$$ITEM_TITLE$$
$$SELECTED_PLAN_NAME$$
$$ITEM_QUANTITY$$
SAVE
$$UNIT_SAVED$$
$$UNIT_PRICE_ORIGINAL$$
$$UNIT_PRICE_FINAL$$
The controller of your personal data in relation to the website https://feelrooty.com/ (hereinafter: the website) and your other interactions with BIOHACKING VITAL d.o.o. is:
BIOHACKING VITAL, internetna prodaja, svetovanje za zdrav način življenja, d.o.o.
Griže 129
3302 Griže,
Slovenia, Europe
Company reg. No.: 8947066000
VAT ID no.: SI 12255807
Email: we@feelrooty.com
(hereinafter: we, us, our, BIOHACKING VITAL d.o.o., processor, provider, company or organization)
A Data Protection Officer has not yet been appointed. Please reach out to us with any privacy related inquiries or requests at we@feelrooty.com.
Purpose and use of this notice
You can find out more about us and our services and other activities here.
The company is the owner and provider of the website https://feelrooty.com/ and its various sub-domains or related websites (hereinafter collectively referred to as: the website).
This notice describes how BIOHACKING VITAL d.o.o. processes and protects the personal data of individuals who have provided their data directly to the company as the controller of personal data in connection with the website (e.g. by consenting to the placement of cookies when visiting the website, when completing and submitting an online form through the website, etc.).
Use of terms and amendments to this notice
Unless otherwise stated, terms used in this notice (e.g. personal data, processing, controller, processor, etc.) have the same meaning as in the General data protection regulation (hereinafter: the GDPR).
The terms defined in this notice, which are used in the singular form shall be deemed to include the plural form and vice versa, whereby the terms relating to the masculine gender shall be deemed to include all genders.
We may update or change the information and references in this notice from time to time, whereby news of major changes shall be posted on our website.
In the event of substantial changes (e.g. to the legal basis and purposes of the processing of data already collected), we shall inform individuals of the proposed changes by email or by other appropriate means.
What data we process, what gives the right to do so and why we process such data
1.1 Review of databases and types of personal data, categories of data subjects, deadlines for deletion of personal data and purposes and types of processing
|
Name of the personal data collection of the controller |
Types of data in the personal data collection |
Categories of individuals to whom the personal data relates |
Anticipated deadlines for the deletion of personal data* |
Legal basis for processing, purposes of processing, and types of personal data processing** |
|---|---|---|---|---|
| Data related to a concluded contract (distance purchase) | Buyer's name and any other data collected at the final step of the purchase (i.e. contact information, phone, email address, delivery address) | The name of the buyer who concludes a distance purchase contract (i.e. purchase via the website) with our organization, or in connection with whom the organization issues an invoice for its services. | Until the expiration of the retention period or the fulfillment of the purpose of processing individual personal data, whereby the organization may generally keep the data for another 6 years after the purchase is concluded, or even longer (e.g. in connection with the data on the invoice, which are generally kept for at least 10 years based on the law). | For the purpose of executing the concluded contract (e.g. product delivery, invoice issuance), we may store the data and process it in ways logically connected with the execution of the contract or the issuance of invoices (i.e. storage in the email system and the backend of the online store, physical storage (invoice), viewing, transfer, deletion, backup). |
| Data on an individual who has previously been a buyer of our online store | Email address of the individual who has previously been a buyer of our online store. | Individuals who have previously purchased products from our online store. | Until unsubscribing from receiving electronic communication. The individual can also request unsubscription or deletion of data by sending their request to the official email address of the organization. | Based on the legal exception that permits this type of electronic messaging, we may store and process data exclusively for the purpose of transmitting information, advice, and other useful data regarding the organization's services until the individual unsubscribes. |
| Data on an individual who has placed products in the cart but has not completed the purchase | Buyer's name and any other data collected at the final step of the purchase (i.e. contact information, phone, email address, delivery address, data on the product placed in the cart). | Individuals who have placed products in the cart but have not completed the purchase. | After the individual has been sent an email or SMS message regarding the products in the cart, or no later than 1 month from the day the individual left the final purchase step. | Based on negotiations for concluding a contract and in accordance with legitimate interests, we may store and process data for a limited time for the purpose of continuing negotiations regarding the conclusion of the contract (i.e. storage in the email system, sending SMS messages, viewing, transfer, deletion). |
