Enjoy free shipping on orders over 60€ 🍄
Close this search box.

Privacy Policy

The controller of your personal data in relation to the website https://feelrooty.com/ (hereinafter: the website) and your other interactions with BIOHACKING VITA d.o.o. is:

BIOHACKING VITAL, internetna prodaja, svetovanje za zdrav način življenja, d.o.o.

Griže 129
3302 Griže,
Slovenia, Europe

Company reg. No.: 8947066000

VAT ID no.: SI 12255807

Email: [email protected]

(hereinafter: we, us, our, BIOHACKING VITAL d.o.o., processor, provider, company or organization)

A Data Protection Officer has not yet been appointed. Please reach out to us with any privacy related inquiries or requests at [email protected].

Purpose and use of this notice

You can find out more about us and our services and other activities here.

The company is the owner and provider of the website https://feelrooty.com/ and its various sub-domains or related websites (hereinafter collectively referred to as: the website).

This notice describes how BIOHACKING VITAL d.o.o. processes and protects the personal data of individuals who have provided their data directly to the company as the controller of personal data in connection with the website (e.g. by consenting to the placement of cookies when visiting the website, when completing and submitting an online form through the website, etc.).

Use of terms and amendments to this notice

Unless otherwise stated, terms used in this notice (e.g. personal data, processing, controller, processor, etc.) have the same meaning as in the General data protection regulation (hereinafter: the GDPR).

The terms defined in this notice, which are used in the singular form shall be deemed to include the plural form and vice versa, whereby the terms relating to the masculine gender shall be deemed to include all genders.

We may update or change the information and references in this notice from time to time, whereby news of major changes shall be posted on our website.

In the event of substantial changes (e.g. to the legal basis and purposes of the processing of data already collected), we shall inform individuals of the proposed changes by email or by other appropriate means.

What data we process, what gives the right to do so and why we process such data

1.1 Review of databases and types of personal data, categories of data subjects, deadlines for deletion of personal data and purposes and types of processing







Data associated with a registered user account

Contractual relationship.

Name, email address and other contact information. Customers or individuals who register a user account with our organization.

Until the day the registered user requests the deletion of the user account or 6 years after the last activity of an otherwise inactive user account.

For the purpose of executing the concluded contract (i.e., acceptance of the general terms and conditions of business that regulate the registration and use of the user account), we can store and process the data of the registered user in ways that are logically connected with the provision and use of the user account


Details of individuals who have purchased products through our website

Contractual relationship.


– Name and/or surname of the individual that purchased the products


– Email address of the individual that purchased the products


-Information on the shipping address, payment details, transactional information, information on the ordered products.


– Information that is required for invoicing


And other personal data of the individual who had placed an order through the website in relation to the products of the company.

We may retain a minimised set of the aforementioned Data that includes your contact information, payment and shipping information until the expiration of the statutory period under which we may be held liable in relation to any possible hidden defects on the products  or any data on the issued invoice as per applicable statutory limits (6-10 years).

We process this data on the basis of the contractual relationship that is concluded when the individual accepts our terms of sale and places an order.


The company may process the data in ways that are logically related to the sale of goods (we may conclude the transaction, ship the products and perform other legally required acts (invoicing, sending order confirmation emails, etc.). Processing may include storage in an email system for the purposes of sending the order confirmation, forwarding data to shipping providers, storage of the invoice/data in the company’s archives, etc.).

Data associated with the issuing of invoices/billing


Fulfilling our legal obligations.





Data on the authorized person of a client who has a registered account for the use of our services (such as his email address, password, first name, last name) as well as the relevant account data (company name, pricing package, special usage requirements).

We are legally required to store these data for a period of 10 years.

Please note that this data shall not be deleted if our organization is obliged to keep such data after the termination of the contract (e.g. archiving data on issued invoices), as is described in more detail under points 1.3. and 2. of this notice.

For the purposes of issuing invoices/billing on the basis of a concluded contract, whereby the data shall be stored on our servers and in our CRM systems, viewed, shared inside and outside of our organization, structured and processed in other relevant ways for achieving these purposes.


Information on the individual communicating with the company via the email addresses and other communication channels that are available on the website

Negotiation for the conclusion of a contract.

Personal data of an individual who voluntarily communicates with the company (e.g. enquires about the company’s services, orders support services or proposes support related questions, arranges to place an order via a published email address, etc.), whereby such situations justifie the limited storage or processing of such individual’s data for the purpose of preparing the company’s response or for further communication.

Until the purposes for which the personal data had been collected for the processing of the individual personal data have expired (e.g. until the cessation of communications) or until 5 years have elapsed since the moment of last communication with the individual.

