Privacy Policy for 1000ROOTS, LLC

Effective Date: Feb 8, 2025

1000ROOTS, LLC (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring a safe online experience. This Privacy Policy explains how we collect, use, and share personal and Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) when you visit our website, engage with our services, and interact with us online.

1. Information We Collect

We collect the following types of personal information when you interact with our website, register for events, or engage with our services:

Contact Information: Name, email address, mailing address, phone number.

Payment Details: For processing transactions.

Health and Hair Information: Details pertaining to health history, hair and scalp health, and related conditions to provide tailored services.

Personal Identification Information: Name, address, email address, phone number, role/title, payment information (e.g., credit card or PayPal details).

Event Participation Information: Registration information, including responses to interest forms and feedback surveys.

Usage Data: We may collect information about how you access and interact with our website, including browser type, IP address, and pages visited. This may involve the use of cookies and other tracking technologies.

Photos and Videos: We may capture photos or videos during events for promotional purposes, subject to your consent.

Website Forms: When users sign up, contact us, or make purchases.

Client Forms: Submitted during appointments or consultations.

Cookies: We use cookies to improve user experience and analyze website usage. Specific types include:

a. Essential Cookies: Necessary for website functionality.

b. Analytics Cookies: To track user interactions and improve services.

c. Preference Cookies: To remember user settings and preferences.

2. Purpose of Data Collection and Usage

We collect and use PHI information for the following purposes:

Hair and Scalp Evaluations: To provide personalized recommendations and treatment options.

Order Processing: To handle product purchases, appointment bookings, and other transactions.

Marketing: To share updates, promotions, and news about our services.

3. How We Use Your Information

We use the PHI information we collect to:

Provide Services: To process your registration for events, manage payments, and send event-related communications.

Improve Our Services: To analyze usage data and improve the functionality and content of our website and services.

Marketing and Promotion: To send promotional materials, newsletters, and event updates. We may also use your photos or videos to promote future events, with your consent.

Legal Compliance: To comply with legal obligations or enforce our terms of service.

4. How We Share Your Information We will never sell your personal information to third parties. However, we may share your information for the following purposes and with the following entities:

Appointment Management: Scheduling software for booking and reminders.

Billing and Payments: Secure payment processing platforms.

Client Forms: Online tools for submitting and storing health and consultation forms.

Vendors and Service Providers: We may share personal data with third-party service providers, including Wix for website hosting, payment processors (such as PayPal), and email service providers (such as Google Workspace), to facilitate transactions and improve our services.

Sponsors: If you attend a sponsored event, your contact information may be shared with event sponsors, but only with your explicit consent.

Legal Requirements: We may disclose your personal information if required to do so by law or in response to a valid legal request

5. Cookies and Tracking Technologies: Our website uses cookies and other tracking technologies to enhance your user experience. Cookies are small files stored on your device that help us track site usage and personalize your visit. You can manage your cookie preferences through your browser settings. By using our website, you consent to our use of cookies.

Types of Cookies Used

Essential Cookies: These cookies are necessary for the basic functionality of our website, such as enabling secure logins and remembering your preferences.

Analytics Cookies: We use these to gather insights about website performance and user interactions, helping us improve our offerings.

Preference Cookies: These cookies store your settings, such as language or region preferences, to create a more personalized experience.

Informing Users and Managing Cookies

Consent: By using our website, you acknowledge and agree to the use of cookies.

Privacy Policy: Detailed information about our cookie usage is provided in this Privacy Policy, including how and why cookies are used.

Managing Cookies: Most browsers allow you to manage cookies through their settings. You can choose to block or delete cookies, though this may affect the functionality of our website.

How to Contact Us

For questions or concerns about our use of cookies, please contact us at using the Contact Us form on 1000roots.com.

User Consent and Opt-Out:
a. Obtaining User Consent for Data Collection and Processing

We collect and process user data only after obtaining consent in the following ways:

Implicit Consent: By using our website or services, users agree to the collection and use of data as outlined in our Privacy Policy.

Explicit Consent: For sensitive information (e.g., health history, hair and scalp evaluations), we obtain explicit consent through client forms or other documentation at the time of submission.

Transactional Consent: When users make a purchase or schedule an appointment, they consent to data collection necessary for completing the transaction.

b. Opting Out or Withdrawing Consent

Users have the right to opt-out of data collection or withdraw their consent at any time by:

Email Request: Contacting us using the Contact Us form on 1000roots.com to request data deletion, opt out of marketing communications, or withdraw consent for specific processing activities.

Unsubscribing: Clicking the "Unsubscribe" link included in all marketing or promotional emails to opt out of future communications.

Cookie Management: Adjusting browser settings to block or delete cookies if they no longer consent to their use.

