Root & Wisdom, including our subsidiaries and affiliates (hereinafter also referred to as “Company,” “we,” “our,” or “us”), operates https://rootandwisdom.com/ (“Website”) and provides services through the Website (“Services”). Our Privacy Policy (“Policy”) complies with the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), and other state data protection laws. This Policy governs your visit to our Website and explains how we collect, safeguard, and disclose information that results from your use of our Services.

We take your privacy very seriously. This Policy explains in the clearest way possible what information we collect, how we use it, and what rights we have concerning it. Please read through it carefully, as it is essential. If you disagree with any of the terms in this Privacy Policy, discontinue using our Services immediately.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy and Conditions govern all use of our Service, and this Policy constitutes your agreement with us.

If this Policy is approved, updates will be posted here. Regularly reviewing this page ensures you are informed about the information that may be collected, used, or shared. If modifications are deemed material, we will notify you by posting a notice on the Website or emailing you at the address provided. Determination of material changes will be at our sole discretion. In this Privacy Policy, “your” or “users” refers to the Website’s users.

Article 1: Information we collect

We may collect personal information you voluntarily provide us, express an interest in obtaining information about us or our Services, or otherwise when you contact us.

The personal information we may collect depends on the context of your interactions with us and the Website, your choices, and the services and features you use. The personal information we collect may include the following:

Personal Information Provided by You. We collect first names, last names, email addresses, phone numbers, health-related information (any street drugs or pharmaceutical medications, pre-existing heart conditions, diagnosed with any liver conditions or diseases, or a history of alcoholism, and other health-related information), and other similar information. All personal information you provide must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Other information provided by you. We collect timelines, preferred locations, and valid passports as well. All personal information you provide must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

When you access our websites, our service providers and partners may automatically collect information about you, your computer or mobile device, and your website activity. Typically, this information includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, I.P. address, the Website you visited before browsing our Website, general location information such as city, state or geographic area; and information about your use of and actions on or in our websites, such as pages or screens you accessed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.

Our service providers and business partners may collect this information over time and across third-party websites. This information is collected via various mechanisms, such as web beacons, embedded scripts, and similar technologies. This information may also be collected when you read our HTML-enabled emails.

The information we collect includes:

1. Log and Usage Data. Log and usage data is service-related, diagnostic usage, and performance information our servers automatically collect when you access or use our Website, which we record in log files. Depending on how you interact with us, this log data may include your I.P. address, device information, browser type, and settings, and information about your activity on the Website (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called ‘crash dumps’) and hardware settings).
2. Device Data. We collect device data such as information about your computer, phone, tablet, or other devices you use to access the Website. Depending on the device used, this data may include information such as your I.P. address (or proxy server), device application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, and operating system configuration information.

Article 2: Cookies, Web Beacons and other trackers

We use temporary and permanent cookies, tags, scripts, and other similar technologies to identify users of our services, enhance user experience and identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness, and target visitor and user engagement by tracking your activities on our websites. We use third-party tracking services like Google Analytics to understand the behavior of our Website visitors and serve them better. Further, the pages on the Website may also include web beacons or pixels, which are electronic files to count users who have visited that page, to track activity over time and across different websites, to determine users’ interactions with emails we send, to identify certain cookies on the computer or other electronic device accessing that page, or to collect other related information, and this information may be associated with your unique browser, device identifier, or Internet Protocol address. You can set your browser to refuse all cookies or to indicate when a cookie is being sent to your computer. However, this may prevent our site or services from working correctly. You can also set your browser to delete cookies whenever you finish browsing. For more information, please refer to our Cookies Policy.

Article 3: use of information

We use personal information collected via our Website for various business purposes, as described below. We process your data for these purposes in reliance on our legitimate business interests to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.

