Privacy Policy

HomePrivacy Policy

Effective Date: 13 August 2025

This Privacy Policy (“Policy”) constitutes a binding agreement between Desi & Roots (“Company”, “we”, “our”, “us”) and any individual (“you”, “your”, “User”, “Data Subject”) accessing or using the website www.desiandroots.com (“the Site”), making a purchase, or otherwise interacting with us.

By accessing or using the Site, you acknowledge that you have read, understood, and agreed to the terms of this Policy.

  1. Scope and Purpose

1.1 This Policy sets out how we collect, use, store, disclose, and protect Personal Data in compliance with:

  • UK General Data Protection Regulation (“UK GDPR”)
  • EU General Data Protection Regulation (“EU GDPR”)
  • Privacy and Electronic Communications Regulations (“PECR”)
  • Applicable UK, EU, and international privacy laws

1.2 This Policy applies to:

  • Visitors to the Site
  • Customers purchasing products or services
  • Individuals subscribing to marketing communications
  • Any person whose data we process in the course of business operations
  1. Definitions

For the purposes of this Policy:

“Personal Data” – any information relating to an identified or identifiable natural person, including Device Information and Order Information.

“Device Information” – automatically collected technical data, such as IP address, browser type, operating system, time zone, cookies, pages viewed, referring websites, and interaction with the Site.

“Order Information” – data you provide when placing an order, including name, billing/shipping address, contact details, and payment information (processed securely by third-party payment providers).

“Processing” – any operation performed on Personal Data, including collection, recording, storage, alteration, retrieval, disclosure, or deletion.

“Controller” – the entity that determines the purposes and means of processing Personal Data (Desi & Roots).

“Processor” – any third party processing Personal Data on behalf of the Controller.

  1. Legal Bases for Processing

We process Personal Data only where permitted by law. Legal bases include:
a) Contractual necessity – to fulfil purchase orders and provide requested services.
b) Legitimate interests – to operate, improve, and secure our Site and services.
c) Consent – for marketing communications, SMS advertising, and non-essential cookies.
d) Legal obligation – to comply with tax, accounting, and regulatory requirements.
e) Protection of vital interests – where necessary to protect you or others from harm.

  1. Data Collected

4.1 Device Information (automatically collected)

Collected via cookies, log files, web beacons, tags, and pixels. Includes:

  • Browser type/version
  • IP address
  • Time zone and geolocation (where permitted)
  • Pages/products viewed
  • Referring websites or search terms
  • Interaction patterns with the Site

4.2 Order Information (provided by you)

Collected when making or attempting a purchase:

  • Full name
  • Billing and shipping address
  • Contact details (email, phone)
  • Payment details (processed securely, never stored by us)

4.3 Marketing Information (with consent)

  • Preferences for receiving marketing communications
  • SMS marketing preferences
  • Engagement with promotional campaigns
  1. Purposes of Processing

We process Personal Data for the following purposes:

  • Fulfilment and delivery of orders
  • Customer support and communication
  • Fraud prevention and security monitoring
  • Site performance optimisation and analytics
  • Personalised marketing (with consent)
  • Compliance with legal obligations
  1. SMS Marketing

6.1 If you opt in, we may send SMS marketing messages regarding our products, offers, and updates.
6.2 You can withdraw consent at any time by replying “STOP” or following the opt-out instructions in the message.
6.3 SMS messages are delivered by a third-party provider acting as a Processor under this Policy.

  1. Data Sharing

We disclose Personal Data only where necessary and lawful:
a) Service providers – including Shopify (e-commerce platform) and Google Analytics (analytics services).
b) Marketing partners – only where you have consented.
c) Legal compliance – to respond to lawful requests or protect our rights.

All third parties are contractually bound to maintain the confidentiality and security of Personal Data.

  1. Behavioural Advertising

We use certain Personal Data to display targeted online advertising. You may opt out via:

  • Facebook
  • Google
  • Bing
  1. Cookies

We use:

  • Essential cookies– necessary for core site functions.
  • Non-essential cookies– analytics and advertising cookies (used only with consent).

Details are set out in our Cookie Policy.

  1. International Transfers

Personal Data may be transferred outside the UK/EEA (e.g., to the US or Canada).
We implement safeguards, including UK/EU Standard Contractual Clauses, to ensure equivalent protection.

  1. Data Retention
  • Order records: 6 years(for legal and tax purposes)
  • Marketing data: until consent is withdrawn or 2 yearsafter last engagement
  • Device data: up to 26 months(Google Analytics default)
  1. Data Subject Rights

Under UK/EU GDPR, you have the right to:

  1. Access your Personal Data
  2. Rectify inaccuracies
  3. Erase Personal Data (“right to be forgotten”)
  4. Restrict processing
  5. Object to processing
  6. Withdraw consent for marketing
  7. Data portability

Requests should be sent to goddessofwealth123@gmail.com. We will respond within 1 month.

  1. Security Measures

We employ industry-standard technical and organisational measures to safeguard Personal Data against unauthorised access, alteration, disclosure, or destruction.

  1. Do Not Track

We do not change our data collection practices in response to “Do Not Track” browser settings.

  1. Liability & Indemnity

We are not liable for any indirect, incidental, or consequential damages arising from unauthorised access to Personal Data beyond our reasonable control. You agree to indemnify us against misuse of the Site or breach of this Policy by you.

  1. Changes to This Policy

We may amend this Policy at any time to reflect changes in law, our practices, or Site functionality. Updated versions will be posted with the effective date.

  1. Contact Information

Desi & Roots
23 Belhouse Avenue
Aveley, South Ockendon
RM15 4DA
United Kingdom
Email: goddessofwealth123@gmail.com

If you are dissatisfied, you may lodge a complaint with the UK Information Commissioner’s Office (ICO) via www.ico.org.uk.