Privacy Policy

Last updated: 21 November 2025

Rooted (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website or place an order with us.

1. Who We Are

  • Business name: Rooted

  • Address: 2 Catherine Street, Killyleagh, Co. Down, Northern Ireland, BT30 9QQ

2. What Personal Data We Collect

We collect different types of personal data depending on how you interact with us:

a) Data you provide to us

  • Name

  • Billing address

  • Delivery address (if different)

  • Telephone number(s)

  • Email address

  • Payment details (e.g. card or other payment method)

  • Recipient details (if you are sending flowers to someone else)

  • Personal message / card message text (if you include a note)

  • Occasion details (e.g., birthday, anniversary) if you choose to provide them

  • Marketing preferences (if you sign up for emails or newsletters)

b) Data we collect automatically
When you visit our website:

  • Device data: IP address, browser type, time zone, device identifiers

  • Usage data: pages you view, how you navigate the site, search terms, and more

  • Cookies, pixels, and similar tracking technologies

c) Data from other sources
If you interact with us via social media, or third-party services, we may also collect certain information (with your consent) from those platforms, in line with their privacy settings and your choices.

3. How and Why We Use Your Personal Data

We process your data for various legitimate business purposes, including:

  • Order fulfilment: To take, process, and deliver your order.

  • Payment processing: To handle payments securely and prevent fraud.

  • Communication: To send order confirmations, delivery notifications, and respond to enquiries.

  • Customer service: To manage returns, complaints, or feedback.

  • Marketing (with your consent): To send you newsletters, offers, or updates.

  • Analytics and improvement: To study how you use our site, improve our user experience, and make business decisions.

  • Legal and compliance: To comply with legal obligations (e.g., accounting, tax) and to protect against fraud.

4. Lawful Basis for Processing

We rely on the following legal bases to process your personal data:

  • Performance of a contract: When you place an order, we need your data to fulfill it.

  • Legitimate interests: For internal business operations, improving our service, fraud prevention, and website analytics.

  • Consent: For marketing communications (you can withdraw consent at any time).

  • Legal obligation: To meet regulatory or legal responsibilities (for example, accounting records).

5. How We Share Your Data

We may share your personal data with third parties, but only in the following ways:

  • Service providers: For example, payment processors, couriers, website hosting / IT providers — they only receive the data necessary to provide their services and are contractually required to keep it secure.

  • Professional advisers: Such as accountants or legal advisors, strictly for business purposes.

  • Legal / regulatory authorities: If required by law, or to protect our legal rights.

  • Marketing partners: Only with your explicit consent (if applicable).

We do not sell your personal data to third parties for marketing.

6. Data Retention

  • Order data: We keep your personal and transaction data for as long as is necessary to meet legal, accounting, and business requirements.

  • Customer communications: Records of customer enquiries, complaints, or support interactions are retained for a reasonable period so we can respond and learn from them.

  • Marketing data: We retain your preferences for as long as you are subscribed; if you unsubscribe, we may keep some anonymised data for analytics.

  • When data is no longer needed, we will delete it or anonymise it so that you cannot be identified.

7. Cookies & Tracking

  • We use cookies and similar tracking technologies (such as web beacons) to:

    • track your interaction with our website

    • remember your preferences

    • analyse site usage and improve our service

  • You can control cookies through your browser settings. However, blocking some cookies may affect your experience of our website (for instance, you may not be able to complete a purchase).

8. Your Rights

Under UK GDPR and related data protection laws, you have several rights in relation to your personal data:

  • Right of access: Ask us for a copy of the data we hold about you.

  • Right to rectification: Correct any inaccurate or incomplete data.

  • Right to erasure: Request deletion of your data in certain circumstances (e.g., when it is no longer needed).

  • Right to restrict processing: Ask us to limit how we use your data.

  • Right to data portability: Receive your data in a structured, commonly used format, or request we transfer it to another controller.

  • Right to object: Object to certain processing, such as for direct marketing.

  • Right to withdraw consent: If we process your data based on your consent (e.g., marketing), you can withdraw it at any time.

To exercise any of these rights, or if you have any questions about your personal data, please contact us:
Email: rootedkillyleagh@gmail.com
Address: 2 Catherine Street, Killyleagh, Co. Down, Northern Ireland

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • encryption of data in transit (e.g., SSL/TLS for website)

  • limiting access to your data to authorised personnel only

  • secure storage and regular review of data handling processes

However, no system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Transfers

If we transfer your data outside the UK (for instance, to a third-party service provider), we will ensure that appropriate safeguards are in place, such as:

  • using standard contractual clauses

  • ensuring the recipient has adequate data protection measures

11. Children

Our website and services are not intended for use by children under the age of 16. We do not knowingly collect personal data from children under this age. If you believe we have unintentionally collected data from a child, please contact us, and we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time (for example, to reflect changes in our business or the law). When we do, we will:

  • update the “Last updated” date at the top

  • notify you via our website or by email if there is a material change

Please check this page regularly to stay informed.

13. Third-Party Links

Our site may contain links to third-party websites (e.g., social media, partner sites). We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policy of every site you visit.

14. Contact Us

If you have any questions about how we handle your personal data, or wish to exercise your rights, please contact us at:

Rooted
2 Catherine Street
Killyleagh, Co. Down, Northern Ireland, BT30 9QQ
Email: rootedkillyleagh@gmail.com