| Data on an individual who communicates with the organization via email addresses and other communication channels | Name and/or surname, email address, phone number, and any personal data included in the communication with the individual. | Individuals who voluntarily communicate with the organization (e.g. inquiries about services, arranging appointments, etc.). | Until the expiration of the purposes of processing individual personal data for which they were collected (e.g. until the end of communication) or until the expiration of 4 years from the last communication. | Based on negotiations for concluding a contract, the organization may process the data in ways related to the preparation of a response (e.g. storage in the email system, archiving, viewing, transfer, deletion). |
| Data of individuals who have subscribed to receive informational emails from the organization | Individual's email address. | Individuals who have given consent to receive information about the organization's products / services. | Until unsubscribing from receiving electronic communication. The individual can also request unsubscription or deletion of data with a request to the official email address of the organization. | Based on the obtained consent, the organization may process the data exclusively for the purpose of sending informational messages (storage and use in the email system). |
| Data of individuals applying for an open position in the organization | Name and surname, email address, resume, motivational letter, data on work experience, other relevant data important for the selection process. | Individuals applying for open positions in the organization. | Until the conclusion of the employment procedure, unless consent for longer retention has been obtained. | Based on negotiations for concluding an employment contract, the organization may process the data for the purpose of the employment procedure (e.g. reviewing, structuring, communication, archiving). |
| Data obtained from website visitors with the help of cookie technology providers | Data described in the dedicated cookie policy (e.g. IP address, session time, browser data, etc.). | Individuals who visit the website and install necessary or non-necessary cookies. | (See dedicated cookie policy) | (See dedicated cookie policy) |
| Data of individuals who have subscribed to receive commercial SMS messages from the organization | Individual's phone number. | Individuals who have given consent to receive commercial SMS messages. | Until unsubscribing from receiving SMS communication. The individual can also request unsubscription or deletion of data with a request to the official email address of the organization. | Based on the obtained consent, the organization may process the data exclusively for the purpose of sending SMS messages (storage and use in the SMS sending system). |
In certain cases, based on its legitimate interests and unless otherwise stated above or elsewhere in this notice, our organization reserves the right to store certain data beyond the stated period, as stated above and in section 2 of this notice, whereby our organization will, in all such cases, limit data storage to the data that are essential for pursuing such legitimate interests. Individuals can always request the deletion of data by sending their request to our official email address that is listed at the beginning of this document. In connection with the above-stated purposes (e.g., where data storage is listed), the data shall be transferred for processing to our organization’s contractual partners (subprocessors), which are listed in section 3.3. of this notice. Subprocessors shall process data only in connection with the performance of tasks assigned to them and are directly related to the pursued purposes.
Data processing related to the company’s advertising activities
In accordance with the abovementioned, the company carries out customized marketing communication regarding its own products, discounts, news, customized offers and other promotional content through various channels and with various persons.
1.2 The legal basis for the processing of personal data may lie in the fulfillment of a concluded contract or in negotiations for the conclusion of a contract
We may process personal data of individuals on the basis of a concluded contract (e.g., the conclusion of a contract for the use of our services) or negotiations for the conclusion of a contract (e.g., when an individual contacts our organization through our official communication channels and wants to obtain more information about our services).
In the described cases, you provide us with personal data as part of a contractual obligation or as part of negotiations for the conclusion of a contract, whereby we consequently do not need your explicit consent for the above-mentioned processing of your personal data. In principle, you will not suffer any serious negative consequences in situations where we would otherwise need your personal data to perform our services and you do not provide us with these data. However, such situations can significantly complicate or even prevent the execution of ordered services or our cooperation, and you will be informed in advance or subsequently in these cases.
1.3. The legal basis for the processing of your data may also be set out in legislation
Our organization may also process personal data for the purposes of fulfilling legal and other lawful obligations, especially those governing taxes and accounting requirements (e.g., records of issued and received invoices, etc.), for example: when an inspector or another holder of public authority orders our organization to entrust him with personal data of a certain client/visitor in accordance with the law (for example, in the context of conducting inspection supervision under the provisions of the applicable law, when our organization processes personal data of a client to whom it has issued an invoice, our organization processes this invoice and client data (e.g., personal name, contact details, etc.) on the basis of the applicable tax laws and regulations (see section 3.2.), etc.
