Privacy Policy

Who handles your data and how your data is handled.

1.1 This Privacy Policy (“Policy”) sets out how Ostratto Ltd (“Ostratto”, “we”, “us”, “our”) collects, uses, shares, protects and retains personal data about you when you interact with us, including via www.ostratto.com (“Website”), services, communications and other Ostratto offerings.

1.2 This Policy applies to all personal data we collect and process about you, whether electronically, in person, by telephone, by post or otherwise.

1.3 By accessing or using our Website, submitting personal data, or engaging with us, you accept the practices described in this Policy.

2.1 Controller: Ostratto Ltd, registered in England & Wales (Company No. 12973744).

2.2 Registered Office: 2440 The Quadrant, Aztec West, Bristol BS32 4AQ, United Kingdom.

2.3 Contact for Privacy Queries:

2.4 ICO Registration Number: ZB010180 (Information Commissioner’s Office).

2.5 We are the ‘data controller’ for the purposes of UK data protection law.

3.1 “Personal data” means information relating to an identifiable individual.

3.2 “Processing” means any operation on personal data (collection, storage, use, disclosure, retention etc.).

3.3 “Lawful basis” means the legal grounds for processing your data (see section 6).

We may collect the following categories of personal data when you interact with us:

4.1 Contact Data When you make enquiries or register interest:

4.2 Transaction Data If purchasing services:

4.3 Usage Data Automatically collected when you use our Website:

5.1 Direct collection: when you submit forms, sign up, contact us or use our services.

5.2 Automated collection: via cookies, server logs and analytics tools.

5.3 Third-party sources: e.g., payment processors (for transaction and fraud prevention purposes).

We rely on one or more lawful bases under UK GDPR to process your personal data:

6.1 Contractual Necessity. Where processing is necessary to provide agreed services and communicate with you about them.

6.2 Legitimate Interests. Where we pursue legitimate business interests (e.g., improving services, Website analytics) and your rights do not override these interests.

6.3 Consent. Where you have expressly agreed (e.g., for marketing communications or non-essential cookies).

You may withdraw consent at any time where consent is the lawful basis.

6.4 Legal Obligation. Where we are legally required to process data (e.g., tax, legal record keeping).

7.1 To provide, administer and improve our services.

7.2 To respond to enquiries, support requests and communications.

7.3 To send transactional messages (e.g., service updates, billing notices).

7.4 To personalise your experience and maintain Website functionality.

7.5 To comply with legal obligations and protect our rights.

7.6 To send marketing communications (where you have opted in).

8.1 We use cookies and similar technologies to:

8.2 Cookies are categorised (e.g., essential, functional, analytics). You may manage your cookie preferences via the Website cookie control tool and your browser settings.

8.3 For non-essential cookies, consent will be obtained where required under applicable law (e.g., PECR).

9.1 We do not sell your personal data to third parties.

9.2 We may share your data with:

9.3 Any third party that has access to your personal data must provide equivalent levels of data protection.

Where data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as standard contractual clauses, adequacy decisions or other lawful mechanisms.

11.1 We retain personal data only as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes and enforce contracts.

11.2 Retention periods depend on the type of data and processing purpose.

12.1 We implement appropriate administrative and technical measures to protect personal data against unauthorised access, loss, misuse or alteration.

You have the following rights under UK GDPR:

13.1 Right to be informed. Information about how your data is processed.

13.2 Right of access. Request copies of personal data we hold.

13.3 Right to rectification. Correct inaccurate or incomplete data.

13.4 Right to erasure (“right to be forgotten”). Request deletion of data in certain circumstances.

13.5 Right to restrict processing. Pause or limit processing.

13.6 Right to data portability. Receive personal data in a commonly used format.

13.7 Right to object. Object to processing (including direct marketing).

13.8 Right not to be subject to automated decision making. Where applicable. To exercise any rights, contact hello@ostratto.com.

14.1 We will only send marketing communications where you have consented or where permitted by law.

14.2 You may opt out at any time using unsubscribe links or by contacting us.

This Website and our services are not directed at children under 16. We do not knowingly collect data from children; if we become aware of this, we will delete it.

We may update this Policy periodically. The updated Policy will be posted online with a revised effective date.

If you believe we have mishandled your personal data, please contact us first.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you are dissatisfied with our response: