Privacy Policy
Last updated: 1 January 2026 — Revision 01-A
Oralu ("the studio", "we", "us") is committed to protecting the personal data of every individual who interacts with this website or our services. This Privacy Policy sets out what data we collect, why we collect it, how we use it, and what rights you hold in respect of it.
This policy is issued in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The data controller is Oralu, whose registered correspondence address is 22 Marylebone High Street, London W1U 2QW, United Kingdom. Contact for data protection enquiries: [email protected].
This policy applies to all personal data processed by Oralu in connection with this website (oralu.info), written correspondence, and the provision of nutrition guidance programmes.
What personal data we collect and why
1.1 Enquiry and contact data
When you submit an enquiry through the contact form on this site or correspond with the studio by email or telephone, we collect: your name, email address, telephone number (if provided), and the content of your message. This data is processed on the legal basis of legitimate interest (responding to your enquiry) and, where a programme agreement follows, on the legal basis of contract performance.
Enquiry data is retained for a period of three years from the date of last contact, after which it is securely deleted unless a continuing contractual relationship requires longer retention.
1.2 Website usage data
When you visit oralu.info, we may collect standard server log data including your IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of access. This data is collected for the purposes of maintaining site security, diagnosing technical issues, and understanding aggregate usage patterns. Individual server log records are retained for a maximum of 12 months.
If you have consented to analytics cookies, we also collect anonymised behavioural data through third-party analytics tools. See the Cookie Policy for full details.
1.3 Programme membership data
If you engage with an Oralu programme, we collect and process: your name, contact details, programme selection, correspondence records relating to the programme, and payment records where applicable. This data is processed on the legal basis of contract performance. Programme records are retained for six years from the end of the relevant engagement, in accordance with UK financial record-keeping requirements.
How we use the data we collect
Oralu uses personal data only for the purposes for which it was collected. We do not use personal data for automated decision-making or profiling. We do not sell personal data to any third party. Specific uses of data are:
- Responding to enquiries submitted through the contact form or by email.
- Delivering the programme materials and updates to which a member has subscribed.
- Managing our ongoing correspondence and programme records.
- Maintaining site security and diagnosing technical issues using server log data.
- Complying with legal obligations under UK law, including financial record-keeping requirements.
We do not use personal data for direct marketing without explicit consent. If consent is given, you may withdraw it at any time by contacting us at [email protected].
With whom we share data
Oralu does not share personal data with third parties for their own commercial purposes. Data may be shared with the following categories of third party solely to the extent necessary to deliver our services:
Hosting and infrastructure providers
Our website and email systems are hosted by service providers operating within the United Kingdom or the European Economic Area under data processing agreements that comply with UK GDPR requirements.
Analytics providers
Where you have consented to analytics cookies, anonymised usage data may be processed by our analytics provider. No personally identifiable data is shared with analytics providers. You may withdraw consent at any time via the Cookie Settings link in the footer of this site.
Legal and regulatory authorities
Personal data may be disclosed to regulatory or law enforcement authorities where required by applicable law or court directive, or where necessary to protect our legal rights.
No personal data is transferred to countries outside the United Kingdom or European Economic Area unless equivalent data protection safeguards are in place.
Your rights under UK GDPR
Under UK data protection law, you have the following rights in respect of personal data we hold about you:
Right of access
You may request a copy of the personal data we hold about you at any time. We will respond to subject access requests within one calendar month.
Right to rectification
If personal data we hold is inaccurate or incomplete, you may request that it be corrected or completed without undue delay.
Right to erasure
In certain circumstances you may request that we delete personal data we hold about you. This right is subject to legal retention obligations that may apply.
Right to object
You may object to processing of your personal data where we rely on legitimate interest as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to portability
Where processing is based on consent or contract, and is carried out by automated means, you may request that we provide your data in a structured, machine-readable format.
Right to withdraw consent
Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at [email protected] or write to 22 Marylebone High Street, London W1U 2QW, United Kingdom. We will respond within the statutory timeframe.
If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Cookies and data security
Cookies
This website uses cookies. A full explanation of the cookies used, their purpose, and your options for managing them is set out in our Cookie Policy. You can manage your cookie preferences at any time using the Cookie Settings link in the footer of this site.
Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include: encrypted data transmission (HTTPS), restricted internal access to personal data, and regular review of our data handling procedures.
In the event of a personal data breach that is likely to result in a risk to individuals, we will notify the Information Commissioner's Office within 72 hours of becoming aware, and affected individuals where the risk is assessed as high.
Changes to this policy
This Privacy Policy may be updated periodically to reflect changes in our data practices or applicable law. The revision date at the top of this document records the date of the most recent substantive update. Continued use of this website following an update constitutes acceptance of the revised policy.
For any questions about this policy or about how Oralu handles personal data, please contact us at [email protected] or write to 22 Marylebone High Street, London W1U 2QW, United Kingdom.