In the context of contract negotiations (i.e. obtaining information about or ordering a product or service or other voluntary communication between an individual and the company), the company may process the data in ways that are logically related to the negotiations taking place or the preparation of responses (e.g. storage in an email system for the purposes of responding and any further communication, storage of the data in the company’s archives, etc.).

Details of individuals who have opted in to receiving the company’s newsletters and other commercial communication


Personal data of an individual who has consented to the company sending him commercial information and other useful information about its products and services to his or her e-mail address from time to time.

To unsubscribe from receiving electronic communications, an individual may follow the unsubscribe link contained in each email.


In any case, the individual may also request the deletion of his data by sending his/her request to the company’s official e-mail address that is listed at the beginning of this document.

On the basis of consent, which had explicitly been obtained from the individual, the company may process (i.e. store and use in connection with the email system) the data solely for the purpose of providing commercial information and other useful information about its products and services.

Data an individuals who communicate with our organization via our email addresses and other communication channels



Negotiations for the conclusion of a contract.


The name and/or surname of the individual who communicates with our organization as well his email address and possibly his phone number and any other personal data that is disclosed in such communications.

Until we receive  the opt-out request or data deletion request of such individuals or until 4 years have elapsed since the last communication.

*Individuals can always opt-out via the provided link or request the deletion of their data by sending their request to the official email address of our organization that is listed at the beginning of this document.

Based on negotiations for the conclusion of a contract (i.e., obtaining information about or ordering a service or other voluntary communication of the individual with our organization), whereby our organization shall process the data in ways that are logically related to negotiations regarding the conclusion of a contract or the preparation of a response (e.g., storage in the system for sending electronic messages for response purposes and possible further communication, data storage in our organization’s archives, etc.).


**In certain cases, based on its legitimate interests and unless otherwise stated above or elsewhere in this notice, our organization reserves the right to store certain data beyond the stated period, as stated-above and in section 2 of this notice, whereby our organization will, in all such cases, limit data storage to the data that are essential for pursuing such legitimate interests. Individuals can always request the deletion of data by sending their request to our official email address that is listed at the beginning of this document. In connection with the above-stated purposes (e.g., where data storage is listed), the data shall be transferred for processing to our organization’s contractual partners (subprocessors), which are listed in section 3.3. of this notice. Subprocessors shall process data only in connection with the performance of tasks assigned to them and are directly related to the pursued purposes.

Data processing related to the company’s advertising activities

In accordance with the abovementioned, the company carries out customized marketing communication regarding its own products, discounts, news, customized offers and other promotional content through various channels and with various persons:


 Sending emails to people who have not yet been our customers.

Sending customized emails with customized marketing content.


Name, surname, email address,, data on past purchases or the contents of the shopping cart, data on the opening of emails and clicks on links.

Until consent has been withdrawn.

Sending marketing emails to existing customers of the company.

Sending customized emails with customized marketing content.

Legitimate interest.

Name, surname, email address, telephone number, data on past purchases or the contents of the shopping cart, data on the opening of emails and clicks on links.

Until consent has been withdrawn.

Showing ads to people who have agreed to the installation of optional cookies and tracking pixels.


(See the subpage on cookies).

(See the subpage on cookies).


1.2 The legal basis for the processing of personal data may lie in the fulfillment of a concluded contract or in negotiations for the conclusion of a contract

We may process personal data of individuals on the basis of a concluded contract (e.g., the conclusion of a contract for the use of our services) or negotiations for the conclusion of a contract (e.g., when an individual contacts our organization through our official communication channels and wants to obtain more information about our services).

In the described cases, you provide us with personal data as part of a contractual obligation or as part of negotiations for the conclusion of a contract, whereby we consequently do not need your explicit consent for the above-mentioned processing of your personal data. In principle, you will not suffer any serious negative consequences in situations where we would otherwise need your personal data to perform our services and you do not provide us with these data. However, such situations can significantly complicate or even prevent the execution of ordered services or our cooperation, and you will be informed in advance or subsequently in these cases.

1.3. The legal basis for the processing of your data may also be set out in legislation

Our organization may also process personal data for the purposes of fulfilling legal and other lawful obligations, especially those governing taxes and accounting requirements (e.g., records of issued and received invoices, etc.), for example: when an inspector or another holder of public authority orders our organization to entrust him with personal data of a certain client/visitor in accordance with the law (for example, in the context of conducting inspection supervision under the provisions of the applicable law, when our organization processes personal data of a client to whom it has issued an invoice, our organization processes this invoice and client data (e.g., personal name, contact details, etc.) on the basis of the applicable tax laws and regulations (see section 3.2.), etc.

