se (hereinafter referred to as “the Website”) or otherwise communicate with us (collectively, “the Services”).

For the purposes of this privacy policy, "you" and "your" refer to you as a user of the Services, whether you are a customer, a website visitor, or another individual whose information we have collected under this policy.

By using and accessing the Services, you consent to the collection, use, and sharing of your information as described in this privacy policy. If you do not agree with this policy, please do not use or access any of the Services.

1. Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our practices, legal requirements, or operational needs. We will notify you of significant changes by posting the updated policy on our website and updating the "Last Updated" date. If required by law, we will obtain your consent for material changes.

2. Legal Basis for Processing Your Personal Information

We process your personal information under the following legal bases:

Processing PurposeLegal Basis under GDPR
Processing your orders and payments, Performance of a contract (Article 6(1)(b))
Providing customer support, Performance of a contract (Article 6(1)(b))
Marketing and promotional activities, Consent (Article 6(1)(a))
Personalizing user experience, Legitimate interest (Article 6(1)(f))
Security and fraud prevention, Legitimate interest (Article 6(1)(f))
Compliance with legal obligations, Legal obligation (Article 6(1)(c))

Where we rely on legitimate interest, we ensure that our processing does not override your fundamental rights.

You can withdraw marketing consent at any time by following the unsubscribe link in our emails or contacting us at hej@rooted.se.

3. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal information:

Right to Access (Article 15 GDPR): You can request a copy of the data we hold about you.
Right to Rectification (Article 16 GDPR): You can ask us to correct inaccurate data.
Right to Erasure (Article 17 GDPR): You can request deletion of your personal data under certain conditions.
Right to Restrict Processing (Article 18 GDPR): You can request that we limit how we use your data.
Right to Data Portability (Article 20 GDPR): You can request to receive your data in a machine-readable format.
Right to Object (Article 21 GDPR): You can object to certain types of processing, including direct marketing.
Right to Withdraw Consent (Article 7 GDPR): You can withdraw consent for any processing based on consent.
Right to Lodge a Complaint (Article 77 GDPR): You can file a complaint with your local Data Protection Authority (DPA) if you believe your rights have been violated.

To exercise these rights, contact us at:
📩 Email: hej@rooted.se

4. Data Retention Policy

We retain your personal information only as long as necessary for the following purposes:

Type of DataRetention Period

Order and transaction data -5 years (for tax compliance)
Customer support records - 3 years
Marketing communications dataUntil consent is withdrawn
Website analytics data - 6 months
Account information - Until the account is deleted
Once data is no longer needed, we securely delete or anonymize it.

5. International Data Transfers

We may transfer your personal data outside the EU/EEA, including to the United States and other countries where our partners (e.g., Wix, payment processors) operate.

To ensure GDPR compliance, we implement one of the following safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Transfers to countries deemed to provide adequate protection by the EU.
Additional encryption and security measures to protect your data.

If you have questions about international data transfers, contact us at hej@rooted.se.

6. Automated Decision-Making & Profiling

We do not use automated decision-making or profiling that significantly affects you without human oversight. If we implement such technologies in the future, we will notify you and allow you to opt out.

7. Use of Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website.

Types of Cookies We Use

Cookie Type - Purpose
Essential Cookies - Necessary for website functionality
Analytics Cookies - Track website performance and usage
Marketing Cookies - Used for personalized ads and promotions
We obtain your consent before storing non-essential cookies in accordance with GDPR and the ePrivacy Directive (PECR).

You can manage your cookie preferences at any time via our Cookie Settings page.

8. Data Security Measures

We implement strict security measures to protect your personal information, including:
- Encryption of sensitive data (e.g., payment details)

- Secure access controls to prevent unauthorized access
- Regular security audits to detect vulnerabilities
- Two-factor authentication (2FA) for account protection

However, no online system is 100% secure. If you suspect any security breach, please contact us immediately.

9. Third-Party Data Sharing & Processors

We only share your personal data with trusted third parties under GDPR-compliant Data Processing Agreements (DPAs).

Third-Party Service Providers

Wix – Website hosting & eCommerce platform
Stripe & PayPal – Payment processing
Google Analytics – Website analytics
Email marketing platforms (if opted-in)

We never sell your personal data to third parties.

10. Complaints & Contact Information

If you have concerns about how we handle your data, please contact us first so we can resolve the issue.

📩 Email: hej@rooted.se
📌 GDPR Representative (EEA & UK): Pierre Smedberg, pierre@rooted.se

If you are not satisfied with our response, you have the right to file a complaint with your local Data Protection Authority (DPA).