DRAG

Privacy Policy

Our privacy policy was last updated on April 10th 2025.

www.rootsmru.co.uk (also referred to as “site”, “we”, “us”) is owned and operated by ROOTSMRU LTD. 

RoleInformation
Data ControllerROOTSMRU LTD
Emailinfo@rootsmru.co.uk
Contact+44 20 34 32 00 64
AddressOffice 15664,182-184 High Street North London, UK, E6 2JA

TABLE OF CONTENT 

  1. ABOUT THIS PRIVACY NOTICE    
  2. PURPOSE   
  3. GDPR   
  4. CONSENT   
  5. LEGAL BASIS FOR PROCESSING   
  6. PERSONAL DATA WE MAY COLLECT ABOUT YOU AND HOW DO WE USE AND/OR DISCLOSE THE PERSONAL DATA   

6.1 DATA COLLECTED AUTOMATICALLY   

6.2 DATA COLLECTED IN A NON-AUTOMATIC WAY   

  1. HOW WE USE PERSONAL DATA   
  2. WHO WE SHARE PERSONAL DATA WITH

8.1 EMPLOYEES

8.2 THIRD PARTIES  

8.3 OTHER DISCLOSURES

8.4 INTERNATIONAL DATA TRANSFERS

  1. HOW LONG WE STORE PERSONAL DATA  
  2. HOW WE PROTECT YOUR PERSONAL DATA

10.1 YOUR RIGHTS AS A USER  

10.2 CHILDREN

10.3 HOW TO ACCESS, MODIFY, DELETE, OR CHALLENGE THE DATA COLLECTED  

10.4 COOKIE POLICY

10.5 MODIFICATIONS

10.6 COMPLAINTS

  1. CONTACT INFORMATION 

1. ABOUT THIS PRIVACY NOTICE

We are ROOTSMRU LTD and this privacy notice is intended for travellers using or considering using our products and services.

This privacy notice describes our policies and procedures on the collection, use and disclosure of your information when you use the service and tells you about your privacy rights and how the law protects you. We use your personal data to provide and improve the service. By using the service, you agree to the collection and use of information in accordance with this policy.

ROOTSMRU LTD amends its privacy notices from time to time and recommends that you visit this notice occasionally to stay informed. If updates are made to a privacy notice that could impact persons significantly, it will take steps to inform these persons about such changes before they take effect.

2. PURPOSE

The purpose of this privacy policy is to inform users of our site of the following: 

  1. The personal data we will collect;
  2. Use of collected data;
  3. Who has access to the data collected;
  4. The rights of Site users; and
  5. The Site’s cookie policy.

This Privacy Policy applies in addition to the terms and conditions of our site.

3. GDPR 

For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.

4. CONSENT

By using our Site users agree that they consent to the conditions set out in this Privacy Policy. When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.

You can withdraw your consent by emailing us at info@rootsmru.co.uk or by adjusting your preferences in your account settings

5. LEGAL BASIS FOR PROCESSING

We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.

We rely on the following legal bases to collect and process the personal data of users in the EU:

  1. Users have provided their consent to the processing of their data for one or more specific purposes;
  2. Processing of user personal data is necessary for us to take, at the request of a user, steps before entering a contract or for the performance of a contract to which a user is a party. If a user does not provide the the personal data necessary to perform a contract the consequences are as follows: No service will be provided;
  3. Processing of user personal data is necessary for us to comply with a legal obligation. If a user does not provide the personal data necessary for us to perform a legal obligation the consequences are as follows: No service will be provided; and
  4. Processing of user personal data is necessary to a task carried out in the public interest or in the exercise of our official authority.

6. PERSONAL DATA WE MAY COLLECT ABOUT YOU AND HOW DO WE USE AND/OR DISCLOSE THE PERSONAL DATA

We only collect data that helps us achieve the purpose set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.

6.1 Data Collected Automatically

Whether or not you make a ROOTSMRU reservation, when you use our platform, we automatically collect certain information, we may automatically collect and store the following information:

  • Log information that the system may automatically collect when you use our Services via cookies, web beacons, or other channels (including those placed by our third-party partners).
  • Device information or software information such as IP address, software version, and device identifier of the mobile device you use, Web Browser or mobile device information used to access our Services.
  • Information on the web pages visited, keywords searched, pages accessed through our apps, and other information searched or provided during the use of our Services.
  • Information included in content shared or posted through our Services, such as photos, comments, dates, and times.
  • User preference information such as language, region, and currency.
  • Where you have given your consent: location information collected when you use location-based services after setting the location function on your device. This includes location information collected via GPS or Wi-Fi, address information included in Account Information you provided to us, the location information and current/past location you shared with us. If you do not want your location information to be collected, you can disable the location function setting.
  • For more details on how we use cookies, please refer to our Cookie Statement.

