Personal Information: We collect personal data you voluntarily provide when you subscribe to our newsletter or updates. This includes your name and email address. These are considered “personal data” under GDPR. We do not collect sensitive personal data such as health or financial details.

Usage Data: We automatically collect certain technical information when you visit the Site, such as IP address, device type, browser, pages viewed, and time spent on the Site. This is gathered via cookies and similar technologies (see below).

We use the information we collect for the following purposes:

We donotsell or rent your personal data to third parties.w).

For visitors in the EU/UK, we process your personal data only on lawful grounds under the GDPR. The primary bases we rely on are: Consent: You give us your freely given, specific consent to use your name and email to send you newsletters and updates (GDPR Art.6(1)(a)). You can withdraw this consent at any time (see User Rights below). Legitimate Interests: We also rely on our legitimate interests (GDPR Art.6(1)(f)) to operate the Site and protect it against abuse (for example, securing the Site, managing newsletters, and maintaining service quality). We balance these interests against your privacy rights and do not override your fundamental rights. In all cases, our processing is limited to what is necessary for the purposes described above.

We use cookies and similar technologies to enhance your experience and gather analytic data. Examples include:

Cookies: We use first-party cookies to maintain site functionality (e.g. saving your subscription preferences). You can adjust your browser settings to block or delete cookies, though some Site features may not work properly without them.

Google Analytics: We use Google Analytics (a service provided by Google LLC) to collect aggregate information about Site usage (such as which pages are visited and how often) via cookies. Google Analytics does not identify you personally, and Google’s policies apply to this data. As required by Google’s terms, we disclose the use of Google Analytics in this policy. (Google may combine this data with other data it holds, as described in Google’s privacy policy.) You can learn more about Google Analytics and opt out via Google’s tools.

By using our Site, you agree to our use of these technologies. The data collected help us understand user behavior and improve the Site, but we do not use cookies for any advertising or profiling beyond Google Analytics.

We do not sell, trade, or otherwise disclose your personal information to third parties for marketing purposes. We share your data only with trusted service providers who perform functions on our behalf. For example:

Service Providers: We may use third-party services (such as Google Analytics for analytics, email service providers for sending newsletters, etc.). These providers are bound by contractual obligations to keep your information secure and to use it only for the specific purposes we authorize.

Legal Requirements: We may disclose information if required by law (such as a subpoena or other legal process) or to protect our rights.

Since Bodysoulroots does not sell or share personal information with third parties, we are not subject to California’s “Do Not Sell My Personal Information” requirements. (Under CCPA, businesses that do sell personal information must provide a clear “Do Not Sell” link. Because we do not sell or share your data, this does not apply to us.)

We retain your personal data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. For example, we will retain your name and email for as long as you remain subscribed to our communications, or until you request deletion. Once data are no longer needed, we will securely delete or anonymize them. This is consistent with GDPR’s storage limitation principle: personal data should be kept no longer than necessary for the purposes collected. Likewise, analytics data from cookies are stored only for limited periods before being deleted or anonymized.

EU/UK Users: Under the GDPR, you have rights regarding your personal data. These include the right to access your data, request correction of inaccuracies, deletion (right to be forgotten), restriction of processing, and portability of your data, among others. You may also object to processing based on legitimate interests and withdraw consent at any time (without affecting past processing). If you believe we have not honored your rights, you can lodge a complaint with a supervisory authority (e.g. an EU Member State DPA or the UK Information Commissioner’s Office).

California Users: If you are a California resident, the CCPA/CPRA grants you specific rights in addition to the above. For example, you have the right to know what personal information we have collected about you, the categories of sources, how we use and share it, and to request deletion of your personal information. You also have the right to correct inaccurate personal information and to limit the use of certain sensitive personal information. (We do not collect sensitive information beyond contact data.) You have the right to opt out of sale/sharing of your personal information; again, since we do not sell or share your data, this right does not apply but is recognized under law. We will not discriminate against you for exercising any privacy rights, and we will not require you to waive these rights.

To exercise any of your rights (access, deletion, correction, etc.), please contact us as described below. We will verify your identity and respond within the timeframe required by law (typically 30-45 days).

We take the security of your information seriously. We implement reasonable technical and organizational measures (such as SSL/TLS encryption, secure servers, and access controls) to protect your personal data from unauthorized access, disclosure, or destruction. This is in line with legal requirements to ensure the integrity and confidentiality of personal data. However, no system is completely foolproof. We cannot guarantee the absolute security of your data, and you provide information at your own risk.

Our Site and services are intended for adult audiences. We do not knowingly collect personal information from children under the age of 13. As required by the U.S. Children’s Online Privacy Protection Act (COPPA), we will not allow anyone we know to be a child under 13 to submit information without parental consent. If a parent or guardian becomes aware that their child has provided us with personal information, please contact us and we will delete such information from our systems.

Bodysoulroots is based in the United States. If you are visiting from outside the U.S., please be aware that your data may be transferred to and stored in the U.S. (for example, when Google Analytics processes data or when we send emails from U.S.-based servers). For EU/UK visitors, we comply with applicable transfer rules. Where transfers of personal data out of the EU/UK occur, we rely on appropriate safeguards (such as the EU’s Standard Contractual Clauses for data transfers). The EU and UK have also issued adequacy decisions regarding each other (data can flow freely between the UK and EU). In short, we use mechanisms like SCCs and adequacy to ensure your data remain protected under EU/UK standards even when transferred internationally.

We may update this Privacy Policy from time to time as our practices or legal requirements change. When we do, we will post the revised Policy on this page with a new “Last Updated” date. We encourage you to review this page periodically. Your continued use of the Site after any changes means you accept the updated Policy. Material changes may be notified via email (if we have your address) or by a notice on the Site. (We recommend checking this page for the latest information.)

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, you may contact us at:

Owner: Anna Ostrogliad, Bodysoulroots.com
Email: anna@bodysoulroots.com

You may also contact your local data protection authority (for EU/UK, e.g. the Information Commissioner’s Office in the UK or the data protection authority in your EU country; for California, the California Privacy Protection Agency at cppa.ca.gov) for privacy-related issues. We will do our best to address your concerns directly.

Last Updated: 14.08.2025