Revoking Consent for Forms: Notifying us directly if they wish to withdraw consent for previously submitted health or consultation information.

Response Time

We will respond to data access or deletion requests within 45 days of receipt. If an extension is necessary due to the complexity or volume of requests, we will notify you within the initial 45-day period.

6. Payment Processing: All payments for events or services are processed through third-party payment processors (such as PayPal or credit card providers). We do not store your payment details on our servers. By making a purchase, you agree to the terms of the payment processor’s privacy policy.

7. Data Security: We use reasonable measures to protect your personal information from unauthorized access, loss, or alteration. However, no data transmission over the internet can be guaranteed 100% secure, and we cannot ensure the security of data sent to our website.

8. Children’s Privacy: Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete such information as soon as possible. If you believe we have collected data from a child, please contact us at using the Contact Us form on 1000roots.com.

9. International Data Transfers: If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers maintain facilities. We use appropriate safeguards, such as standard contractual clauses, to ensure that your data is protected in accordance with applicable data protection laws.

10.  Legal Basis for Processing Personal Data: For individuals in the European Economic Area (EEA), we process your personal information based on one or more of the following legal bases:

Consent: Where you have provided explicit consent for us to process your data.

Contractual Necessity: To fulfill a contract or take steps related to a contract (e.g., event registration).

Legal Obligations: To comply with legal requirements.

Legitimate Interests: For purposes such as improving our services, provided that such interests are not overridden by your rights.

11. Third-Party Links: Our website may contain links to third-party websites, including social media platforms and event sponsors. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies before sharing personal information.

12. Your Rights and Choices: You have the right to access, update, and delete your personal information. You may also request that we stop sending you promotional communications. To exercise these rights, please contact us at the details below.

13.  Responding to “Do Not Track” Signals: Our website does not respond to “Do Not Track” (DNT) browser signals. However, you can control cookies and similar technologies through your browser settings.

14.  Privacy Rights for Specific Jurisdictions: California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

The right to know what personal information we collect, use, and share.

The right to request deletion of your personal information.

The right to opt out of the sale of your personal information.

To exercise these rights, please contact us by using the Contact Us form on 1000roots.com.

European Economic Area (GDPR)

If you are located in the EEA, you have the following rights under the General Data Protection Regulation (GDPR):

The right to access and obtain a copy of your personal data.

The right to correct or update inaccurate or incomplete data.

The right to request the erasure of your data in certain circumstances.

The right to restrict or object to processing based on legitimate interests.

The right to data portability.

To exercise these rights, please contact us by using the Contact Us form on 1000roots.com.

15.  Data Breach Notification

In the unlikely event of a data breach, we will notify affected individuals and the appropriate authorities promptly, as required by applicable data protection laws.

To protect against potential breaches, the following measures will be in place:

1. Regular Security Audits: We will routinely assess and update our security practices to address emerging threats.

2. Data Minimization: Only the data necessary for specific purposes will be collected and retained.

3. Monitoring and Alerts: Systems will be monitored for unusual activity, with alerts set for unauthorized access attempts.

4. Secure Third-Party Providers: We will work with trusted service providers that comply with industry-standard data protection practices.

16.  Incident Response Plan

In the event of a data breach, we will:

Notify affected users promptly.

Work with cybersecurity experts to resolve the issue.

Review and strengthen security protocols to prevent future incidents.

17.  Accessibility:

We are committed to ensuring that this Privacy Policy is accessible to all individuals, including those with disabilities. If you experience any difficulty accessing this policy, please contact us by using the Contact Us form on 1000roots.com for assistance.

18.  Photos and Videos Consent:

We may capture photos or videos during events for promotional purposes.

By participating in our events, you consent to the use of your image for these purposes.

If you do not wish to appear in photos or videos, please notify us in advance or speak with an event coordinator on-site.

19.  Data Retention:

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law.

20.  Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time.

Any changes will be posted on this page, and the revised policy will take effect immediately upon posting.

21.  Your Rights Under HIPAA 

You have the following rights regarding your PHI:

Right to Access: You may request copies of your health information and records. Requests must be made in writing and within a reasonable timeframe. We may charge a reasonable fee for copies or summaries. 

Right to Amend: You have the right to request corrections to your health information if you believe it is incorrect or incomplete. 

Right to Restrict Use: You may request limitations on how your PHI is used or disclosed for treatment, payment, or healthcare operations.

Right to Confidential Communications: You can request that we contact you through specific methods (e.g., email or phone) or at specific locations.

Right to an Accounting of Disclosures: You have the right to request a list of disclosures we have made of your PHI outside of treatment, payment, and healthcare operations. 

Right to File a Complaint: If you believe your privacy rights have been violated, you can file a complaint with us or with the U.S. Department of Health and Human Services (HHS).

22.  Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your personal information, please contact us.