Privacy Policy

Effective date: 6 January 2026

This Privacy Policy explains how Oxygen Adventure Training (“Oxygen-AT”, “we”, “us”, “our”) collects, uses, shares and protects personal data when you use www.oxygen-at.com (the “Website”), including when you buy from (or sell through) our multi-vendor marketplace.

Controller details (add your business details here):
Business name: Oxygen Adventure Training (Oxygen-AT)
Controller contact email: admin@oxygen-at.com)
Country: United Kingdom

If you are a Vendor on our marketplace, this policy also explains how data is shared between Oxygen-AT and Vendors.

 

1) What personal data we collect

A) Data you provide to us

  • Account data: name, email, phone number, password (stored securely), billing/shipping details.

  • Orders & payments: products purchased, order notes, invoices, refunds, transaction references (payment card details are handled by payment providers, not stored by us).

  • Support & communications: messages sent via forms, email, chat, or vendor enquiries.

  • Vendor data (if you sell on the platform): business name, contact details, payout details (e.g. bank/Stripe), verification info where required, listings, pricing, availability, and communications with customers.

B) Data collected automatically

  • Device & usage data: IP address, browser type, pages visited, clicks, timestamps, referral URLs.

  • Cookies and similar technologies: used for site functionality, security, preferences, analytics, and advertising (see Cookies section).

C) Location-related data (where applicable)

If we use Google Maps features (e.g. map embeds, “near me” searches, directions), we may process approximate location data (e.g. via IP or user-provided location) to show relevant results. Google Maps Platform also requires clear notice and consent for certain location uses. 

 

2) How we use your data (and our lawful bases)

We process personal data under UK GDPR (and, where applicable, EU GDPR) using these lawful bases:

  • To provide the marketplace and fulfil contracts (e.g. create accounts, process orders, customer support, vendor operations).

  • Legitimate interests (e.g. improving the Website, preventing fraud, basic analytics, maintaining platform security).

  • Consent (e.g. marketing emails, optional cookies/advertising pixels, certain location features).

  • Legal obligation (e.g. accounting records, tax, compliance requests).

 

3) Multi-vendor marketplace: Oxygen-AT and Vendors

A) Sharing order data with Vendors

When you place an order with a Vendor, we share the information the Vendor needs to fulfil it, such as:

  • your name, delivery address, contact details,

  • order items, quantities, and any order notes relevant to fulfilment,

  • delivery method and status updates.

B) Vendor responsibilities

Vendors may act as independent data controllers for personal data they receive to fulfil orders, provide customer service, manage bookings, and meet legal obligations (e.g. tax and accounting). Vendors must handle your data lawfully and securely.

If you have a privacy request relating to a Vendor’s processing (e.g. their marketing or record-keeping), you may need to contact that Vendor directly as well as us.

 

4) Google Maps, Google Calendar and other Google services

Google Maps

We use Google Maps to display locations, maps, and directions. Google may collect data when you interact with embedded maps (in accordance with Google’s policies). We aim to notify users about location-related processing and obtain consent where required. 

Google Calendar (bookings/availability)

Where booking/availability features integrate with Google Calendar (e.g. appointment scheduling or syncing availability), we may process booking details and availability data to provide the service. If you connect a Google account (e.g. as a Vendor), your use of Google user data is limited to what we disclose in this Privacy Policy and what you authorise. 

 

5) Facebook/Meta services

We may use Meta services such as:

  • Meta Pixel / Conversions API (for measuring ads and improving targeting),

  • Facebook login (if enabled),

  • embedded content from Facebook/Instagram.

These tools may collect or receive data from your device (cookies, identifiers, events such as page views/purchases) for advertising, measurement and analytics. 

 

6) Analytics and “common analysis plugins”

We may use analytics and performance tools to understand how the Website is used and to improve it. These may include (depending on your cookie choices and our configuration):

  • Google Analytics (GA4) / Google Tag Manager

  • Jetpack Stats

  • Meta Pixel

  • other similar WordPress analytics, optimisation, or event-tracking plugins

Where required, we use a cookie banner/consent tool to collect your choices for non-essential analytics/marketing cookies.

 

7) Cookies and tracking

We use:

  • Strictly necessary cookies (security, login sessions, cart functionality)

  • Functional cookies (preferences)

  • Analytics cookies (site usage measurement)

  • Marketing cookies (ad measurement and personalisation)

You can manage cookies via:

  • our cookie banner / cookie settings (if enabled), and

  • your browser settings (note: disabling essential cookies may break site features).

 

8) Who we share data with

We may share personal data with:

  • Vendors (for fulfilment and support, as described above)

  • Payment providers (e.g. Stripe/PayPal) to process payments

  • Hosting and infrastructure providers (servers, backups, email delivery)

  • Shipping/fulfilment providers (where applicable)

  • Customer support tools (if used)

  • Analytics/advertising providers (only where configured and where consent is required/obtained)

  • Regulators, courts, law enforcement when legally required

We do not sell your personal data.

 

9) International transfers

Some of our providers (or Vendors’ providers) may process data outside the UK/EEA (commonly the USA). Where this is a “restricted transfer”, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU SCCs (and similar mechanisms), plus risk assessments where required. 

10) Data retention

We keep personal data only for as long as needed for:

  • delivering the service and maintaining accounts,

  • legal/tax obligations (e.g. invoices and transaction records),

  • resolving disputes and enforcing agreements,

  • security and fraud prevention.

Retention periods vary depending on the data type and legal requirements. Vendors may retain order records for their own compliance needs.

 

11) Security

We use reasonable technical and organisational measures to protect personal data (e.g. access controls, encryption in transit where supported, least-privilege access). No system is 100% secure, but we work to reduce risk.

 

12) Your rights

Depending on your location (UK/EEA), you may have rights to:

  • access your data,

  • correct inaccurate data,

  • delete data (where applicable),

  • restrict or object to processing,

  • data portability,

  • withdraw consent (where processing is based on consent),

  • complain to a regulator.

To exercise rights, contact: admin@oxygen.at.com

Complaints

If you’re not satisfied with our response, you can complain to the UK Information Commissioner’s Office (ICO). 

If you’re in the EEA, you may also complain to your local supervisory authority.

 

13) Children

Our marketplace is not intended for children under 16 (or under the age required by local law for consent). We do not knowingly collect data from children.

 

14) Changes to this policy

We may update this Privacy Policy from time to time (for example, if we add new plugins, booking tools, or advertising features). We’ll post the updated version on this page with a new effective date.

Account
Sell On Oxygen AT