When you use our mobile apps, we collect data identifying the mobile device and operation of our app on the device (including possible crashes). When you are redirected to the ROOTSMRU.co.uk platform by a third-party website or mobile app, we collect this information as well. We also collect information about clicks you make and which pages are shown to you from our platform.

6.2 Data Collected in a Non-Automatic Way

ROOTSMRU.co.uk collects, uses and/or discloses the information you provide to us directly to provide you with the services you request. For example, you may provide us your mobile number, email, or other information when you register an account. When booking a service, you may provide passenger names, ID document numbers and the contact person’s name, mobile number, email and other information. 

When booking hotels and tickets for tourist attractions, you may provide the travellers’ names, contact person’s name, mobile number, and email, etc. 

When paying for travel products, you may provide your bank card number, the mobile number previously provided to the bank, or your credit card details.

To enhance payment convenience, if your device supports biometric authentication (e.g., fingerprint or Face ID), you may choose to enable this feature for transactions (provided only in certain countries and regions). This verification is processed entirely on your device, and our site does not collect, process, or store your biometric data. We only receive confirmation of successful authentication to authorise transactions. You can disable biometric authentication at any time through your account settings. The processing of biometric verification results is based on user consent.

To customise the services we provide you, we may also collect, use and/or disclose information about your travel plans and preferences which includes your meal requirements, departure date, check-in and check-out times, seat choice, ticket choice, insurance choice, and your selection of other services (such as car rental, attraction tickets, and travel guides, etc.) provided by ROOTSMRU.

If you need to get in touch with our customer support team or reach out to us through other means (such as through social media) we will collect, use and/or disclose information from you there too, such as your name and contact information. For quality, training and dispute resolution purposes, we may record phone conversations when you call us, when you answer our calls or when you have a conversation with our partner providers via our platform.

You may also participate in referral programs or prize promotions, the details of which may be found on the event page. Doing so will also mean providing us with your name and contact information. In addition to this, you can provide us with feedback or ask for help with using ROOTSMRU services.

You may be traveling with other guests or making a booking on someone else’s behalf, in which case you will provide the relevant personal data to ROOTSMRU.co.uk. However, we would like to remind you that it is your responsibility to ensure that the person or people whose personal data you have provided are aware that you’ve done so, and have agreed to your sharing of their personal data with ROOTSMRU for the purposes set out in this Privacy Notice.

Please note that your personal data will not be used for AI training, or transferred to any third parties for providing AI service.

This data may be collected using the following methods:

  1. Creating an account; and
  2. Newsletter subscription.

7. HOW WE USE PERSONAL DATA

Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.

The data we collect automatically is used for statistics. The data we collect when the user performs certain functions may be used for communication.

Under GDPR, every processing activity must have a lawful basis. ROOTSMRU as a tour operator, our site may share your data with the following categories for processing : 

Purpose of ProcessingType of Data UsedLawful Basis for Processing

To process your booking and fulfil our contractual obligations.

(tours/accommodation)

Identity, Contact, Transaction, Special CategoriesPerformance of a Contract with you.
To manage payments and collect/recover money owed to us.Identity, Contact, Financial, Transaction.Performance of a Contract and necessary for our Legitimate Interests (to recover debts).
To send marketing communications about our services.Identity, Contact, Profile.Your Consent (if you opted-in) or necessary for our Legitimate Interests (marketing to existing customers).
To comply with legal obligations, such as tax and regulatory requirements.Identity, Contact, Transaction.Necessary to comply with a Legal Obligation.

8. WHO WE SHARE PERSONAL DATA WITH

8.1 Employees

We may disclose user data to any member of our organisation who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.

8.2 Third Parties

We share your identity, contact details, and specific travel preferences with hotels and tour operators in Mauritius to fulfill your booking contract

We may share the following user data with third parties: Links clicked while using the site for booking.

