1. Who are we?

Roots is a UK-based provider of leadership, team and organisational development solutions to organisations and individuals.

This privacy policy explains what information we collect from you, why, and how we use it. It also explains how we store and share your information. This policy applies to all personal information that we process. Personal information is classed as any information about an individual that could be used (either in isolation or combined with other information) to identify that individual and as such includes work related information.

We are committed to respecting your privacy and ensuring that your data is appropriately secured and process all personal information in accordance with the General Data Protection Regulation (GDPR).

We may update this policy and our terms from time to time and will publish any updates on our website.

Any questions you have relating to our privacy policy should be directed to

2. What data do we hold?

Our activities mean that we sometimes have to collect personal information about you. We limit the information we collect and only store the details we require in order to deliver one or more legitimate commercial purposes. Personal information means information that can be used to identify you as an individual and may include:

·       Basic personal information – such as name, email address and telephone number

·       Digital footprint information – such as your IP address, location coordinates and location when you interact with our website

·       Professional Information – such as your job role, organisation and sector


On some client projects we are required to obtain certain special categories of information that are used for specific and limited purposes. In such cases we will only process this information when you have given your specific consent (either to us or your employer) to do so. This may include:

·       Racial or ethnic origin

·       Physical characteristics

·       Behavioural information

Further detail on the conditions for processing this information are provided in section 4.

3. Where did we get your data?

Your information is collected from a range of sources depending on the relationship we have with you. It includes:

·       Information you have provided to us

·       Information your employer has provided for the purposes of completing a specified project

·       Information that we obtain as a result of our relationship with you

·       Information obtained as a result of the technology you use to interact with us (such as your IP address)

·       Information that we may receive from third parties who provide a service to us (where permitted by law and where appropriate consents have been provided
        by you)

4. What is the lawful basis for processing your data?

The lawful basis for processing your data will depend upon the service we are providing to you and at least one of the following will apply:

·       Contractual necessity – where processing your data is necessary for us to fulfil contractual obligations in the provision of a product or service

·       Consent – where we are processing your data for a specific purpose and you have provided us with your explicit consent to do so

·       Legitimate Interests – where processing your data is necessary for our legitimate business interests, where this does not override your interests, rights and

4.1 Conditions for processing special category data

We only process special category data in order to fulfil contractual obligations in the delivery of a product or service, such as completing a psychometric assessment for a client. In addition to the specified lawful basis for processing, the condition for processing this data is:

- Where “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”


5. How do we process your data?

We comply with our data processing obligations under the GDPR by ensuring that your data is stored securely, kept up to date and only retained for the relevant period. We maintain appropriate technical and procedural measures to protect your data against loss, disclosure or misuse.

5.1 Processing of data outside of the European Economic Area(EEA)

Some of our supplier services may result in your data being stored outside of the EEA as a result of our usage of cloud based services. We only work with third party providers who meet the appropriate EU directive and have the appropriate protection under UK law in place.

6. How do we use your data?

We use your information in order for use to complete our business activities. The way in which your information is used will depend on the reason why we hold your data and the lawful basis for us doing so. It is only ever used for the stated and specific purpose. These include:

- For billing purposes, such as invoicing for products and services

- For the completion of services for which we have been contracted to provide

- To process sign-ups via our website or to other services offered digitally

- To ensure website functionality

- To provide you with information on products and services where you have consented for us to do so

- To support and improve the day-to-day running of our business

- To provide news and information about developments that are directly related to the services and products that you use

- To develop our relationship with you

6.1 What we don’t do with your data

Your relationship with us is valuable and we take your data security and rights seriously:

- We do not sell your data to third parties

- We do not transfer your data to anyone other than those circumstances described in 6.2

- We do not use your data for any purpose other than those agreed to

- We do not use any automated decision-making software relating to your personal data

6.2 Third Parties

We do not share your information with third parties except:

- When we are required to do so in order to fulfil our contractual obligation for a specific product or service

- When third parties are providing a service to us whereby they act as processors of your personal information on our behalf

- When third parties are acting as sub-contractors or agents acting on our behalf

7. How long do we retain your data?

We only retain the personal data we hold for as long as is relevant for the purpose or purposes for which it was provided. This will vary as a result of different contractual requirements and data types. In determining the appropriate ‘relevant’ period to apply we consider several factors:

- Contractual requirements

- DPA guidelines

- Legal or accounting requirements

8. Your Rights

You have clearly defined rights in relation to the personal information that we process about you. Dependent upon the lawful basis upon which we are processing your data, you have the right to access, correct and delete or object to or restrict our processing of your information. If you wish to exercise these rights you can do so by contacting us at


Your rights are as follows:

·       The right to be informed – this privacy policy is the primary mechanism that we use to inform you of how we process your information, why and who we will
         share it with

·       The right of access – you have a right to access the personal information we hold about you. To do so, please contact us at with the
        subject line ‘Subject Access Request’

·       The right to rectification – if you believe that information we hold about you is inaccurate you can request that we restrict the processing of that information
         and to rectify the inaccurate information that we hold about you

·       The right to erasure – You have a right to request that we remove all of the data that we hold about you, if you believe that:

·       Our processing of your data is not lawful

·       The purpose for which we originally required the information is no longer valid

·       We have asked for permission to process your personal information and you wish to withdraw your consent

·       The right to restrict processing – you can ask that we restrict the processing of your data if:

·       Our processing of your data is not lawful

·       You believe that information we hold about you is inaccurate you

·       The purpose for which we originally required the information is no longer valid

·       The right to data portability – in cases where you have provided us with consent to process your personal information or a contract for a contract or service
        exists you have the right to request a copy of your information in a portable format or request that we transfer that information directly to a third party

·       The right to object – you have the right to object to us processing your personal information unless we can provide legitimate grounds for that processing

·       The right to withdraw consent – you have the right to withdraw your consent at any time in circumstances where we have asked your permission in order to
        process your personal information

·       The right to complain – you have the right to lodge a complaint with the Information Commissioners Office (ICO) Their Helpdesk number
        is 0303 123 1113


Please note that in some cases, if you choose to restrict the way in which we process your data it may not be possible for us to fulfil our contractual obligations for certain products and services.