1. Who We Are
Oxara Consulting Ltd is the data controller for all personal data covered by this Privacy Policy.
Company name: Oxara Consulting Ltd
Company number: 17060695
Registered office: 71–75 Shelton Street, Covent Garden, London WC2H 9JQ
Email: contact@oxaraconsulting.co.uk
Telephone: 07932 393239
Website: www.oxaraconsulting.co.uk
ICO registration reference: ZC099679
Oxara Compliance (oxaracompliance.co.uk) is the proprietary regulatory assessment division of Oxara Consulting Ltd. All data processed via the platform falls under the direct governance of this Privacy Policy, ensuring a seamless standard of data protection across our consultancy and digital oversight services.
2. What We Collect and How
We collect personal data directly from you when you contact us by email, telephone, or website form, or when you engage with our services. We may also receive limited technical information automatically when you visit our website.
Depending on how you interact with us, we may collect:
- name, job title, organisation name, and contact details;
- email correspondence, enquiry details, and records of communications;
- information provided when requesting consultancy support or further information about our services;
- information submitted through the Oxara Compliance audit platform in connection with regulatory engagements; and
- standard server and security log data generated through website visits.
3. Why We Process It and Our Lawful Bases
We use personal data to respond to enquiries and requested communications; to provide consultancy services and manage client relationships; to prepare proposals, service information, and business correspondence; to operate and maintain the Oxara Compliance platform; to maintain website security and performance; and to meet legal, regulatory, and record-keeping obligations.
Our lawful bases under the UK GDPR include:
- legitimate interests — responding to business enquiries, managing our services, and operating our platforms responsibly;
- contract — where processing is necessary to take steps before entering into or performing a contract;
- legal obligation — where we must comply with applicable legal or regulatory requirements; and
- consent — where specifically required and obtained.
4. Where We Store Your Data
We take the security of personal data seriously. The following sets out where your data is stored and processed.
Website hosting
Our website is hosted on secure servers located in the United Kingdom (Krystal Hosting Ltd), ensuring all website data remains within UK jurisdiction.
Email correspondence
All electronic correspondence is processed via Proton AG, providing end-to-end encryption and Swiss-standard security protocols. Proton AG operates under the Swiss Federal Act on Data Protection (FADP) and implements appropriate safeguards for data transferred to or from the UK.
Contact form submissions
Enquiries submitted via our website contact form are processed by Formspree Inc, a service provider based in the United States. Formspree implements standard contractual clauses as the safeguard for international data transfers. Data submitted via this form is retained only for the period necessary to respond to your enquiry.
Oxara Compliance platform
Regulatory audit data submitted through oxaracompliance.co.uk is hosted on UK-based infrastructure and operated solely by Oxara Consulting Ltd. The platform audits systems and processes, not individuals. No resident personal data — including names, dates of birth, NHS numbers, or care plan content — is processed or stored within the platform.
5. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose for which it was collected, including to satisfy legal, regulatory, contractual, and record-keeping requirements. Retention periods vary depending on the nature of the enquiry, service, or engagement. Where data is no longer required, it is securely deleted or anonymised.
6. Your Rights
Under the UK GDPR you have the right to: be informed about how your data is used; request access to your personal data; request correction of inaccurate or incomplete data; request erasure in certain circumstances; request restriction of processing in certain circumstances; object to processing in certain circumstances; and request data portability where applicable.
To exercise any of these rights, contact us at contact@oxaraconsulting.co.uk or 07932 393239.
7. Complaints
If you have concerns about how we handle personal data, please contact us in the first instance so we can attempt to resolve the matter. You also have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.
8. Updates to This Policy
We may update this Privacy Policy from time to time to reflect legal, operational, or service changes. The latest version will always be published on this page.
Last updated: April 2026
9. Sub-Processor Table
The following third parties process personal data on our behalf or as part of our operational infrastructure.
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Website Hosting | Krystal Hosting Ltd | United Kingdom | Website delivery and security |
| Secure Email | Proton AG | Switzerland | Confidential correspondence |
| Contact Form | Formspree Inc | United States | Enquiry submission processing |
| Audit Platform | Internal System (Oxara Consulting Ltd) | United Kingdom | Regulatory system auditing — no personal or resident data processed |