We use the information we collect or receive:

1. To Provide and Improve Our Services. We use your information to deliver the services you request, such as accessing online courses, participating in workshops, or scheduling holistic health consultations. Additionally, we analyze user data to improve our services, develop new content, and ensure our offerings are relevant and practical.
2. To Personalize Your Experience. We use your information to tailor our offerings to your individual needs and preferences. This may include recommending specific meditation practices, mindfulness exercises, or personal development programs that align with your goals.
3. To Facilitate Communication. We use your contact information to communicate with you about your account, respond to your inquiries, and provide customer support. We may also send you updates, newsletters, and information about new services or events that may interest you. You can opt out of these communications at any time.
4. To Promote Community Engagement. We use your information to foster a sense of community among our users. This may include inviting you to join online forums, participate in group sessions, or connect with other members who share similar interests and goals.
5. To send administrative information to you. We may use your personal information to send you, Service and new feature information and/or information about changes to our terms, conditions, and policies.
6. To protect our Services. We may use your information to keep our Website safe and secure (for example, for fraud monitoring and prevention).
7. To enforce our terms, conditions, and policies for business purposes, to comply with legal and regulatory requirements, or in connection with our contract.
8. To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
9. To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.

Article 4: data sharing

We may process or share the data that we hold based on the following legal basis:

1. Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
2. Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
3. Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
4. Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal processes, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
5. Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

Article 5: third-party websites and links

The Website may contain third-party links and which may link to other websites. We cannot guarantee the safety and privacy of the data you provide to any third parties. This Policy does not cover any data collected by third parties. The Policy is not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Website. We strongly advise you to review every site’s Privacy Policy. We have no control over and assume no responsibility for any third-party sites or services’ content, privacy policies, or practices.

WE HEREBY DISCLAIM LIABILITY FOR ANY INFORMATION, MATERIALS, PRODUCTS, OR SERVICES POSTED OR OFFERED AT ANY OF THE THIRD-PARTY SITES LINKED TO THIS WEBSITE. BY CREATING A LINK TO A THIRD-PARTY WEBSITE, WE DO NOT ENDORSE OR RECOMMEND ANY PRODUCTS OR SERVICES OFFERED OR INFORMATION CONTAINED ON THAT WEBSITE, NOR ARE WE LIABLE FOR ANY FAILURE OF PRODUCTS OR SERVICES OFFERED OR ADVERTISED AT THOSE SITES. SUCH A THIRD PARTY MAY HAVE A PRIVACY POLICY DIFFERENT FROM THAT OF OURS, AND THE THIRD-PARTY WEBSITE MAY PROVIDE LESS SECURITY THAN THIS SITE.

Article 6: Data Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this Policy, with the only extended retention period required or permitted by law (such as legal requirements). There is no purpose in this Privacy Policy for us to keep your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Article 7: Data Safety & Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, the transmission of personal information to and from our Website is at your own risk. You should only access the Website within a secure environment.

Article 8: your Rights Under Health Insurance Portability and Accountability Act (HIPAA)

Under the Health Insurance Portability and Accountability Act (HIPAA) in the United States, individuals have specific rights regarding their protected health information (PHI). Here’s a summary of these rights:

1. Right to Access: Individuals have the right to access their own PHI held by healthcare providers and health plans. This includes the right to view, obtain copies, and request electronic copies of their medical records.
2. Right to Request Amendments: Individuals can request corrections or amendments to their PHI if they believe it is inaccurate or incomplete. Healthcare providers and plans must consider these requests.
3. Right to an Accounting of Disclosures: Individuals have the right to request an accounting of disclosures of their PHI. This accounting lists who has accessed or received their PHI and for what purposes.
4. Right to Request Restrictions: Patients can request restrictions on using and disclosing their PHI for certain purposes, such as limiting access to specific individuals or entities. However, healthcare providers and plans are not always required to agree to these restrictions.
5. Right to Confidential Communications: Individuals can request that healthcare providers communicate with them in a certain way or at a specific location to protect their privacy. For example, they can request communications by mail instead of email.
6. Right to File a Complaint: Individuals can file complaints with the U.S. Department of Health and Human Services (HHS) or their state’s Attorney General’s office if they believe their rights under HIPAA have been violated.
7. Right to Receive Notice: Individuals have the right to receive a Notice of Privacy Practices from healthcare providers and health plans. This notice explains how their PHI may be used and disclosed and their privacy rights.