1.4. Based on our legitimate interests
We are also allowed to process certain personal data for the purposes of safeguarding our own legitimate interests. Such cases may arise, for example, when the processing of your data would be necessary from the perspective of administrative, criminal, or civil proceedings (e.g., when our organization would have to submit a database as evidence in a procedure, otherwise our organization would suffer a penalty or severe and irreparable damage), in which case we will always process only those data that are absolutely necessary to pursue such legitimate goals. OUR organization is also allowed to process the personal data of an individual in cases where the processing is necessary to protect the vital interests of the individual (e.g., looking up the address of an individual who is facing an immediate and serious life-threatening danger).
1.5. Based on prior consent
Interacting with us and the use of our services is generally not conditional on you agreeing to the processing of your personal data.
However, we can also process your personal data based on your explicit consent. An individual’s explicit consent is considered as his voluntary declaration of will by which he agrees to the processing of certain personal data for a certain purpose, (e.g., when you consent to receiving our newsletter or other commercial messages), whereby in such cases we process those data that are indicated in the relevant section of the table from point 1, where consent is indicated as the legal basis for processing.
Receiving such communication can be stopped at any time by following the link contained in every newsletter/commercial email message or by contacting us at the email address that is listed at the beginning of this document.
Based on your consent, our online advertising can also be performed, provided that you have agreed to the installation of optional (advertising) cookies and tracking pixels of our advertising partners when visiting our website (e.g., installation of the Google Analytics cookie, which enables us to advertise our services more easily on other websites, etc.). A detailed list of optional cookies from our advertising partners, the data we process with them, and the retention periods of these data is defined on the “Cookies” page.
Our organization provides each individual with the right to withdraw his explicit consent at any time in a simple way, by contacting us at any time at the email address that is listed at the beginning of this document.
The withdrawal of consent does not affect the legality of the processing that was carried out on the basis of consent until the moment of withdrawal.
If you do not give consent for the processing of personal data, give consent partially or withdraw consent (partially), we will, if possible, cooperate with you only to the extent of the given consent or in ways permitted by applicable law.
Consent is voluntary and if you decide not to give it or later withdraw it, this in no case infringes on your other rights or represents additional costs or aggravating circumstances for you.
How long do we store or process your personal data?
The retention period of personal data depends on the basis and purpose of processing each category of personal data. Personal data is usually stored as long as necessary to fulfill the purpose for which the data was collected, or until some regulation requires us to keep it, after which it is deleted.
If the retention period of individual data is not more precisely defined in the table in section 1, the following applies:
Our organization may retain the data for another 15 days after the expiration of the said retention period with the aim of being able to destroy the stored data from all data carriers and servers during this period.
An individual can always request the deletion of data by sending their request to our organization’s official email address that is listed at the beginning of this document.
Who processes your personal data?
3.1. Certain employees that work for our organization
Your personal data is processed by those employees in our organization who need the data in order to perform their work. All employees are bound by confidentiality and are required to protect your personal data.
3.2. Government bodies
In certain cases, as prescribed by applicable legislation, our organization must also provide or report your personal data to the competent state authorities, as well as to authorities that are, for example, competent for financial, tax or other supervision (e.g., the Estonian Data Protection Inspectorate, etc.). In certain cases, our organization is obliged to provide data to third parties, if such an obligation to provide or disclose is imposed on our organization by law or the legal entitlement of a third party.
3.3. Contractual Processing of Personal Data
In addition to the employees in our organization, the users of personal data can also be employed persons of contractual processors of our organization, who can process personal data as confidential exclusively on behalf of our organization and within the limits of the contract on external processing of personal data, which our organization has concluded with each such processor. Contractual processors may only process personal data within the instructions of our organization (i.e., the contract), and they may not use the data to pursue any of their own interests.
The contractual processors our organization engages that might come into contact with your personal data are:
Our organization will not disclose your personal data to third unauthorized persons.
If you would like to obtain an exact list of all contractual subprocessors of our organization, you can write to us at the email address that is listed at the beginning of this document.
3.4. Website development and hosting service provider
Hosting our website and storing the data you provide to us via the website (e.g. in connection with communication via the contact form on the page, etc.), is stored by our hosting provider with servers inside the EU. To obtain information on our hosting provider, please send your request to we@feelrooty.com.
3.5. Transfer of Personal Data to Third Countries and International Organizations and Measures to Protect Transferred Data
As a rule, our organisation does not transfer personal data to third countries (i.e. outside the European Union, Iceland, Norway and Liechtenstein, i.e. the EEA) and international organisations.
An exception to this is the occasional transfer of certain technical and personal data to the servers of the above-mentioned processors whose headquarters or servers are located in the USA (e.g. the automatic transfer of certain data collected by Alphabet Inc.’s cookies, entering email addresses in commercial messaging tools, etc.), whereby the relevant processors are former members of the Privacy Shield (https://www.privacyshield.gov/) and have complied with and adopted security measures in relation to the receipt or transfer of data after 12 July 2020 (e.g. standard contractual clauses) or have adequately performed and achieved full self-certification in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data in the EU-US data privacy framework (i.e. in the context of the new EU-US data transfer framework in accordance with the above adequacy decision as of 10 July 2023).
More detailed information on the categories of users and data sub-processors, can be obtained by sending a request in this respect to the email address that is listed at the beginning of this document.
Processing of special category personal data
We do not direct individuals to provide specific personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data or biometric data, data relating to health or data relating to an individual’s sex life or sexual orientation) in connection with our website or services.
If our organisation becomes aware of a situation in which such data may be disclosed to it, the data received will be protected or otherwise dealt with as appropriate.
What are your rights regarding your personal data and how can you exercise them?
In relation to this personal data processing notice or the processing of your personal data by our organization and our contractual processors, you can contact us at any time and without any reservations via the email address that is listed at the beginning of this document. You can also use this address to send your requests and exercise other rights related to personal data and GDPR regulation.
As an individual to whom the personal data refers, the GDPR regulation provides you with the opportunity to exercise the following rights with our organization:
Right to lodge a complaint with a supervisory authority: If you believe that the processing of personal data performed in connection with you by our organization violates personal data protection regulations, you may, without prejudice to any other (administrative or other) remedy, lodge a complaint with the a supervisory authority, in particular in the country where you have your habitual residence, your place of work or where the infringement is alleged to have taken place, whereby:
Existence of automated decision-making and profiling
We do not use automated decision making or profiling.
Processing of personal data of persons under 15 years of age
Our organization does not knowingly collect or otherwise process personal data of persons under 15 years of age.
If our organization subsequently finds out that it has processed the personal data of such a person without the consent of his parent or guardian, our organization shall do everything necessary to delete all provided personal data.
At the email address that is listed at the beginning of this document., the above-described persons or their parents or guardians shall be able to submit their requests for the deletion of the data concerned at any time.
Who can you contact for further clarification regarding the processing of personal data in our organization and regarding your rights?
You can limit or revoke your consent for the processing of data at any time by contacting our organization as a processor of your personal data at the email address that is listed at the beginning of this document.
Protection of personal data
Our organization carefully stores and protects personal data through organizational, technical and logical procedures and measures to protect the data from accidental or intentional unauthorized access, destruction, alteration or loss, and unauthorized disclosure or other form of processing to which you have not expressly consented to.
To this end, our organization has also adopted appropriate internal processes and set up various measures (e.g. assigning, using and changing passwords, locking premises, offices, server and workstation locations, regularly updating software and upgrading security-critical components, physically protection of material containing personal data in specially designated places, training of employees, etc.). Our organization also demands these security commitments from its contractual processors.
Rules & conditions for prize game
You can learn more about them here.
Version and date of the last update of this notice
This notice was last updated on August 20th, 2023.
Biohacking Vital d.o.o.
Join our community
Join us on the feel-good journey — new drops, perks, and little rituals for your day.
Every year, we reinvest part of our profit into researching supplements and holistic approaches that support well-being and help maintain mind-body balance.