1.4. Based on our legitimate interests

We are also allowed to process certain personal data for the purposes of safeguarding our own legitimate interests. Such cases may arise, for example, when the processing of your data would be necessary from the perspective of administrative, criminal, or civil proceedings (e.g., when our organization would have to submit a database as evidence in a procedure, otherwise our organization would suffer a penalty or severe and irreparable damage), in which case we will always process only those data that are absolutely necessary to pursue such legitimate goals. OUR organization is also allowed to process the personal data of an individual in cases where the processing is necessary to protect the vital interests of the individual (e.g., looking up the address of an individual who is facing an immediate and serious life-threatening danger).

1.5. Based on prior consent

Interacting with us and the use of our services is generally not conditional on you agreeing to the processing of your personal data.

However, we can also process your personal data based on your explicit consent. An individual’s explicit consent is considered as his voluntary declaration of will by which he agrees to the processing of certain personal data for a certain purpose, (e.g., when you consent to receiving our newsletter or other commercial messages), whereby in such cases we process those data that are indicated in the relevant section of the table from point 1, where consent is indicated as the legal basis for processing.

Receiving such communication can be stopped at any time by following the link contained in every newsletter/commercial email message or by contacting us at the email address that is listed at the beginning of this document.

Based on your consent, our online advertising can also be performed, provided that you have agreed to the installation of optional (advertising) cookies and tracking pixels of our advertising partners when visiting our website (e.g., installation of the Google Analytics cookie, which enables us to advertise our services more easily on other websites, etc.). A detailed list of optional cookies from our advertising partners, the data we process with them, and the retention periods of these data is defined on the “Cookies” page.

Our organization provides each individual with the right to withdraw his explicit consent at any time in a simple way, by contacting us at any time at the email address that is listed at the beginning of this document.

The withdrawal of consent does not affect the legality of the processing that was carried out on the basis of consent until the moment of withdrawal.

If you do not give consent for the processing of personal data, give consent partially or withdraw consent (partially), we will, if possible, cooperate with you only to the extent of the given consent or in ways permitted by applicable law.

Consent is voluntary and if you decide not to give it or later withdraw it, this in no case infringes on your other rights or represents additional costs or aggravating circumstances for you.

How long do we store or process your personal data?

The retention period of personal data depends on the basis and purpose of processing each category of personal data. Personal data is usually stored as long as necessary to fulfill the purpose for which the data was collected, or until some regulation requires us to keep it, after which it is deleted.

If the retention period of individual data is not more precisely defined in the table in section 1, the following applies:

Our organization may retain the data for another 15 days after the expiration of the said retention period with the aim of being able to destroy the stored data from all data carriers and servers during this period.

An individual can always request the deletion of data by sending their request to our organization’s official email address that is listed at the beginning of this document.

Who processes your personal data?

3.1. Certain employees that work for our organization

Your personal data is processed by those employees in our organization who need the data in order to perform their work. All employees are bound by confidentiality and are required to protect your personal data.

3.2. Government bodies

In certain cases, as prescribed by applicable legislation, our organization must also provide or report your personal data to the competent state authorities, as well as to authorities that are, for example, competent for financial, tax or other supervision (e.g., the Estonian Data Protection Inspectorate, etc.). In certain cases, our organization is obliged to provide data to third parties, if such an obligation to provide or disclose is imposed on our organization by law or the legal entitlement of a third party.

3.3. Contractual Processing of Personal Data

In addition to the employees in our organization, the users of personal data can also be employed persons of contractual processors of our organization, who can process personal data as confidential exclusively on behalf of our organization and within the limits of the contract on external processing of personal data, which our organization has concluded with each such processor. Contractual processors may only process personal data within the instructions of our organization (i.e., the contract), and they may not use the data to pursue any of their own interests.

The contractual processors our organization engages that might come into contact with your personal data are:

  • persons who work with us on the basis of subcontracts or author’s contracts (IT system maintainers, software code developers, etc.),
  • accountants or accounting services,
  • the provider of the website development and hosting services (see section 3.4.).

Our organization will not disclose your personal data to third unauthorized persons.

If you would like to obtain an exact list of all contractual subprocessors of our organization, you can write to us at the email address that is listed at the beginning of this document.

3.4.  Website development and hosting service provider

Hosting our website and storing the data you provide to us via the website (e.g. in connection with communication via the contact form on the page, etc.), is stored by our hosting provider with servers inside the EU. To obtain information on our hosting provider, please send your request to [email protected].

3.5. Transfer of Personal Data to Third Countries and International Organizations and Measures to Protect Transferred Data

As a rule, our organisation does not transfer personal data to third countries (i.e. outside the European Union, Iceland, Norway and Liechtenstein, i.e. the EEA) and international organisations.

