Privacy Policy — Roots to Rights

Last updated: Wednesday, 15 October 2025

This policy explains how Roots to Rights (“we”, “us”, “our”) collects, uses, shares and protects your personal data when you use our website and services. It is not legal advice.

Who We Are

Data Controller

Roots to Rights (operator of roots2rights.com)

Jurisdiction

Primary: State of Israel. If you are located in the EEA/UK, GDPR/UK GDPR may also apply.

Website

https://roots2rights.com

Contact for Privacy Matters

info@roots2rights.com

Scope

Website Visitors

People who browse or interact with our website and online services.

Enquiries & Consultations

People who contact us by email or form, or who request consultations or services.

Customers & Prospective Customers

Individuals using our eligibility tools, guidance, or related services (including account holders where applicable).

Personal Data We Collect

Usage & Technical Data (Website)

IP address, device/browser type, pages viewed, time on page; collected via cookies or similar technologies. See the Cookies Policy for controls.

Contact & Enquiry Data

Name, email, phone, message content and related metadata (e.g., time, channel).

Service & Account Data

Inputs provided to eligibility tools or forms, preferences (e.g., language), and account details if you create an account.

Payment Data

Payment confirmations and invoice records when you purchase services. We do not store full card numbers; card data is handled by our payment processor.

Communications & Feedback

Emails, messages, call notes and post-stay feedback or reviews.

Security & Compliance

Fraud‑prevention and security signals (e.g., reCAPTCHA tokens), consent records, and logs needed to comply with legal obligations.

Cookie Preferences

Your choices saved in Cookie settings (e.g., analytics/marketing on or off). See the Cookies Policy.

How We Use Your Data & Legal Bases

Service Provision & Account Management

To provide and manage your requests and any account features. Legal basis: performance of a contract.

Customer Service & Communication

To respond to enquiries and provide support. Legal bases: performance of a contract; legitimate interests to operate and improve our services.

Payments, Invoicing & Taxes

To process payments and comply with tax/accounting rules. Legal bases: contract; legal obligation (Israeli law; and where applicable, EU/UK law).

Website Operation & Security

To operate, secure and improve the website. Legal basis: legitimate interests.

Analytics (Optional)

To understand site performance. Legal basis: consent; disabled unless you opt in.

Marketing (Optional)

To send updates or offers where you opt in. Legal basis: consent.

Safety & Legal Compliance

To comply with laws and protect vital interests in emergencies. Legal bases: legal obligation; vital interests.

Consent Withdrawal

Where processing is based on consent, you may withdraw it at any time via cookie settings or by contacting us.

Service Providers/Processors

Hosting/CDN, analytics (e.g., Google Analytics), email providers, form/security tools (e.g., reCAPTCHA), and professional advisors. Processors act under contract and on our instructions.

Banks & Payment Processors

To take and verify payments.

Public Authorities

Where required by law (e.g., police/tax authorities).

Third‑Party Platforms (if used)

If you interact with our services via third‑party platforms, their privacy terms apply in addition to this policy.

No Sale of Personal Data

We do not sell your personal information.

International Transfers

Safeguards

Some providers may process data outside the EEA/UK/Israel. We rely on appropriate safeguards (e.g., Standard Contractual Clauses) or equivalent mechanisms permitted by law.

Retention

Enquiry Data

Up to 24 months after last contact.

Service Records

For the provision of services, then up to 7–10 years where required by tax/accounting law.

Payment Records

Up to 10 years (legal/accounting).

Analytics Data

Per the Cookies Policy and your preferences.

Incident/Safety Records

As required by law and for the establishment, exercise, or defence of legal claims.

Access

Request a copy of your personal data we hold.

Rectification

Ask us to correct incomplete or inaccurate data.

Erasure

Request deletion of your data (“right to be forgotten”).

Restriction

Ask us to limit processing in certain circumstances.

Portability

Receive data you provided to us in a portable format.

Objection

Object to processing based on legitimate interests and to direct marketing.

Withdraw Consent

Withdraw consent at any time where processing relies on consent.

How to Exercise Your Rights

Email info@roots2rights.com. We may need to verify your identity. In Israel, you may also contact the Privacy Protection Authority (PPA). If you are in the EEA/UK, you may lodge a complaint with your local data protection authority.

Cookies & Similar Technologies

Overview

We use cookies and similar technologies to run the website and, with your permission, for analytics and marketing.

Controls

Manage preferences via the cookie banner or Cookie settings at any time. See the Cookies Policy for details.

Cookies Policy

Children

Underage Use

Our services are intended for adults. If you are under the age required to consent to online services in your country, please ask a parent or guardian to contact us on your behalf.

Changes

Policy Updates

We may update this policy from time to time. We will post the new version here and update the Last updated date.

If you seek more information, please do not hesitate to contact us: info@roots2rights.com