Article 9: Data Protection Rights Under The General Data Protection Regulation (GDPR) And The UK Data Protection Act (DPA)

If you are a resident of the United Kingdom (U.K.), European Union (E.U.), and European Economic Area (EEA), you have certain data protection rights, covered by GDPR and DPA. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed of what personal data we hold about you and if you want it removed from our systems, please contact us.

Under certain circumstances, European individuals have rights under data protection laws concerning their personal data. If you are located in Europe, you may ask us to take the following actions regarding personal data that we hold:

1. Access. You are entitled to ask us if we are processing your personal data and, if so, for a copy of the personal data we hold about you and obtain certain other information about our processing activities.
2. Correction. If any personal data we hold about you is incomplete or inaccurate, you can require us to correct it, though we may need to verify the accuracy of the new data you provide to us.
3. Erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law.
4. Object. Where our reason for processing your personal data is a legitimate interest, you may object to the processing as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
5. Restriction. You may ask us to suspend our use of your personal data in the following scenarios: if you want us to establish the data’s accuracy; where our use of your personal data is unlawful, but you do not want us to erase it; where you need us to hold your data for a longer period than we usually would, because you need it to establish, exercise or defend legal claims; or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
6. Transfer. Where it is possible, we will provide your personal data in a structured, commonly used, machine-readable format to you or a third party you have chosen. Note that this right only applies to your personal data, which you initially provided consent for us to use or where we used the information to perform a contract with you.
7. Withdraw consent. Where our reason for processing is based on your consent, you may withdraw that consent at any time. If you withdraw your consent, we may be unable to provide you certain services. We will advise you if this is the case at the time you withdraw your consent.
8. Automated decision-making. You have the right not to be subject to automated decision-making (e.g., profiling) that significantly affects you. The exercise of this right is not available to you in the following cases:
   1. The automated decision is required to enter into or perform, a contract with you.
   2. We have your explicit consent to make such a decision.
   3. The local law of an E.U. member state authorizes the automated decision.

However, in the first two cases set out above, you still have the right to obtain human intervention regarding the decision, express your point of view, and contest the decision.

There may be legal or other reasons why we cannot, or are not obliged to, fulfill a request to exercise your rights. We will use available lawful exemptions to your individual rights to the extent appropriate. We will tell you why if we decline your request, subject to legal restrictions.

You will not have to pay a fee to exercise any of your rights relating to your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Please note that we may ask you to verify your identity before responding to such requests. Please note, that we may not be able to provide Service without some necessary data.

You also have the right to file a complaint with the supervisory authority in the EEA. If you are a U.K. resident and want to learn more about your rights or if we have not resolved your query regarding your Personal Data, you should contact the Information Commissioner’s Office information line at (0044)  303 123 1113 or visit their Website at ico.org.uk/.

Article 10: California Residents Privacy Rights

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Website, you have the right to request removal of unwanted data that you publicly post on the Website. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA/CPRA Privacy Notice

The California Code of Regulations defines a “resident” as:

1. Every individual who is in the State of California for other than a temporary or transitory purpose and
2. Every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as “non-residents.”

If this definition of “resident” applies to you, certain rights and obligations apply regarding your personal information.

What categories of personal information do we collect?

Root & Wisdom collects the following categories of personal information:

We may also collect other personal information outside of these categories in instances where you interact with us in-person, online, or by phone or mail in the context of:

1. Receiving help through our customer support channel and
2. Facilitation in the delivery of our Services and to respond to your inquiries 

How do we use and share your personal information?

More information about our data collection and sharing practices can be found in this privacy notice. You can opt-out from selling of your personal information by disabling cookies in the Cookies Preferences Settings or clicking on the “Do Not Sell My Personal Information” link on our homepage. You may email us or refer to the contact details at the bottom of this document.

If you are using an authorized agent to exercise your right to opt out, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf.

