Roots by the Sea Ltd

Privacy Policy

Last updated: 30 April 2026

1. Who we are

Roots by the Sea Ltd (trading as Roots by the Sea ) is the data controller for any personal data we collect about you. We are based at Roots (registered number 123456C).

Contact: roots@roots.com.

2. What data we collect

  • When you sign up or subscribe: name, email address, postal address, phone number, and (where applicable) bank or card details for collecting payment.
  • When you contact us: the content of your message and any details you choose to share.
  • When you visit our website: standard server logs (IP, browser, pages viewed) and cookies for session management and analytics.

Card numbers are never stored on our systems — they are captured directly by our PCI-DSS compliant payment processor. We only see and store the last four digits and card expiry for reference.

3. How we use your data

  • To provide the services you've signed up to
  • To process payments and manage subscriptions
  • To communicate with you about your account, including transactional emails (welcome, payment receipts, failed payment notifications)
  • To meet our legal, regulatory and tax obligations
  • To improve our services

Legal basis (the IoM Data Protection Act 2018): contract performance, legal obligation, and our legitimate interest in running the business. Marketing emails are sent only with your consent, which you can withdraw at any time.

4. Who we share your data with

We share your data only with the third parties needed to deliver the service:

  • Ripple Pay (Ripple Holdings Limited, Isle of Man) — payment platform we use to collect subscriptions and one-off payments. Their privacy policy is at portal.startyourripple.co.uk/privacy.
  • Cashflows Europe Limited — FCA-authorised payment institution that processes card payments.
  • London & Zurich — FCA-regulated Direct Debit bureau.
  • Email service providers — for transactional emails about your account.

We do not sell your personal data. We do not share it with advertisers.

5. International transfers

Some of our service providers may process data outside Isle of Man. Where this happens, we rely on relevant Standard Contractual Clauses, adequacy decisions, or other approved transfer mechanisms recognised under the IoM Data Protection Act 2018 to ensure your data remains protected.

6. How long we keep your data

We keep your account data for as long as you have an active subscription, plus a retention period afterwards to meet our legal and tax obligations (typically 6-7 years for accounting records).

7. Your rights

Under the Isle of Man Data Protection Act 2018 (which implements GDPR-equivalent rules locally) you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Request erasure of data we no longer have a lawful basis to hold
  • Restrict or object to processing in certain cases
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent for any processing based on it
  • Lodge a complaint with the Isle of Man Information Commissioner (inforights.im)

To exercise any of these rights, email us at roots@roots.com.

8. Cookies

We use cookies for essential website functions (login session, security) and basic analytics. We do not use third-party advertising cookies or tracking pixels.

9. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available at this URL. Material changes will be communicated to active subscribers by email.

Hosted by Ripple Pay