An exception to this is the occasional transfer of certain technical and personal data to the servers of the above-mentioned processors whose headquarters or servers are located in the USA (e.g. the automatic transfer of certain data collected by Alphabet Inc.’s cookies, entering email addresses in commercial messaging tools, etc.), whereby the relevant processors are former members of the Privacy Shield (https://www.privacyshield.gov/) and have complied with and adopted security measures in relation to the receipt or transfer of data after 12 July 2020 (e.g. standard contractual clauses) or have adequately performed and achieved full self-certification in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data in the EU-US data privacy framework (i.e. in the context of the new EU-US data transfer framework in accordance with the above adequacy decision as of 10 July 2023).

More detailed information on the categories of users and data sub-processors, can be obtained by sending a request in this respect to the email address that is listed at the beginning of this document.

Processing of special category personal data

We do not direct individuals to provide specific personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data or biometric data, data relating to health or data relating to an individual’s sex life or sexual orientation) in connection with our website or services.

If our organisation becomes aware of a situation in which such data may be disclosed to it, the data received will be protected or otherwise dealt with as appropriate.

What are your rights regarding your personal data and how can you exercise them?

In relation to this personal data processing notice or the processing of your personal data by our organization and our contractual processors, you can contact us at any time and without any reservations via the email address that is listed at the beginning of this document. You can also use this address to send your requests and exercise other rights related to personal data and GDPR regulation.

As an individual to whom the personal data refers, the GDPR regulation provides you with the opportunity to exercise the following rights with our organization:

Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data.

Right of Access: Individuals have the right to access their personal data and obtain information about how it is being processed, as well as a copy of the data itself.

Right to Erasure (Right to be Forgotten): Individuals have the right to request the deletion of their personal data in specific circumstances.

Right to Withdraw Consent: If personal data processing is based on consent, individuals have the right to withdraw their consent at any time and without any detriment.

Right to Rectification: Individuals have the right to request the correction of inaccurate or incomplete personal data. If the data has been shared with third parties, our organizations must inform those parties of the rectification, if possible.

Right to Restrict Processing: Individuals have the right to request the restriction of processing of their personal data. This right applies in certain cases, such as when the accuracy of the data is contested or the individual has objected to the processing.

Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format in certain cases. They can also request that their data be transmitted to another controller if the processing is based on consent or a contract and where the processing is carried out by automated means.

Right to Object: Individuals have the right to object to the processing of their personal data based on legitimate interests or public interest/exercise of official authority. Our organization must cease such  processing unless it can demonstrate compelling legitimate grounds that override the individual’s interests, rights, and freedoms.

Rights in Relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to solely automated decisions, including profiling, which significantly affects them. They have the right to obtain human intervention, express their point of view and challenge the decision.

Right to lodge a complaint with a supervisory authority: If you believe that the processing of personal data performed in connection with you by our organization violates personal data protection regulations, you may, without prejudice to any other (administrative or other) remedy, lodge a complaint with the a supervisory authority, in particular in the country where you have your habitual residence, your place of work or where the infringement is alleged to have taken place, whereby:

  • in the Republic of Slovenia the authority is the Informacijski pooblaščenec, Dunajska 22, 1000 Ljubljana, Slovenia, EU, email: [email protected], phone: +38612309730, website: www.ip-rs.com.

A list of other EU supervisory authorities and their contact information can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#

Existence of automated decision-making and profiling

We do not use automated decision making or profiling.

Processing of personal data of persons under 15 years of age

Our organization does not knowingly collect or otherwise process personal data of persons under 15 years of age.

If our organization subsequently finds out that it has processed the personal data of such a person without the consent of his parent or guardian, our organization shall do everything necessary to delete all provided personal data.

At the email address that is listed at the beginning of this document., the above-described persons or their parents or guardians shall be able to submit their requests for the deletion of the data concerned at any time.

Who can you contact for further clarification regarding the processing of personal data in our organization and regarding your rights?

You can limit or revoke your consent for the processing of data at any time by contacting our organization as a processor of your personal data at the email address that is listed at the beginning of this document.

Protection of personal data

Our organization carefully stores and protects personal data through organizational, technical and logical procedures and measures to protect the data from accidental or intentional unauthorized access, destruction, alteration or loss, and unauthorized disclosure or other form of processing to which you have not expressly consented to.

To this end, our organization has also adopted appropriate internal processes and set up various measures (e.g. assigning, using and changing passwords, locking premises, offices, server and workstation locations, regularly updating software and upgrading security-critical components, physically protection of material containing personal data in specially designated places, training of employees, etc.). Our organization also demands these security commitments from its contractual processors.

Version and date of the last update of this notice

This notice was last updated on August 20th, 2023.

Biohacking Vital d.o.o.