top of page
RB-Pattern.png

Privacy Policy

1. Introduction

Welcome to Roots & Berries (“we,” “our,” or “us”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.rootsandberries.co.uk (the “Website”), and when you use our services, including booking afternoon teas, picnics, and purchasing merchandise.

If you have any questions or concerns about this Privacy Policy or our practices regarding your personal information, please contact us using the details provided in Section 12.

 

2. Information We Collect

We collect personal information that you voluntarily provide to us when you:

  • Make a booking or reservation for afternoon tea or picnics

  • Purchase merchandise from our Website

  • Register for an account on our Website

  • Subscribe to our newsletter or marketing communications

  • Contact us with enquiries

  • Participate in surveys or promotions

  • Interact with our Website

 

Personal Information You Provide

The personal information we collect may include:

  • Contact Information: Name, email address, telephone number, postal address

  • Payment Information: Credit/debit card details, billing address (processed securely through our payment processor)

  • Booking Details: Date and time of reservation, number of guests, special dietary requirements or requests

  • Account Information: Username, password (encrypted), preferences

  • Communications: Any information you provide when contacting us or leaving reviews

Information Automatically Collected

When you visit our Website, we automatically collect certain information about your device, including:

  • Technical Information: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform

  • Usage Information: Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Website, pages you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs)

  • Location Data: Approximate geographic location based on your IP address

 

Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our Website and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website. For more information about the cookies we use, please see our Cookie Policy.

 

3. Legal Basis for Processing (UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following legal bases:

  • Contract Performance: Processing is necessary for the performance of a contract with you (e.g., processing bookings and payments)

  • Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications)

  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our services, fraud prevention, website analytics), provided these interests are not overridden by your data protection rights

  • Legal Obligation: Processing is necessary to comply with legal obligations (e.g., accounting requirements, responding to legal requests)

 

4. How We Use Your Information

We use the information we collect for the following purposes:

 

To Provide Our Services

  • Process and fulfill your bookings, reservations, and purchases

  • Communicate with you about your bookings, orders, and account

  • Process payments and prevent fraudulent transactions

  • Provide customer support and respond to your enquiries

 

To Improve Our Services

  • Understand how our Website is used and improve user experience

  • Develop new products, services, and features

  • Conduct data analysis and testing

 

To Communicate With You

  • Send you service-related communications

  • Send you marketing and promotional communications (with your consent)

  • Send you newsletters and updates about our cafés and events

  • Respond to your comments, questions, and requests

 

For Legal and Security Purposes

  • Comply with legal obligations and regulatory requirements

  • Protect against fraudulent, unauthorised, or illegal activity

  • Enforce our Terms and Conditions

  • Protect the rights, property, and safety of Roots & Berries, our customers, and the public

 

5. How We Share Your Information

We may share your personal information in the following circumstances:

 

Service Providers

We share your information with third-party service providers who perform services on our behalf, including:

  • Payment Processors: To process your credit/debit card payments securely (we do not store your full payment card details)

  • Hosting and IT Services: Wix.com Ltd. and other technology providers who host and maintain our Website

  • Email Service Providers: To send you communications

  • Analytics Providers: To help us understand how our Website is used

 

All service providers are contractually obligated to keep your information confidential and use it only for the purposes for which we disclose it to them.

 

Legal Requirements

We may disclose your information where required or permitted by law, such as:

  • To comply with a legal obligation, court order, or legal process

  • To respond to lawful requests from public authorities

  • To protect and defend our rights or property

  • To investigate potential violations of our Terms and Conditions

  • To protect the personal safety of users or the public

 

Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Website of any change in ownership or uses of your personal information.

 

With Your Consent

We may share your information for any other purpose with your explicit consent.

 

6. International Data Transfers

Our Website is hosted by Wix.com Ltd., which may store data on servers located outside the United Kingdom. When we transfer your personal data outside the UK, we ensure appropriate safeguards are in place to protect your information and comply with UK GDPR requirements. These safeguards may include:

  • Standard Contractual Clauses approved by the UK authorities

  • Ensuring the recipient country has been deemed to provide an adequate level of data protection

  • Other legally approved transfer mechanisms

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Booking and Transaction Data: We retain booking and payment information for a minimum of 6 years for accounting and tax purposes

  • Marketing Communications: We retain your contact information for marketing purposes until you unsubscribe or request deletion

  • Account Information: We retain your account information until you request account deletion

  • Website Analytics: Aggregate and anonymised data may be retained indefinitely for statistical purposes

When we no longer need your personal information, we will securely delete or anonymise it.

 

8. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

 

Right of Access

You have the right to request copies of your personal data.

 

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

 

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions (e.g., when the data is no longer necessary for the purposes it was collected, or you withdraw consent).

 

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

 

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions (e.g., processing based on legitimate interests or for direct marketing purposes).

 

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

 

Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

 

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by a further two months, and we will inform you of any such extension.

 

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe we have not handled your personal data appropriately. Visit www.ico.org.uk for more information.

 

9. Security of Your Information

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using SSL/TLS protocols

  • Secure password protection and encryption

  • Regular security assessments and updates

  • Access controls limiting who can access your personal information

  • Secure payment processing through PCI-DSS compliant payment processors

 

However, please note that no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

 

10. Third-Party Links

Our Website may contain links to third-party websites, including our social media pages and partner sites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

 

11. Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information from our systems.

 

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: enquiries@rootsandberries.co.uk
Website: www.rootsandberries.co.uk

 

For data protection queries specifically, please mark your communication as “Data Protection Enquiry” in the subject line.

 

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page

  • Updating the “Last Updated” date at the bottom of this Privacy Policy

  • Sending you an email notification (if you have provided us with your email address)

 

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

 

14. Marketing Communications

If you have consented to receive marketing communications from us, we may send you emails about our cafés, special offers, new products, events, and other updates we think may interest you.

 

You can opt out of receiving marketing communications at any time by:

  • Clicking the “unsubscribe” link in any marketing email we send

  • Contacting us directly at enquiries@rootsandberries.co.uk

  • Updating your preferences in your account settings (if applicable)

 

Please note that even if you opt out of marketing communications, we will still send you service-related communications regarding your bookings, orders, and account.

 

Your Consent

By using our Website and services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described herein.

This Privacy Policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

Last Updated: 26 October 2025

bottom of page