Privacy Policy

BioSignal Privacy Policy

Last updated: March 2026
Effective date: March 2026

1. Introduction

This privacy policy explains how OAKMARK Trading Limited ("we", "us", "our"), trading as BioSignal, collects, uses, stores, and protects your personal data when you visit our website at biosignal.co.uk (the "Website"), subscribe to our communications, or purchase our products.

OAKMARK Trading Limited is a company registered in England and Wales (Company No. 17073095) with its registered office at 167-169 Great Portland Street, London, United Kingdom, W1W 5PF.

For the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025, OAKMARK Trading Limited is the data controller responsible for your personal data.

We are registered with the Information Commissioner's Office (ICO) under registration number [INSERT].

We are committed to protecting your privacy and handling your data in an open, transparent, and lawful manner. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed.

2. Data Protection Officer

For all enquiries relating to data protection, including the exercise of your rights, please contact:

Data Protection Contact
Email: privacy@biosignal.co.uk
Post: Data Protection, OAKMARK Trading Limited, 167-169 Great Portland Street, London, United Kingdom, W1W 5PF

We aim to respond to all legitimate enquiries within 30 calendar days. In exceptional circumstances, where a request is particularly complex or voluminous, we may extend this period by a further 60 days, in which case we will notify you and explain the reason for the extension.

3. Personal Data We Collect

We collect and process the following categories of personal data, depending on how you interact with us.

3.1 Data you provide directly

  • Waitlist registration: Email address (To notify you of product launches, provide early access, and send relevant BioSignal content)
  • Product purchase: Full name, email address, billing address, delivery address, telephone number (To fulfil your order, process payment, arrange delivery, and provide customer support)
  • Payment information: Card details and billing data (Processed securely by our third-party payment processor. We do not store card details on our servers.)
  • Customer support: Name, email, and any information you include in your correspondence (To respond to your enquiry and resolve any issues)
  • Subscription management: Email address, delivery preferences, payment details (To manage recurring deliveries, process renewal payments, and action cancellation or amendment requests)

3.2 Data collected automatically

  • Device and browser data: IP address (anonymised), browser type and version, operating system, device type, screen resolution
  • Usage data: Pages visited, time spent on pages, referring URL, click interactions, scroll depth
  • Cookie data: Strictly necessary cookies and, with your consent, analytics cookies
  • Location data: Approximate geographic location derived from anonymised IP address

3.3 Data from third parties

We may receive personal data from the following third-party sources:

  • Payment processors who confirm transaction status
  • Delivery partners who provide delivery confirmation and tracking information
  • Fraud prevention services who verify transaction legitimacy

We do not purchase or acquire personal data from data brokers, list providers, or social media platforms.

4. Lawful Bases for Processing

Under Articles 6 and 7 of the UK GDPR, as amended by the Data (Use and Access) Act 2025, we process your personal data on the following lawful bases:

  • Consent (Art. 6(1)(a)): Sending waitlist communications.
  • Performance of a contract (Art. 6(1)(b)): Fulfilling product orders, processing payments, managing subscriptions, and sending transactional emails.
  • Recognised legitimate interest (Art. 6(1)(f)): Website analytics (anonymised) and preventing fraud.
  • Legal obligation (Art. 6(1)(c)): Retaining financial records and responding to data protection requests.

Where we rely on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Where we rely on legitimate interests, we have conducted a legitimate interests assessment, which is available upon request.

5. How We Use Your Data

We use your personal data for the following purposes only:

  • To register you on our waitlist and send you launch communications
  • To process, fulfil, and deliver your orders
  • To manage your subscription (renewals, amendments, cancellations)
  • To process payments and refunds
  • To communicate with you about your orders, including dispatch and delivery notifications
  • To respond to your enquiries and provide customer support
  • To analyse Website usage and improve its content, functionality, and performance
  • To detect and prevent fraud
  • To comply with our legal and regulatory obligations
  • To handle data protection complaints

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Data Sharing

We share your personal data only with trusted third-party service providers who process data on our behalf and only to the extent necessary for the purposes described in this policy.

6.1 Categories of recipients

  • Hosting and infrastructure providers (technical data, usage data)
  • Email service providers (email address, name)
  • Payment processors (payment details, billing address)
  • Delivery partners (name, delivery address, telephone number)
  • Analytics providers (anonymised usage data only)
  • Fraud prevention services (transaction data, IP address)

6.2 Data processing agreements

Each third-party processor is bound by a written data processing agreement that complies with Article 28 of the UK GDPR, including obligations relating to data security, confidentiality, sub-processing, data breach notification, and data return or deletion upon termination.

6.3 What we never do

We do not sell, rent, lease, or trade your personal data to any third party. We do not share your data with advertisers, marketing platforms, or social media networks. We do not permit our service providers to use your data for their own purposes.

6.4 Legal disclosures

We may disclose your personal data if required to do so by law, by a court order, by a regulatory authority, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or the rights of others, or prevent fraud or other unlawful activity.

7. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom and the European Economic Area (EEA).

Where we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the UK GDPR. These safeguards include:

  • UK adequacy regulations
  • Standard contractual clauses (the UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU standard contractual clauses)
  • Supplementary measures where required

Details of the specific safeguards applied to any transfer are available upon request.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Our retention periods are as follows:

  • Waitlist email addresses: Until you unsubscribe, or 24 months from last engagement if no purchase is made
  • Order and transaction records: 6 years from the date of the transaction
  • Subscription records: Duration of subscription plus 6 years
  • Customer support correspondence: 24 months from the date the enquiry is resolved

At the end of the applicable retention period, personal data is securely deleted or irreversibly anonymised.

9. Your Rights

Under the UK GDPR and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025, you have the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent (Art. 7(3))

9.1 How to exercise your rights

To exercise any of the above rights, contact us at privacy@biosignal.co.uk with sufficient information to identify you. We will respond within 30 calendar days.

9.2 Data protection complaints

To submit a complaint, contact us at privacy@biosignal.co.uk with the subject line "Data Protection Complaint." If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk).

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours, and we will notify you without undue delay where the breach is likely to result in a high risk to your rights.

11. Cookies and Similar Technologies

Our use of cookies and similar technologies is governed by the Privacy and Electronic Communications Regulations 2003 (PECR).

11.1 Strictly necessary cookies

These cookies are essential for the Website to function and cannot be disabled.

11.2 Analytics cookies

With your consent, we use analytics cookies to collect anonymised information about how visitors interact with the Website. You may change your preferences at any time.

11.3 Cookies we do not use

We do not use advertising cookies, tracking cookies, social media cookies, or any cookies that build a profile of your browsing activity across third-party websites. We do not participate in real-time bidding or programmatic advertising.

12. Children's Data

BioSignal products and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that we have inadvertently collected personal data from a child under 16, please contact us at privacy@biosignal.co.uk.

13. Third-Party Links

The Website may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices or content of those third parties.

14. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this policy and notify you by email where possible.

15. Governing Law

This privacy policy is governed by and construed in accordance with the laws of England and Wales. Any disputes arising from or in connection with this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.

16. Contact

OAKMARK Trading Limited
Trading as BioSignal
Company No. 17073095
Registered address: 167-169 Great Portland Street, London, United Kingdom, W1W 5PF
ICO Registration No. [INSERT]

Email: privacy@biosignal.co.uk

← Back to Home