Your rights with respect to your personal data

1. Right to request deletion of the data – Request to delete
   1. You can ask for the deletion of your personal information. Suppose you ask us to delete your personal information. In that case, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities.
2. Right to be informed – Request to know
   1. Depending on the circumstances, you have a right to know:
   2. whether we collect and use your personal information;
   3. the categories of personal information that we collect;
   4. the purposes for which the collected personal information is used;
   5. whether we sell your personal information to third parties;
   6. the categories of personal information that we sold or disclosed for a business purpose;
   7. the categories of third parties to whom the personal information was sold or disclosed for
   8. a business purpose, and
   9. the business or commercial purpose for collecting or selling personal information.
   10. In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request
3. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
   1. We will not discriminate against you if you exercise your privacy rights.
4. Other privacy rights
   1. You may object to the processing of your personal data.
   2. You may request correction of your personal data if it is incorrect or no longer relevant or ask to restrict the processing of the data.
   3. You can designate an authorized agent to make a request under the CCPA/CPRA on your behalf. We may deny a request from an authorized agent who does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA/CPRA.
   4. You may request to opt out of future selling of your personal information to third parties. Upon receiving a request to opt-out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the request submission date.

Upon receiving your request, we will need to verify your identity to determine you are the same person with whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with the information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the best of our ability, we will avoid requesting additional information from you for verification purposes. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for verifying your identity, and for security or fraud-prevention purposes. We will delete such additional provided information as soon as we finish verifying you.

To exercise these rights, you can contact us by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

Article 11: Your Data Protection Rights Under the laws of other states

1.     Nevada

1. 1. If you are a resident of Nevada, you have some additional rights:
      1. We do not sell your covered information, as defined under Chapter 603A of the Nevada Revised Statutes.

2.     Virginia

1. 1. If you are a resident of Virginia, you have some additional rights:
      1. If we deny your rights request, you have the right to appeal that decision. We will provide you with the necessary information to submit an appeal at that time.
      2. You have the right to opt out of targeted advertising.
      3. You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

3.     Colorado

1. 1. If you are a resident of Colorado, you have some additional rights:
      1. If we deny your rights request, you have the right to appeal that decision. We will provide you with the necessary information to submit an appeal at that time.
      2. You have the right to opt out of targeted advertising.
      3. You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

4.     Connecticut

1. 1. If you are a resident of Connecticut, you have some additional rights:
      1. If we deny your rights request, you have the right to appeal that decision. We will provide you with the necessary information to submit an appeal at that time.
      2. You have the right to opt out of targeted advertising.
      3. You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

IF YOU ARE FROM ANY OTHER STATE, THEN STATE-SPECIFIC DATA PROTECTION LAW SHALL BE APPLICABLE. PLEASE CONTACT US FOR MORE INFORMATION.

Article 12: International Transfers

Your personal data may be transferred to other locations outside of your state, province, country, or other governmental jurisdiction where we or our service providers maintain offices and where privacy laws may not be as protective as those in your jurisdiction. If we make such a transfer, we will require that the recipients of your personal data provide data security and protection in accordance with applicable law.

Article 15: Children’s Privacy

Our Services are not for the use of children below the age of 13 (“Child” or “Children”). In compliance with the Children’s Online Privacy Protection Act (“COPPA”), we do not knowingly collect personally identifiable information from children under 13 without the legal guardian’s consent. If you become aware that a Child has provided us with Personal Data without the parent’s consent, please contact us. If we become aware that we have collected Personal Data from Children, we take steps to remove that information from our servers.

Article 16: Complaint

If you have a complaint about our handling of your personal data, you may contact us using the contact information below. We request that a complaint be made in writing. Please provide details about your concern or complaint so that our data protection officer can investigate it. We will take appropriate action in response to your complaint, which may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint.

Article 17: Amendment

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last updated” date, and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

article 18: Contact us

After reviewing this Policy, if you have any additional questions concerning this Privacy Policy, please email us at info@rootandwisdom.com.

Effective Date: August 29, 2024.

Last Updated: August 29, 2024.