Privacy Policy

We respect your privacy.
This Privacy Policy explains how Root & Vessel Ltd processes your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Data Controller: Root & Vessel Ltd
Address: 4th Floor, 100 Bishopsgate, London EC2M 1GT, United Kingdom
Email: support@rootandvessel.com

2. Personal Data We Collect

We may collect the following categories of personal data:

Identity & Contact Data: name, email address, phone number, billing and shipping address
Order & Payment Information: order details and transaction data (payments are processed by third-party providers; full card details are never stored by us)
Device & Usage Data: IP address, browser type, cookies, analytics data, and log files
Marketing & Communication Preferences

3. Purposes & Legal Bases for Processing

We process personal data for the following purposes:

Contract Performance

Processing and delivering orders
Payment processing
Returns, refunds, and customer service

Legitimate Interests

Website security and fraud prevention
Analytics and service improvement
Customer support and communication

Consent

Sending marketing emails or SMS messages (you may withdraw consent at any time)

Legal Obligations

Tax, accounting, and regulatory compliance

4. Sharing Your Data

We only share personal data with trusted third-party service providers, including:

Payment processors
Shipping and logistics partners
IT, hosting, and analytics providers
Customer support tools

All partners are contractually required to protect your data and process it only according to our instructions.

5. International Data Transfers

Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, such as:

The UK International Data Transfer Agreement (IDTA)
The UK Addendum to the EU Standard Contractual Clauses

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy.
Order and transaction records are generally retained for up to 6 years to comply with tax and accounting obligations, after which they are deleted or anonymized.

7. Your Rights

Under data protection laws, you have the right to:

Access your personal data
Request correction or deletion
Restrict or object to processing
Request data portability
Withdraw consent at any time (for marketing communications)
Lodge a complaint with a supervisory authority

8. Cookies

We use cookies to enhance your browsing experience.
For full details, please see our Cookie Policy, including information on consent management and your choices.

9. Marketing Communications

We only send marketing communications where you have provided consent.
You may unsubscribe at any time using the link provided in our emails or by contacting us directly.