Our privacy policy was last updated on April 10th 2025.
www.rootsmru.co.uk (also referred to as “site”, “we”, “us”) is owned and operated by ROOTSMRU LTD.
| Role | Information |
| Data Controller | ROOTSMRU LTD |
| info@rootsmru.co.uk | |
| Contact | +44 20 34 32 00 64 |
| Address | Office 15664,182-184 High Street North London, UK, E6 2JA |
TABLE OF CONTENT
6.1 DATA COLLECTED AUTOMATICALLY
6.2 DATA COLLECTED IN A NON-AUTOMATIC WAY
8.1 EMPLOYEES
8.2 THIRD PARTIES
8.3 OTHER DISCLOSURES
8.4 INTERNATIONAL DATA TRANSFERS
10.1 YOUR RIGHTS AS A USER
10.2 CHILDREN
10.3 HOW TO ACCESS, MODIFY, DELETE, OR CHALLENGE THE DATA COLLECTED
10.4 COOKIE POLICY
10.5 MODIFICATIONS
10.6 COMPLAINTS
We are ROOTSMRU LTD and this privacy notice is intended for travellers using or considering using our products and services.
This privacy notice describes our policies and procedures on the collection, use and disclosure of your information when you use the service and tells you about your privacy rights and how the law protects you. We use your personal data to provide and improve the service. By using the service, you agree to the collection and use of information in accordance with this policy.
ROOTSMRU LTD amends its privacy notices from time to time and recommends that you visit this notice occasionally to stay informed. If updates are made to a privacy notice that could impact persons significantly, it will take steps to inform these persons about such changes before they take effect.
The purpose of this privacy policy is to inform users of our site of the following:
This Privacy Policy applies in addition to the terms and conditions of our site.
For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.
By using our Site users agree that they consent to the conditions set out in this Privacy Policy. When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.
You can withdraw your consent by emailing us at info@rootsmru.co.uk or by adjusting your preferences in your account settings
We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.
We rely on the following legal bases to collect and process the personal data of users in the EU:
We only collect data that helps us achieve the purpose set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.
Whether or not you make a ROOTSMRU reservation, when you use our platform, we automatically collect certain information, we may automatically collect and store the following information:
When you use our mobile apps, we collect data identifying the mobile device and operation of our app on the device (including possible crashes). When you are redirected to the ROOTSMRU.co.uk platform by a third-party website or mobile app, we collect this information as well. We also collect information about clicks you make and which pages are shown to you from our platform.
ROOTSMRU.co.uk collects, uses and/or discloses the information you provide to us directly to provide you with the services you request. For example, you may provide us your mobile number, email, or other information when you register an account. When booking a service, you may provide passenger names, ID document numbers and the contact person’s name, mobile number, email and other information.
When booking hotels and tickets for tourist attractions, you may provide the travellers’ names, contact person’s name, mobile number, and email, etc.
When paying for travel products, you may provide your bank card number, the mobile number previously provided to the bank, or your credit card details.
To enhance payment convenience, if your device supports biometric authentication (e.g., fingerprint or Face ID), you may choose to enable this feature for transactions (provided only in certain countries and regions). This verification is processed entirely on your device, and our site does not collect, process, or store your biometric data. We only receive confirmation of successful authentication to authorise transactions. You can disable biometric authentication at any time through your account settings. The processing of biometric verification results is based on user consent.
To customise the services we provide you, we may also collect, use and/or disclose information about your travel plans and preferences which includes your meal requirements, departure date, check-in and check-out times, seat choice, ticket choice, insurance choice, and your selection of other services (such as car rental, attraction tickets, and travel guides, etc.) provided by ROOTSMRU.
If you need to get in touch with our customer support team or reach out to us through other means (such as through social media) we will collect, use and/or disclose information from you there too, such as your name and contact information. For quality, training and dispute resolution purposes, we may record phone conversations when you call us, when you answer our calls or when you have a conversation with our partner providers via our platform.
You may also participate in referral programs or prize promotions, the details of which may be found on the event page. Doing so will also mean providing us with your name and contact information. In addition to this, you can provide us with feedback or ask for help with using ROOTSMRU services.
You may be traveling with other guests or making a booking on someone else’s behalf, in which case you will provide the relevant personal data to ROOTSMRU.co.uk. However, we would like to remind you that it is your responsibility to ensure that the person or people whose personal data you have provided are aware that you’ve done so, and have agreed to your sharing of their personal data with ROOTSMRU for the purposes set out in this Privacy Notice.
Please note that your personal data will not be used for AI training, or transferred to any third parties for providing AI service.
This data may be collected using the following methods:
Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.
The data we collect automatically is used for statistics. The data we collect when the user performs certain functions may be used for communication.
Under GDPR, every processing activity must have a lawful basis. ROOTSMRU as a tour operator, our site may share your data with the following categories for processing :
| Purpose of Processing | Type of Data Used | Lawful Basis for Processing |
To process your booking and fulfil our contractual obligations. (tours/accommodation) | Identity, Contact, Transaction, Special Categories | Performance of a Contract with you. |
| To manage payments and collect/recover money owed to us. | Identity, Contact, Financial, Transaction. | Performance of a Contract and necessary for our Legitimate Interests (to recover debts). |
| To send marketing communications about our services. | Identity, Contact, Profile. | Your Consent (if you opted-in) or necessary for our Legitimate Interests (marketing to existing customers). |
| To comply with legal obligations, such as tax and regulatory requirements. | Identity, Contact, Transaction. | Necessary to comply with a Legal Obligation. |
We may disclose user data to any member of our organisation who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.
We share your identity, contact details, and specific travel preferences with hotels and tour operators in Mauritius to fulfill your booking contract
We may share the following user data with third parties: Links clicked while using the site for booking.
We may share user data with third parties for the following purposes: Bookings.
Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given purpose.
We will not sell or share your data with other third parties, except in the following cases:
If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and have no control over their privacy policies and practices.
Since Mauritius is a country located outside the UK/European Economic Area (EEA), we share your personal data with hotels, tour operators, and ground handling agents in Mauritius to fulfill your booking.
When we transfer your data outside the UK/EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
Personal data may also be disclosed to financial institutions, third-party payment processors, and regulatory authorities outside the UK/EEA as required to facilitate your travel arrangements and comply with legal obligations. You may request a copy of the specific transfer mechanism used for your data by contacting us.
Personal data that we collect from you may be transferred to and stored at a destination outside the UK/EEA. Due to the global nature of our business, your personal data will be disclosed to our tour Service Providers, third-party vendors, financial institutions and third-party payment processors, business partners, advertising partners and affiliates within our group, government authorities, law enforcement, regulators and fraud prevention agencies, and prospective buyers and their advisers outside of the UK and the EEA. Where these locations do not provide an adequate level of data protection, we ensure appropriate safeguards are in place to protect the transfer of your personal data to these countries. A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.
The measures we have in place include the following:
Retention: We retain identity and contact data for 7 years following your last interaction with us to comply with UK legal and tax obligations. Marketing data is retained until you withdraw consent.
Security: We use strong browser encryption and secure facilities. While we take every precaution, no internet transmission is 100% secure; we aim for the highest “reasonably practical” security.
In order to protect your security, we use the strongest available browser encryption and store all of our data on servers in secure facilities. Access to your personal data is strictly limited to our employees and authorised third-party service providers who have a business need to know Our employees are bound by strict confidentiality agreements and a breach of this agreement would result in the employee’s termination.
While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.
We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact our data protection team on info@rootsmru.co.uk
If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to whom we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under the GDPR, contact info@rootsmru.co.uk.
A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.
We use the following types of cookies on our Site:
This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the “Effective Date” at the top of this Privacy Policy. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Privacy Policy.
If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue. If you feel we have not addressed your concern in a satisfactory manner you may contact a supervisory authority. You also have the right to directly make a complaint to a supervisory authority. You can lodge a complaint with a supervisory authority by contacting the Information Commissioner’s Office in the UK, Data Protection Commission in Ireland.
If you have any questions, concerns or complaints, you can contact our data protection team on info@rootsmru.co.uk or call us on +44 20 34 32 00 64
