Ostar Review
Legal

Privacy Policy

Last updated: 1 January 2026

1. About This Policy

Ostar Review is an independent editorial publication focused on everyday wellness practices. The publication is not affiliated with any commercial, governmental, or institutional body. This Privacy Policy explains how Ostar Review ("we", "us", "our") collects, uses, stores, and shares personal data when you visit ostar.info or communicate with the editorial team.

This policy is governed by UK GDPR and the Data Protection Act 2018. The data controller for this publication is Ostar Review, 31 Great Russell Street, WC1B 3DG, London, United Kingdom.

2. Data We Collect

We collect the following categories of personal data:

  • Contact data: name, email address, and message content submitted through the contact form on contact.php. This data is collected when you choose to send a message to the editorial team.
  • Usage data: pages visited, time spent on pages, browser type, device type, and approximate geographic location (country/region level), collected automatically via analytics cookies where consent has been granted.
  • Technical data: IP address, browser version, and session identifiers collected automatically by the web server. These are retained in server logs for a maximum of 30 days for security and performance purposes.

We do not collect: payment data, health or biometric data, government identification numbers, or any special category data as defined under UK GDPR Article 9.

3. How We Use Your Data

We use collected data for the following purposes:

  • To respond to contact form submissions and reader correspondence (legal basis: legitimate interests).
  • To analyse site traffic and understand how readers engage with editorial content, where analytics consent has been granted (legal basis: consent).
  • To maintain the security and performance of the site (legal basis: legitimate interests).
  • To comply with applicable legal obligations (legal basis: legal obligation).

We do not use personal data for automated decision-making or profiling as defined under UK GDPR Article 22.

4. Cookies and Tracking

This site uses cookies. The categories of cookies in use, their purposes, and the choices available to you are documented in full in the Cookie Policy, accessible via the footer of this page. Cookies that are not strictly necessary for the processing of the site are only placed following your affirmative consent via the cookie consent banner.

You may withdraw cookie consent at any time by clicking "Cookie Settings" in the footer of any page.

5. Data Sharing and Third Parties

We do not sell personal data to third parties. We do not share personal data with commercial entities for marketing purposes. Data may be shared in the following limited circumstances:

  • Hosting provider: server infrastructure is provided by a third-party hosting service. That provider processes technical data (IP addresses, access logs) as a data processor under a data processing agreement.
  • Analytics provider: where analytics consent has been granted, anonymised usage data is shared with an analytics service. The analytics provider does not receive identifiable personal data.
  • Legal requirements: we may disclose personal data to competent authorities where required to do so by applicable law or valid legal process.

6. Data Retention

Contact form submissions are retained for a period of 12 months from the date of receipt, after which they are permanently deleted unless ongoing correspondence requires extended retention. Server access logs are retained for 30 days. Analytics data is retained in aggregated, anonymised form and is not subject to a fixed deletion schedule.

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may request correction of inaccurate personal data.
  • Right to erasure: you may request deletion of your personal data where we no longer have a lawful basis for retaining it.
  • Right to restrict processing: you may request that we limit how we use your personal data in certain circumstances.
  • Right to object: you may object to processing based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month of receipt.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. Details at ico.org.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, or disclosure. The site is served over HTTPS. Access to contact form data is restricted to the editorial team.

No data transmission over the internet can be supported to be completely secure. We take reasonable steps to protect personal data but cannot guarantee absolute security.

9. International Transfers

Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with UK GDPR Chapter V. Transfers are made only to countries that the UK Secretary of State has determined provide an adequate level of protection, or under standard contractual clauses approved for use under UK data protection law.

10. Changes to This Policy

This policy may be updated from time to time. The date of the most recent revision is displayed at the top of this page. Material changes will be noted in the editorial correspondence section for a period of 30 days following the update.

11. Contact for Data Enquiries

For any enquiry relating to this privacy policy or your personal data, contact the editorial team:

Ostar Review
31 Great Russell Street
WC1B 3DG London, United Kingdom
[email protected]
+44 20 7283 6419