Privacy Policy

Last updated: 4 August 2025

Thank you for visiting Rooted Resilience! This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it to be in line with the EU’s General Data Protection Regulation (GDPR). We aim to be as transparent as possible and keep things clear, not confusing.

If you have any questions or concerns about this Privacy Policy, feel free to contact us at info@rootedresilience.nl.

Note that any capitalised terms not defined in this Privacy Policy have the meanings set forth in our Terms and Conditions. If you have any questions or concerns about this Privacy Policy, feel free to contact us at info@rootedresilience.nl.

Note that any capitalized terms not defined in this Privacy Policy have the meanings set forth in our Terms and Conditions

1. Our Core Privacy Principles

We believe in protecting your privacy through:
- Transparency: we tell you what data we collect and why.
- Respect: we don’t sell your data. Ever.
- Responsibility: we safeguard the personal information you entrust to us.

2. What Information We Collect and Why

We collect personal data only where necessary to deliver our services, fulfil legal obligations, or with your consent. The types of data include:

2.1. Information You Provide Directly

- Your name, email address, phone number, emergency contact details, and any health-related disclosures necessary for safe participation in training.
- Booking and attendance records.
- Email communications and contact forms.
- Testimonials or reviews you voluntarily submit.

2.2. Payment Information

Payments are processed securely via third-party platforms. We do not store your payment details ourselves.

2.3. Website and Usage Data

When you visit our website, we may collect:
- Your IP address and browser/device type.
- Usage information (e.g., which pages you visit on our site or which page you visited before coming to our site).
- Location information (if you’ve enabled this in your browser/device settings).
- Cookies and tracking technologies (see section 6).

2.4. Third-Party Services

2.4a To support the operation of Rooted Resilience, we may engage trusted third-party service providers who process personal data on our behalf. These services help us with tasks such as:

  • Website hosting and content management (e.g. Squarespace)

  • Online scheduling and booking

  • Payment processing (e.g. Shopify)

  • Email communications and newsletter distribution

  • Online forms, surveys, or customer feedback tools

  • Data storage and file management

These providers may process your personal data as part of delivering their services. Each third-party provider is independently responsible for their own data protection compliance and privacy practices, and your data may be subject to their privacy policies.

We aim to work only with reputable providers that align with our values and standards. However, we are not liable for the security or privacy practices of these external services.

We do not sell or rent your personal information to third parties.

2.4b If you link a third-party account (e.g. social media or photo sharing), we may access information such as your username or public profile. This is governed by the privacy policies of those services. We do not store any passwords.

2.5. External Links

Our website may contain links to and from other external sites. We are not responsible for the privacy practices of those third parties. Always read their policies before submitting data.

3. Legal Bases for Processing

Under the GDPR, we rely on the following lawful bases:
- Contractual necessity (to deliver services you've signed up for).
- Legal obligation (e.g., for financial record keeping).
- Legitimate interests (e.g., business analytics or internal improvement).
- Consent (e.g., for sending marketing emails or collecting sensitive health data).

4. Your Rights

Under the GDPR, you have the right to:
- Access your personal data.
- Request correction of inaccurate data.
- Request deletion (the "right to be forgotten").
- Object to processing.
- Withdraw consent at any time (e.g., for marketing).
- Data portability (to receive your data in a structured format).
To exercise any of these rights, email us at info@rootedresilience.nl.

5. Data Retention

We retain your personal data for as long as needed to:
- Provide services.
- Fulfil our legal and contractual obligations.
- Resolve disputes and enforce our agreements.
If you wish to have your data deleted, contact us at info@rootedresilience.nl and we’ll take care of it unless legal retention requirements apply.

6. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to:
- Keep the site functional.
- Analyze visitor behavior.
- Improve your user experience.
You can control cookies through your browser settings. For more information, please see our Cookie Policy (available on request or soon to be published).

7. Data Security & Protection

While no service is completely secure, we will apply our normal procedures and comply with legal requirements to protect your information. We cannot guarantee the security of your information transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

8. Location

Information that you submit through the Services may be transferred to countries other than where you live. We also may store information locally on the devices you use to access the Services.

9. Communications

You may receive:
- Transactional emails (e.g., booking confirmations).
- Service notifications (e.g., changes to our schedule).
- Marketing/promotional updates (only with your explicit consent).
You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” (or similar phrasing) link.

10. Updates to This Policy

We may modify this Privacy Policy periodically and will post the most current version on our website.