top of page

Imperial College London, Exhibition Road, SW7 2AZ

info@osstec.uk   |   +44 790 909 9009

Come see our labs at AAOS

Sign up here

Privacy Policy

OSSTEC

Effective Date: 26.02.2026
Last Updated: 27.02.26

1. Data Controller

For the purposes of the EU GDPR and UK GDPR, the data controller is: OSSTEC
Registered Address: Imperial College London, Exhibition Road, SW7 2AZ
Email: info@osstec.uk

Company Number: 13500695

If you have questions about this Privacy Policy or your personal data, contact us using the details above.

2. Scope

This Privacy Policy applies to individuals located in:

  • The European Economic Area (EEA)

  • The United Kingdom (UK)

  • Switzerland (where applicable under similar principles)

3. Categories of Personal Data We Collect

We may collect:

A. Identity Data

  • Full name

  • Job title

  • Company name

B. Contact Data

  • Email address

  • Telephone number

  • Billing and mailing address

C. Account Data

  • Username

  • Encrypted password

  • Account settings

D. Technical Data

  • IP address

  • Browser type and version

  • Device identifiers

  • Operating system

  • Time zone

E. Usage Data

  • Website interaction data

  • Pages viewed

  • Feature usage

F. Marketing & Communications Data

  • Communication preferences

  • Records of correspondence

We do not intentionally collect special category data (e.g., health, biometric, political, religious data).

4. How We Collect Data

We collect personal data:

  • Directly from you (forms, contracts, communications)

  • Automatically (cookies, analytics tools, server logs)

  • From third parties (service providers, business partners, where applicable)

5. Legal Bases for Processing

We rely on the following lawful bases:

A. Contractual Necessity

To perform a contract with you or take steps before entering into a contract.

B. Legal Obligation

To comply with legal and regulatory obligations.

C. Legitimate Interests

For:

  • Service improvement

  • Security monitoring

  • Fraud prevention

  • Business administration

We ensure our legitimate interests do not override your fundamental rights.

D. Consent

Where required (e.g., marketing emails, non-essential cookies). You may withdraw consent at any time.

6. Purposes of Processing

We process personal data to:

  • Provide and maintain our services

  • Manage user accounts

  • Process transactions

  • Provide customer support

  • Improve our website and services

  • Send administrative and marketing communications

  • Ensure IT security

  • Comply with legal obligations

7. Cookies

We use essential and non-essential cookies.

Where required under EU or UK law, we obtain your consent before placing non-essential cookies.

You can manage preferences via our cookie banner or your browser settings.

8. Data Sharing

We may share personal data with:

  • IT and hosting providers

  • Cloud service providers

  • Payment processors

  • Professional advisors

  • Regulatory or law enforcement authorities when legally required

All processors are bound by GDPR-compliant data processing agreements.

We do not sell personal data.

9. International Transfers

If we transfer personal data outside the EEA or UK, we ensure appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Agreement (IDTA)

  • UK Addendum to EU SCCs

  • Adequacy regulations

You may request further information about safeguards by contacting us.

10. Data Retention

We retain personal data only as long as necessary to:

  • Fulfill contractual obligations

  • Meet legal and regulatory requirements

  • Resolve disputes

  • Enforce agreements

Retention periods vary based on data type and legal requirements.

11. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption

  • Access controls

  • Secure infrastructure

  • Regular monitoring

No system can guarantee absolute security.

12. Your Rights (EU & UK Data Subjects)

Under EU GDPR and UK GDPR, you have the right to:

  • Access your personal data

  • Request rectification

  • Request erasure

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent

  • Not be subject to automated decision-making

To exercise your rights, contact: info@osstec.uk

We respond within one month as required by law.

13. Complaints

If you are in the EU, you may lodge a complaint with your local supervisory authority. A list of authorities is available from the European Data Protection Board.

If you are in the UK, you may lodge a complaint with the Information Commissioner's Office (ICO).

We encourage you to contact us first so we can attempt to resolve your concern.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last Updated” date.

Where legally required, we will provide additional notice of significant changes.

bottom of page