We may share user data with third parties for the following purposes: Bookings.

Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given purpose.

8.3 Other Disclosures

We will not sell or share your data with other third parties, except in the following cases:

  1. If the law requires it;
  2. If it is required for any legal proceeding;
  3. To prove or protect our legal rights; and
  4. To buyers or potential buyers of this company in the event that we seek to sell the company.

If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and have no control over their privacy policies and practices.

8.4 International data transfers 

Since Mauritius is a country located outside the UK/European Economic Area (EEA), we share your personal data with hotels, tour operators, and ground handling agents in Mauritius to fulfill your booking.

When we transfer your data outside the UK/EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • Standard Contractual Clauses (SCCs): We use specific, pre-approved legal contract templates issued by the European Commission or the UK Information Commissioner’s Office (ICO). These mandatory clauses legally obligate our Mauritian partners to treat your personal data according to the same strict standards required within the UK and EEA.

     

  • Derogations (Contractual Necessity): We may transfer your personal data where it is necessary for the performance of a contract between you and ROOTSMRU LTD. For example, we must transfer your booking details (such as names and dietary requirements) to local hotels or tour providers in Mauritius to fulfill the holiday services you have purchased. Without this transfer, we would be unable to provide the services requested.

Personal data may also be disclosed to financial institutions, third-party payment processors, and regulatory authorities outside the UK/EEA as required to facilitate your travel arrangements and comply with legal obligations. You may request a copy of the specific transfer mechanism used for your data by contacting us.

Personal data that we collect from you may be transferred to and stored at a destination outside the UK/EEA. Due to the global nature of our business, your personal data will be disclosed to our tour Service Providers, third-party vendors, financial institutions and third-party payment processors, business partners, advertising partners and affiliates within our group, government authorities, law enforcement, regulators and fraud prevention agencies, and prospective buyers and their advisers outside of the UK and the EEA. Where these locations do not provide an adequate level of data protection, we ensure appropriate safeguards are in place to protect the transfer of your personal data to these countries. A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.

The measures we have in place include the following:

 

9. HOW LONG WE STORE PERSONAL DATA

Retention: We retain identity and contact data for 7 years following your last interaction with us to comply with UK legal and tax obligations. Marketing data is retained until you withdraw consent.

Security: We use strong browser encryption and secure facilities. While we take every precaution, no internet transmission is 100% secure; we aim for the highest “reasonably practical” security.

10. HOW WE PROTECT YOUR PERSONAL DATA

In order to protect your security, we use the strongest available browser encryption and store all of our data on servers in secure facilities. Access to your personal data is strictly limited to our employees and authorised third-party service providers who have a business need to know Our employees are bound by strict confidentiality agreements and a breach of this agreement would result in the employee’s termination.

While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.

10.1 Your Rights as a User

Under the GDPR, you have the following rights:

  1. Right to be informed;
  2. Right of access;
  3. Right to rectification;
  4. Right to erasure;
  5. Right to restrict processing;
  6. Right to data portability; and
  7. Right to object.

10.2 Children

We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact our data protection team on info@rootsmru.co.uk

10.3 How to Access, Modify, Delete, or Challenge the Data Collected

If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to whom we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under the GDPR, contact info@rootsmru.co.uk.

10.4 Cookie Policy

A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.

We use the following types of cookies on our Site:

  1. Functional cookies
    Functional cookies are used to remember the selections you make on our Site so that your selections are saved for your next visits;
  2. Analytical cookies
    Analytical cookies allow us to improve the design and functionality of our Site by collecting data on how you access our Site, for example data on the content you access, how long you stay on our Site, etc; and
  3. Targeting cookies
    Targeting cookies collect data on how you use the Site and your preferences. This allows us to personalise the information you see on our Site for you.

10.5 Modifications

This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the “Effective Date” at the top of this Privacy Policy. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Privacy Policy.

10.6 Complaints

If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue. If you feel we have not addressed your concern in a satisfactory manner you may contact a supervisory authority. You also have the right to directly make a complaint to a supervisory authority. You can lodge a complaint with a supervisory authority by contacting the Information Commissioner’s Office in the UK, Data Protection Commission in Ireland.

11. CONTACT INFORMATION

If you have any questions, concerns or complaints, you can contact our data protection team on info@rootsmru.co.uk or call us on +44 20 34 32 00 64